From d76523f45730756a9cff4faedca5ecfa2d53a727be8d43c2971c740074260674 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Wed, 13 Sep 2017 04:49:11 +0000 Subject: [PATCH] Accepting request 523848 from home:gary_lin:branches:devel:openSUSE:Factory - Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some legit certificates (bsc#1054712) - Add the stderr mask back while compiling MokManager.efi since the warnings in Cryptlib is back after reverting the openssl commits. OBS-URL: https://build.opensuse.org/request/show/523848 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=133 --- shim-back-to-openssl-1.0.2e.patch | 178031 +++++++++++++++++++++++++++ shim.changes | 8 + shim.spec | 7 +- 3 files changed, 178044 insertions(+), 2 deletions(-) create mode 100644 shim-back-to-openssl-1.0.2e.patch diff --git a/shim-back-to-openssl-1.0.2e.patch b/shim-back-to-openssl-1.0.2e.patch new file mode 100644 index 0000000..1623542 --- /dev/null +++ b/shim-back-to-openssl-1.0.2e.patch @@ -0,0 +1,178031 @@ +From 103758d9ea9001184bec59732128832b80443862 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 31 Aug 2017 13:57:30 -0400 +Subject: [PATCH 1/3] Revert lots of Cryptlib updates. + +OpenSSL changes quite a bit of the key validation, and most of the keys +I can find in the wild aren't marked as trusted by the new checker. + +Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed +but instead of fixing the compatibility error, they switched their test +data to match the bug. + +So that's pretty broken. + +For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in +the wild to work. + +This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5. +This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226. +This reverts commit 80d49f758ead0180bfe6161931838e0578248303. +This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57. +This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260. +This reverts commit e883479f35644d17db7efed710657c8543cfcb68. +This reverts commit 97469449fda5ba933a64280917e776487301a127. +This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050. +This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad. +This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873. +This reverts commit d064bd7eef201f26cb926450a76260b5187ac689. +This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91. +This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2. + +Signed-off-by: Peter Jones +(cherry picked from commit 1d39ada8cb336d9e7c156be7526b674851fbdd40) +--- + Cryptlib/Cryptlib.diff | 68 +- + Cryptlib/Hmac/CryptHmacMd5Null.c | 40 +- + Cryptlib/Hmac/CryptHmacSha1Null.c | 40 +- + Cryptlib/Hmac/CryptHmacSha256Null.c | 40 +- + Cryptlib/Include/CrtLibSupport.h | 384 - + Cryptlib/Include/OpenSslSupport.h | 377 + + Cryptlib/Include/arpa/inet.h | 2 +- + Cryptlib/Include/assert.h | 2 +- + Cryptlib/Include/ctype.h | 2 +- + Cryptlib/Include/dirent.h | 2 +- + Cryptlib/Include/errno.h | 2 +- + Cryptlib/Include/internal/bio.h | 26 - + Cryptlib/Include/internal/comp.h | 12 - + Cryptlib/Include/internal/conf.h | 32 - + Cryptlib/Include/internal/constant_time_locl.h | 185 - + Cryptlib/Include/internal/dane.h | 103 - + Cryptlib/Include/internal/dso.h | 239 - + Cryptlib/Include/internal/dso_conf.h | 0 + Cryptlib/Include/internal/err.h | 15 - + Cryptlib/Include/internal/numbers.h | 68 - + Cryptlib/Include/internal/o_dir.h | 63 - + Cryptlib/Include/internal/o_str.h | 17 - + Cryptlib/Include/internal/thread_once.h | 45 - + Cryptlib/Include/limits.h | 2 +- + Cryptlib/Include/malloc.h | 2 +- + Cryptlib/Include/math.h | 2 +- + Cryptlib/Include/memory.h | 2 +- + Cryptlib/Include/netdb.h | 2 +- + Cryptlib/Include/netinet/in.h | 2 +- + Cryptlib/Include/openssl/README | 1 + + Cryptlib/Include/openssl/aes.h | 81 +- + Cryptlib/Include/openssl/asn1.h | 583 +- + Cryptlib/Include/openssl/asn1_mac.h | 583 +- + Cryptlib/Include/openssl/asn1t.h | 259 +- + Cryptlib/Include/openssl/async.h | 98 - + Cryptlib/Include/openssl/bio.h | 581 +- + Cryptlib/Include/openssl/blowfish.h | 99 +- + Cryptlib/Include/openssl/bn.h | 634 +- + Cryptlib/Include/openssl/buffer.h | 109 +- + Cryptlib/Include/openssl/camellia.h | 77 +- + Cryptlib/Include/openssl/cast.h | 78 +- + Cryptlib/Include/openssl/cmac.h | 59 +- + Cryptlib/Include/openssl/cms.h | 97 +- + Cryptlib/Include/openssl/comp.h | 69 +- + Cryptlib/Include/openssl/conf.h | 121 +- + Cryptlib/Include/openssl/conf_api.h | 61 +- + Cryptlib/Include/openssl/crypto.h | 856 +- + Cryptlib/Include/openssl/ct.h | 533 - + Cryptlib/Include/openssl/des.h | 119 +- + Cryptlib/Include/openssl/des_old.h | 497 + + Cryptlib/Include/openssl/dh.h | 235 +- + Cryptlib/Include/openssl/dsa.h | 273 +- + Cryptlib/Include/openssl/dso.h | 451 + + Cryptlib/Include/openssl/dtls1.h | 228 +- + Cryptlib/Include/openssl/e_os2.h | 275 +- + Cryptlib/Include/openssl/ebcdic.h | 11 +- + Cryptlib/Include/openssl/ec.h | 649 +- + Cryptlib/Include/openssl/ecdh.h | 138 +- + Cryptlib/Include/openssl/ecdsa.h | 339 +- + Cryptlib/Include/openssl/engine.h | 266 +- + Cryptlib/Include/openssl/err.h | 222 +- + Cryptlib/Include/openssl/evp.h | 948 +- + Cryptlib/Include/openssl/hmac.h | 102 +- + Cryptlib/Include/openssl/idea.h | 111 +- + Cryptlib/Include/openssl/kdf.h | 75 - + Cryptlib/Include/openssl/krb5_asn.h | 240 + + Cryptlib/Include/openssl/kssl.h | 197 + + Cryptlib/Include/openssl/lhash.h | 302 +- + Cryptlib/Include/openssl/md2.h | 44 - + Cryptlib/Include/openssl/md4.h | 100 +- + Cryptlib/Include/openssl/md5.h | 99 +- + Cryptlib/Include/openssl/mdc2.h | 80 +- + Cryptlib/Include/openssl/modes.h | 48 +- + Cryptlib/Include/openssl/obj_mac.h | 515 +- + Cryptlib/Include/openssl/objects.h | 80 +- + Cryptlib/Include/openssl/ocsp.h | 511 +- + Cryptlib/Include/openssl/opensslconf.h | 811 +- + Cryptlib/Include/openssl/opensslv.h | 20 +- + Cryptlib/Include/openssl/ossl_typ.h | 125 +- + Cryptlib/Include/openssl/pem.h | 175 +- + Cryptlib/Include/openssl/pem2.h | 64 +- + Cryptlib/Include/openssl/pkcs12.h | 266 +- + Cryptlib/Include/openssl/pkcs7.h | 113 +- + Cryptlib/Include/openssl/pqueue.h | 99 + + Cryptlib/Include/openssl/rand.h | 117 +- + Cryptlib/Include/openssl/rc2.h | 84 +- + Cryptlib/Include/openssl/rc4.h | 74 +- + Cryptlib/Include/openssl/rc5.h | 63 - + Cryptlib/Include/openssl/ripemd.h | 90 +- + Cryptlib/Include/openssl/rsa.h | 404 +- + Cryptlib/Include/openssl/safestack.h | 2736 ++++- + Cryptlib/Include/openssl/seed.h | 87 +- + Cryptlib/Include/openssl/sha.h | 137 +- + Cryptlib/Include/openssl/srp.h | 182 +- + Cryptlib/Include/openssl/srtp.h | 127 +- + Cryptlib/Include/openssl/ssl.h | 2606 +++-- + Cryptlib/Include/openssl/ssl2.h | 253 +- + Cryptlib/Include/openssl/ssl23.h | 84 + + Cryptlib/Include/openssl/ssl3.h | 532 +- + Cryptlib/Include/openssl/stack.h | 145 +- + Cryptlib/Include/openssl/symhacks.h | 478 +- + Cryptlib/Include/openssl/tls1.h | 558 +- + Cryptlib/Include/openssl/ts.h | 379 +- + Cryptlib/Include/openssl/txt_db.h | 75 +- + Cryptlib/Include/openssl/ui.h | 119 +- + Cryptlib/Include/openssl/ui_compat.h | 88 + + Cryptlib/Include/openssl/whrlpool.h | 27 +- + Cryptlib/Include/openssl/x509.h | 667 +- + Cryptlib/Include/openssl/x509_vfy.h | 515 +- + Cryptlib/Include/openssl/x509v3.h | 332 +- + Cryptlib/Include/sgtty.h | 2 +- + Cryptlib/Include/signal.h | 2 +- + Cryptlib/Include/stdarg.h | 2 +- + Cryptlib/Include/stddef.h | 2 +- + Cryptlib/Include/stdio.h | 2 +- + Cryptlib/Include/stdlib.h | 2 +- + Cryptlib/Include/string.h | 2 +- + Cryptlib/Include/strings.h | 2 +- + Cryptlib/Include/sys/ioctl.h | 2 +- + Cryptlib/Include/sys/param.h | 2 +- + Cryptlib/Include/sys/socket.h | 2 +- + Cryptlib/Include/sys/stat.h | 2 +- + Cryptlib/Include/sys/time.h | 2 +- + Cryptlib/Include/sys/times.h | 2 +- + Cryptlib/Include/sys/types.h | 2 +- + Cryptlib/Include/sys/un.h | 2 +- + Cryptlib/Include/syslog.h | 2 +- + Cryptlib/Include/time.h | 2 +- + Cryptlib/Include/unistd.h | 2 +- + Cryptlib/InternalCryptLib.h | 10 +- + Cryptlib/Library/BaseLib.h | 6 - + Cryptlib/Library/BaseMemoryLib.h | 1 - + Cryptlib/Makefile | 2 +- + Cryptlib/OpenSSL/Makefile | 866 +- + Cryptlib/OpenSSL/buildinf.h | 2 +- + Cryptlib/OpenSSL/crypto/LPdir_nyi.c | 9 - + Cryptlib/OpenSSL/crypto/aes/aes_cbc.c | 54 +- + Cryptlib/OpenSSL/crypto/aes/aes_cfb.c | 54 +- + Cryptlib/OpenSSL/crypto/aes/aes_core.c | 48 +- + Cryptlib/OpenSSL/crypto/aes/aes_ctr.c | 63 + + Cryptlib/OpenSSL/crypto/aes/aes_ecb.c | 59 +- + Cryptlib/OpenSSL/crypto/aes/aes_ige.c | 56 +- + Cryptlib/OpenSSL/crypto/aes/aes_locl.h | 59 +- + Cryptlib/OpenSSL/crypto/aes/aes_misc.c | 77 +- + Cryptlib/OpenSSL/crypto/aes/aes_ofb.c | 54 +- + Cryptlib/OpenSSL/crypto/aes/aes_wrap.c | 57 +- + Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c | 96 +- + Cryptlib/OpenSSL/crypto/asn1/a_bool.c | 111 + + Cryptlib/OpenSSL/crypto/asn1/a_bytes.c | 334 + + Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c | 115 +- + Cryptlib/OpenSSL/crypto/asn1/a_digest.c | 73 +- + Cryptlib/OpenSSL/crypto/asn1/a_dup.c | 63 +- + Cryptlib/OpenSSL/crypto/asn1/a_enum.c | 181 + + Cryptlib/OpenSSL/crypto/asn1/a_gentm.c | 213 +- + Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c | 69 +- + Cryptlib/OpenSSL/crypto/asn1/a_int.c | 676 +- + Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c | 104 +- + Cryptlib/OpenSSL/crypto/asn1/a_object.c | 144 +- + Cryptlib/OpenSSL/crypto/asn1/a_octet.c | 69 +- + Cryptlib/OpenSSL/crypto/asn1/a_print.c | 94 +- + Cryptlib/OpenSSL/crypto/asn1/a_set.c | 243 + + Cryptlib/OpenSSL/crypto/asn1/a_sign.c | 213 +- + Cryptlib/OpenSSL/crypto/asn1/a_strex.c | 178 +- + Cryptlib/OpenSSL/crypto/asn1/a_strnid.c | 173 +- + Cryptlib/OpenSSL/crypto/asn1/a_time.c | 111 +- + Cryptlib/OpenSSL/crypto/asn1/a_type.c | 103 +- + Cryptlib/OpenSSL/crypto/asn1/a_utctm.c | 198 +- + Cryptlib/OpenSSL/crypto/asn1/a_utf8.c | 63 +- + Cryptlib/OpenSSL/crypto/asn1/a_verify.c | 127 +- + Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c | 164 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_err.c | 205 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c | 160 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c | 195 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h | 181 +- + Cryptlib/OpenSSL/crypto/asn1/asn1_par.c | 133 +- + Cryptlib/OpenSSL/crypto/asn1/asn_mime.c | 292 +- + Cryptlib/OpenSSL/crypto/asn1/asn_moid.c | 76 +- + Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c | 114 - + Cryptlib/OpenSSL/crypto/asn1/asn_pack.c | 197 +- + Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c | 151 +- + Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c | 82 +- + Cryptlib/OpenSSL/crypto/asn1/charmap.h | 41 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c | 78 +- + Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c | 90 +- + Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c | 182 +- + Cryptlib/OpenSSL/crypto/asn1/f_enum.c | 203 + + Cryptlib/OpenSSL/crypto/asn1/f_int.c | 122 +- + Cryptlib/OpenSSL/crypto/asn1/f_string.c | 125 +- + Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c | 66 +- + Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c | 85 +- + Cryptlib/OpenSSL/crypto/asn1/n_pkey.c | 322 +- + Cryptlib/OpenSSL/crypto/asn1/nsseq.c | 60 +- + Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c | 83 +- + Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c | 117 +- + Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c | 283 - + Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c | 131 +- + Cryptlib/OpenSSL/crypto/asn1/t_bitst.c | 69 +- + Cryptlib/OpenSSL/crypto/asn1/t_crl.c | 133 + + Cryptlib/OpenSSL/crypto/asn1/t_pkey.c | 158 +- + Cryptlib/OpenSSL/crypto/asn1/t_req.c | 255 + + Cryptlib/OpenSSL/crypto/asn1/t_spki.c | 76 +- + Cryptlib/OpenSSL/crypto/asn1/t_x509.c | 556 + + Cryptlib/OpenSSL/crypto/asn1/t_x509a.c | 115 + + Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c | 263 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c | 112 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c | 146 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_new.c | 200 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c | 135 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c | 65 - + Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c | 129 +- + Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c | 111 +- + Cryptlib/OpenSSL/crypto/asn1/x_algor.c | 77 +- + Cryptlib/OpenSSL/crypto/asn1/x_attrib.c | 124 + + Cryptlib/OpenSSL/crypto/asn1/x_bignum.c | 96 +- + Cryptlib/OpenSSL/crypto/asn1/x_crl.c | 518 + + Cryptlib/OpenSSL/crypto/asn1/x_exten.c | 77 + + Cryptlib/OpenSSL/crypto/asn1/x_info.c | 108 +- + Cryptlib/OpenSSL/crypto/asn1/x_long.c | 66 +- + Cryptlib/OpenSSL/crypto/asn1/x_name.c | 536 + + Cryptlib/OpenSSL/crypto/asn1/x_nx509.c | 72 + + Cryptlib/OpenSSL/crypto/asn1/x_pkey.c | 154 +- + Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c | 374 + + Cryptlib/OpenSSL/crypto/asn1/x_req.c | 116 + + Cryptlib/OpenSSL/crypto/asn1/x_sig.c | 82 +- + Cryptlib/OpenSSL/crypto/asn1/x_spki.c | 65 +- + Cryptlib/OpenSSL/crypto/asn1/x_val.c | 63 +- + Cryptlib/OpenSSL/crypto/asn1/x_x509.c | 289 + + Cryptlib/OpenSSL/crypto/asn1/x_x509a.c | 196 + + Cryptlib/OpenSSL/crypto/async/arch/async_null.c | 23 - + Cryptlib/OpenSSL/crypto/async/arch/async_null.h | 30 - + Cryptlib/OpenSSL/crypto/async/arch/async_posix.c | 58 - + Cryptlib/OpenSSL/crypto/async/arch/async_posix.h | 58 - + Cryptlib/OpenSSL/crypto/async/arch/async_win.c | 55 - + Cryptlib/OpenSSL/crypto/async/arch/async_win.h | 36 - + Cryptlib/OpenSSL/crypto/async/async.c | 433 - + Cryptlib/OpenSSL/crypto/async/async_err.c | 51 - + Cryptlib/OpenSSL/crypto/async/async_locl.h | 77 - + Cryptlib/OpenSSL/crypto/async/async_wait.c | 211 - + Cryptlib/OpenSSL/crypto/bio/b_addr.c | 897 -- + Cryptlib/OpenSSL/crypto/bio/b_dump.c | 78 +- + Cryptlib/OpenSSL/crypto/bio/b_print.c | 297 +- + Cryptlib/OpenSSL/crypto/bio/b_sock.c | 921 +- + Cryptlib/OpenSSL/crypto/bio/b_sock2.c | 270 - + Cryptlib/OpenSSL/crypto/bio/bf_buff.c | 102 +- + Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c | 319 - + Cryptlib/OpenSSL/crypto/bio/bf_nbio.c | 87 +- + Cryptlib/OpenSSL/crypto/bio/bf_null.c | 69 +- + Cryptlib/OpenSSL/crypto/bio/bio_cb.c | 78 +- + Cryptlib/OpenSSL/crypto/bio/bio_err.c | 144 +- + Cryptlib/OpenSSL/crypto/bio/bio_lcl.h | 154 +- + Cryptlib/OpenSSL/crypto/bio/bio_lib.c | 246 +- + Cryptlib/OpenSSL/crypto/bio/bio_meth.c | 145 - + Cryptlib/OpenSSL/crypto/bio/bss_acpt.c | 490 +- + Cryptlib/OpenSSL/crypto/bio/bss_bio.c | 126 +- + Cryptlib/OpenSSL/crypto/bio/bss_conn.c | 399 +- + Cryptlib/OpenSSL/crypto/bio/bss_dgram.c | 417 +- + Cryptlib/OpenSSL/crypto/bio/bss_fd.c | 79 +- + Cryptlib/OpenSSL/crypto/bio/bss_file.c | 251 +- + Cryptlib/OpenSSL/crypto/bio/bss_log.c | 91 +- + Cryptlib/OpenSSL/crypto/bio/bss_mem.c | 224 +- + Cryptlib/OpenSSL/crypto/bio/bss_null.c | 69 +- + Cryptlib/OpenSSL/crypto/bio/bss_sock.c | 90 +- + Cryptlib/OpenSSL/crypto/bn/bn.h | 951 ++ + Cryptlib/OpenSSL/crypto/bn/bn_add.c | 202 +- + Cryptlib/OpenSSL/crypto/bn/bn_asm.c | 72 +- + Cryptlib/OpenSSL/crypto/bn/bn_blind.c | 196 +- + Cryptlib/OpenSSL/crypto/bn/bn_const.c | 28 +- + Cryptlib/OpenSSL/crypto/bn/bn_ctx.c | 203 +- + Cryptlib/OpenSSL/crypto/bn/bn_depr.c | 81 +- + Cryptlib/OpenSSL/crypto/bn/bn_dh.c | 220 - + Cryptlib/OpenSSL/crypto/bn/bn_div.c | 82 +- + Cryptlib/OpenSSL/crypto/bn/bn_err.c | 81 +- + Cryptlib/OpenSSL/crypto/bn/bn_exp.c | 148 +- + Cryptlib/OpenSSL/crypto/bn/bn_exp2.c | 118 +- + Cryptlib/OpenSSL/crypto/bn/bn_gcd.c | 172 +- + Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c | 122 +- + Cryptlib/OpenSSL/crypto/bn/bn_intern.c | 210 - + Cryptlib/OpenSSL/crypto/bn/bn_kron.c | 62 +- + Cryptlib/OpenSSL/crypto/bn/bn_lcl.h | 406 +- + Cryptlib/OpenSSL/crypto/bn/bn_lib.c | 489 +- + Cryptlib/OpenSSL/crypto/bn/bn_mod.c | 129 +- + Cryptlib/OpenSSL/crypto/bn/bn_mont.c | 166 +- + Cryptlib/OpenSSL/crypto/bn/bn_mpi.c | 88 +- + Cryptlib/OpenSSL/crypto/bn/bn_mul.c | 154 +- + Cryptlib/OpenSSL/crypto/bn/bn_nist.c | 109 +- + Cryptlib/OpenSSL/crypto/bn/bn_prime.c | 400 +- + Cryptlib/OpenSSL/crypto/bn/bn_prime.h | 588 +- + Cryptlib/OpenSSL/crypto/bn/bn_print.c | 105 +- + Cryptlib/OpenSSL/crypto/bn/bn_rand.c | 210 +- + Cryptlib/OpenSSL/crypto/bn/bn_recp.c | 79 +- + Cryptlib/OpenSSL/crypto/bn/bn_shift.c | 77 +- + Cryptlib/OpenSSL/crypto/bn/bn_sqr.c | 72 +- + Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c | 65 +- + Cryptlib/OpenSSL/crypto/bn/bn_srp.c | 545 - + Cryptlib/OpenSSL/crypto/bn/bn_word.c | 66 +- + Cryptlib/OpenSSL/crypto/bn/bn_x931p.c | 95 +- + Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c | 352 - + Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h | 9 - + Cryptlib/OpenSSL/crypto/buffer/buf_err.c | 71 +- + Cryptlib/OpenSSL/crypto/buffer/buf_str.c | 137 + + Cryptlib/OpenSSL/crypto/buffer/buffer.c | 119 +- + Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c | 65 +- + Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c | 87 +- + Cryptlib/OpenSSL/crypto/cmac/cmac.c | 173 +- + Cryptlib/OpenSSL/crypto/comp/c_rle.c | 62 + + Cryptlib/OpenSSL/crypto/comp/c_zlib.c | 316 +- + Cryptlib/OpenSSL/crypto/comp/comp_err.c | 76 +- + Cryptlib/OpenSSL/crypto/comp/comp_lcl.h | 30 - + Cryptlib/OpenSSL/crypto/comp/comp_lib.c | 37 +- + Cryptlib/OpenSSL/crypto/conf/conf_api.c | 149 +- + Cryptlib/OpenSSL/crypto/conf/conf_def.c | 135 +- + Cryptlib/OpenSSL/crypto/conf/conf_def.h | 120 +- + Cryptlib/OpenSSL/crypto/conf/conf_err.c | 84 +- + Cryptlib/OpenSSL/crypto/conf/conf_lib.c | 128 +- + Cryptlib/OpenSSL/crypto/conf/conf_mall.c | 68 +- + Cryptlib/OpenSSL/crypto/conf/conf_mod.c | 140 +- + Cryptlib/OpenSSL/crypto/conf/conf_sap.c | 89 +- + Cryptlib/OpenSSL/crypto/constant_time_locl.h | 211 + + Cryptlib/OpenSSL/crypto/cpt_err.c | 87 +- + Cryptlib/OpenSSL/crypto/cryptlib.c | 774 +- + Cryptlib/OpenSSL/crypto/cryptlib.h | 113 + + Cryptlib/OpenSSL/crypto/cversion.c | 92 +- + Cryptlib/OpenSSL/crypto/des/cbc_cksm.c | 103 + + Cryptlib/OpenSSL/crypto/des/cbc_enc.c | 61 + + Cryptlib/OpenSSL/crypto/des/cfb64ede.c | 249 + + Cryptlib/OpenSSL/crypto/des/cfb64enc.c | 122 + + Cryptlib/OpenSSL/crypto/des/cfb_enc.c | 199 + + Cryptlib/OpenSSL/crypto/des/des_enc.c | 389 + + Cryptlib/OpenSSL/crypto/des/des_locl.h | 443 + + Cryptlib/OpenSSL/crypto/des/des_old.c | 345 + + Cryptlib/OpenSSL/crypto/des/des_old2.c | 80 + + Cryptlib/OpenSSL/crypto/des/des_ver.h | 73 + + Cryptlib/OpenSSL/crypto/des/ecb3_enc.c | 82 + + Cryptlib/OpenSSL/crypto/des/ecb_enc.c | 124 + + Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c | 189 + + Cryptlib/OpenSSL/crypto/des/enc_read.c | 235 + + Cryptlib/OpenSSL/crypto/des/enc_writ.c | 182 + + Cryptlib/OpenSSL/crypto/des/fcrypt.c | 167 + + Cryptlib/OpenSSL/crypto/des/fcrypt_b.c | 140 + + Cryptlib/OpenSSL/crypto/des/ncbc_enc.c | 154 + + Cryptlib/OpenSSL/crypto/des/ofb64ede.c | 123 + + Cryptlib/OpenSSL/crypto/des/ofb64enc.c | 109 + + Cryptlib/OpenSSL/crypto/des/ofb_enc.c | 131 + + Cryptlib/OpenSSL/crypto/des/pcbc_enc.c | 115 + + Cryptlib/OpenSSL/crypto/des/qud_cksm.c | 143 + + Cryptlib/OpenSSL/crypto/des/rand_key.c | 67 + + Cryptlib/OpenSSL/crypto/des/read2pwd.c | 144 + + Cryptlib/OpenSSL/crypto/des/rpc_des.h | 130 + + Cryptlib/OpenSSL/crypto/des/rpc_enc.c | 100 + + Cryptlib/OpenSSL/crypto/des/set_key.c | 447 + + Cryptlib/OpenSSL/crypto/des/spr.h | 212 + + Cryptlib/OpenSSL/crypto/des/str2key.c | 164 + + Cryptlib/OpenSSL/crypto/des/xcbc_enc.c | 216 + + Cryptlib/OpenSSL/crypto/dh/dh_ameth.c | 277 +- + Cryptlib/OpenSSL/crypto/dh/dh_asn1.c | 79 +- + Cryptlib/OpenSSL/crypto/dh/dh_check.c | 136 +- + Cryptlib/OpenSSL/crypto/dh/dh_depr.c | 86 +- + Cryptlib/OpenSSL/crypto/dh/dh_err.c | 105 +- + Cryptlib/OpenSSL/crypto/dh/dh_gen.c | 92 +- + Cryptlib/OpenSSL/crypto/dh/dh_kdf.c | 150 - + Cryptlib/OpenSSL/crypto/dh/dh_key.c | 132 +- + Cryptlib/OpenSSL/crypto/dh/dh_lib.c | 333 +- + Cryptlib/OpenSSL/crypto/dh/dh_locl.h | 56 - + Cryptlib/OpenSSL/crypto/dh/dh_meth.c | 173 - + Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c | 157 +- + Cryptlib/OpenSSL/crypto/dh/dh_prn.c | 65 +- + Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c | 294 +- + Cryptlib/OpenSSL/crypto/dso/dso_beos.c | 253 + + Cryptlib/OpenSSL/crypto/dso/dso_dl.c | 155 +- + Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c | 149 +- + Cryptlib/OpenSSL/crypto/dso/dso_err.c | 131 +- + Cryptlib/OpenSSL/crypto/dso/dso_lib.c | 247 +- + Cryptlib/OpenSSL/crypto/dso/dso_locl.h | 106 - + Cryptlib/OpenSSL/crypto/dso/dso_null.c | 92 + + Cryptlib/OpenSSL/crypto/dso/dso_openssl.c | 87 +- + Cryptlib/OpenSSL/crypto/dso/dso_vms.c | 127 +- + Cryptlib/OpenSSL/crypto/dso/dso_win32.c | 275 +- + Cryptlib/OpenSSL/crypto/ebcdic.c | 102 +- + Cryptlib/OpenSSL/crypto/err/err.c | 710 +- + Cryptlib/OpenSSL/crypto/err/err_all.c | 185 +- + Cryptlib/OpenSSL/crypto/err/err_prn.c | 109 +- + Cryptlib/OpenSSL/crypto/evp/bio_b64.c | 197 +- + Cryptlib/OpenSSL/crypto/evp/bio_enc.c | 280 +- + Cryptlib/OpenSSL/crypto/evp/bio_md.c | 171 +- + Cryptlib/OpenSSL/crypto/evp/bio_ok.c | 260 +- + Cryptlib/OpenSSL/crypto/evp/c_all.c | 85 + + Cryptlib/OpenSSL/crypto/evp/c_allc.c | 105 +- + Cryptlib/OpenSSL/crypto/evp/c_alld.c | 95 +- + Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c | 151 - + Cryptlib/OpenSSL/crypto/evp/digest.c | 297 +- + Cryptlib/OpenSSL/crypto/evp/e_aes.c | 1528 +-- + Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c | 269 +- + .../OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c | 252 +- + Cryptlib/OpenSSL/crypto/evp/e_bf.c | 65 +- + Cryptlib/OpenSSL/crypto/evp/e_camellia.c | 162 +- + Cryptlib/OpenSSL/crypto/evp/e_cast.c | 65 +- + Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c | 454 - + Cryptlib/OpenSSL/crypto/evp/e_des.c | 149 +- + Cryptlib/OpenSSL/crypto/evp/e_des3.c | 229 +- + Cryptlib/OpenSSL/crypto/evp/e_idea.c | 95 +- + Cryptlib/OpenSSL/crypto/evp/e_null.c | 70 +- + Cryptlib/OpenSSL/crypto/evp/e_old.c | 73 +- + Cryptlib/OpenSSL/crypto/evp/e_rc2.c | 80 +- + Cryptlib/OpenSSL/crypto/evp/e_rc4.c | 69 +- + Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c | 72 +- + Cryptlib/OpenSSL/crypto/evp/e_rc5.c | 66 +- + Cryptlib/OpenSSL/crypto/evp/e_seed.c | 66 +- + Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c | 77 +- + Cryptlib/OpenSSL/crypto/evp/encode.c | 130 +- + Cryptlib/OpenSSL/crypto/evp/evp_acnf.c | 73 + + Cryptlib/OpenSSL/crypto/evp/evp_cnf.c | 71 +- + Cryptlib/OpenSSL/crypto/evp/evp_enc.c | 287 +- + Cryptlib/OpenSSL/crypto/evp/evp_err.c | 163 +- + Cryptlib/OpenSSL/crypto/evp/evp_key.c | 93 +- + Cryptlib/OpenSSL/crypto/evp/evp_lib.c | 308 +- + Cryptlib/OpenSSL/crypto/evp/evp_locl.h | 421 +- + Cryptlib/OpenSSL/crypto/evp/evp_pbe.c | 137 +- + Cryptlib/OpenSSL/crypto/evp/evp_pkey.c | 121 +- + Cryptlib/OpenSSL/crypto/evp/m_dss.c | 104 + + Cryptlib/OpenSSL/crypto/evp/m_dss1.c | 105 + + Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c | 154 + + Cryptlib/OpenSSL/crypto/evp/m_md2.c | 78 +- + Cryptlib/OpenSSL/crypto/evp/m_md4.c | 77 +- + Cryptlib/OpenSSL/crypto/evp/m_md5.c | 76 +- + Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c | 142 - + Cryptlib/OpenSSL/crypto/evp/m_mdc2.c | 77 +- + Cryptlib/OpenSSL/crypto/evp/m_null.c | 65 +- + Cryptlib/OpenSSL/crypto/evp/m_ripemd.c | 78 +- + Cryptlib/OpenSSL/crypto/evp/m_sha.c | 106 + + Cryptlib/OpenSSL/crypto/evp/m_sha1.c | 178 +- + Cryptlib/OpenSSL/crypto/evp/m_sigver.c | 140 +- + Cryptlib/OpenSSL/crypto/evp/m_wp.c | 20 +- + Cryptlib/OpenSSL/crypto/evp/names.c | 99 +- + Cryptlib/OpenSSL/crypto/evp/p5_crpt.c | 92 +- + Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c | 157 +- + Cryptlib/OpenSSL/crypto/evp/p_dec.c | 73 +- + Cryptlib/OpenSSL/crypto/evp/p_enc.c | 72 +- + Cryptlib/OpenSSL/crypto/evp/p_lib.c | 264 +- + Cryptlib/OpenSSL/crypto/evp/p_open.c | 88 +- + Cryptlib/OpenSSL/crypto/evp/p_seal.c | 69 +- + Cryptlib/OpenSSL/crypto/evp/p_sign.c | 154 +- + Cryptlib/OpenSSL/crypto/evp/p_verify.c | 133 +- + Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c | 69 +- + Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c | 79 +- + Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c | 330 +- + Cryptlib/OpenSSL/crypto/evp/scrypt.c | 248 - + Cryptlib/OpenSSL/crypto/ex_data.c | 736 +- + Cryptlib/OpenSSL/crypto/fips_ers.c | 7 + + Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c | 80 +- + Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c | 146 +- + Cryptlib/OpenSSL/crypto/hmac/hmac.c | 252 +- + Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h | 33 - + .../OpenSSL/crypto/include/internal/asn1_int.h | 94 - + Cryptlib/OpenSSL/crypto/include/internal/async.h | 14 - + Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h | 17 - + Cryptlib/OpenSSL/crypto/include/internal/bn_int.h | 82 - + Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h | 32 - + Cryptlib/OpenSSL/crypto/include/internal/chacha.h | 49 - + .../OpenSSL/crypto/include/internal/cryptlib.h | 81 - + .../OpenSSL/crypto/include/internal/cryptlib_int.h | 31 - + Cryptlib/OpenSSL/crypto/include/internal/engine.h | 20 - + Cryptlib/OpenSSL/crypto/include/internal/err_int.h | 17 - + Cryptlib/OpenSSL/crypto/include/internal/evp_int.h | 389 - + .../OpenSSL/crypto/include/internal/md32_common.h | 383 - + Cryptlib/OpenSSL/crypto/include/internal/objects.h | 12 - + .../OpenSSL/crypto/include/internal/poly1305.h | 19 - + Cryptlib/OpenSSL/crypto/include/internal/rand.h | 20 - + .../OpenSSL/crypto/include/internal/x509_int.h | 267 - + Cryptlib/OpenSSL/crypto/init.c | 664 -- + Cryptlib/OpenSSL/crypto/kdf/hkdf.c | 293 - + Cryptlib/OpenSSL/crypto/kdf/kdf_err.c | 46 - + Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c | 265 - + Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c | 162 + + Cryptlib/OpenSSL/crypto/lhash/lh_stats.c | 178 +- + Cryptlib/OpenSSL/crypto/lhash/lhash.c | 245 +- + Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h | 42 - + Cryptlib/OpenSSL/crypto/md32_common.h | 436 + + Cryptlib/OpenSSL/crypto/md4/md4_dgst.c | 199 + + Cryptlib/OpenSSL/crypto/md4/md4_locl.h | 113 + + Cryptlib/OpenSSL/crypto/md4/md4_one.c | 96 + + Cryptlib/OpenSSL/crypto/md5/md5_dgst.c | 98 +- + Cryptlib/OpenSSL/crypto/md5/md5_locl.h | 69 +- + Cryptlib/OpenSSL/crypto/md5/md5_one.c | 61 +- + Cryptlib/OpenSSL/crypto/mem.c | 484 +- + Cryptlib/OpenSSL/crypto/mem_clr.c | 62 +- + Cryptlib/OpenSSL/crypto/mem_dbg.c | 761 +- + Cryptlib/OpenSSL/crypto/mem_sec.c | 585 -- + Cryptlib/OpenSSL/crypto/modes/cbc128.c | 64 +- + Cryptlib/OpenSSL/crypto/modes/ccm128.c | 59 +- + Cryptlib/OpenSSL/crypto/modes/cfb128.c | 70 +- + Cryptlib/OpenSSL/crypto/modes/ctr128.c | 70 +- + Cryptlib/OpenSSL/crypto/modes/cts128.c | 33 +- + Cryptlib/OpenSSL/crypto/modes/gcm128.c | 269 +- + Cryptlib/OpenSSL/crypto/modes/modes_lcl.h | 50 +- + Cryptlib/OpenSSL/crypto/modes/ocb128.c | 568 - + Cryptlib/OpenSSL/crypto/modes/ofb128.c | 62 +- + Cryptlib/OpenSSL/crypto/modes/wrap128.c | 311 +- + Cryptlib/OpenSSL/crypto/modes/xts128.c | 59 +- + Cryptlib/OpenSSL/crypto/o_dir.c | 62 +- + Cryptlib/OpenSSL/crypto/o_dir.h | 55 + + Cryptlib/OpenSSL/crypto/o_fips.c | 76 +- + Cryptlib/OpenSSL/crypto/o_fopen.c | 103 - + Cryptlib/OpenSSL/crypto/o_init.c | 62 +- + Cryptlib/OpenSSL/crypto/o_str.c | 324 +- + Cryptlib/OpenSSL/crypto/o_str.h | 69 + + Cryptlib/OpenSSL/crypto/o_time.c | 139 +- + Cryptlib/OpenSSL/crypto/o_time.h | 70 + + Cryptlib/OpenSSL/crypto/objects/o_names.c | 133 +- + Cryptlib/OpenSSL/crypto/objects/obj_dat.c | 229 +- + Cryptlib/OpenSSL/crypto/objects/obj_dat.h | 10396 ++++++++++--------- + Cryptlib/OpenSSL/crypto/objects/obj_err.c | 70 +- + Cryptlib/OpenSSL/crypto/objects/obj_lcl.h | 14 - + Cryptlib/OpenSSL/crypto/objects/obj_lib.c | 127 +- + Cryptlib/OpenSSL/crypto/objects/obj_xref.c | 99 +- + Cryptlib/OpenSSL/crypto/objects/obj_xref.h | 21 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c | 80 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c | 150 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c | 90 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c | 220 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c | 86 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h | 216 - + Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c | 148 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c | 107 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c | 186 +- + Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c | 214 +- + Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c | 264 - + Cryptlib/OpenSSL/crypto/pem/pem_all.c | 278 +- + Cryptlib/OpenSSL/crypto/pem/pem_err.c | 112 +- + Cryptlib/OpenSSL/crypto/pem/pem_info.c | 104 +- + Cryptlib/OpenSSL/crypto/pem/pem_lib.c | 422 +- + Cryptlib/OpenSSL/crypto/pem/pem_oth.c | 64 +- + Cryptlib/OpenSSL/crypto/pem/pem_pk8.c | 82 +- + Cryptlib/OpenSSL/crypto/pem/pem_pkey.c | 106 +- + Cryptlib/OpenSSL/crypto/pem/pem_seal.c | 191 + + Cryptlib/OpenSSL/crypto/pem/pem_sign.c | 77 +- + Cryptlib/OpenSSL/crypto/pem/pem_x509.c | 62 +- + Cryptlib/OpenSSL/crypto/pem/pem_xaux.c | 64 +- + Cryptlib/OpenSSL/crypto/pem/pvkfmt.c | 404 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 130 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c | 63 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c | 116 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c | 87 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c | 115 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c | 107 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c | 73 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c | 139 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c | 108 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h | 43 - + Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 206 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 86 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c | 71 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c | 110 +- + Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c | 170 - + Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c | 260 +- + Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c | 88 +- + Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c | 58 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c | 62 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c | 96 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c | 15 - + Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c | 321 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c | 25 - + Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c | 115 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 59 +- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c | 148 +- + Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c | 106 +- + Cryptlib/OpenSSL/crypto/rand/md_rand.c | 540 +- + Cryptlib/OpenSSL/crypto/rand/rand_egd.c | 249 - + Cryptlib/OpenSSL/crypto/rand/rand_err.c | 77 +- + Cryptlib/OpenSSL/crypto/rand/rand_lcl.h | 128 +- + Cryptlib/OpenSSL/crypto/rand/rand_lib.c | 210 +- + Cryptlib/OpenSSL/crypto/rand/rand_unix.c | 159 +- + Cryptlib/OpenSSL/crypto/rand/rand_vms.c | 133 - + Cryptlib/OpenSSL/crypto/rand/rand_win.c | 135 - + Cryptlib/OpenSSL/crypto/rand/randfile.c | 276 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c | 290 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h | 13 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c | 76 +- + Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c | 62 + + Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c | 221 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c | 78 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c | 89 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c | 145 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c | 92 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c | 904 ++ + Cryptlib/OpenSSL/crypto/rsa/rsa_err.c | 138 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c | 166 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c | 393 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h | 92 - + Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c | 273 - + Cryptlib/OpenSSL/crypto/rsa/rsa_none.c | 65 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_null.c | 76 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c | 55 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c | 790 -- + Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c | 96 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c | 261 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c | 66 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c | 110 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c | 78 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c | 413 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c | 63 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c | 63 +- + Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c | 195 - + Cryptlib/OpenSSL/crypto/sha/sha1_one.c | 63 +- + Cryptlib/OpenSSL/crypto/sha/sha1dgst.c | 69 +- + Cryptlib/OpenSSL/crypto/sha/sha256.c | 119 +- + Cryptlib/OpenSSL/crypto/sha/sha512.c | 198 +- + Cryptlib/OpenSSL/crypto/sha/sha_dgst.c | 74 + + Cryptlib/OpenSSL/crypto/sha/sha_locl.h | 118 +- + Cryptlib/OpenSSL/crypto/sha/sha_one.c | 79 + + Cryptlib/OpenSSL/crypto/stack/stack.c | 334 +- + Cryptlib/OpenSSL/crypto/threads_none.c | 124 - + Cryptlib/OpenSSL/crypto/threads_pthread.c | 171 - + Cryptlib/OpenSSL/crypto/threads_win.c | 136 - + Cryptlib/OpenSSL/crypto/txt_db/txt_db.c | 136 +- + Cryptlib/OpenSSL/crypto/ui/ui_compat.c | 69 + + Cryptlib/OpenSSL/crypto/ui/ui_lib.c | 878 ++ + Cryptlib/OpenSSL/crypto/ui/ui_locl.h | 145 + + Cryptlib/OpenSSL/crypto/ui/ui_util.c | 97 + + Cryptlib/OpenSSL/crypto/uid.c | 60 +- + Cryptlib/OpenSSL/crypto/x509/by_dir.c | 388 - + Cryptlib/OpenSSL/crypto/x509/by_file.c | 221 - + Cryptlib/OpenSSL/crypto/x509/t_crl.c | 89 - + Cryptlib/OpenSSL/crypto/x509/t_req.c | 198 - + Cryptlib/OpenSSL/crypto/x509/t_x509.c | 376 - + Cryptlib/OpenSSL/crypto/x509/vpm_int.h | 70 + + Cryptlib/OpenSSL/crypto/x509/x509_att.c | 105 +- + Cryptlib/OpenSSL/crypto/x509/x509_cmp.c | 215 +- + Cryptlib/OpenSSL/crypto/x509/x509_d2.c | 66 +- + Cryptlib/OpenSSL/crypto/x509/x509_def.c | 63 +- + Cryptlib/OpenSSL/crypto/x509/x509_err.c | 88 +- + Cryptlib/OpenSSL/crypto/x509/x509_ext.c | 141 +- + Cryptlib/OpenSSL/crypto/x509/x509_lcl.h | 142 - + Cryptlib/OpenSSL/crypto/x509/x509_lu.c | 599 +- + Cryptlib/OpenSSL/crypto/x509/x509_obj.c | 72 +- + Cryptlib/OpenSSL/crypto/x509/x509_r2x.c | 92 +- + Cryptlib/OpenSSL/crypto/x509/x509_req.c | 188 +- + Cryptlib/OpenSSL/crypto/x509/x509_set.c | 203 +- + Cryptlib/OpenSSL/crypto/x509/x509_trs.c | 184 +- + Cryptlib/OpenSSL/crypto/x509/x509_txt.c | 113 +- + Cryptlib/OpenSSL/crypto/x509/x509_v3.c | 84 +- + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 2364 ++--- + Cryptlib/OpenSSL/crypto/x509/x509_vpm.c | 291 +- + Cryptlib/OpenSSL/crypto/x509/x509cset.c | 219 +- + Cryptlib/OpenSSL/crypto/x509/x509name.c | 109 +- + Cryptlib/OpenSSL/crypto/x509/x509rset.c | 77 +- + Cryptlib/OpenSSL/crypto/x509/x509spki.c | 68 +- + Cryptlib/OpenSSL/crypto/x509/x509type.c | 78 +- + Cryptlib/OpenSSL/crypto/x509/x_all.c | 152 +- + Cryptlib/OpenSSL/crypto/x509/x_attrib.c | 55 - + Cryptlib/OpenSSL/crypto/x509/x_crl.c | 459 - + Cryptlib/OpenSSL/crypto/x509/x_exten.c | 28 - + Cryptlib/OpenSSL/crypto/x509/x_name.c | 557 - + Cryptlib/OpenSSL/crypto/x509/x_pubkey.c | 374 - + Cryptlib/OpenSSL/crypto/x509/x_req.c | 68 - + Cryptlib/OpenSSL/crypto/x509/x_x509.c | 224 - + Cryptlib/OpenSSL/crypto/x509/x_x509a.c | 169 - + Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h | 152 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c | 101 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c | 82 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h | 66 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c | 71 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c | 69 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c | 79 +- + Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c | 607 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c | 179 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c | 91 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c | 62 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 137 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c | 132 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c | 70 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c | 73 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c | 195 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c | 118 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c | 131 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c | 69 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c | 67 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c | 64 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c | 88 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_info.c | 85 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_int.c | 65 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c | 189 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c | 178 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c | 312 + + Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c | 62 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c | 10 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c | 70 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c | 63 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c | 88 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c | 115 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c | 183 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c | 98 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c | 117 +- + Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c | 137 - + Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c | 356 +- + Cryptlib/OpenSSL/crypto/x509v3/v3err.c | 152 +- + Cryptlib/OpenSSL/e_os.h | 444 +- + .../OpenSSL/openssl-bio-b_print-disable-sse.patch | 22 +- + Cryptlib/OpenSSL/update.sh | 555 +- + Cryptlib/Pem/CryptPem.c | 135 + + Cryptlib/Pem/CryptPemNull.c | 44 - + Cryptlib/Pk/CryptPkcs7Verify.c | 68 +- + Cryptlib/Pk/CryptRsaBasic.c | 189 +- + Cryptlib/Pk/CryptTs.c | 20 +- + Cryptlib/Pk/CryptX509.c | 41 +- + Cryptlib/SysCall/BaseMemAllocation.c | 5 +- + Cryptlib/SysCall/BaseStrings.c | 70 +- + Cryptlib/SysCall/CrtWrapper.c | 189 +- + Cryptlib/SysCall/TimerWrapper.c | 4 +- + Cryptlib/opensslconf-diff.patch | 24 - + Cryptlib/update.sh | 10 +- + MokManager.c | 4 +- + PasswordCrypt.c | 17 + + shim.c | 2 + + 713 files changed, 81238 insertions(+), 52511 deletions(-) + delete mode 100644 Cryptlib/Include/CrtLibSupport.h + create mode 100644 Cryptlib/Include/OpenSslSupport.h + delete mode 100644 Cryptlib/Include/internal/bio.h + delete mode 100644 Cryptlib/Include/internal/comp.h + delete mode 100644 Cryptlib/Include/internal/conf.h + delete mode 100644 Cryptlib/Include/internal/constant_time_locl.h + delete mode 100644 Cryptlib/Include/internal/dane.h + delete mode 100644 Cryptlib/Include/internal/dso.h + delete mode 100644 Cryptlib/Include/internal/dso_conf.h + delete mode 100644 Cryptlib/Include/internal/err.h + delete mode 100644 Cryptlib/Include/internal/numbers.h + delete mode 100644 Cryptlib/Include/internal/o_dir.h + delete mode 100644 Cryptlib/Include/internal/o_str.h + delete mode 100644 Cryptlib/Include/internal/thread_once.h + create mode 100644 Cryptlib/Include/openssl/README + delete mode 100644 Cryptlib/Include/openssl/async.h + delete mode 100644 Cryptlib/Include/openssl/ct.h + create mode 100644 Cryptlib/Include/openssl/des_old.h + create mode 100644 Cryptlib/Include/openssl/dso.h + delete mode 100644 Cryptlib/Include/openssl/kdf.h + create mode 100644 Cryptlib/Include/openssl/krb5_asn.h + create mode 100644 Cryptlib/Include/openssl/kssl.h + delete mode 100644 Cryptlib/Include/openssl/md2.h + create mode 100644 Cryptlib/Include/openssl/pqueue.h + delete mode 100644 Cryptlib/Include/openssl/rc5.h + create mode 100644 Cryptlib/Include/openssl/ssl23.h + create mode 100644 Cryptlib/Include/openssl/ui_compat.h + create mode 100644 Cryptlib/OpenSSL/crypto/aes/aes_ctr.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_bool.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_bytes.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_enum.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/a_set.c + delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/f_enum.c + delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_crl.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_req.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/t_x509a.c + delete mode 100644 Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_attrib.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_crl.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_exten.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_name.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_nx509.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_req.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509.c + create mode 100644 Cryptlib/OpenSSL/crypto/asn1/x_x509a.c + delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_null.c + delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_null.h + delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_posix.c + delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_posix.h + delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_win.c + delete mode 100644 Cryptlib/OpenSSL/crypto/async/arch/async_win.h + delete mode 100644 Cryptlib/OpenSSL/crypto/async/async.c + delete mode 100644 Cryptlib/OpenSSL/crypto/async/async_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/async/async_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/async/async_wait.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bio/b_addr.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bio/b_sock2.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bio/bio_meth.c + create mode 100644 Cryptlib/OpenSSL/crypto/bn/bn.h + delete mode 100644 Cryptlib/OpenSSL/crypto/bn/bn_dh.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bn/bn_intern.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bn/bn_srp.c + delete mode 100644 Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c + create mode 100644 Cryptlib/OpenSSL/crypto/buffer/buf_str.c + create mode 100644 Cryptlib/OpenSSL/crypto/comp/c_rle.c + delete mode 100644 Cryptlib/OpenSSL/crypto/comp/comp_lcl.h + create mode 100644 Cryptlib/OpenSSL/crypto/constant_time_locl.h + create mode 100644 Cryptlib/OpenSSL/crypto/cryptlib.h + create mode 100644 Cryptlib/OpenSSL/crypto/des/cbc_cksm.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/cbc_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/cfb64ede.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/cfb64enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/cfb_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/des_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/des_locl.h + create mode 100644 Cryptlib/OpenSSL/crypto/des/des_old.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/des_old2.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/des_ver.h + create mode 100644 Cryptlib/OpenSSL/crypto/des/ecb3_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/ecb_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/enc_read.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/enc_writ.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/fcrypt.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/fcrypt_b.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/ncbc_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/ofb64ede.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/ofb64enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/ofb_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/pcbc_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/qud_cksm.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/rand_key.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/read2pwd.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/rpc_des.h + create mode 100644 Cryptlib/OpenSSL/crypto/des/rpc_enc.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/set_key.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/spr.h + create mode 100644 Cryptlib/OpenSSL/crypto/des/str2key.c + create mode 100644 Cryptlib/OpenSSL/crypto/des/xcbc_enc.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_kdf.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_locl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/dh/dh_meth.c + create mode 100644 Cryptlib/OpenSSL/crypto/dso/dso_beos.c + delete mode 100644 Cryptlib/OpenSSL/crypto/dso/dso_locl.h + create mode 100644 Cryptlib/OpenSSL/crypto/dso/dso_null.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/c_all.c + delete mode 100644 Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/evp_acnf.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_dss.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_dss1.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c + delete mode 100644 Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c + create mode 100644 Cryptlib/OpenSSL/crypto/evp/m_sha.c + delete mode 100644 Cryptlib/OpenSSL/crypto/evp/scrypt.c + create mode 100644 Cryptlib/OpenSSL/crypto/fips_ers.c + delete mode 100644 Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/async.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/bn_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/chacha.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/engine.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/err_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/evp_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/md32_common.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/objects.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/poly1305.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/rand.h + delete mode 100644 Cryptlib/OpenSSL/crypto/include/internal/x509_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/init.c + delete mode 100644 Cryptlib/OpenSSL/crypto/kdf/hkdf.c + delete mode 100644 Cryptlib/OpenSSL/crypto/kdf/kdf_err.c + delete mode 100644 Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c + create mode 100644 Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c + delete mode 100644 Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h + create mode 100644 Cryptlib/OpenSSL/crypto/md32_common.h + create mode 100644 Cryptlib/OpenSSL/crypto/md4/md4_dgst.c + create mode 100644 Cryptlib/OpenSSL/crypto/md4/md4_locl.h + create mode 100644 Cryptlib/OpenSSL/crypto/md4/md4_one.c + delete mode 100644 Cryptlib/OpenSSL/crypto/mem_sec.c + delete mode 100644 Cryptlib/OpenSSL/crypto/modes/ocb128.c + create mode 100644 Cryptlib/OpenSSL/crypto/o_dir.h + delete mode 100644 Cryptlib/OpenSSL/crypto/o_fopen.c + create mode 100644 Cryptlib/OpenSSL/crypto/o_str.h + create mode 100644 Cryptlib/OpenSSL/crypto/o_time.h + delete mode 100644 Cryptlib/OpenSSL/crypto/objects/obj_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c + create mode 100644 Cryptlib/OpenSSL/crypto/pem/pem_seal.c + delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c + delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c + delete mode 100644 Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_egd.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_vms.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rand/rand_win.c + create mode 100644 Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c + create mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c + create mode 100644 Cryptlib/OpenSSL/crypto/sha/sha_dgst.c + create mode 100644 Cryptlib/OpenSSL/crypto/sha/sha_one.c + delete mode 100644 Cryptlib/OpenSSL/crypto/threads_none.c + delete mode 100644 Cryptlib/OpenSSL/crypto/threads_pthread.c + delete mode 100644 Cryptlib/OpenSSL/crypto/threads_win.c + create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_compat.c + create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_lib.c + create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_locl.h + create mode 100644 Cryptlib/OpenSSL/crypto/ui/ui_util.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/by_dir.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/by_file.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/t_crl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/t_req.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/t_x509.c + create mode 100644 Cryptlib/OpenSSL/crypto/x509/vpm_int.h + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x509_lcl.h + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_attrib.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_crl.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_exten.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_name.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_pubkey.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_req.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_x509.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509/x_x509a.c + create mode 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c + delete mode 100644 Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c + create mode 100644 Cryptlib/Pem/CryptPem.c + delete mode 100644 Cryptlib/Pem/CryptPemNull.c + delete mode 100644 Cryptlib/opensslconf-diff.patch + +diff --git a/Cryptlib/Cryptlib.diff b/Cryptlib/Cryptlib.diff +index 5a56470..a2f49d6 100644 +--- a/Cryptlib/Cryptlib.diff ++++ b/Cryptlib/Cryptlib.diff +@@ -1,20 +1,8 @@ +-diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h +-index 99ea347..f11cffe 100644 +---- a/Cryptlib/Include/openssl/e_os2.h +-+++ b/Cryptlib/Include/openssl/e_os2.h +-@@ -234,6 +234,7 @@ extern "C" { +- +- /* Standard integer types */ +- # if defined(OPENSSL_SYS_UEFI) +-+#include +- typedef INT8 int8_t; +- typedef UINT8 uint8_t; +- typedef INT16 int16_t; + diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c +-index f390e0d..65e9938 100644 ++index 68bc25a..1abe78e 100644 + --- a/Cryptlib/SysCall/BaseMemAllocation.c + +++ b/Cryptlib/SysCall/BaseMemAllocation.c +-@@ -33,7 +33,7 @@ void *realloc (void *ptr, size_t size) ++@@ -32,7 +32,7 @@ void *realloc (void *ptr, size_t size) + // BUG: hardcode OldSize == size! We have no any knowledge about + // memory size of original pointer ptr. + // +@@ -23,33 +11,8 @@ index f390e0d..65e9938 100644 + } + + /* De-allocates or frees a memory block */ +-diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c +-index 20c9656..7878953 100644 +---- a/Cryptlib/SysCall/CrtWrapper.c +-+++ b/Cryptlib/SysCall/CrtWrapper.c +-@@ -371,20 +371,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) +- return 0; +- } +- +--// +--// -- Dummy OpenSSL Support Routines -- +--// +-- +--int BIO_printf (void *bio, const char *format, ...) +--{ +-- return 0; +--} +-- +--int BIO_snprintf(char *buf, size_t n, const char *format, ...) +--{ +-- return 0; +--} +-- +- #ifdef __GNUC__ +- +- typedef + diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c +-index 581b8fb..04fe4ef 100644 ++index 805e6b4..bb7bcba 100644 + --- a/Cryptlib/SysCall/TimerWrapper.c + +++ b/Cryptlib/SysCall/TimerWrapper.c + @@ -13,9 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +@@ -57,12 +20,12 @@ index 581b8fb..04fe4ef 100644 + **/ + + -#include +- #include ++ #include + -#include + + // + // -- Time Management Routines -- +-@@ -79,7 +77,7 @@ time_t time (time_t *timer) ++@@ -78,7 +76,7 @@ time_t time (time_t *timer) + // + // Get the current time and date information + // +@@ -71,3 +34,24 @@ index 581b8fb..04fe4ef 100644 + + // + // Years Handling ++diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c ++index fb446b6..5a8322d 100644 ++--- a/Cryptlib/SysCall/CrtWrapper.c +++++ b/Cryptlib/SysCall/CrtWrapper.c ++@@ -293,16 +293,6 @@ size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) ++ // -- Dummy OpenSSL Support Routines -- ++ // ++ ++-int BIO_printf (void *bio, const char *format, ...) ++-{ ++- return 0; ++-} ++- ++-int BIO_snprintf(char *buf, size_t n, const char *format, ...) ++-{ ++- return 0; ++-} ++- ++ void *UI_OpenSSL(void) ++ { ++ return NULL; +diff --git a/Cryptlib/Hmac/CryptHmacMd5Null.c b/Cryptlib/Hmac/CryptHmacMd5Null.c +index bfe68ab..b4bdde0 100644 +--- a/Cryptlib/Hmac/CryptHmacMd5Null.c ++++ b/Cryptlib/Hmac/CryptHmacMd5Null.c +@@ -1,7 +1,7 @@ + /** @file + HMAC-MD5 Wrapper Implementation which does not provide real capabilities. + +-Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2012, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + /** + Retrieves the size, in bytes, of the context buffer required for HMAC-MD5 operations. +- (NOTE: This API is deprecated. +- Use HmacMd5New() / HmacMd5Free() for HMAC-MD5 Context operations.) + + Return zero to indicate this interface is not supported. + +@@ -34,42 +32,6 @@ HmacMd5GetContextSize ( + return 0; + } + +-/** +- Allocates and initializes one HMAC_CTX context for subsequent HMAC-MD5 use. +- +- Return NULL to indicate this interface is not supported. +- +- @retval NULL This interface is not supported. +- +-**/ +-VOID * +-EFIAPI +-HmacMd5New ( +- VOID +- ) +-{ +- ASSERT (FALSE); +- return NULL; +-} +- +-/** +- Release the specified HMAC_CTX context. +- +- This function will do nothing. +- +- @param[in] HmacMd5Ctx Pointer to the HMAC_CTX context to be released. +- +-**/ +-VOID +-EFIAPI +-HmacMd5Free ( +- IN VOID *HmacMd5Ctx +- ) +-{ +- ASSERT (FALSE); +- return; +-} +- + /** + Initializes user-supplied memory pointed by HmacMd5Context as HMAC-MD5 context for + subsequent use. +diff --git a/Cryptlib/Hmac/CryptHmacSha1Null.c b/Cryptlib/Hmac/CryptHmacSha1Null.c +index 466c488..b31d0d1 100644 +--- a/Cryptlib/Hmac/CryptHmacSha1Null.c ++++ b/Cryptlib/Hmac/CryptHmacSha1Null.c +@@ -1,7 +1,7 @@ + /** @file + HMAC-SHA1 Wrapper Implementation which does not provide real capabilities. + +-Copyright (c) 2012 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2012, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + /** + Retrieves the size, in bytes, of the context buffer required for HMAC-SHA1 operations. +- (NOTE: This API is deprecated. +- Use HmacSha1New() / HmacSha1Free() for HMAC-SHA1 Context operations.) + + Return zero to indicate this interface is not supported. + +@@ -34,42 +32,6 @@ HmacSha1GetContextSize ( + return 0; + } + +-/** +- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA1 use. +- +- Return NULL to indicate this interface is not supported. +- +- @return NULL This interface is not supported.. +- +-**/ +-VOID * +-EFIAPI +-HmacSha1New ( +- VOID +- ) +-{ +- ASSERT (FALSE); +- return NULL; +-} +- +-/** +- Release the specified HMAC_CTX context. +- +- This function will do nothing. +- +- @param[in] HmacSha1Ctx Pointer to the HMAC_CTX context to be released. +- +-**/ +-VOID +-EFIAPI +-HmacSha1Free ( +- IN VOID *HmacSha1Ctx +- ) +-{ +- ASSERT (FALSE); +- return; +-} +- + /** + Initializes user-supplied memory pointed by HmacSha1Context as HMAC-SHA1 context for + subsequent use. +diff --git a/Cryptlib/Hmac/CryptHmacSha256Null.c b/Cryptlib/Hmac/CryptHmacSha256Null.c +index 1696fa1..35abdda 100644 +--- a/Cryptlib/Hmac/CryptHmacSha256Null.c ++++ b/Cryptlib/Hmac/CryptHmacSha256Null.c +@@ -1,7 +1,7 @@ + /** @file + HMAC-SHA256 Wrapper Implementation which does not provide real capabilities. + +-Copyright (c) 2016 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -16,8 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + /** + Retrieves the size, in bytes, of the context buffer required for HMAC-SHA256 operations. +- (NOTE: This API is deprecated. +- Use HmacSha256New() / HmacSha256Free() for HMAC-SHA256 Context operations.) + + Return zero to indicate this interface is not supported. + +@@ -34,42 +32,6 @@ HmacSha256GetContextSize ( + return 0; + } + +-/** +- Allocates and initializes one HMAC_CTX context for subsequent HMAC-SHA256 use. +- +- Return NULL to indicate this interface is not supported. +- +- @return NULL This interface is not supported.. +- +-**/ +-VOID * +-EFIAPI +-HmacSha256New ( +- VOID +- ) +-{ +- ASSERT (FALSE); +- return NULL; +-} +- +-/** +- Release the specified HMAC_CTX context. +- +- This function will do nothing. +- +- @param[in] HmacSha256Ctx Pointer to the HMAC_CTX context to be released. +- +-**/ +-VOID +-EFIAPI +-HmacSha256Free ( +- IN VOID *HmacSha256Ctx +- ) +-{ +- ASSERT (FALSE); +- return; +-} +- + /** + Initializes user-supplied memory pointed by HmacSha256Context as HMAC-SHA256 context for + subsequent use. +diff --git a/Cryptlib/Include/CrtLibSupport.h b/Cryptlib/Include/CrtLibSupport.h +deleted file mode 100644 +index 6312e5c..0000000 +--- a/Cryptlib/Include/CrtLibSupport.h ++++ /dev/null +@@ -1,384 +0,0 @@ +-/** @file +- Root include file of C runtime library to support building the third-party +- cryptographic library. +- +-Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#ifndef __CRT_LIB_SUPPORT_H__ +-#define __CRT_LIB_SUPPORT_H__ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-/* +- * Include stddef.h to avoid redefining "offsetof" +- */ +-#include +- +-#define OPENSSLDIR "" +-#define ENGINESDIR "" +- +-#define CONST const +- +-// +-// OpenSSL relies on explicit configuration for word size in crypto/bn, +-// but we want it to be automatically inferred from the target. So we +-// bypass what's in for OPENSSL_SYS_UEFI, and +-// define our own here. +-// +-#ifdef CONFIG_HEADER_BN_H +-#error CONFIG_HEADER_BN_H already defined +-#endif +- +-#define CONFIG_HEADER_BN_H +- +-#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64) +-// +-// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs +-// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is +-// 64-bit. Since using 'long long' works fine on GCC too, just do that. +-// +-#define SIXTY_FOUR_BIT +-#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC) +-#define THIRTY_TWO_BIT +-#else +-#error Unknown target architecture +-#endif +- +-// +-// File operations are not required for building Open SSL, +-// so FILE is mapped to VOID * to pass build +-// +-typedef VOID *FILE; +- +-// +-// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h +-// +-#if !defined(__CC_ARM) || defined(_STDARG_H) // if va_list is not already defined +-/* +- * These are now unconditionally #defined by GNU_EFI's efistdarg.h, +- * so we should #undef them here before providing a new definition. +- */ +-#undef va_arg +-#undef va_start +-#undef va_end +- +-#define va_list VA_LIST +-#define va_arg VA_ARG +-#define va_start VA_START +-#define va_end VA_END +- +-# if !defined(NO_BUILTIN_VA_FUNCS) +- +-typedef __builtin_va_list VA_LIST; +- +-#define VA_START(Marker, Parameter) __builtin_va_start (Marker, Parameter) +- +-#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) +- +-#define VA_END(Marker) __builtin_va_end (Marker) +- +-#define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) +- +-# else +- +-#define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) +-/// +-/// Variable used to traverse the list of arguments. This type can vary by +-/// implementation and could be an array or structure. +-/// +-typedef CHAR8 *VA_LIST; +- +-/** +- Retrieves a pointer to the beginning of a variable argument list, based on +- the name of the parameter that immediately precedes the variable argument list. +- +- This function initializes Marker to point to the beginning of the variable +- argument list that immediately follows Parameter. The method for computing the +- pointer to the next argument in the argument list is CPU-specific following the +- EFIAPI ABI. +- +- @param Marker The VA_LIST used to traverse the list of arguments. +- @param Parameter The name of the parameter that immediately precedes +- the variable argument list. +- +- @return A pointer to the beginning of a variable argument list. +- +-**/ +-#define VA_START(Marker, Parameter) (Marker = (VA_LIST) ((UINTN) & (Parameter) + _INT_SIZE_OF (Parameter))) +- +-/** +- Returns an argument of a specified type from a variable argument list and updates +- the pointer to the variable argument list to point to the next argument. +- +- This function returns an argument of the type specified by TYPE from the beginning +- of the variable argument list specified by Marker. Marker is then updated to point +- to the next argument in the variable argument list. The method for computing the +- pointer to the next argument in the argument list is CPU-specific following the EFIAPI ABI. +- +- @param Marker VA_LIST used to traverse the list of arguments. +- @param TYPE The type of argument to retrieve from the beginning +- of the variable argument list. +- +- @return An argument of the type specified by TYPE. +- +-**/ +-#define VA_ARG(Marker, TYPE) (*(TYPE *) ((Marker += _INT_SIZE_OF (TYPE)) - _INT_SIZE_OF (TYPE))) +- +-/** +- Terminates the use of a variable argument list. +- +- This function initializes Marker so it can no longer be used with VA_ARG(). +- After this macro is used, the only way to access the variable argument list is +- by using VA_START() again. +- +- @param Marker VA_LIST used to traverse the list of arguments. +- +-**/ +-#define VA_END(Marker) (Marker = (VA_LIST) 0) +- +-/** +- Initializes a VA_LIST as a copy of an existing VA_LIST. +- +- This macro initializes Dest as a copy of Start, as if the VA_START macro had been applied to Dest +- followed by the same sequence of uses of the VA_ARG macro as had previously been used to reach +- the present state of Start. +- +- @param Dest VA_LIST used to traverse the list of arguments. +- @param Start VA_LIST used to traverse the list of arguments. +- +-**/ +-#define VA_COPY(Dest, Start) ((void)((Dest) = (Start))) +- +-# endif +- +-#else // __CC_ARM +-#define va_start(Marker, Parameter) __va_start(Marker, Parameter) +-#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE) +-#define va_end(Marker) ((void)0) +-#endif +- +-// +-// Definitions for global constants used by CRT library routines +-// +-#define EINVAL 22 /* Invalid argument */ +-#define INT_MAX 0x7FFFFFFF /* Maximum (signed) int value */ +-#define LONG_MAX 0X7FFFFFFFL /* max value for a long */ +-#define LONG_MIN (-LONG_MAX-1) /* min value for a long */ +-#define ULONG_MAX 0xFFFFFFFF /* Maximum unsigned long value */ +-#define CHAR_BIT 8 /* Number of bits in a char */ +- +-// +-// Macros from EFI Application Toolkit required to buiild Open SSL +-// +-/* The offsetof() macro calculates the offset of a structure member +- in its structure. Unfortunately this cannot be written down +- portably, hence it is provided by a Standard C header file. +- For pre-Standard C compilers, here is a version that usually works +- (but watch out!): */ +-#ifndef offsetof +-#define offsetof(type, member) ( (UINTN) & ((type*)0) -> member ) +-#endif +- +-// +-// Basic types mapping +-// +-typedef UINTN size_t; +-typedef INTN ssize_t; +-typedef INT32 time_t; +-typedef UINT8 __uint8_t; +-typedef UINT8 sa_family_t; +-typedef UINT32 uid_t; +-typedef UINT32 gid_t; +-typedef INT64 off_t; +-typedef UINT16 mode_t; +-typedef unsigned long clock_t; +-typedef UINT32 ino_t; +-typedef UINT32 dev_t; +-typedef UINT16 nlink_t; +-typedef int pid_t; +-typedef void *DIR; +- +-// +-// Structures Definitions +-// +-struct tm { +- int tm_sec; /* seconds after the minute [0-60] */ +- int tm_min; /* minutes after the hour [0-59] */ +- int tm_hour; /* hours since midnight [0-23] */ +- int tm_mday; /* day of the month [1-31] */ +- int tm_mon; /* months since January [0-11] */ +- int tm_year; /* years since 1900 */ +- int tm_wday; /* days since Sunday [0-6] */ +- int tm_yday; /* days since January 1 [0-365] */ +- int tm_isdst; /* Daylight Savings Time flag */ +- long tm_gmtoff; /* offset from CUT in seconds */ +- char *tm_zone; /* timezone abbreviation */ +-}; +- +-struct timeval { +- long tv_sec; /* time value, in seconds */ +- long tv_usec; /* time value, in microseconds */ +-}; +- +-struct sockaddr { +- __uint8_t sa_len; /* total length */ +- sa_family_t sa_family; /* address family */ +- char sa_data[14]; /* actually longer; address value */ +-}; +- +-struct dirent { +- UINT32 d_fileno; /* file number of entry */ +- UINT16 d_reclen; /* length of this record */ +- UINT8 d_type; /* file type, see below */ +- UINT8 d_namlen; /* length of string in d_name */ +- char d_name[255 + 1]; /* name must be no longer than this */ +-}; +- +-struct stat { +- dev_t st_dev; /* inode's device */ +- ino_t st_ino; /* inode's number */ +- mode_t st_mode; /* inode protection mode */ +- nlink_t st_nlink; /* number of hard links */ +- uid_t st_uid; /* user ID of the file's owner */ +- gid_t st_gid; /* group ID of the file's group */ +- dev_t st_rdev; /* device type */ +- time_t st_atime; /* time of last access */ +- long st_atimensec; /* nsec of last access */ +- time_t st_mtime; /* time of last data modification */ +- long st_mtimensec; /* nsec of last data modification */ +- time_t st_ctime; /* time of last file status change */ +- long st_ctimensec; /* nsec of last file status change */ +- off_t st_size; /* file size, in bytes */ +- INT64 st_blocks; /* blocks allocated for file */ +- UINT32 st_blksize; /* optimal blocksize for I/O */ +- UINT32 st_flags; /* user defined flags for file */ +- UINT32 st_gen; /* file generation number */ +- INT32 st_lspare; +- INT64 st_qspare[2]; +-}; +- +-// +-// Global variables +-// +-extern int errno; +- +-// +-// Function prototypes of CRT Library routines +-// +-void *malloc (size_t); +-void *realloc (void *, size_t); +-void free (void *); +-void *memcpy (void *, const void *, size_t); +-void *memchr (const void *, int, size_t); +-int memcmp (const void *, const void *, size_t); +-void *memmove (void *, const void *, size_t); +-void *memset (void *, int, size_t); +-int isdigit (int); +-int isspace (int); +-int isxdigit (int); +-int isalnum (int); +-int isupper (int); +-int tolower (int); +-int strcmp (const char *, const char *); +-int strncmp (const char *, const char *, size_t); +-int strncasecmp (const char *, const char *, size_t); +-int strcasecmp (const char *, const char *); +-char *strcpy (char *, const char *); +-char *strncpy (char *, const char *, size_t); +-size_t strlen (const char *); +-char *strcat (char *, const char *); +-char *strchr (const char *, int); +-char *strncpy (char *, const char *, size_t); +-char *strrchr (const char *, int); +-unsigned long strtoul (const char *, char **, int); +-long strtol (const char *, char **, int); +-char *strerror (int); +-size_t strspn (const char *, const char *); +-size_t strcspn (const char *, const char *); +-int printf (const char *, ...); +-int sscanf (const char *, const char *, ...); +-int open (const char *, int, ...); +-int chmod (const char *, mode_t); +-int stat (const char *, struct stat *); +-off_t lseek (int, off_t, int); +-ssize_t read (int, void *, size_t); +-ssize_t write (int, const void *, size_t); +-int close (int); +-FILE *fopen (const char *, const char *); +-size_t fread (void *, size_t, size_t, FILE *); +-size_t fwrite (const void *, size_t, size_t, FILE *); +-char *fgets (char *, int, FILE *); +-int fputs (const char *, FILE *); +-int fprintf (FILE *, const char *, ...); +-int vfprintf (FILE *, const char *, VA_LIST); +-int fflush (FILE *); +-int fclose (FILE *); +-DIR *opendir (const char *); +-struct dirent *readdir (DIR *); +-int closedir (DIR *); +-void openlog (const char *, int, int); +-void closelog (void); +-void syslog (int, const char *, ...); +-time_t time (time_t *); +-struct tm *localtime (const time_t *); +-struct tm *gmtime (const time_t *); +-struct tm *gmtime_r (const time_t *, struct tm *); +-uid_t getuid (void); +-uid_t geteuid (void); +-gid_t getgid (void); +-gid_t getegid (void); +-void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); +-char *getenv (const char *); +-void exit (int); +-#if defined(__GNUC__) && (__GNUC__ >= 2) +-void abort (void) __attribute__((__noreturn__)); +-#else +-void abort (void); +-#endif +- +-// +-// Global variables from EFI Application Toolkit required to buiild Open SSL +-// +-extern FILE *stderr; +-extern FILE *stdin; +-extern FILE *stdout; +- +-#define AsciiStrLen(x) strlena(x) +-#define AsciiStrnCmp(s1, s2, len) strncmpa((CHAR8 *)s1, (CHAR8 *)s2, len) +- +-// +-// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions +-// +-#define memcpy(dest,source,count) ( {CopyMem(dest,source,(UINTN)(count)); dest; }) +-#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) +-#define memchr(buf,ch,count) ScanMem8((CHAR8 *)buf,(UINTN)(count),ch) +-#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) +-#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) +-#define strlen(str) (size_t)(AsciiStrLen((CHAR8 *)str)) +-#define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) +-#define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) +-#define strcat(strDest,strSource) AsciiStrCat(strDest,strSource) +-#define strchr(str,ch) (char *)(ScanMem8((CHAR8 *)str,AsciiStrSize((CHAR8 *)str),ch)) +-#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) +-#define localtime(timer) NULL +-#define assert(expression) +-#define atoi(nptr) AsciiStrDecimalToUintn(nptr) +-#define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0) +-#define gmtime_r(timer,result) (result = NULL) +- +-#endif +diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h +new file mode 100644 +index 0000000..f73bbc9 +--- /dev/null ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -0,0 +1,377 @@ ++/** @file ++ Root include file to support building OpenSSL Crypto Library. ++ ++Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#ifndef __OPEN_SSL_SUPPORT_H__ ++#define __OPEN_SSL_SUPPORT_H__ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define CONST const ++ ++// ++// OpenSSL relies on explicit configuration for word size in crypto/bn, ++// but we want it to be automatically inferred from the target. So we ++// bypass what's in for OPENSSL_SYS_UEFI, and ++// define our own here. ++// ++#ifdef CONFIG_HEADER_BN_H ++#error CONFIG_HEADER_BN_H already defined ++#endif ++ ++#define CONFIG_HEADER_BN_H ++ ++#if defined(MDE_CPU_X64) || defined(MDE_CPU_AARCH64) || defined(MDE_CPU_IA64) ++// ++// With GCC we would normally use SIXTY_FOUR_BIT_LONG, but MSVC needs ++// SIXTY_FOUR_BIT, because 'long' is 32-bit and only 'long long' is ++// 64-bit. Since using 'long long' works fine on GCC too, just do that. ++// ++#define SIXTY_FOUR_BIT ++#elif defined(MDE_CPU_IA32) || defined(MDE_CPU_ARM) || defined(MDE_CPU_EBC) ++#define THIRTY_TWO_BIT ++#else ++#error Unknown target architecture ++#endif ++ ++// ++// File operations are not required for building Open SSL, ++// so FILE is mapped to VOID * to pass build ++// ++typedef VOID *FILE; ++ ++// ++// Map all va_xxxx elements to VA_xxx defined in MdePkg/Include/Base.h ++// ++#if !defined(__CC_ARM) || defined(_STDARG_H) // if va_list is not already defined ++/* ++ * These are now unconditionally #defined by GNU_EFI's efistdarg.h, ++ * so we should #undef them here before providing a new definition. ++ */ ++#undef va_arg ++#undef va_start ++#undef va_end ++ ++#define va_list VA_LIST ++#define va_arg VA_ARG ++#define va_start VA_START ++#define va_end VA_END ++ ++# if !defined(NO_BUILTIN_VA_FUNCS) ++ ++typedef __builtin_va_list VA_LIST; ++ ++#define VA_START(Marker, Parameter) __builtin_va_start (Marker, Parameter) ++ ++#define VA_ARG(Marker, TYPE) ((sizeof (TYPE) < sizeof (UINTN)) ? (TYPE)(__builtin_va_arg (Marker, UINTN)) : (TYPE)(__builtin_va_arg (Marker, TYPE))) ++ ++#define VA_END(Marker) __builtin_va_end (Marker) ++ ++#define VA_COPY(Dest, Start) __builtin_va_copy (Dest, Start) ++ ++# else ++ ++#define _INT_SIZE_OF(n) ((sizeof (n) + sizeof (UINTN) - 1) &~(sizeof (UINTN) - 1)) ++/// ++/// Variable used to traverse the list of arguments. This type can vary by ++/// implementation and could be an array or structure. ++/// ++typedef CHAR8 *VA_LIST; ++ ++/** ++ Retrieves a pointer to the beginning of a variable argument list, based on ++ the name of the parameter that immediately precedes the variable argument list. ++ ++ This function initializes Marker to point to the beginning of the variable ++ argument list that immediately follows Parameter. The method for computing the ++ pointer to the next argument in the argument list is CPU-specific following the ++ EFIAPI ABI. ++ ++ @param Marker The VA_LIST used to traverse the list of arguments. ++ @param Parameter The name of the parameter that immediately precedes ++ the variable argument list. ++ ++ @return A pointer to the beginning of a variable argument list. ++ ++**/ ++#define VA_START(Marker, Parameter) (Marker = (VA_LIST) ((UINTN) & (Parameter) + _INT_SIZE_OF (Parameter))) ++ ++/** ++ Returns an argument of a specified type from a variable argument list and updates ++ the pointer to the variable argument list to point to the next argument. ++ ++ This function returns an argument of the type specified by TYPE from the beginning ++ of the variable argument list specified by Marker. Marker is then updated to point ++ to the next argument in the variable argument list. The method for computing the ++ pointer to the next argument in the argument list is CPU-specific following the EFIAPI ABI. ++ ++ @param Marker VA_LIST used to traverse the list of arguments. ++ @param TYPE The type of argument to retrieve from the beginning ++ of the variable argument list. ++ ++ @return An argument of the type specified by TYPE. ++ ++**/ ++#define VA_ARG(Marker, TYPE) (*(TYPE *) ((Marker += _INT_SIZE_OF (TYPE)) - _INT_SIZE_OF (TYPE))) ++ ++/** ++ Terminates the use of a variable argument list. ++ ++ This function initializes Marker so it can no longer be used with VA_ARG(). ++ After this macro is used, the only way to access the variable argument list is ++ by using VA_START() again. ++ ++ @param Marker VA_LIST used to traverse the list of arguments. ++ ++**/ ++#define VA_END(Marker) (Marker = (VA_LIST) 0) ++ ++/** ++ Initializes a VA_LIST as a copy of an existing VA_LIST. ++ ++ This macro initializes Dest as a copy of Start, as if the VA_START macro had been applied to Dest ++ followed by the same sequence of uses of the VA_ARG macro as had previously been used to reach ++ the present state of Start. ++ ++ @param Dest VA_LIST used to traverse the list of arguments. ++ @param Start VA_LIST used to traverse the list of arguments. ++ ++**/ ++#define VA_COPY(Dest, Start) ((void)((Dest) = (Start))) ++ ++# endif ++ ++#else // __CC_ARM ++#define va_start(Marker, Parameter) __va_start(Marker, Parameter) ++#define va_arg(Marker, TYPE) __va_arg(Marker, TYPE) ++#define va_end(Marker) ((void)0) ++#endif ++ ++// ++// #defines from EFI Application Toolkit required to buiild Open SSL ++// ++#define ENOMEM 12 /* Cannot allocate memory */ ++#define EINVAL 22 /* Invalid argument */ ++#define BUFSIZ 1024 /* size of buffer used by setbuf */ ++#define INT_MAX 2147483647 /* max value for an int */ ++#define INT_MIN (-2147483647-1) /* min value for an int */ ++#define LONG_MAX 2147483647L /* max value for a long */ ++#define LONG_MIN (-2147483647-1) /* min value for a long */ ++#define ULONG_MAX 0xffffffff /* max value for an unsigned long */ ++#define LOG_DAEMON (3<<3) /* system daemons */ ++#define LOG_EMERG 0 /* system is unusable */ ++#define LOG_ALERT 1 /* action must be taken immediately */ ++#define LOG_CRIT 2 /* critical conditions */ ++#define LOG_ERR 3 /* error conditions */ ++#define LOG_WARNING 4 /* warning conditions */ ++#define LOG_NOTICE 5 /* normal but significant condition */ ++#define LOG_INFO 6 /* informational */ ++#define LOG_DEBUG 7 /* debug-level messages */ ++#define LOG_PID 0x01 /* log the pid with each message */ ++#define LOG_CONS 0x02 /* log on the console if errors in sending */ ++ ++// ++// Macros from EFI Application Toolkit required to buiild Open SSL ++// ++/* The offsetof() macro calculates the offset of a structure member ++ in its structure. Unfortunately this cannot be written down ++ portably, hence it is provided by a Standard C header file. ++ For pre-Standard C compilers, here is a version that usually works ++ (but watch out!): */ ++#ifndef offsetof ++#define offsetof(type, member) ( (int) & ((type*)0) -> member ) ++#endif ++ ++// ++// Basic types from EFI Application Toolkit required to buiild Open SSL ++// ++typedef UINTN size_t; ++typedef INTN ssize_t; ++typedef INT64 off_t; ++typedef UINT16 mode_t; ++typedef long time_t; ++typedef unsigned long clock_t; ++typedef UINT32 uid_t; ++typedef UINT32 gid_t; ++typedef UINT32 ino_t; ++typedef UINT32 dev_t; ++typedef UINT16 nlink_t; ++typedef int pid_t; ++typedef void *DIR; ++typedef void __sighandler_t (int); ++ ++// ++// Structures from EFI Application Toolkit required to buiild Open SSL ++// ++struct tm { ++ int tm_sec; /* seconds after the minute [0-60] */ ++ int tm_min; /* minutes after the hour [0-59] */ ++ int tm_hour; /* hours since midnight [0-23] */ ++ int tm_mday; /* day of the month [1-31] */ ++ int tm_mon; /* months since January [0-11] */ ++ int tm_year; /* years since 1900 */ ++ int tm_wday; /* days since Sunday [0-6] */ ++ int tm_yday; /* days since January 1 [0-365] */ ++ int tm_isdst; /* Daylight Savings Time flag */ ++ long tm_gmtoff; /* offset from CUT in seconds */ ++ char *tm_zone; /* timezone abbreviation */ ++}; ++ ++struct timeval { ++ long tv_sec; /* time value, in seconds */ ++ long tv_usec; /* time value, in microseconds */ ++}; ++ ++struct dirent { ++ UINT32 d_fileno; /* file number of entry */ ++ UINT16 d_reclen; /* length of this record */ ++ UINT8 d_type; /* file type, see below */ ++ UINT8 d_namlen; /* length of string in d_name */ ++ char d_name[255 + 1]; /* name must be no longer than this */ ++}; ++ ++struct stat { ++ dev_t st_dev; /* inode's device */ ++ ino_t st_ino; /* inode's number */ ++ mode_t st_mode; /* inode protection mode */ ++ nlink_t st_nlink; /* number of hard links */ ++ uid_t st_uid; /* user ID of the file's owner */ ++ gid_t st_gid; /* group ID of the file's group */ ++ dev_t st_rdev; /* device type */ ++ time_t st_atime; /* time of last access */ ++ long st_atimensec; /* nsec of last access */ ++ time_t st_mtime; /* time of last data modification */ ++ long st_mtimensec; /* nsec of last data modification */ ++ time_t st_ctime; /* time of last file status change */ ++ long st_ctimensec; /* nsec of last file status change */ ++ off_t st_size; /* file size, in bytes */ ++ INT64 st_blocks; /* blocks allocated for file */ ++ UINT32 st_blksize; /* optimal blocksize for I/O */ ++ UINT32 st_flags; /* user defined flags for file */ ++ UINT32 st_gen; /* file generation number */ ++ INT32 st_lspare; ++ INT64 st_qspare[2]; ++}; ++ ++// ++// Externs from EFI Application Toolkit required to buiild Open SSL ++// ++extern int errno; ++ ++// ++// Function prototypes from EFI Application Toolkit required to buiild Open SSL ++// ++void *malloc (size_t); ++void *realloc (void *, size_t); ++void free (void *); ++int isdigit (int); ++int isspace (int); ++int tolower (int); ++int isupper (int); ++int isxdigit (int); ++int isalnum (int); ++void *memcpy (void *, const void *, size_t); ++void *memset (void *, int, size_t); ++void *memchr (const void *, int, size_t); ++int memcmp (const void *, const void *, size_t); ++void *memmove (void *, const void *, size_t); ++int strcmp (const char *, const char *); ++int strncmp (const char *, const char *, size_t); ++char *strcpy (char *, const char *); ++char *strncpy (char *, const char *, size_t); ++size_t strlen (const char *); ++char *strcat (char *, const char *); ++char *strchr (const char *, int); ++int strcasecmp (const char *, const char *); ++int strncasecmp (const char *, const char *, size_t); ++char *strncpy (char *, const char *, size_t); ++int strncmp (const char *, const char *, size_t); ++char *strrchr (const char *, int); ++unsigned long strtoul (const char *, char **, int); ++long strtol (const char *, char **, int); ++int printf (const char *, ...); ++int sscanf (const char *, const char *, ...); ++int open (const char *, int, ...); ++int chmod (const char *, mode_t); ++int stat (const char *, struct stat *); ++off_t lseek (int, off_t, int); ++ssize_t read (int, void *, size_t); ++ssize_t write (int, const void *, size_t); ++int close (int); ++FILE *fopen (const char *, const char *); ++size_t fread (void *, size_t, size_t, FILE *); ++size_t fwrite (const void *, size_t, size_t, FILE *); ++char *fgets (char *, int, FILE *); ++int fputs (const char *, FILE *); ++int fprintf (FILE *, const char *, ...); ++int vfprintf (FILE *, const char *, VA_LIST); ++int fflush (FILE *); ++int fclose (FILE *); ++DIR *opendir (const char *); ++struct dirent *readdir (DIR *); ++int closedir (DIR *); ++void openlog (const char *, int, int); ++void closelog (void); ++void syslog (int, const char *, ...); ++time_t time (time_t *); ++struct tm *localtime (const time_t *); ++struct tm *gmtime (const time_t *); ++struct tm *gmtime_r (const time_t *, struct tm *); ++uid_t getuid (void); ++uid_t geteuid (void); ++gid_t getgid (void); ++gid_t getegid (void); ++void qsort (void *, size_t, size_t, int (*)(const void *, const void *)); ++char *getenv (const char *); ++void exit (int); ++void abort (void); ++__sighandler_t *signal (int, __sighandler_t *); ++ ++// ++// Global variables from EFI Application Toolkit required to buiild Open SSL ++// ++extern FILE *stderr; ++extern FILE *stdin; ++extern FILE *stdout; ++ ++#define AsciiStrLen(x) strlena(x) ++#define AsciiStrnCmp(s1, s2, len) strncmpa(s1, s2, len) ++ ++// ++// Macros that directly map functions to BaseLib, BaseMemoryLib, and DebugLib functions ++// ++#define memcpy(dest,source,count) ( {CopyMem(dest,source,(UINTN)(count)); dest; }) ++#define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) ++#define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch) ++#define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) ++#define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) ++#define strcmp strcmpa ++#define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) ++#define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) ++#define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) ++#define strlen(str) (size_t)(AsciiStrLen(str)) ++#define strcat(strDest,strSource) AsciiStrCat(strDest,strSource) ++#define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch) ++#define abort() ASSERT (FALSE) ++#define assert(expression) ++#define localtime(timer) NULL ++#define gmtime_r(timer,result) (result = NULL) ++#define atoi(nptr) Atoi(nptr) ++ ++#endif +diff --git a/Cryptlib/Include/arpa/inet.h b/Cryptlib/Include/arpa/inet.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/arpa/inet.h ++++ b/Cryptlib/Include/arpa/inet.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/assert.h b/Cryptlib/Include/assert.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/assert.h ++++ b/Cryptlib/Include/assert.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/ctype.h b/Cryptlib/Include/ctype.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/ctype.h ++++ b/Cryptlib/Include/ctype.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/dirent.h b/Cryptlib/Include/dirent.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/dirent.h ++++ b/Cryptlib/Include/dirent.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/errno.h b/Cryptlib/Include/errno.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/errno.h ++++ b/Cryptlib/Include/errno.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/internal/bio.h b/Cryptlib/Include/internal/bio.h +deleted file mode 100644 +index 3b6a6ac..0000000 +--- a/Cryptlib/Include/internal/bio.h ++++ /dev/null +@@ -1,26 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-struct bio_method_st { +- int type; +- const char *name; +- int (*bwrite) (BIO *, const char *, int); +- int (*bread) (BIO *, char *, int); +- int (*bputs) (BIO *, const char *); +- int (*bgets) (BIO *, char *, int); +- long (*ctrl) (BIO *, int, long, void *); +- int (*create) (BIO *); +- int (*destroy) (BIO *); +- long (*callback_ctrl) (BIO *, int, bio_info_cb *); +-}; +- +-void bio_free_ex_data(BIO *bio); +-void bio_cleanup(void); +diff --git a/Cryptlib/Include/internal/comp.h b/Cryptlib/Include/internal/comp.h +deleted file mode 100644 +index ac6e38b..0000000 +--- a/Cryptlib/Include/internal/comp.h ++++ /dev/null +@@ -1,12 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-void comp_zlib_cleanup_int(void); +diff --git a/Cryptlib/Include/internal/conf.h b/Cryptlib/Include/internal/conf.h +deleted file mode 100644 +index ada3f92..0000000 +--- a/Cryptlib/Include/internal/conf.h ++++ /dev/null +@@ -1,32 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_INTERNAL_CONF_H +-# define HEADER_INTERNAL_CONF_H +- +-#include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +- +-struct ossl_init_settings_st { +- char *appname; +-}; +- +-void openssl_config_int(const char *appname); +-void openssl_no_config_int(void); +-void conf_modules_free_int(void); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/Cryptlib/Include/internal/constant_time_locl.h b/Cryptlib/Include/internal/constant_time_locl.h +deleted file mode 100644 +index d27fb14..0000000 +--- a/Cryptlib/Include/internal/constant_time_locl.h ++++ /dev/null +@@ -1,185 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_CONSTANT_TIME_LOCL_H +-# define HEADER_CONSTANT_TIME_LOCL_H +- +-# include /* For 'ossl_inline' */ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/*- +- * The boolean methods return a bitmask of all ones (0xff...f) for true +- * and 0 for false. This is useful for choosing a value based on the result +- * of a conditional in constant time. For example, +- * +- * if (a < b) { +- * c = a; +- * } else { +- * c = b; +- * } +- * +- * can be written as +- * +- * unsigned int lt = constant_time_lt(a, b); +- * c = constant_time_select(lt, a, b); +- */ +- +-/* +- * Returns the given value with the MSB copied to all the other +- * bits. Uses the fact that arithmetic shift shifts-in the sign bit. +- * However, this is not ensured by the C standard so you may need to +- * replace this with something else on odd CPUs. +- */ +-static ossl_inline unsigned int constant_time_msb(unsigned int a); +- +-/* +- * Returns 0xff..f if a < b and 0 otherwise. +- */ +-static ossl_inline unsigned int constant_time_lt(unsigned int a, +- unsigned int b); +-/* Convenience method for getting an 8-bit mask. */ +-static ossl_inline unsigned char constant_time_lt_8(unsigned int a, +- unsigned int b); +- +-/* +- * Returns 0xff..f if a >= b and 0 otherwise. +- */ +-static ossl_inline unsigned int constant_time_ge(unsigned int a, +- unsigned int b); +-/* Convenience method for getting an 8-bit mask. */ +-static ossl_inline unsigned char constant_time_ge_8(unsigned int a, +- unsigned int b); +- +-/* +- * Returns 0xff..f if a == 0 and 0 otherwise. +- */ +-static ossl_inline unsigned int constant_time_is_zero(unsigned int a); +-/* Convenience method for getting an 8-bit mask. */ +-static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a); +- +-/* +- * Returns 0xff..f if a == b and 0 otherwise. +- */ +-static ossl_inline unsigned int constant_time_eq(unsigned int a, +- unsigned int b); +-/* Convenience method for getting an 8-bit mask. */ +-static ossl_inline unsigned char constant_time_eq_8(unsigned int a, +- unsigned int b); +-/* Signed integers. */ +-static ossl_inline unsigned int constant_time_eq_int(int a, int b); +-/* Convenience method for getting an 8-bit mask. */ +-static ossl_inline unsigned char constant_time_eq_int_8(int a, int b); +- +-/*- +- * Returns (mask & a) | (~mask & b). +- * +- * When |mask| is all 1s or all 0s (as returned by the methods above), +- * the select methods return either |a| (if |mask| is nonzero) or |b| +- * (if |mask| is zero). +- */ +-static ossl_inline unsigned int constant_time_select(unsigned int mask, +- unsigned int a, +- unsigned int b); +-/* Convenience method for unsigned chars. */ +-static ossl_inline unsigned char constant_time_select_8(unsigned char mask, +- unsigned char a, +- unsigned char b); +-/* Convenience method for signed integers. */ +-static ossl_inline int constant_time_select_int(unsigned int mask, int a, +- int b); +- +-static ossl_inline unsigned int constant_time_msb(unsigned int a) +-{ +- return 0 - (a >> (sizeof(a) * 8 - 1)); +-} +- +-static ossl_inline unsigned int constant_time_lt(unsigned int a, +- unsigned int b) +-{ +- return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); +-} +- +-static ossl_inline unsigned char constant_time_lt_8(unsigned int a, +- unsigned int b) +-{ +- return (unsigned char)(constant_time_lt(a, b)); +-} +- +-static ossl_inline unsigned int constant_time_ge(unsigned int a, +- unsigned int b) +-{ +- return ~constant_time_lt(a, b); +-} +- +-static ossl_inline unsigned char constant_time_ge_8(unsigned int a, +- unsigned int b) +-{ +- return (unsigned char)(constant_time_ge(a, b)); +-} +- +-static ossl_inline unsigned int constant_time_is_zero(unsigned int a) +-{ +- return constant_time_msb(~a & (a - 1)); +-} +- +-static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a) +-{ +- return (unsigned char)(constant_time_is_zero(a)); +-} +- +-static ossl_inline unsigned int constant_time_eq(unsigned int a, +- unsigned int b) +-{ +- return constant_time_is_zero(a ^ b); +-} +- +-static ossl_inline unsigned char constant_time_eq_8(unsigned int a, +- unsigned int b) +-{ +- return (unsigned char)(constant_time_eq(a, b)); +-} +- +-static ossl_inline unsigned int constant_time_eq_int(int a, int b) +-{ +- return constant_time_eq((unsigned)(a), (unsigned)(b)); +-} +- +-static ossl_inline unsigned char constant_time_eq_int_8(int a, int b) +-{ +- return constant_time_eq_8((unsigned)(a), (unsigned)(b)); +-} +- +-static ossl_inline unsigned int constant_time_select(unsigned int mask, +- unsigned int a, +- unsigned int b) +-{ +- return (mask & a) | (~mask & b); +-} +- +-static ossl_inline unsigned char constant_time_select_8(unsigned char mask, +- unsigned char a, +- unsigned char b) +-{ +- return (unsigned char)(constant_time_select(mask, a, b)); +-} +- +-static ossl_inline int constant_time_select_int(unsigned int mask, int a, +- int b) +-{ +- return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); +-} +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* HEADER_CONSTANT_TIME_LOCL_H */ +diff --git a/Cryptlib/Include/internal/dane.h b/Cryptlib/Include/internal/dane.h +deleted file mode 100644 +index a1cb548..0000000 +--- a/Cryptlib/Include/internal/dane.h ++++ /dev/null +@@ -1,103 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_INTERNAL_DANE_H +-#define HEADER_INTERNAL_DANE_H +- +-#include +- +-/*- +- * Certificate usages: +- * https://tools.ietf.org/html/rfc6698#section-2.1.1 +- */ +-#define DANETLS_USAGE_PKIX_TA 0 +-#define DANETLS_USAGE_PKIX_EE 1 +-#define DANETLS_USAGE_DANE_TA 2 +-#define DANETLS_USAGE_DANE_EE 3 +-#define DANETLS_USAGE_LAST DANETLS_USAGE_DANE_EE +- +-/*- +- * Selectors: +- * https://tools.ietf.org/html/rfc6698#section-2.1.2 +- */ +-#define DANETLS_SELECTOR_CERT 0 +-#define DANETLS_SELECTOR_SPKI 1 +-#define DANETLS_SELECTOR_LAST DANETLS_SELECTOR_SPKI +- +-/*- +- * Matching types: +- * https://tools.ietf.org/html/rfc6698#section-2.1.3 +- */ +-#define DANETLS_MATCHING_FULL 0 +-#define DANETLS_MATCHING_2256 1 +-#define DANETLS_MATCHING_2512 2 +-#define DANETLS_MATCHING_LAST DANETLS_MATCHING_2512 +- +-typedef struct danetls_record_st { +- uint8_t usage; +- uint8_t selector; +- uint8_t mtype; +- unsigned char *data; +- size_t dlen; +- EVP_PKEY *spki; +-} danetls_record; +- +-DEFINE_STACK_OF(danetls_record) +- +-/* +- * Shared DANE context +- */ +-struct dane_ctx_st { +- const EVP_MD **mdevp; /* mtype -> digest */ +- uint8_t *mdord; /* mtype -> preference */ +- uint8_t mdmax; /* highest supported mtype */ +- unsigned long flags; /* feature bitmask */ +-}; +- +-/* +- * Per connection DANE state +- */ +-struct ssl_dane_st { +- struct dane_ctx_st *dctx; +- STACK_OF(danetls_record) *trecs; +- STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */ +- danetls_record *mtlsa; /* Matching TLSA record */ +- X509 *mcert; /* DANE matched cert */ +- uint32_t umask; /* Usages present */ +- int mdpth; /* Depth of matched cert */ +- int pdpth; /* Depth of PKIX trust */ +- unsigned long flags; /* feature bitmask */ +-}; +- +-#define DANETLS_ENABLED(dane) \ +- ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0) +- +-#define DANETLS_USAGE_BIT(u) (((uint32_t)1) << u) +- +-#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA)) +-#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE)) +-#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA)) +-#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE)) +- +-#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK) +-#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK) +-#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK) +-#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK) +- +-#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK)) +-#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK)) +-#define DANETLS_HAS_TA(dane) ((dane) && ((dane)->umask & DANETLS_TA_MASK)) +-#define DANETLS_HAS_EE(dane) ((dane) && ((dane)->umask & DANETLS_EE_MASK)) +- +-#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK)) +-#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK)) +-#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK)) +-#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK)) +- +-#endif /* HEADER_INTERNAL_DANE_H */ +diff --git a/Cryptlib/Include/internal/dso.h b/Cryptlib/Include/internal/dso.h +deleted file mode 100644 +index f5de8a2..0000000 +--- a/Cryptlib/Include/internal/dso.h ++++ /dev/null +@@ -1,239 +0,0 @@ +-/* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_DSO_H +-# define HEADER_DSO_H +- +-# include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* These values are used as commands to DSO_ctrl() */ +-# define DSO_CTRL_GET_FLAGS 1 +-# define DSO_CTRL_SET_FLAGS 2 +-# define DSO_CTRL_OR_FLAGS 3 +- +-/* +- * By default, DSO_load() will translate the provided filename into a form +- * typical for the platform using the dso_name_converter function of the +- * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will +- * transform it into "libblah.so". This callback could even utilise the +- * DSO_METHOD's converter too if it only wants to override behaviour for +- * one or two possible DSO methods. However, the following flag can be +- * set in a DSO to prevent *any* native name-translation at all - eg. if +- * the caller has prompted the user for a path to a driver library so the +- * filename should be interpreted as-is. +- */ +-# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 +-/* +- * An extra flag to give if only the extension should be added as +- * translation. This is obviously only of importance on Unix and other +- * operating systems where the translation also may prefix the name with +- * something, like 'lib', and ignored everywhere else. This flag is also +- * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. +- */ +-# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 +- +-/* +- * Don't unload the DSO when we call DSO_free() +- */ +-# define DSO_FLAG_NO_UNLOAD_ON_FREE 0x04 +-/* +- * The following flag controls the translation of symbol names to upper case. +- * This is currently only being implemented for OpenVMS. +- */ +-# define DSO_FLAG_UPCASE_SYMBOL 0x10 +- +-/* +- * This flag loads the library with public symbols. Meaning: The exported +- * symbols of this library are public to all libraries loaded after this +- * library. At the moment only implemented in unix. +- */ +-# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 +- +-typedef void (*DSO_FUNC_TYPE) (void); +- +-typedef struct dso_st DSO; +-typedef struct dso_meth_st DSO_METHOD; +- +-/* +- * The function prototype used for method functions (or caller-provided +- * callbacks) that transform filenames. They are passed a DSO structure +- * pointer (or NULL if they are to be used independently of a DSO object) and +- * a filename to transform. They should either return NULL (if there is an +- * error condition) or a newly allocated string containing the transformed +- * form that the caller will need to free with OPENSSL_free() when done. +- */ +-typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); +-/* +- * The function prototype used for method functions (or caller-provided +- * callbacks) that merge two file specifications. They are passed a DSO +- * structure pointer (or NULL if they are to be used independently of a DSO +- * object) and two file specifications to merge. They should either return +- * NULL (if there is an error condition) or a newly allocated string +- * containing the result of merging that the caller will need to free with +- * OPENSSL_free() when done. Here, merging means that bits and pieces are +- * taken from each of the file specifications and added together in whatever +- * fashion that is sensible for the DSO method in question. The only rule +- * that really applies is that if the two specification contain pieces of the +- * same type, the copy from the first string takes priority. One could see +- * it as the first specification is the one given by the user and the second +- * being a bunch of defaults to add on if they're missing in the first. +- */ +-typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); +- +-DSO *DSO_new(void); +-int DSO_free(DSO *dso); +-int DSO_flags(DSO *dso); +-int DSO_up_ref(DSO *dso); +-long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); +- +-/* +- * These functions can be used to get/set the platform-independent filename +- * used for a DSO. NB: set will fail if the DSO is already loaded. +- */ +-const char *DSO_get_filename(DSO *dso); +-int DSO_set_filename(DSO *dso, const char *filename); +-/* +- * This function will invoke the DSO's name_converter callback to translate a +- * filename, or if the callback isn't set it will instead use the DSO_METHOD's +- * converter. If "filename" is NULL, the "filename" in the DSO itself will be +- * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is +- * simply duplicated. NB: This function is usually called from within a +- * DSO_METHOD during the processing of a DSO_load() call, and is exposed so +- * that caller-created DSO_METHODs can do the same thing. A non-NULL return +- * value will need to be OPENSSL_free()'d. +- */ +-char *DSO_convert_filename(DSO *dso, const char *filename); +-/* +- * This function will invoke the DSO's merger callback to merge two file +- * specifications, or if the callback isn't set it will instead use the +- * DSO_METHOD's merger. A non-NULL return value will need to be +- * OPENSSL_free()'d. +- */ +-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); +- +-/* +- * The all-singing all-dancing load function, you normally pass NULL for the +- * first and third parameters. Use DSO_up_ref and DSO_free for subsequent +- * reference count handling. Any flags passed in will be set in the +- * constructed DSO after its init() function but before the load operation. +- * If 'dso' is non-NULL, 'flags' is ignored. +- */ +-DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); +- +-/* This function binds to a function inside a shared library. */ +-DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); +- +-/* +- * This method is the default, but will beg, borrow, or steal whatever method +- * should be the default on any particular platform (including +- * DSO_METH_null() if necessary). +- */ +-DSO_METHOD *DSO_METHOD_openssl(void); +- +-/* +- * This function writes null-terminated pathname of DSO module containing +- * 'addr' into 'sz' large caller-provided 'path' and returns the number of +- * characters [including trailing zero] written to it. If 'sz' is 0 or +- * negative, 'path' is ignored and required amount of charachers [including +- * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then +- * pathname of cryptolib itself is returned. Negative or zero return value +- * denotes error. +- */ +-int DSO_pathbyaddr(void *addr, char *path, int sz); +- +-/* +- * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol +- * or NULL on error. +- */ +-DSO *DSO_dsobyaddr(void *addr, int flags); +- +-/* +- * This function should be used with caution! It looks up symbols in *all* +- * loaded modules and if module gets unloaded by somebody else attempt to +- * dereference the pointer is doomed to have fatal consequences. Primary +- * usage for this function is to probe *core* system functionality, e.g. +- * check if getnameinfo(3) is available at run-time without bothering about +- * OS-specific details such as libc.so.versioning or where does it actually +- * reside: in libc itself or libsocket. +- */ +-void *DSO_global_lookup(const char *name); +- +-/* BEGIN ERROR CODES */ +-/* +- * The following lines are auto generated by the script mkerr.pl. Any changes +- * made after this point may be overwritten when the script is next run. +- */ +- +-int ERR_load_DSO_strings(void); +- +-/* Error codes for the DSO functions. */ +- +-/* Function codes. */ +-# define DSO_F_DLFCN_BIND_FUNC 100 +-# define DSO_F_DLFCN_LOAD 102 +-# define DSO_F_DLFCN_MERGER 130 +-# define DSO_F_DLFCN_NAME_CONVERTER 123 +-# define DSO_F_DLFCN_UNLOAD 103 +-# define DSO_F_DL_BIND_FUNC 104 +-# define DSO_F_DL_LOAD 106 +-# define DSO_F_DL_MERGER 131 +-# define DSO_F_DL_NAME_CONVERTER 124 +-# define DSO_F_DL_UNLOAD 107 +-# define DSO_F_DSO_BIND_FUNC 108 +-# define DSO_F_DSO_CONVERT_FILENAME 126 +-# define DSO_F_DSO_CTRL 110 +-# define DSO_F_DSO_FREE 111 +-# define DSO_F_DSO_GET_FILENAME 127 +-# define DSO_F_DSO_GLOBAL_LOOKUP 139 +-# define DSO_F_DSO_LOAD 112 +-# define DSO_F_DSO_MERGE 132 +-# define DSO_F_DSO_NEW_METHOD 113 +-# define DSO_F_DSO_PATHBYADDR 105 +-# define DSO_F_DSO_SET_FILENAME 129 +-# define DSO_F_DSO_UP_REF 114 +-# define DSO_F_VMS_BIND_SYM 115 +-# define DSO_F_VMS_LOAD 116 +-# define DSO_F_VMS_MERGER 133 +-# define DSO_F_VMS_UNLOAD 117 +-# define DSO_F_WIN32_BIND_FUNC 101 +-# define DSO_F_WIN32_GLOBALLOOKUP 142 +-# define DSO_F_WIN32_JOINER 135 +-# define DSO_F_WIN32_LOAD 120 +-# define DSO_F_WIN32_MERGER 134 +-# define DSO_F_WIN32_NAME_CONVERTER 125 +-# define DSO_F_WIN32_PATHBYADDR 109 +-# define DSO_F_WIN32_SPLITTER 136 +-# define DSO_F_WIN32_UNLOAD 121 +- +-/* Reason codes. */ +-# define DSO_R_CTRL_FAILED 100 +-# define DSO_R_DSO_ALREADY_LOADED 110 +-# define DSO_R_EMPTY_FILE_STRUCTURE 113 +-# define DSO_R_FAILURE 114 +-# define DSO_R_FILENAME_TOO_BIG 101 +-# define DSO_R_FINISH_FAILED 102 +-# define DSO_R_INCORRECT_FILE_SYNTAX 115 +-# define DSO_R_LOAD_FAILED 103 +-# define DSO_R_NAME_TRANSLATION_FAILED 109 +-# define DSO_R_NO_FILENAME 111 +-# define DSO_R_NULL_HANDLE 104 +-# define DSO_R_SET_FILENAME_FAILED 112 +-# define DSO_R_STACK_ERROR 105 +-# define DSO_R_SYM_FAILURE 106 +-# define DSO_R_UNLOAD_FAILED 107 +-# define DSO_R_UNSUPPORTED 108 +- +-# ifdef __cplusplus +-} +-# endif +-#endif +diff --git a/Cryptlib/Include/internal/dso_conf.h b/Cryptlib/Include/internal/dso_conf.h +deleted file mode 100644 +index e69de29..0000000 +diff --git a/Cryptlib/Include/internal/err.h b/Cryptlib/Include/internal/err.h +deleted file mode 100644 +index d46b8bd..0000000 +--- a/Cryptlib/Include/internal/err.h ++++ /dev/null +@@ -1,15 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef INTERNAL_ERR_H +-# define INTERNAL_ERR_H +- +-void err_free_strings_int(void); +- +-#endif +diff --git a/Cryptlib/Include/internal/numbers.h b/Cryptlib/Include/internal/numbers.h +deleted file mode 100644 +index 31931df..0000000 +--- a/Cryptlib/Include/internal/numbers.h ++++ /dev/null +@@ -1,68 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_NUMBERS_H +-# define HEADER_NUMBERS_H +- +-# include +- +-# if (-1 & 3) == 0x03 /* Two's complement */ +- +-# define __MAXUINT__(T) ((T) -1) +-# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +-# define __MININT__(T) (-__MAXINT__(T) - 1) +- +-# elif (-1 & 3) == 0x02 /* One's complement */ +- +-# define __MAXUINT__(T) (((T) -1) + 1) +-# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +-# define __MININT__(T) (-__MAXINT__(T)) +- +-# elif (-1 & 3) == 0x01 /* Sign/magnitude */ +- +-# define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) +-# define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) +-# define __MININT__(T) (-__MAXINT__(T)) +- +-# else +- +-# error "do not know the integer encoding on this architecture" +- +-# endif +- +-# ifndef INT8_MAX +-# define INT8_MIN __MININT__(int8_t) +-# define INT8_MAX __MAXINT__(int8_t) +-# define UINT8_MAX __MAXUINT__(uint8_t) +-# endif +- +-# ifndef INT16_MAX +-# define INT16_MIN __MININT__(int16_t) +-# define INT16_MAX __MAXINT__(int16_t) +-# define UINT16_MAX __MAXUINT__(uint16_t) +-# endif +- +-# ifndef INT32_MAX +-# define INT32_MIN __MININT__(int32_t) +-# define INT32_MAX __MAXINT__(int32_t) +-# define UINT32_MAX __MAXUINT__(uint32_t) +-# endif +- +-# ifndef INT64_MAX +-# define INT64_MIN __MININT__(int64_t) +-# define INT64_MAX __MAXINT__(int64_t) +-# define UINT64_MAX __MAXUINT__(uint64_t) +-# endif +- +-# ifndef SIZE_MAX +-# define SIZE_MAX __MAXUINT__(size_t) +-# endif +- +-#endif +- +diff --git a/Cryptlib/Include/internal/o_dir.h b/Cryptlib/Include/internal/o_dir.h +deleted file mode 100644 +index 178c2ed..0000000 +--- a/Cryptlib/Include/internal/o_dir.h ++++ /dev/null +@@ -1,63 +0,0 @@ +-/* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * Copied from Richard Levitte's (richard@levitte.org) LP library. All +- * symbol names have been changed, with permission from the author. +- */ +- +-/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */ +-/* +- * Copyright (c) 2004, Richard Levitte +- * All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * +- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- */ +- +-#ifndef O_DIR_H +-# define O_DIR_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; +- +- /* +- * returns NULL on error or end-of-directory. If it is end-of-directory, +- * errno will be zero +- */ +-const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); +- /* returns 1 on success, 0 on error */ +-int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* LPDIR_H */ +diff --git a/Cryptlib/Include/internal/o_str.h b/Cryptlib/Include/internal/o_str.h +deleted file mode 100644 +index 86403c9..0000000 +--- a/Cryptlib/Include/internal/o_str.h ++++ /dev/null +@@ -1,17 +0,0 @@ +-/* +- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_O_STR_H +-# define HEADER_O_STR_H +- +-# include /* to get size_t */ +- +-int OPENSSL_memcmp(const void *p1, const void *p2, size_t n); +- +-#endif +diff --git a/Cryptlib/Include/internal/thread_once.h b/Cryptlib/Include/internal/thread_once.h +deleted file mode 100644 +index 2242443..0000000 +--- a/Cryptlib/Include/internal/thread_once.h ++++ /dev/null +@@ -1,45 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#define DEFINE_RUN_ONCE(init) \ +- static int init(void); \ +- int init##_ossl_ret_ = 0; \ +- void init##_ossl_(void) \ +- { \ +- init##_ossl_ret_ = init(); \ +- } \ +- static int init(void) +-#define DECLARE_RUN_ONCE(init) \ +- extern int init##_ossl_ret_; \ +- void init##_ossl_(void); +- +-#define DEFINE_RUN_ONCE_STATIC(init) \ +- static int init(void); \ +- static int init##_ossl_ret_ = 0; \ +- static void init##_ossl_(void) \ +- { \ +- init##_ossl_ret_ = init(); \ +- } \ +- static int init(void) +- +-/* +- * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded +- * @once: pointer to static object of type CRYPTO_ONCE +- * @init: function name that was previously given to DEFINE_RUN_ONCE, +- * DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE. This function +- * must return 1 for success or 0 for failure. +- * +- * The return value is 1 on success (*) or 0 in case of error. +- * +- * (*) by convention, since the init function must return 1 on success. +- */ +-#define RUN_ONCE(once, init) \ +- (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) +diff --git a/Cryptlib/Include/limits.h b/Cryptlib/Include/limits.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/limits.h ++++ b/Cryptlib/Include/limits.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/malloc.h b/Cryptlib/Include/malloc.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/malloc.h ++++ b/Cryptlib/Include/malloc.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/math.h b/Cryptlib/Include/math.h +index b13508a..a21f554 100644 +--- a/Cryptlib/Include/math.h ++++ b/Cryptlib/Include/math.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/memory.h b/Cryptlib/Include/memory.h +index 4554616..092b3cd 100644 +--- a/Cryptlib/Include/memory.h ++++ b/Cryptlib/Include/memory.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/netdb.h b/Cryptlib/Include/netdb.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/netdb.h ++++ b/Cryptlib/Include/netdb.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/netinet/in.h b/Cryptlib/Include/netinet/in.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/netinet/in.h ++++ b/Cryptlib/Include/netinet/in.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/openssl/README b/Cryptlib/Include/openssl/README +new file mode 100644 +index 0000000..1594010 +--- /dev/null ++++ b/Cryptlib/Include/openssl/README +@@ -0,0 +1 @@ ++This directory contains all the public include files from the OpenSSL project. +diff --git a/Cryptlib/Include/openssl/aes.h b/Cryptlib/Include/openssl/aes.h +index 245c552..faa66c4 100644 +--- a/Cryptlib/Include/openssl/aes.h ++++ b/Cryptlib/Include/openssl/aes.h +@@ -1,10 +1,52 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes.h */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_AES_H +@@ -12,11 +54,12 @@ + + # include + +-# include +-# ifdef __cplusplus +-extern "C" { ++# ifdef OPENSSL_NO_AES ++# error AES is disabled. + # endif + ++# include ++ + # define AES_ENCRYPT 1 + # define AES_DECRYPT 0 + +@@ -27,6 +70,10 @@ extern "C" { + # define AES_MAXNR 14 + # define AES_BLOCK_SIZE 16 + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + /* This should be a hidden type, but EVP requires that the size be known */ + struct aes_key_st { + # ifdef AES_LONG +@@ -45,6 +92,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + ++int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key); ++int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key); ++ + void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + void AES_decrypt(const unsigned char *in, unsigned char *out, +@@ -67,6 +119,11 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, int *num); ++void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const AES_KEY *key, ++ unsigned char ivec[AES_BLOCK_SIZE], ++ unsigned char ecount_buf[AES_BLOCK_SIZE], ++ unsigned int *num); + /* NB: the IV is _two_ blocks long */ + void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, +@@ -85,8 +142,8 @@ int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, + const unsigned char *in, unsigned int inlen); + + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +- + #endif ++ ++#endif /* !HEADER_AES_H */ +diff --git a/Cryptlib/Include/openssl/asn1.h b/Cryptlib/Include/openssl/asn1.h +index 7cf6116..68e791f 100644 +--- a/Cryptlib/Include/openssl/asn1.h ++++ b/Cryptlib/Include/openssl/asn1.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/asn1.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_ASN1_H +@@ -12,15 +61,16 @@ + + # include + # include +-# include +-# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + # include + # include + + # include + + # include +-# if OPENSSL_API_COMPAT < 0x10100000L ++# ifndef OPENSSL_NO_DEPRECATED + # include + # endif + +@@ -46,11 +96,13 @@ extern "C" { + # define V_ASN1_OTHER -3/* used in ASN1_TYPE */ + # define V_ASN1_ANY -4/* used in ASN1 template code */ + ++# define V_ASN1_NEG 0x100/* negative flag */ ++ + # define V_ASN1_UNDEF -1 +-/* ASN.1 tag values */ + # define V_ASN1_EOC 0 + # define V_ASN1_BOOLEAN 1 /**/ + # define V_ASN1_INTEGER 2 ++# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) + # define V_ASN1_BIT_STRING 3 + # define V_ASN1_OCTET_STRING 4 + # define V_ASN1_NULL 5 +@@ -59,6 +111,7 @@ extern "C" { + # define V_ASN1_EXTERNAL 8 + # define V_ASN1_REAL 9 + # define V_ASN1_ENUMERATED 10 ++# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) + # define V_ASN1_UTF8STRING 12 + # define V_ASN1_SEQUENCE 16 + # define V_ASN1_SET 17 +@@ -76,17 +129,6 @@ extern "C" { + # define V_ASN1_GENERALSTRING 27 /**/ + # define V_ASN1_UNIVERSALSTRING 28 /**/ + # define V_ASN1_BMPSTRING 30 +- +-/* +- * NB the constants below are used internally by ASN1_INTEGER +- * and ASN1_ENUMERATED to indicate the sign. They are *not* on +- * the wire tag values. +- */ +- +-# define V_ASN1_NEG 0x100 +-# define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +-# define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +- + /* For use with d2i_ASN1_type_bytes() */ + # define B_ASN1_NUMERICSTRING 0x0001 + # define B_ASN1_PRINTABLESTRING 0x0002 +@@ -117,7 +159,61 @@ extern "C" { + # define SMIME_CRLFEOL 0x800 + # define SMIME_STREAM 0x1000 + struct X509_algor_st; +-DEFINE_STACK_OF(X509_ALGOR) ++DECLARE_STACK_OF(X509_ALGOR) ++ ++# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ ++# define IMPLEMENT_ASN1_SET_OF(type)/* nothing, no longer needed */ ++ ++/* ++ * We MUST make sure that, except for constness, asn1_ctx_st and ++ * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1 ++ * parsing macros are gone, we can throw this away as well... ++ */ ++typedef struct asn1_ctx_st { ++ unsigned char *p; /* work char pointer */ ++ int eos; /* end of sequence read for indefinite ++ * encoding */ ++ int error; /* error code to use when returning an error */ ++ int inf; /* constructed if 0x20, indefinite is 0x21 */ ++ int tag; /* tag from last 'get object' */ ++ int xclass; /* class from last 'get object' */ ++ long slen; /* length of last 'get object' */ ++ unsigned char *max; /* largest value of p allowed */ ++ unsigned char *q; /* temporary variable */ ++ unsigned char **pp; /* variable */ ++ int line; /* used in error processing */ ++} ASN1_CTX; ++ ++typedef struct asn1_const_ctx_st { ++ const unsigned char *p; /* work char pointer */ ++ int eos; /* end of sequence read for indefinite ++ * encoding */ ++ int error; /* error code to use when returning an error */ ++ int inf; /* constructed if 0x20, indefinite is 0x21 */ ++ int tag; /* tag from last 'get object' */ ++ int xclass; /* class from last 'get object' */ ++ long slen; /* length of last 'get object' */ ++ const unsigned char *max; /* largest value of p allowed */ ++ const unsigned char *q; /* temporary variable */ ++ const unsigned char **pp; /* variable */ ++ int line; /* used in error processing */ ++} ASN1_const_CTX; ++ ++/* ++ * These are used internally in the ASN1_OBJECT to keep track of whether the ++ * names and data need to be free()ed ++ */ ++# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ ++# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ ++# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ ++# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ ++struct asn1_object_st { ++ const char *sn, *ln; ++ int nid; ++ int length; ++ const unsigned char *data; /* data remains const after init */ ++ int flags; /* Should we free this one */ ++}; + + # define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */ + /* +@@ -139,8 +235,6 @@ DEFINE_STACK_OF(X509_ALGOR) + * type. + */ + # define ASN1_STRING_FLAG_MSTRING 0x040 +-/* String is embedded and only content should be freed */ +-# define ASN1_STRING_FLAG_EMBED 0x080 + /* This is the base type that holds just about everything :-) */ + struct asn1_string_st { + int length; +@@ -170,13 +264,6 @@ typedef struct ASN1_ENCODING_st { + # define ASN1_LONG_UNDEF 0x7fffffffL + + # define STABLE_FLAGS_MALLOC 0x01 +-/* +- * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted +- * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting +- * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias +- * STABLE_FLAGS_CLEAR to reflect this. +- */ +-# define STABLE_FLAGS_CLEAR STABLE_FLAGS_MALLOC + # define STABLE_NO_MASK 0x02 + # define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +@@ -190,7 +277,7 @@ typedef struct asn1_string_table_st { + unsigned long flags; + } ASN1_STRING_TABLE; + +-DEFINE_STACK_OF(ASN1_STRING_TABLE) ++DECLARE_STACK_OF(ASN1_STRING_TABLE) + + /* size limits: this stuff is taken straight from RFC2459 */ + +@@ -417,11 +504,6 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + + # define ASN1_STRFLGS_DUMP_DER 0x200 + +-/* +- * This flag specifies that RC2254 escaping shall be performed. +- */ +-#define ASN1_STRFLGS_ESC_2254 0x400 +- + /* + * All the string flags consistent with RFC2253, escaping control characters + * isn't essential in RFC2253 but it is advisable anyway. +@@ -434,11 +516,10 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +-DEFINE_STACK_OF(ASN1_INTEGER) +- +-DEFINE_STACK_OF(ASN1_GENERALSTRING) ++DECLARE_STACK_OF(ASN1_INTEGER) ++DECLARE_ASN1_SET_OF(ASN1_INTEGER) + +-DEFINE_STACK_OF(ASN1_UTF8STRING) ++DECLARE_STACK_OF(ASN1_GENERALSTRING) + + typedef struct asn1_type_st { + int type; +@@ -471,13 +552,19 @@ typedef struct asn1_type_st { + } value; + } ASN1_TYPE; + +-DEFINE_STACK_OF(ASN1_TYPE) ++DECLARE_STACK_OF(ASN1_TYPE) ++DECLARE_ASN1_SET_OF(ASN1_TYPE) + + typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + + DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) + DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) + ++typedef struct NETSCAPE_X509_st { ++ ASN1_OCTET_STRING *header; ++ X509 *cert; ++} NETSCAPE_X509; ++ + /* This is used to contain a list of bit names */ + typedef struct BIT_STRING_BITNAME_st { + int bitnum; +@@ -485,6 +572,50 @@ typedef struct BIT_STRING_BITNAME_st { + const char *sname; + } BIT_STRING_BITNAME; + ++# define M_ASN1_STRING_length(x) ((x)->length) ++# define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) ++# define M_ASN1_STRING_type(x) ((x)->type) ++# define M_ASN1_STRING_data(x) ((x)->data) ++ ++/* Macros for string operations */ ++# define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_BIT_STRING) ++# define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) ++# define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) ++# define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) ++ ++# define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ ++ ASN1_STRING_type_new(V_ASN1_INTEGER) ++# define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) ++# define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) ++ ++# define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ ++ ASN1_STRING_type_new(V_ASN1_ENUMERATED) ++# define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) ++# define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) ++ ++# define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_OCTET_STRING) ++# define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) ++# define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ ++ (const ASN1_STRING *)a,(const ASN1_STRING *)b) ++# define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) ++# define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) ++# define M_i2d_ASN1_OCTET_STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ ++ V_ASN1_UNIVERSAL) ++ + # define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME +@@ -514,25 +645,153 @@ typedef struct BIT_STRING_BITNAME_st { + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + ++# define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) ++# define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ ++ pp,a->type,V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_PRINTABLE(a,pp,l) \ ++ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ ++ B_ASN1_PRINTABLE) ++ ++# define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) ++# define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ ++ pp,a->type,V_ASN1_UNIVERSAL) ++# define M_d2i_DIRECTORYSTRING(a,pp,l) \ ++ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ ++ B_ASN1_DIRECTORYSTRING) ++ ++# define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) ++# define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ ++ pp,a->type,V_ASN1_UNIVERSAL) ++# define M_d2i_DISPLAYTEXT(a,pp,l) \ ++ d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ ++ B_ASN1_DISPLAYTEXT) ++ ++# define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) ++# define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ ++ (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) ++ ++# define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_T61STRING) ++# define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_T61STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_T61STRING(a,pp,l) \ ++ (ASN1_T61STRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) ++ ++# define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_IA5STRING) ++# define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_IA5STRING_dup(a) \ ++ (ASN1_IA5STRING *)ASN1_STRING_dup((const ASN1_STRING *)a) ++# define M_i2d_ASN1_IA5STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_IA5STRING(a,pp,l) \ ++ (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ ++ B_ASN1_IA5STRING) ++ ++# define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ ++ ASN1_STRING_type_new(V_ASN1_UTCTIME) ++# define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) ++ ++# define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ ++ ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) ++# define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ ++ (const ASN1_STRING *)a) ++ ++# define M_ASN1_TIME_new() (ASN1_TIME *)\ ++ ASN1_STRING_type_new(V_ASN1_UTCTIME) ++# define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_ASN1_TIME_dup(a) (ASN1_TIME *)\ ++ ASN1_STRING_dup((const ASN1_STRING *)a) ++ ++# define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_GENERALSTRING) ++# define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_GENERALSTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ ++ (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) ++ ++# define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) ++# define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ ++ (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) ++ ++# define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_BMPSTRING) ++# define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_BMPSTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_BMPSTRING(a,pp,l) \ ++ (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) ++ ++# define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ ++ ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) ++# define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_VISIBLESTRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ ++ (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) ++ ++# define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ ++ ASN1_STRING_type_new(V_ASN1_UTF8STRING) ++# define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) ++# define M_i2d_ASN1_UTF8STRING(a,pp) \ ++ i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ ++ V_ASN1_UNIVERSAL) ++# define M_d2i_ASN1_UTF8STRING(a,pp,l) \ ++ (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ ++ ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) ++ ++ /* for the is_set parameter to i2d_ASN1_SET */ ++# define IS_SEQUENCE 0 ++# define IS_SET 1 ++ + DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) + +-int ASN1_TYPE_get(const ASN1_TYPE *a); ++int ASN1_TYPE_get(ASN1_TYPE *a); + void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); + int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); + int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +-ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t); +-void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t); +- + ASN1_OBJECT *ASN1_OBJECT_new(void); + void ASN1_OBJECT_free(ASN1_OBJECT *a); +-int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); ++int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); ++ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, ++ long length); + ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + + DECLARE_ASN1_ITEM(ASN1_OBJECT) + +-DEFINE_STACK_OF(ASN1_OBJECT) ++DECLARE_STACK_OF(ASN1_OBJECT) ++DECLARE_ASN1_SET_OF(ASN1_OBJECT) + + ASN1_STRING *ASN1_STRING_new(void); + void ASN1_STRING_free(ASN1_STRING *a); +@@ -549,24 +808,34 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); + void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); + int ASN1_STRING_length(const ASN1_STRING *x); + void ASN1_STRING_length_set(ASN1_STRING *x, int n); +-int ASN1_STRING_type(const ASN1_STRING *x); +-DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x)) +-const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); ++int ASN1_STRING_type(ASN1_STRING *x); ++unsigned char *ASN1_STRING_data(ASN1_STRING *x); + + DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) ++int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); ++ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, ++ const unsigned char **pp, long length); + int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); + int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +-int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +-int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, +- const unsigned char *flags, int flags_len); ++int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); ++int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, ++ unsigned char *flags, int flags_len); + ++# ifndef OPENSSL_NO_BIO + int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +-int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, ++# endif ++int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); ++int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl); + ++int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); ++int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); ++ + DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) ++int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); ++ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, ++ long length); + ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); + ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); +@@ -580,6 +849,9 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); + int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); + int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); ++# if 0 ++time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); ++# endif + + int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); + ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, +@@ -624,48 +896,59 @@ DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF) + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); + ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + int offset_day, long offset_sec); +-int ASN1_TIME_check(const ASN1_TIME *t); ++int ASN1_TIME_check(ASN1_TIME *t); + ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME + **out); + int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); + +-int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); ++int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, ++ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set); ++STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, ++ const unsigned char **pp, ++ long length, d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK), ++ int ex_tag, int ex_class); ++ ++# ifndef OPENSSL_NO_BIO ++int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); + int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +-int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); ++int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); + int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +-int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); ++int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a); + int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +-int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +-int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); ++int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); ++# endif ++int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a); + + int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); + ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +-int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +-int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +-int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +-int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); +- + int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); + long ASN1_INTEGER_get(const ASN1_INTEGER *a); + ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); + BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +-int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +-int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); +- +- + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +-long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +-BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); ++long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); ++ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); ++BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); + + /* General */ + /* given a string, return the correct type, max is the maximum length */ + int ASN1_PRINTABLE_type(const unsigned char *s, int max); + ++int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); ++ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, ++ long length, int Ptag, int Pclass); + unsigned long ASN1_tag2bit(int tag); ++/* type is one or more of the B_ASN1_ values. */ ++ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, ++ long length, int type); ++ ++/* PARSING */ ++int asn1_Finish(ASN1_CTX *c); ++int asn1_const_Finish(ASN1_const_CTX *c); + + /* SPECIALS */ + int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, +@@ -698,7 +981,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + # define M_ASN1_free_of(x, type) \ + ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type)) + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x); + + # define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ +@@ -721,11 +1004,12 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + CHECKED_PTR_OF(const type, x))) + + int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +-int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags); ++int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); + # endif + +-int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); ++int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); + ++# ifndef OPENSSL_NO_BIO + void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); + + # define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ +@@ -752,27 +1036,42 @@ int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); + int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); + int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); + int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +-int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +-int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off); ++int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); + int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); + int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); + int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, + int dump); ++# endif + const char *ASN1_tag2str(int tag); + +-/* Used to load and write Netscape format cert */ ++/* Used to load and write netscape format cert */ ++ ++DECLARE_ASN1_FUNCTIONS(NETSCAPE_X509) + + int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + + int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len); +-int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len); ++int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len); + int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, + unsigned char *data, int len); +-int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, ++int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +-void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); ++STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, ++ d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK)); ++unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, ++ unsigned char **buf, int *len); ++void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i); ++void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); ++ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ++ ASN1_OCTET_STRING **oct); ++ ++# define ASN1_pack_string_of(type,obj,i2d,oct) \ ++ (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \ ++ CHECKED_I2D_OF(type, i2d), \ ++ oct)) + + ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); +@@ -805,11 +1104,9 @@ int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it); + + void ASN1_add_oid_module(void); +-void ASN1_add_stable_module(void); + +-ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +-ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); +-int ASN1_str2mask(const char *str, unsigned long *pmask); ++ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf); ++ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf); + + /* ASN1 Print flags */ + +@@ -836,26 +1133,18 @@ int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); + ASN1_PCTX *ASN1_PCTX_new(void); + void ASN1_PCTX_free(ASN1_PCTX *p); +-unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); ++unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p); + void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +-unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); ++unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p); + void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +-unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); ++unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p); + void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +-unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); ++unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p); + void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +-unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); ++unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p); + void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +-ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)); +-void ASN1_SCTX_free(ASN1_SCTX *p); +-const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p); +-const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p); +-unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p); +-void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data); +-void *ASN1_SCTX_get_app_data(ASN1_SCTX *p); +- +-const BIO_METHOD *BIO_f_asn1(void); ++BIO_METHOD *BIO_f_asn1(void); + + BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +@@ -875,40 +1164,44 @@ int SMIME_text(BIO *in, BIO *out); + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_ASN1_strings(void); ++void ERR_load_ASN1_strings(void); + + /* Error codes for the ASN1 functions. */ + + /* Function codes. */ + # define ASN1_F_A2D_ASN1_OBJECT 100 ++# define ASN1_F_A2I_ASN1_ENUMERATED 101 + # define ASN1_F_A2I_ASN1_INTEGER 102 + # define ASN1_F_A2I_ASN1_STRING 103 + # define ASN1_F_APPEND_EXP 176 + # define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 + # define ASN1_F_ASN1_CB 177 + # define ASN1_F_ASN1_CHECK_TLEN 104 ++# define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 + # define ASN1_F_ASN1_COLLECT 106 + # define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 + # define ASN1_F_ASN1_D2I_FP 109 + # define ASN1_F_ASN1_D2I_READ_BIO 107 + # define ASN1_F_ASN1_DIGEST 184 + # define ASN1_F_ASN1_DO_ADB 110 +-# define ASN1_F_ASN1_DO_LOCK 233 + # define ASN1_F_ASN1_DUP 111 ++# define ASN1_F_ASN1_ENUMERATED_SET 112 ++# define ASN1_F_ASN1_ENUMERATED_TO_BN 113 + # define ASN1_F_ASN1_EX_C2I 204 + # define ASN1_F_ASN1_FIND_END 190 + # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 ++# define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 + # define ASN1_F_ASN1_GENERATE_V3 178 +-# define ASN1_F_ASN1_GET_INT64 224 + # define ASN1_F_ASN1_GET_OBJECT 114 +-# define ASN1_F_ASN1_GET_UINT64 225 ++# define ASN1_F_ASN1_HEADER_NEW 115 + # define ASN1_F_ASN1_I2D_BIO 116 + # define ASN1_F_ASN1_I2D_FP 117 ++# define ASN1_F_ASN1_INTEGER_SET 118 ++# define ASN1_F_ASN1_INTEGER_TO_BN 119 + # define ASN1_F_ASN1_ITEM_D2I_FP 206 + # define ASN1_F_ASN1_ITEM_DUP 191 +-# define ASN1_F_ASN1_ITEM_EMBED_D2I 120 +-# define ASN1_F_ASN1_ITEM_EMBED_NEW 121 ++# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 ++# define ASN1_F_ASN1_ITEM_EX_D2I 120 + # define ASN1_F_ASN1_ITEM_I2D_BIO 192 + # define ASN1_F_ASN1_ITEM_I2D_FP 193 + # define ASN1_F_ASN1_ITEM_PACK 198 +@@ -919,63 +1212,83 @@ int ERR_load_ASN1_strings(void); + # define ASN1_F_ASN1_MBSTRING_NCOPY 122 + # define ASN1_F_ASN1_OBJECT_NEW 123 + # define ASN1_F_ASN1_OUTPUT_DATA 214 ++# define ASN1_F_ASN1_PACK_STRING 124 + # define ASN1_F_ASN1_PCTX_NEW 205 +-# define ASN1_F_ASN1_SCTX_NEW 221 ++# define ASN1_F_ASN1_PKCS5_PBE_SET 125 ++# define ASN1_F_ASN1_SEQ_PACK 126 ++# define ASN1_F_ASN1_SEQ_UNPACK 127 + # define ASN1_F_ASN1_SIGN 128 + # define ASN1_F_ASN1_STR2TYPE 179 +-# define ASN1_F_ASN1_STRING_GET_INT64 227 +-# define ASN1_F_ASN1_STRING_GET_UINT64 230 + # define ASN1_F_ASN1_STRING_SET 186 + # define ASN1_F_ASN1_STRING_TABLE_ADD 129 +-# define ASN1_F_ASN1_STRING_TO_BN 228 + # define ASN1_F_ASN1_STRING_TYPE_NEW 130 + # define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 + # define ASN1_F_ASN1_TEMPLATE_NEW 133 + # define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 + # define ASN1_F_ASN1_TIME_ADJ 217 ++# define ASN1_F_ASN1_TIME_SET 175 + # define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 + # define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 ++# define ASN1_F_ASN1_UNPACK_STRING 136 + # define ASN1_F_ASN1_UTCTIME_ADJ 218 ++# define ASN1_F_ASN1_UTCTIME_SET 187 + # define ASN1_F_ASN1_VERIFY 137 + # define ASN1_F_B64_READ_ASN1 209 + # define ASN1_F_B64_WRITE_ASN1 210 + # define ASN1_F_BIO_NEW_NDEF 208 + # define ASN1_F_BITSTR_CB 180 +-# define ASN1_F_BN_TO_ASN1_STRING 229 ++# define ASN1_F_BN_TO_ASN1_ENUMERATED 138 ++# define ASN1_F_BN_TO_ASN1_INTEGER 139 + # define ASN1_F_C2I_ASN1_BIT_STRING 189 + # define ASN1_F_C2I_ASN1_INTEGER 194 + # define ASN1_F_C2I_ASN1_OBJECT 196 +-# define ASN1_F_C2I_IBUF 226 + # define ASN1_F_COLLECT_DATA 140 ++# define ASN1_F_D2I_ASN1_BIT_STRING 141 ++# define ASN1_F_D2I_ASN1_BOOLEAN 142 ++# define ASN1_F_D2I_ASN1_BYTES 143 ++# define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 ++# define ASN1_F_D2I_ASN1_HEADER 145 ++# define ASN1_F_D2I_ASN1_INTEGER 146 + # define ASN1_F_D2I_ASN1_OBJECT 147 ++# define ASN1_F_D2I_ASN1_SET 148 ++# define ASN1_F_D2I_ASN1_TYPE_BYTES 149 + # define ASN1_F_D2I_ASN1_UINTEGER 150 ++# define ASN1_F_D2I_ASN1_UTCTIME 151 + # define ASN1_F_D2I_AUTOPRIVATEKEY 207 ++# define ASN1_F_D2I_NETSCAPE_RSA 152 ++# define ASN1_F_D2I_NETSCAPE_RSA_2 153 + # define ASN1_F_D2I_PRIVATEKEY 154 + # define ASN1_F_D2I_PUBLICKEY 155 +-# define ASN1_F_DO_TCREATE 222 ++# define ASN1_F_D2I_RSA_NET 200 ++# define ASN1_F_D2I_RSA_NET_2 201 ++# define ASN1_F_D2I_X509 156 ++# define ASN1_F_D2I_X509_CINF 157 ++# define ASN1_F_D2I_X509_PKEY 159 + # define ASN1_F_I2D_ASN1_BIO_STREAM 211 ++# define ASN1_F_I2D_ASN1_SET 188 ++# define ASN1_F_I2D_ASN1_TIME 160 + # define ASN1_F_I2D_DSA_PUBKEY 161 + # define ASN1_F_I2D_EC_PUBKEY 181 + # define ASN1_F_I2D_PRIVATEKEY 163 + # define ASN1_F_I2D_PUBLICKEY 164 ++# define ASN1_F_I2D_RSA_NET 162 + # define ASN1_F_I2D_RSA_PUBKEY 165 + # define ASN1_F_LONG_C2I 166 + # define ASN1_F_OID_MODULE_INIT 174 + # define ASN1_F_PARSE_TAGGING 182 + # define ASN1_F_PKCS5_PBE2_SET_IV 167 +-# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 + # define ASN1_F_PKCS5_PBE_SET 202 + # define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 + # define ASN1_F_PKCS5_PBKDF2_SET 219 +-# define ASN1_F_PKCS5_SCRYPT_SET 232 + # define ASN1_F_SMIME_READ_ASN1 212 + # define ASN1_F_SMIME_TEXT 213 +-# define ASN1_F_STBL_MODULE_INIT 223 ++# define ASN1_F_X509_CINF_NEW 168 + # define ASN1_F_X509_CRL_ADD0_REVOKED 169 + # define ASN1_F_X509_INFO_NEW 170 + # define ASN1_F_X509_NAME_ENCODE 203 + # define ASN1_F_X509_NAME_EX_D2I 158 + # define ASN1_F_X509_NAME_EX_NEW 171 ++# define ASN1_F_X509_NEW 172 + # define ASN1_F_X509_PKEY_NEW 173 + + /* Reason codes. */ +@@ -983,7 +1296,10 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_ASN1_PARSE_ERROR 203 + # define ASN1_R_ASN1_SIG_PARSE_ERROR 204 + # define ASN1_R_AUX_ERROR 100 ++# define ASN1_R_BAD_CLASS 101 + # define ASN1_R_BAD_OBJECT_HEADER 102 ++# define ASN1_R_BAD_PASSWORD_READ 103 ++# define ASN1_R_BAD_TAG 104 + # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 + # define ASN1_R_BN_LIB 105 + # define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +@@ -992,14 +1308,18 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_CONTEXT_NOT_INITIALISED 217 + # define ASN1_R_DATA_IS_WRONG 109 + # define ASN1_R_DECODE_ERROR 110 ++# define ASN1_R_DECODING_ERROR 111 + # define ASN1_R_DEPTH_EXCEEDED 174 + # define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 + # define ASN1_R_ENCODE_ERROR 112 + # define ASN1_R_ERROR_GETTING_TIME 173 + # define ASN1_R_ERROR_LOADING_SECTION 172 ++# define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 + # define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 + # define ASN1_R_EXPECTING_AN_INTEGER 115 + # define ASN1_R_EXPECTING_AN_OBJECT 116 ++# define ASN1_R_EXPECTING_A_BOOLEAN 117 ++# define ASN1_R_EXPECTING_A_TIME 118 + # define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 + # define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 + # define ASN1_R_FIELD_MISSING 121 +@@ -1012,17 +1332,14 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_ILLEGAL_HEX 178 + # define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 + # define ASN1_R_ILLEGAL_INTEGER 180 +-# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 + # define ASN1_R_ILLEGAL_NESTED_TAGGING 181 + # define ASN1_R_ILLEGAL_NULL 125 + # define ASN1_R_ILLEGAL_NULL_VALUE 182 + # define ASN1_R_ILLEGAL_OBJECT 183 + # define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 + # define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +-# define ASN1_R_ILLEGAL_PADDING 221 + # define ASN1_R_ILLEGAL_TAGGED_ANY 127 + # define ASN1_R_ILLEGAL_TIME_VALUE 184 +-# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 + # define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 + # define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 + # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +@@ -1032,12 +1349,12 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_INVALID_MODIFIER 186 + # define ASN1_R_INVALID_NUMBER 187 + # define ASN1_R_INVALID_OBJECT_ENCODING 216 +-# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 + # define ASN1_R_INVALID_SEPARATOR 131 +-# define ASN1_R_INVALID_STRING_TABLE_VALUE 218 ++# define ASN1_R_INVALID_TIME_FORMAT 132 + # define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 + # define ASN1_R_INVALID_UTF8STRING 134 +-# define ASN1_R_INVALID_VALUE 219 ++# define ASN1_R_IV_TOO_LARGE 135 ++# define ASN1_R_LENGTH_ERROR 136 + # define ASN1_R_LIST_ERROR 188 + # define ASN1_R_MIME_NO_CONTENT_TYPE 206 + # define ASN1_R_MIME_PARSE_ERROR 207 +@@ -1052,6 +1369,7 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_NOT_ASCII_FORMAT 190 + # define ASN1_R_NOT_ENOUGH_DATA 142 + # define ASN1_R_NO_CONTENT_TYPE 209 ++# define ASN1_R_NO_DEFAULT_DIGEST 201 + # define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 + # define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 + # define ASN1_R_NO_MULTIPART_BOUNDARY 211 +@@ -1059,6 +1377,7 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_NULL_IS_WRONG_LENGTH 144 + # define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 + # define ASN1_R_ODD_NUMBER_OF_CHARS 145 ++# define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 + # define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 + # define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 + # define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +@@ -1068,13 +1387,14 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_STREAMING_NOT_SUPPORTED 202 + # define ASN1_R_STRING_TOO_LONG 151 + # define ASN1_R_STRING_TOO_SHORT 152 ++# define ASN1_R_TAG_VALUE_TOO_HIGH 153 + # define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 + # define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +-# define ASN1_R_TOO_LARGE 223 + # define ASN1_R_TOO_LONG 155 +-# define ASN1_R_TOO_SMALL 224 + # define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +-# define ASN1_R_TYPE_NOT_PRIMITIVE 195 ++# define ASN1_R_TYPE_NOT_PRIMITIVE 218 ++# define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 ++# define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 + # define ASN1_R_UNEXPECTED_EOC 159 + # define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 + # define ASN1_R_UNKNOWN_FORMAT 160 +@@ -1083,14 +1403,17 @@ int ERR_load_ASN1_strings(void); + # define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 + # define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 + # define ASN1_R_UNKNOWN_TAG 194 ++# define ASN1_R_UNKOWN_FORMAT 195 + # define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 ++# define ASN1_R_UNSUPPORTED_CIPHER 165 ++# define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 + # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 + # define ASN1_R_UNSUPPORTED_TYPE 196 +-# define ASN1_R_WRONG_INTEGER_TYPE 225 + # define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 + # define ASN1_R_WRONG_TAG 168 ++# define ASN1_R_WRONG_TYPE 169 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/asn1_mac.h b/Cryptlib/Include/openssl/asn1_mac.h +index 7ac1782..3a672e9 100644 +--- a/Cryptlib/Include/openssl/asn1_mac.h ++++ b/Cryptlib/Include/openssl/asn1_mac.h +@@ -1,10 +1,579 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/asn1_mac.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#ifndef HEADER_ASN1_MAC_H ++# define HEADER_ASN1_MAC_H ++ ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# ifndef ASN1_MAC_ERR_LIB ++# define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 ++# endif ++ ++# define ASN1_MAC_H_err(f,r,line) \ ++ ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),OPENSSL_FILE,(line)) ++ ++# define M_ASN1_D2I_vars(a,type,func) \ ++ ASN1_const_CTX c; \ ++ type ret=NULL; \ ++ \ ++ c.pp=(const unsigned char **)pp; \ ++ c.q= *(const unsigned char **)pp; \ ++ c.error=ERR_R_NESTED_ASN1_ERROR; \ ++ if ((a == NULL) || ((*a) == NULL)) \ ++ { if ((ret=(type)func()) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err; } } \ ++ else ret=(*a); ++ ++# define M_ASN1_D2I_Init() \ ++ c.p= *(const unsigned char **)pp; \ ++ c.max=(length == 0)?0:(c.p+length); ++ ++# define M_ASN1_D2I_Finish_2(a) \ ++ if (!asn1_const_Finish(&c)) \ ++ { c.line=OPENSSL_LINE; goto err; } \ ++ *(const unsigned char **)pp=c.p; \ ++ if (a != NULL) (*a)=ret; \ ++ return(ret); ++ ++# define M_ASN1_D2I_Finish(a,func,e) \ ++ M_ASN1_D2I_Finish_2(a); \ ++err:\ ++ ASN1_MAC_H_err((e),c.error,c.line); \ ++ asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \ ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ ++ return(NULL) ++ ++# define M_ASN1_D2I_start_sequence() \ ++ if (!asn1_GetSequence(&c,&length)) \ ++ { c.line=OPENSSL_LINE; goto err; } ++/* Begin reading ASN1 without a surrounding sequence */ ++# define M_ASN1_D2I_begin() \ ++ c.slen = length; ++ ++/* End reading ASN1 with no check on length */ ++# define M_ASN1_D2I_Finish_nolen(a, func, e) \ ++ *pp=c.p; \ ++ if (a != NULL) (*a)=ret; \ ++ return(ret); \ ++err:\ ++ ASN1_MAC_H_err((e),c.error,c.line); \ ++ asn1_add_error(*pp,(int)(c.q- *pp)); \ ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ ++ return(NULL) ++ ++# define M_ASN1_D2I_end_sequence() \ ++ (((c.inf&1) == 0)?(c.slen <= 0): \ ++ (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen))) ++ ++/* Don't use this with d2i_ASN1_BOOLEAN() */ ++# define M_ASN1_D2I_get(b, func) \ ++ c.q=c.p; \ ++ if (func(&(b),&c.p,c.slen) == NULL) \ ++ {c.line=OPENSSL_LINE; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++/* Don't use this with d2i_ASN1_BOOLEAN() */ ++# define M_ASN1_D2I_get_x(type,b,func) \ ++ c.q=c.p; \ ++ if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \ ++ {c.line=OPENSSL_LINE; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++/* use this instead () */ ++# define M_ASN1_D2I_get_int(b,func) \ ++ c.q=c.p; \ ++ if (func(&(b),&c.p,c.slen) < 0) \ ++ {c.line=OPENSSL_LINE; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_opt(b,func,type) \ ++ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ ++ == (V_ASN1_UNIVERSAL|(type)))) \ ++ { \ ++ M_ASN1_D2I_get(b,func); \ ++ } ++ ++# define M_ASN1_D2I_get_int_opt(b,func,type) \ ++ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ ++ == (V_ASN1_UNIVERSAL|(type)))) \ ++ { \ ++ M_ASN1_D2I_get_int(b,func); \ ++ } ++ ++# define M_ASN1_D2I_get_imp(b,func, type) \ ++ M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ ++ c.q=c.p; \ ++ if (func(&(b),&c.p,c.slen) == NULL) \ ++ {c.line=OPENSSL_LINE; M_ASN1_next_prev = _tmp; goto err; } \ ++ c.slen-=(c.p-c.q);\ ++ M_ASN1_next_prev=_tmp; ++ ++# define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ ++ if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ ++ (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ ++ { \ ++ unsigned char _tmp = M_ASN1_next; \ ++ M_ASN1_D2I_get_imp(b,func, type);\ ++ } ++ ++# define M_ASN1_D2I_get_set(r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set(r,func,free_func, \ ++ V_ASN1_SET,V_ASN1_UNIVERSAL); ++ ++# define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ ++ V_ASN1_SET,V_ASN1_UNIVERSAL); ++ ++# define M_ASN1_D2I_get_set_opt(r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ ++ { M_ASN1_D2I_get_set(r,func,free_func); } ++ ++# define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ ++ { M_ASN1_D2I_get_set_type(type,r,func,free_func); } ++ ++# define M_ASN1_I2D_len_SET_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_len_SET(a,f); ++ ++# define M_ASN1_I2D_put_SET_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_put_SET(a,f); ++ ++# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_put_SEQUENCE(a,f); ++ ++# define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ M_ASN1_I2D_put_SEQUENCE_type(type,a,f); ++ ++# define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ ++ if ((c.slen != 0) && \ ++ (M_ASN1_next == \ ++ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ ++ { \ ++ M_ASN1_D2I_get_imp_set(b,func,free_func,\ ++ tag,V_ASN1_CONTEXT_SPECIFIC); \ ++ } ++ ++# define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ ++ if ((c.slen != 0) && \ ++ (M_ASN1_next == \ ++ (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ ++ { \ ++ M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ ++ tag,V_ASN1_CONTEXT_SPECIFIC); \ ++ } ++ ++# define M_ASN1_D2I_get_seq(r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set(r,func,free_func,\ ++ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); ++ ++# define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ ++ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ ++ V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) ++ ++# define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ ++ { M_ASN1_D2I_get_seq(r,func,free_func); } ++ ++# define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ ++ if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ ++ V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ ++ { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } ++ ++# define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ ++ M_ASN1_D2I_get_imp_set(r,func,free_func,\ ++ x,V_ASN1_CONTEXT_SPECIFIC); ++ ++# define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ ++ M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ ++ x,V_ASN1_CONTEXT_SPECIFIC); ++ ++# define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ ++ c.q=c.p; \ ++ if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ ++ (void (*)())free_func,a,b) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ ++ c.q=c.p; \ ++ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ ++ free_func,a,b) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_set_strings(r,func,a,b) \ ++ c.q=c.p; \ ++ if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err; } \ ++ c.slen-=(c.p-c.q); ++ ++# define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ ++ if ((c.slen != 0L) && (M_ASN1_next == \ ++ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ ++ { \ ++ int Tinf,Ttag,Tclass; \ ++ long Tlen; \ ++ \ ++ c.q=c.p; \ ++ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ ++ if (Tinf & 0x80) \ ++ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ ++ c.line=OPENSSL_LINE; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ ++ Tlen = c.slen - (c.p - c.q) - 2; \ ++ if (func(&(r),&c.p,Tlen) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ ++ Tlen = c.slen - (c.p - c.q); \ ++ if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \ ++ { c.error=ERR_R_MISSING_ASN1_EOS; \ ++ c.line=OPENSSL_LINE; goto err; } \ ++ }\ ++ c.slen-=(c.p-c.q); \ ++ } ++ ++# define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ ++ if ((c.slen != 0) && (M_ASN1_next == \ ++ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ ++ { \ ++ int Tinf,Ttag,Tclass; \ ++ long Tlen; \ ++ \ ++ c.q=c.p; \ ++ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ ++ if (Tinf & 0x80) \ ++ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ ++ c.line=OPENSSL_LINE; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ ++ Tlen = c.slen - (c.p - c.q) - 2; \ ++ if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ ++ (void (*)())free_func, \ ++ b,V_ASN1_UNIVERSAL) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ ++ Tlen = c.slen - (c.p - c.q); \ ++ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ ++ { c.error=ERR_R_MISSING_ASN1_EOS; \ ++ c.line=OPENSSL_LINE; goto err; } \ ++ }\ ++ c.slen-=(c.p-c.q); \ ++ } ++ ++# define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ ++ if ((c.slen != 0) && (M_ASN1_next == \ ++ (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ ++ { \ ++ int Tinf,Ttag,Tclass; \ ++ long Tlen; \ ++ \ ++ c.q=c.p; \ ++ Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ ++ if (Tinf & 0x80) \ ++ { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ ++ c.line=OPENSSL_LINE; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ ++ Tlen = c.slen - (c.p - c.q) - 2; \ ++ if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ ++ free_func,b,V_ASN1_UNIVERSAL) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err; } \ ++ if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ ++ Tlen = c.slen - (c.p - c.q); \ ++ if(!ASN1_check_infinite_end(&c.p, Tlen)) \ ++ { c.error=ERR_R_MISSING_ASN1_EOS; \ ++ c.line=OPENSSL_LINE; goto err; } \ ++ }\ ++ c.slen-=(c.p-c.q); \ ++ } ++ ++/* New macros */ ++# define M_ASN1_New_Malloc(ret,type) \ ++ if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ ++ { c.line=OPENSSL_LINE; goto err2; } ++ ++# define M_ASN1_New(arg,func) \ ++ if (((arg)=func()) == NULL) return(NULL) ++ ++# define M_ASN1_New_Error(a) \ ++/*- err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ ++ return(NULL);*/ \ ++ err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ ++ return(NULL) ++ ++/* ++ * BIG UGLY WARNING! This is so damn ugly I wanna puke. Unfortunately, some ++ * macros that use ASN1_const_CTX still insist on writing in the input ++ * stream. ARGH! ARGH! ARGH! Let's get rid of this macro package. Please? -- ++ * Richard Levitte + */ ++# define M_ASN1_next (*((unsigned char *)(c.p))) ++# define M_ASN1_next_prev (*((unsigned char *)(c.q))) ++ ++/*************************************************/ ++ ++# define M_ASN1_I2D_vars(a) int r=0,ret=0; \ ++ unsigned char *p; \ ++ if (a == NULL) return(0) ++ ++/* Length Macros */ ++# define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) ++# define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) ++ ++# define M_ASN1_I2D_len_SET(a,f) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); ++ ++# define M_ASN1_I2D_len_SET_type(type,a,f) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ ++ V_ASN1_UNIVERSAL,IS_SET); ++ ++# define M_ASN1_I2D_len_SEQUENCE(a,f) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ ++ V_ASN1_UNIVERSAL,IS_SEQUENCE) ++ ++# define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_len_SEQUENCE(a,f); ++ ++# define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ M_ASN1_I2D_len_SEQUENCE_type(type,a,f); ++ ++# define M_ASN1_I2D_len_IMP_SET(a,f,x) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SET); ++ ++# define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); ++ ++# define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ ++ if (a != NULL)\ ++ { \ ++ v=f(a,NULL); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } ++ ++# define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0))\ ++ { \ ++ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } ++ ++# define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0))\ ++ { \ ++ v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } ++ ++# define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0))\ ++ { \ ++ v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ ++ V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); \ ++ ret+=ASN1_object_size(1,v,mtag); \ ++ } ++ ++/* Put Macros */ ++# define M_ASN1_I2D_put(a,f) f(a,&p) ++ ++# define M_ASN1_I2D_put_IMP_opt(a,f,t) \ ++ if (a != NULL) \ ++ { \ ++ unsigned char *q=p; \ ++ f(a,&p); \ ++ *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ ++ } ++ ++# define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ ++ V_ASN1_UNIVERSAL,IS_SET) ++# define M_ASN1_I2D_put_SET_type(type,a,f) \ ++ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) ++# define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SET) ++# define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ ++ i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) ++# define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ ++ V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) ++ ++# define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ ++ V_ASN1_UNIVERSAL,IS_SEQUENCE) ++ ++# define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ ++ i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE) ++ ++# define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ M_ASN1_I2D_put_SEQUENCE(a,f); ++ ++# define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SET); } ++ ++# define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SET); } ++ ++# define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); } ++ ++# define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ ++ V_ASN1_CONTEXT_SPECIFIC, \ ++ IS_SEQUENCE); } ++ ++# define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ ++ if (a != NULL) \ ++ { \ ++ ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ ++ f(a,&p); \ ++ } ++ ++# define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { \ ++ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ ++ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ ++ } ++ ++# define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_num(a) != 0)) \ ++ { \ ++ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ ++ i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ ++ } ++ ++# define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ ++ if ((a != NULL) && (sk_##type##_num(a) != 0)) \ ++ { \ ++ ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ ++ i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ ++ IS_SEQUENCE); \ ++ } ++ ++# define M_ASN1_I2D_seq_total() \ ++ r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ ++ if (pp == NULL) return(r); \ ++ p= *pp; \ ++ ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) ++ ++# define M_ASN1_I2D_INF_seq_start(tag,ctx) \ ++ *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ ++ *(p++)=0x80 ++ ++# define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 ++ ++# define M_ASN1_I2D_finish() *pp=p; \ ++ return(r); ++ ++int asn1_GetSequence(ASN1_const_CTX *c, long *length); ++void asn1_add_error(const unsigned char *address, int offset); ++#ifdef __cplusplus ++} ++#endif + +-#error "This file is obsolete; please update your software." ++#endif +diff --git a/Cryptlib/Include/openssl/asn1t.h b/Cryptlib/Include/openssl/asn1t.h +index 8eedfb3..99bc0ee 100644 +--- a/Cryptlib/Include/openssl/asn1t.h ++++ b/Cryptlib/Include/openssl/asn1t.h +@@ -1,12 +1,61 @@ ++/* asn1t.h */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + #ifndef HEADER_ASN1T_H + # define HEADER_ASN1T_H + +@@ -35,10 +84,7 @@ extern "C" { + # define ASN1_ITEM_start(itname) \ + OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { + +-# define static_ASN1_ITEM_start(itname) \ +- static const ASN1_ITEM itname##_it = { +- +-# define ASN1_ITEM_end(itname) \ ++# define ASN1_ITEM_end(itname) \ + }; + + # else +@@ -53,9 +99,6 @@ extern "C" { + { \ + static const ASN1_ITEM local_it = { + +-# define static_ASN1_ITEM_start(itname) \ +- static ASN1_ITEM_start(itname) +- + # define ASN1_ITEM_end(itname) \ + }; \ + return &local_it; \ +@@ -79,17 +122,6 @@ extern "C" { + 0,\ + #tname \ + ASN1_ITEM_end(tname) +-# define static_ASN1_ITEM_TEMPLATE_END(tname) \ +- ;\ +- static_ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_PRIMITIVE,\ +- -1,\ +- &tname##_item_tt,\ +- 0,\ +- NULL,\ +- 0,\ +- #tname \ +- ASN1_ITEM_end(tname) + + /* This is a ASN1 type which just embeds a template */ + +@@ -119,8 +151,6 @@ extern "C" { + + # define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +-# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) +- + # define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ +@@ -133,18 +163,6 @@ extern "C" { + #stname \ + ASN1_ITEM_end(tname) + +-# define static_ASN1_SEQUENCE_END_name(stname, tname) \ +- ;\ +- static_ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_SEQUENCE,\ +- V_ASN1_SEQUENCE,\ +- tname##_seq_tt,\ +- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ +- NULL,\ +- sizeof(stname),\ +- #stname \ +- ASN1_ITEM_end(tname) +- + # define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +@@ -159,8 +177,8 @@ extern "C" { + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) + +-# define ASN1_SEQUENCE_ref(tname, cb) \ +- static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \ ++# define ASN1_SEQUENCE_ref(tname, cb, lck) \ ++ static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ + ASN1_SEQUENCE(tname) + + # define ASN1_SEQUENCE_enc(tname, enc, cb) \ +@@ -178,26 +196,12 @@ extern "C" { + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) +-# define static_ASN1_NDEF_SEQUENCE_END(tname) \ +- ;\ +- static_ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_NDEF_SEQUENCE,\ +- V_ASN1_SEQUENCE,\ +- tname##_seq_tt,\ +- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ +- NULL,\ +- sizeof(tname),\ +- #tname \ +- ASN1_ITEM_end(tname) + + # define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) +-# define static_ASN1_BROKEN_SEQUENCE_END(stname) \ +- static_ASN1_SEQUENCE_END_ref(stname, stname) + + # define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + + # define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) +-# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + + # define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ +@@ -210,17 +214,6 @@ extern "C" { + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) +-# define static_ASN1_SEQUENCE_END_ref(stname, tname) \ +- ;\ +- static_ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_SEQUENCE,\ +- V_ASN1_SEQUENCE,\ +- tname##_seq_tt,\ +- sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ +- &tname##_aux,\ +- sizeof(stname),\ +- #stname \ +- ASN1_ITEM_end(tname) + + # define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ +@@ -266,12 +259,8 @@ extern "C" { + + # define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +-# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) +- + # define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +-# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) +- + # define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ +@@ -284,18 +273,6 @@ extern "C" { + #stname \ + ASN1_ITEM_end(tname) + +-# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ +- ;\ +- static_ASN1_ITEM_start(tname) \ +- ASN1_ITYPE_CHOICE,\ +- offsetof(stname,selname) ,\ +- tname##_ch_tt,\ +- sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ +- NULL,\ +- sizeof(stname),\ +- #stname \ +- ASN1_ITEM_end(tname) +- + # define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ +@@ -322,6 +299,11 @@ extern "C" { + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + ++/* used when the structure is combined with the parent */ ++ ++# define ASN1_EX_COMBINE(flags, tag, type) { \ ++ (flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) } ++ + /* implicit and explicit helper macros */ + + # define ASN1_IMP_EX(stname, field, type, tag, ex) \ +@@ -341,8 +323,6 @@ extern "C" { + # endif + /* Plain simple type */ + # define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) +-/* Embedded simple type */ +-# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type) + + /* OPTIONAL simple type */ + # define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) +@@ -415,12 +395,12 @@ extern "C" { + + # ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION + +-# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ ++# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ +- adb_cb,\ ++ app_table,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ +@@ -429,7 +409,7 @@ extern "C" { + + # else + +-# define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \ ++# define ASN1_ADB_END(name, flags, field, app_table, def, none) \ + ;\ + static const ASN1_ITEM *name##_adb(void) \ + { \ +@@ -437,7 +417,7 @@ extern "C" { + {\ + flags,\ + offsetof(name, field),\ +- adb_cb,\ ++ app_table,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ +@@ -464,7 +444,9 @@ struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ ++# ifndef NO_ASN1_FIELD_NAMES + const char *field_name; /* Field name */ ++# endif + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ + }; + +@@ -479,7 +461,7 @@ typedef struct ASN1_ADB_st ASN1_ADB; + struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ +- int (*adb_cb)(long *psel); /* Application callback */ ++ STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ +@@ -560,6 +542,15 @@ struct ASN1_ADB_TABLE_st { + + # define ASN1_TFLG_ADB_INT (0x1<<9) + ++/* ++ * This flag means a parent structure is passed instead of the field: this is ++ * useful is a SEQUENCE is being combined with a CHOICE for example. Since ++ * this means the structure and item name will differ we need to use the ++ * ASN1_CHOICE_END_name() macro for example. ++ */ ++ ++# define ASN1_TFLG_COMBINE (0x1<<10) ++ + /* + * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes + * indefinite length constructed encoding to be used if required. +@@ -567,9 +558,6 @@ struct ASN1_ADB_TABLE_st { + + # define ASN1_TFLG_NDEF (0x1<<11) + +-/* Field is embedded and not a pointer */ +-# define ASN1_TFLG_EMBED (0x1 << 12) +- + /* This is the actual ASN1 item itself */ + + struct ASN1_ITEM_st { +@@ -581,7 +569,9 @@ struct ASN1_ITEM_st { + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually) */ ++# ifndef NO_ASN1_FIELD_NAMES + const char *sname; /* Structure name */ ++# endif + }; + + /*- +@@ -607,6 +597,10 @@ struct ASN1_ITEM_st { + * The 'funcs' field is used for application + * specific functions. + * ++ * For COMPAT types the funcs field gives a ++ * set of functions that handle this type, this ++ * supports the old d2i, i2d convention. ++ * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT +@@ -631,6 +625,8 @@ struct ASN1_ITEM_st { + + # define ASN1_ITYPE_CHOICE 0x2 + ++# define ASN1_ITYPE_COMPAT 0x3 ++ + # define ASN1_ITYPE_EXTERN 0x4 + + # define ASN1_ITYPE_MSTRING 0x5 +@@ -652,6 +648,13 @@ struct ASN1_TLC_st { + }; + + /* Typedefs for ASN1 function pointers */ ++ ++typedef ASN1_VALUE *ASN1_new_func(void); ++typedef void ASN1_free_func(ASN1_VALUE *a); ++typedef ASN1_VALUE *ASN1_d2i_func(ASN1_VALUE **a, const unsigned char **in, ++ long length); ++typedef int ASN1_i2d_func(ASN1_VALUE *a, unsigned char **in); ++ + typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); +@@ -674,6 +677,13 @@ typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, + const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx); + ++typedef struct ASN1_COMPAT_FUNCS_st { ++ ASN1_new_func *asn1_new; ++ ASN1_free_func *asn1_free; ++ ASN1_d2i_func *asn1_d2i; ++ ASN1_i2d_func *asn1_i2d; ++} ASN1_COMPAT_FUNCS; ++ + typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; +@@ -776,6 +786,27 @@ typedef struct ASN1_STREAM_ARG_st { + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) + ++/* Macro to implement an ASN1_ITEM in terms of old style funcs */ ++ ++# define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) ++ ++# define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ ++ static const ASN1_COMPAT_FUNCS sname##_ff = { \ ++ (ASN1_new_func *)sname##_new, \ ++ (ASN1_free_func *)sname##_free, \ ++ (ASN1_d2i_func *)d2i_##sname, \ ++ (ASN1_i2d_func *)i2d_##sname, \ ++ }; \ ++ ASN1_ITEM_start(sname) \ ++ ASN1_ITYPE_COMPAT, \ ++ tag, \ ++ NULL, \ ++ 0, \ ++ &sname##_ff, \ ++ 0, \ ++ #sname \ ++ ASN1_ITEM_end(sname) ++ + # define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ +@@ -842,19 +873,6 @@ typedef struct ASN1_STREAM_ARG_st { + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +-# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \ +- static stname *d2i_##stname(stname **a, \ +- const unsigned char **in, long len) \ +- { \ +- return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \ +- ASN1_ITEM_rptr(stname)); \ +- } \ +- static int i2d_##stname(stname *a, unsigned char **out) \ +- { \ +- return ASN1_item_i2d((ASN1_VALUE *)a, out, \ +- ASN1_ITEM_rptr(stname)); \ +- } +- + /* + * This includes evil casts to remove const: they will go away when full ASN1 + * constification is done. +@@ -904,19 +922,50 @@ DECLARE_ASN1_ITEM(BIGNUM) + DECLARE_ASN1_ITEM(LONG) + DECLARE_ASN1_ITEM(ZLONG) + +-DEFINE_STACK_OF(ASN1_VALUE) ++DECLARE_STACK_OF(ASN1_VALUE) + + /* Functions used internally by the ASN1 code */ + + int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); ++int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); ++int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + ++void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); ++int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, ++ const ASN1_TEMPLATE *tt); + int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + + int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); ++int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, ++ const ASN1_TEMPLATE *tt); ++void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); ++ ++int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, ++ const ASN1_ITEM *it); ++int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ++ int utype, char *free_cont, const ASN1_ITEM *it); ++ ++int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); ++int asn1_set_choice_selector(ASN1_VALUE **pval, int value, ++ const ASN1_ITEM *it); ++ ++ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); ++ ++const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, ++ int nullerr); ++ ++int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); ++ ++void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); ++void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); ++int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, ++ const ASN1_ITEM *it); ++int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, ++ const ASN1_ITEM *it); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/async.h b/Cryptlib/Include/openssl/async.h +deleted file mode 100644 +index 5b2e496..0000000 +--- a/Cryptlib/Include/openssl/async.h ++++ /dev/null +@@ -1,98 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#ifndef HEADER_ASYNC_H +-# define HEADER_ASYNC_H +- +-#if defined(_WIN32) +-# if defined(BASETYPES) || defined(_WINDEF_H) +-/* application has to include to use this */ +-#define OSSL_ASYNC_FD HANDLE +-#define OSSL_BAD_ASYNC_FD INVALID_HANDLE_VALUE +-# endif +-#else +-#define OSSL_ASYNC_FD int +-#define OSSL_BAD_ASYNC_FD -1 +-#endif +- +- +-# ifdef __cplusplus +-extern "C" { +-# endif +- +-typedef struct async_job_st ASYNC_JOB; +-typedef struct async_wait_ctx_st ASYNC_WAIT_CTX; +- +-#define ASYNC_ERR 0 +-#define ASYNC_NO_JOBS 1 +-#define ASYNC_PAUSE 2 +-#define ASYNC_FINISH 3 +- +-int ASYNC_init_thread(size_t max_size, size_t init_size); +-void ASYNC_cleanup_thread(void); +- +-#ifdef OSSL_ASYNC_FD +-ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void); +-void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx); +-int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, +- OSSL_ASYNC_FD fd, +- void *custom_data, +- void (*cleanup)(ASYNC_WAIT_CTX *, const void *, +- OSSL_ASYNC_FD, void *)); +-int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, +- OSSL_ASYNC_FD *fd, void **custom_data); +-int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, +- size_t *numfds); +-int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, +- size_t *numaddfds, OSSL_ASYNC_FD *delfd, +- size_t *numdelfds); +-int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key); +-#endif +- +-int ASYNC_is_capable(void); +- +-int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret, +- int (*func)(void *), void *args, size_t size); +-int ASYNC_pause_job(void); +- +-ASYNC_JOB *ASYNC_get_current_job(void); +-ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job); +-void ASYNC_block_pause(void); +-void ASYNC_unblock_pause(void); +- +-/* BEGIN ERROR CODES */ +-/* +- * The following lines are auto generated by the script mkerr.pl. Any changes +- * made after this point may be overwritten when the script is next run. +- */ +- +-int ERR_load_ASYNC_strings(void); +- +-/* Error codes for the ASYNC functions. */ +- +-/* Function codes. */ +-# define ASYNC_F_ASYNC_CTX_NEW 100 +-# define ASYNC_F_ASYNC_INIT_THREAD 101 +-# define ASYNC_F_ASYNC_JOB_NEW 102 +-# define ASYNC_F_ASYNC_PAUSE_JOB 103 +-# define ASYNC_F_ASYNC_START_FUNC 104 +-# define ASYNC_F_ASYNC_START_JOB 105 +- +-/* Reason codes. */ +-# define ASYNC_R_FAILED_TO_SET_POOL 101 +-# define ASYNC_R_FAILED_TO_SWAP_CONTEXT 102 +-# define ASYNC_R_INIT_FAILED 105 +-# define ASYNC_R_INVALID_POOL_SIZE 103 +- +-# ifdef __cplusplus +-} +-# endif +-#endif +diff --git a/Cryptlib/Include/openssl/bio.h b/Cryptlib/Include/openssl/bio.h +index 9bc941b..8f2438c 100644 +--- a/Cryptlib/Include/openssl/bio.h ++++ b/Cryptlib/Include/openssl/bio.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bio.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_BIO_H +@@ -12,7 +61,7 @@ + + # include + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + # include + # endif + # include +@@ -31,39 +80,38 @@ + extern "C" { + #endif + +-/* There are the classes of BIOs */ +-# define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +-# define BIO_TYPE_FILTER 0x0200 +-# define BIO_TYPE_SOURCE_SINK 0x0400 +- + /* These are the 'types' of BIOs */ +-# define BIO_TYPE_NONE 0 +-# define BIO_TYPE_MEM ( 1|BIO_TYPE_SOURCE_SINK) +-# define BIO_TYPE_FILE ( 2|BIO_TYPE_SOURCE_SINK) +- +-# define BIO_TYPE_FD ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +-# define BIO_TYPE_SOCKET ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +-# define BIO_TYPE_NULL ( 6|BIO_TYPE_SOURCE_SINK) +-# define BIO_TYPE_SSL ( 7|BIO_TYPE_FILTER) +-# define BIO_TYPE_MD ( 8|BIO_TYPE_FILTER) +-# define BIO_TYPE_BUFFER ( 9|BIO_TYPE_FILTER) +-# define BIO_TYPE_CIPHER (10|BIO_TYPE_FILTER) +-# define BIO_TYPE_BASE64 (11|BIO_TYPE_FILTER) +-# define BIO_TYPE_CONNECT (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +-# define BIO_TYPE_ACCEPT (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +- +-# define BIO_TYPE_NBIO_TEST (16|BIO_TYPE_FILTER)/* server proxy BIO */ +-# define BIO_TYPE_NULL_FILTER (17|BIO_TYPE_FILTER) +-# define BIO_TYPE_BIO (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */ +-# define BIO_TYPE_LINEBUFFER (20|BIO_TYPE_FILTER) +-# define BIO_TYPE_DGRAM (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) +-# define BIO_TYPE_ASN1 (22|BIO_TYPE_FILTER) +-# define BIO_TYPE_COMP (23|BIO_TYPE_FILTER) ++# define BIO_TYPE_NONE 0 ++# define BIO_TYPE_MEM (1|0x0400) ++# define BIO_TYPE_FILE (2|0x0400) ++ ++# define BIO_TYPE_FD (4|0x0400|0x0100) ++# define BIO_TYPE_SOCKET (5|0x0400|0x0100) ++# define BIO_TYPE_NULL (6|0x0400) ++# define BIO_TYPE_SSL (7|0x0200) ++# define BIO_TYPE_MD (8|0x0200)/* passive filter */ ++# define BIO_TYPE_BUFFER (9|0x0200)/* filter */ ++# define BIO_TYPE_CIPHER (10|0x0200)/* filter */ ++# define BIO_TYPE_BASE64 (11|0x0200)/* filter */ ++# define BIO_TYPE_CONNECT (12|0x0400|0x0100)/* socket - connect */ ++# define BIO_TYPE_ACCEPT (13|0x0400|0x0100)/* socket for accept */ ++# define BIO_TYPE_PROXY_CLIENT (14|0x0200)/* client proxy BIO */ ++# define BIO_TYPE_PROXY_SERVER (15|0x0200)/* server proxy BIO */ ++# define BIO_TYPE_NBIO_TEST (16|0x0200)/* server proxy BIO */ ++# define BIO_TYPE_NULL_FILTER (17|0x0200) ++# define BIO_TYPE_BER (18|0x0200)/* BER -> bin filter */ ++# define BIO_TYPE_BIO (19|0x0400)/* (half a) BIO pair */ ++# define BIO_TYPE_LINEBUFFER (20|0x0200)/* filter */ ++# define BIO_TYPE_DGRAM (21|0x0400|0x0100) + # ifndef OPENSSL_NO_SCTP +-# define BIO_TYPE_DGRAM_SCTP (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR) ++# define BIO_TYPE_DGRAM_SCTP (24|0x0400|0x0100) + # endif ++# define BIO_TYPE_ASN1 (22|0x0200)/* filter */ ++# define BIO_TYPE_COMP (23|0x0200)/* filter */ + +-#define BIO_TYPE_START 128 ++# define BIO_TYPE_DESCRIPTOR 0x0100/* socket, fd, connect or accept */ ++# define BIO_TYPE_FILTER 0x0200 ++# define BIO_TYPE_SOURCE_SINK 0x0400 + + /* + * BIO_FILENAME_READ|BIO_CLOSE to open or close on free. +@@ -88,6 +136,7 @@ extern "C" { + # define BIO_CTRL_FLUSH 11/* opt - 'flush' buffered output */ + # define BIO_CTRL_DUP 12/* man - extra stuff for 'duped' BIO */ + # define BIO_CTRL_WPENDING 13/* opt - number of bytes still to write */ ++/* callback is int cb(BIO *bio,state,ret); */ + # define BIO_CTRL_SET_CALLBACK 14/* opt - set callback function */ + # define BIO_CTRL_GET_CALLBACK 15/* opt - set callback function */ + +@@ -129,8 +178,6 @@ extern "C" { + + # define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD 49 + +-# define BIO_CTRL_DGRAM_SET_PEEK_MODE 50 +- + # ifndef OPENSSL_NO_SCTP + /* SCTP stuff */ + # define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE 50 +@@ -165,20 +212,31 @@ extern "C" { + # define BIO_FLAGS_UPLINK 0 + # endif + ++/* Used in BIO_gethostbyname() */ ++# define BIO_GHBN_CTRL_HITS 1 ++# define BIO_GHBN_CTRL_MISSES 2 ++# define BIO_GHBN_CTRL_CACHE_SIZE 3 ++# define BIO_GHBN_CTRL_GET_ENTRY 4 ++# define BIO_GHBN_CTRL_FLUSH 5 ++ ++/* Mostly used in the SSL BIO */ ++/*- ++ * Not used anymore ++ * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 ++ * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 ++ * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 ++ */ ++ + # define BIO_FLAGS_BASE64_NO_NL 0x100 + + /* +- * This is used with memory BIOs: +- * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way; +- * BIO_FLAGS_NONCLEAR_RST means we should't clear data on reset. ++ * This is used with memory BIOs: it means we shouldn't free up or change the ++ * data in any way. + */ + # define BIO_FLAGS_MEM_RDONLY 0x200 +-# define BIO_FLAGS_NONCLEAR_RST 0x400 + +-typedef union bio_addr_st BIO_ADDR; +-typedef struct bio_addrinfo_st BIO_ADDRINFO; ++typedef struct bio_st BIO; + +-int BIO_get_new_index(void); + void BIO_set_flags(BIO *b, int flags); + int BIO_test_flags(const BIO *b, int flags); + void BIO_clear_flags(BIO *b, int flags); +@@ -237,21 +295,76 @@ void BIO_clear_flags(BIO *b, int flags); + # define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) + # define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +-typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, +- long argl, long ret); +-BIO_callback_fn BIO_get_callback(const BIO *b); +-void BIO_set_callback(BIO *b, BIO_callback_fn callback); ++long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *, ++ int, long, long); ++void BIO_set_callback(BIO *b, ++ long (*callback) (struct bio_st *, int, const char *, ++ int, long, long)); + char *BIO_get_callback_arg(const BIO *b); + void BIO_set_callback_arg(BIO *b, char *arg); + +-typedef struct bio_method_st BIO_METHOD; +- + const char *BIO_method_name(const BIO *b); + int BIO_method_type(const BIO *b); + +-typedef void bio_info_cb(BIO *, int, const char *, int, long, long); ++typedef void bio_info_cb (struct bio_st *, int, const char *, int, long, ++ long); ++ ++typedef struct bio_method_st { ++ int type; ++ const char *name; ++ int (*bwrite) (BIO *, const char *, int); ++ int (*bread) (BIO *, char *, int); ++ int (*bputs) (BIO *, const char *); ++ int (*bgets) (BIO *, char *, int); ++ long (*ctrl) (BIO *, int, long, void *); ++ int (*create) (BIO *); ++ int (*destroy) (BIO *); ++ long (*callback_ctrl) (BIO *, int, bio_info_cb *); ++} BIO_METHOD; ++ ++struct bio_st { ++ BIO_METHOD *method; ++ /* bio, mode, argp, argi, argl, ret */ ++ long (*callback) (struct bio_st *, int, const char *, int, long, long); ++ char *cb_arg; /* first argument for the callback */ ++ int init; ++ int shutdown; ++ int flags; /* extra storage */ ++ int retry_reason; ++ int num; ++ void *ptr; ++ struct bio_st *next_bio; /* used by filter BIOs */ ++ struct bio_st *prev_bio; /* used by filter BIOs */ ++ int references; ++ unsigned long num_read; ++ unsigned long num_write; ++ CRYPTO_EX_DATA ex_data; ++}; + +-DEFINE_STACK_OF(BIO) ++DECLARE_STACK_OF(BIO) ++ ++typedef struct bio_f_buffer_ctx_struct { ++ /*- ++ * Buffers are setup like this: ++ * ++ * <---------------------- size -----------------------> ++ * +---------------------------------------------------+ ++ * | consumed | remaining | free space | ++ * +---------------------------------------------------+ ++ * <-- off --><------- len -------> ++ */ ++ /*- BIO *bio; *//* ++ * this is now in the BIO struct ++ */ ++ int ibuf_size; /* how big is the input buffer */ ++ int obuf_size; /* how big is the output buffer */ ++ char *ibuf; /* the char array */ ++ int ibuf_len; /* how many bytes are in it */ ++ int ibuf_off; /* write/read offset */ ++ char *obuf; /* the char array */ ++ int obuf_len; /* how many bytes are in it */ ++ int obuf_off; /* write/read offset */ ++} BIO_F_BUFFER_CTX; + + /* Prefix and suffix callback in ASN1 BIO */ + typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen, +@@ -282,6 +395,15 @@ struct bio_dgram_sctp_prinfo { + }; + # endif + ++/* connect BIO stuff */ ++# define BIO_CONN_S_BEFORE 1 ++# define BIO_CONN_S_GET_IP 2 ++# define BIO_CONN_S_GET_PORT 3 ++# define BIO_CONN_S_CREATE_SOCKET 4 ++# define BIO_CONN_S_CONNECT 5 ++# define BIO_CONN_S_OK 6 ++# define BIO_CONN_S_BLOCKED_CONNECT 7 ++# define BIO_CONN_S_NBIO 8 + /* + * #define BIO_CONN_get_param_hostname BIO_ctrl + */ +@@ -289,7 +411,7 @@ struct bio_dgram_sctp_prinfo { + # define BIO_C_SET_CONNECT 100 + # define BIO_C_DO_STATE_MACHINE 101 + # define BIO_C_SET_NBIO 102 +-/* # define BIO_C_SET_PROXY_PARAM 103 */ ++# define BIO_C_SET_PROXY_PARAM 103 + # define BIO_C_SET_FD 104 + # define BIO_C_GET_FD 105 + # define BIO_C_SET_FILE_PTR 106 +@@ -307,7 +429,7 @@ struct bio_dgram_sctp_prinfo { + # define BIO_C_SET_ACCEPT 118 + # define BIO_C_SSL_MODE 119 + # define BIO_C_GET_MD_CTX 120 +-/* # define BIO_C_GET_PROXY_PARAM 121 */ ++# define BIO_C_GET_PROXY_PARAM 121 + # define BIO_C_SET_BUFF_READ_DATA 122/* data to read first */ + # define BIO_C_GET_CONNECT 123 + # define BIO_C_GET_ACCEPT 124 +@@ -346,58 +468,54 @@ struct bio_dgram_sctp_prinfo { + # define BIO_C_SET_EX_ARG 153 + # define BIO_C_GET_EX_ARG 154 + +-# define BIO_C_SET_CONNECT_MODE 155 +- + # define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) + # define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +-# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +- +-# ifndef OPENSSL_NO_SOCK +-/* IP families we support, for BIO_s_connect() and BIO_s_accept() */ +-/* Note: the underlying operating system may not support some of them */ +-# define BIO_FAMILY_IPV4 4 +-# define BIO_FAMILY_IPV6 6 +-# define BIO_FAMILY_IPANY 256 +- +-/* BIO_s_connect() */ +-# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) +-# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) +-# define BIO_set_conn_address(b,addr) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)addr) +-# define BIO_set_conn_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f) +-# define BIO_get_conn_hostname(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)) +-# define BIO_get_conn_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)) +-# define BIO_get_conn_address(b) ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)) +-# define BIO_get_conn_ip_family(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) +-# define BIO_set_conn_mode(b,n) BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL) ++/* BIO_s_connect() and BIO_s_socks4a_connect() */ ++# define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) ++# define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) ++# define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) ++# define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) ++# define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) ++# define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) ++# define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) ++# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) ++ ++# define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + + /* BIO_s_accept() */ +-# define BIO_set_accept_name(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) +-# define BIO_set_accept_port(b,port) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(char *)port) +-# define BIO_get_accept_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0)) +-# define BIO_get_accept_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1)) +-# define BIO_get_peer_name(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2)) +-# define BIO_get_peer_port(b) ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3)) ++# define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) ++# define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) + /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +-# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL) +-# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,3,(char *)bio) +-# define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f) +-# define BIO_get_accept_ip_family(b) BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL) +- +-/* Aliases kept for backward compatibility */ +-# define BIO_BIND_NORMAL 0 +-# define BIO_BIND_REUSEADDR BIO_SOCK_REUSEADDR +-# define BIO_BIND_REUSEADDR_IF_UNUSED BIO_SOCK_REUSEADDR +-# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +-# define BIO_get_bind_mode(b) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) ++# define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) ++# define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) + +-/* BIO_s_accept() and BIO_s_connect() */ +-# define BIO_do_connect(b) BIO_do_handshake(b) +-# define BIO_do_accept(b) BIO_do_handshake(b) +-# endif /* OPENSSL_NO_SOCK */ ++# define BIO_BIND_NORMAL 0 ++# define BIO_BIND_REUSEADDR_IF_UNUSED 1 ++# define BIO_BIND_REUSEADDR 2 ++# define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) ++# define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + ++/* BIO_s_accept() and BIO_s_connect() */ ++# define BIO_do_connect(b) BIO_do_handshake(b) ++# define BIO_do_accept(b) BIO_do_handshake(b) + # define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + ++/* BIO_s_proxy_client() */ ++# define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) ++# define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) ++/* BIO_set_nbio(b,n) */ ++# define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) ++/* BIO *BIO_get_filter_bio(BIO *bio); */ ++# define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) ++# define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) ++# define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) ++ ++# define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) ++# define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) ++# define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) ++# define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) ++ + /* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */ + # define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) + # define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +@@ -421,14 +539,14 @@ struct bio_dgram_sctp_prinfo { + */ + int BIO_read_filename(BIO *b, const char *name); + # else +-# define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++# define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)name) + # endif +-# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++# define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +-# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++# define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +-# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \ ++# define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + + /* +@@ -499,8 +617,8 @@ int BIO_ctrl_reset_read_request(BIO *b); + /* ctrl macros for dgram */ + # define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) +-# define BIO_ctrl_set_connected(b,peer) \ +- (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)peer) ++# define BIO_ctrl_set_connected(b, state, peer) \ ++ (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) + # define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) + # define BIO_dgram_send_timedout(b) \ +@@ -512,12 +630,15 @@ int BIO_ctrl_reset_read_request(BIO *b); + # define BIO_dgram_get_mtu_overhead(b) \ + (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL) + +-#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef) ++/* These two aren't currently implemented */ ++/* int BIO_get_ex_num(BIO *bio); */ ++/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ + int BIO_set_ex_data(BIO *bio, int idx, void *data); + void *BIO_get_ex_data(BIO *bio, int idx); +-uint64_t BIO_number_read(BIO *bio); +-uint64_t BIO_number_written(BIO *bio); ++int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++unsigned long BIO_number_read(BIO *bio); ++unsigned long BIO_number_written(BIO *bio); + + /* For BIO_f_asn1() */ + int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, +@@ -529,21 +650,16 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, + int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, + asn1_ps_func **psuffix_free); + +-const BIO_METHOD *BIO_s_file(void); ++# ifndef OPENSSL_NO_FP_API ++BIO_METHOD *BIO_s_file(void); + BIO *BIO_new_file(const char *filename, const char *mode); +-# ifndef OPENSSL_NO_STDIO + BIO *BIO_new_fp(FILE *stream, int close_flag); ++# define BIO_s_file_internal BIO_s_file + # endif +-BIO *BIO_new(const BIO_METHOD *type); ++BIO *BIO_new(BIO_METHOD *type); ++int BIO_set(BIO *a, BIO_METHOD *type); + int BIO_free(BIO *a); +-void BIO_set_data(BIO *a, void *ptr); +-void *BIO_get_data(BIO *a); +-void BIO_set_init(BIO *a, int init); +-int BIO_get_init(BIO *a); +-void BIO_set_shutdown(BIO *a, int shut); +-int BIO_get_shutdown(BIO *a); + void BIO_vfree(BIO *a); +-int BIO_up_ref(BIO *a); + int BIO_read(BIO *b, void *data, int len); + int BIO_gets(BIO *bp, char *buf, int size); + int BIO_write(BIO *b, const void *data, int len); +@@ -551,18 +667,17 @@ int BIO_puts(BIO *bp, const char *buf); + int BIO_indent(BIO *b, int indent, int max); + long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); + long BIO_callback_ctrl(BIO *b, int cmd, +- void (*fp) (BIO *, int, const char *, int, long, long)); +-void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); ++ void (*fp) (struct bio_st *, int, const char *, int, ++ long, long)); ++char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); + long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); + BIO *BIO_push(BIO *b, BIO *append); + BIO *BIO_pop(BIO *b); + void BIO_free_all(BIO *a); + BIO *BIO_find_type(BIO *b, int bio_type); + BIO *BIO_next(BIO *b); +-void BIO_set_next(BIO *b, BIO *next); + BIO *BIO_get_retry_BIO(BIO *bio, int *reason); + int BIO_get_retry_reason(BIO *bio); +-void BIO_set_retry_reason(BIO *bio, int reason); + BIO *BIO_dup_chain(BIO *in); + + int BIO_nread0(BIO *bio, char **buf); +@@ -573,44 +688,35 @@ int BIO_nwrite(BIO *bio, char **buf, int num); + long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +-const BIO_METHOD *BIO_s_mem(void); +-const BIO_METHOD *BIO_s_secmem(void); ++BIO_METHOD *BIO_s_mem(void); + BIO *BIO_new_mem_buf(const void *buf, int len); +-# ifndef OPENSSL_NO_SOCK +-const BIO_METHOD *BIO_s_socket(void); +-const BIO_METHOD *BIO_s_connect(void); +-const BIO_METHOD *BIO_s_accept(void); ++BIO_METHOD *BIO_s_socket(void); ++BIO_METHOD *BIO_s_connect(void); ++BIO_METHOD *BIO_s_accept(void); ++BIO_METHOD *BIO_s_fd(void); ++# ifndef OPENSSL_SYS_OS2 ++BIO_METHOD *BIO_s_log(void); + # endif +-const BIO_METHOD *BIO_s_fd(void); +-const BIO_METHOD *BIO_s_log(void); +-const BIO_METHOD *BIO_s_bio(void); +-const BIO_METHOD *BIO_s_null(void); +-const BIO_METHOD *BIO_f_null(void); +-const BIO_METHOD *BIO_f_buffer(void); +-const BIO_METHOD *BIO_f_linebuffer(void); +-const BIO_METHOD *BIO_f_nbio_test(void); ++BIO_METHOD *BIO_s_bio(void); ++BIO_METHOD *BIO_s_null(void); ++BIO_METHOD *BIO_f_null(void); ++BIO_METHOD *BIO_f_buffer(void); ++# ifdef OPENSSL_SYS_VMS ++BIO_METHOD *BIO_f_linebuffer(void); ++# endif ++BIO_METHOD *BIO_f_nbio_test(void); + # ifndef OPENSSL_NO_DGRAM +-const BIO_METHOD *BIO_s_datagram(void); +-int BIO_dgram_non_fatal_error(int error); +-BIO *BIO_new_dgram(int fd, int close_flag); ++BIO_METHOD *BIO_s_datagram(void); + # ifndef OPENSSL_NO_SCTP +-const BIO_METHOD *BIO_s_datagram_sctp(void); +-BIO *BIO_new_dgram_sctp(int fd, int close_flag); +-int BIO_dgram_is_sctp(BIO *bio); +-int BIO_dgram_sctp_notification_cb(BIO *b, +- void (*handle_notifications) (BIO *bio, +- void *context, +- void *buf), +- void *context); +-int BIO_dgram_sctp_wait_for_dry(BIO *b); +-int BIO_dgram_sctp_msg_waiting(BIO *b); ++BIO_METHOD *BIO_s_datagram_sctp(void); + # endif + # endif + +-# ifndef OPENSSL_NO_SOCK ++/* BIO_METHOD *BIO_f_ber(void); */ ++ + int BIO_sock_should_retry(int i); + int BIO_sock_non_fatal_error(int error); +-# endif ++int BIO_dgram_non_fatal_error(int error); + + int BIO_fd_should_retry(int i); + int BIO_fd_non_fatal_error(int error); +@@ -620,86 +726,51 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent); + int BIO_dump(BIO *b, const char *bytes, int len); + int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int BIO_dump_fp(FILE *fp, const char *s, int len); + int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); + # endif + int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data, + int datalen); + +-# ifndef OPENSSL_NO_SOCK +-BIO_ADDR *BIO_ADDR_new(void); +-int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, +- const void *where, size_t wherelen, unsigned short port); +-void BIO_ADDR_free(BIO_ADDR *); +-void BIO_ADDR_clear(BIO_ADDR *ap); +-int BIO_ADDR_family(const BIO_ADDR *ap); +-int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l); +-unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap); +-char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric); +-char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric); +-char *BIO_ADDR_path_string(const BIO_ADDR *ap); +- +-const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai); +-int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai); +-int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai); +-int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai); +-const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai); +-void BIO_ADDRINFO_free(BIO_ADDRINFO *bai); +- +-enum BIO_hostserv_priorities { +- BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV +-}; +-int BIO_parse_hostserv(const char *hostserv, char **host, char **service, +- enum BIO_hostserv_priorities hostserv_prio); +-enum BIO_lookup_type { +- BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER +-}; +-int BIO_lookup(const char *host, const char *service, +- enum BIO_lookup_type lookup_type, +- int family, int socktype, BIO_ADDRINFO **res); ++struct hostent *BIO_gethostbyname(const char *name); ++/*- ++ * We might want a thread-safe interface too: ++ * struct hostent *BIO_gethostbyname_r(const char *name, ++ * struct hostent *result, void *buffer, size_t buflen); ++ * or something similar (caller allocates a struct hostent, ++ * pointed to by "result", and additional buffer space for the various ++ * substructures; if the buffer does not suffice, NULL is returned ++ * and an appropriate error code is set). ++ */ + int BIO_sock_error(int sock); + int BIO_socket_ioctl(int fd, long type, void *arg); + int BIO_socket_nbio(int fd, int mode); ++int BIO_get_port(const char *str, unsigned short *port_ptr); ++int BIO_get_host_ip(const char *str, unsigned char *ip); ++int BIO_get_accept_socket(char *host_port, int mode); ++int BIO_accept(int sock, char **ip_port); + int BIO_sock_init(void); +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define BIO_sock_cleanup() while(0) continue +-# endif ++void BIO_sock_cleanup(void); + int BIO_set_tcp_ndelay(int sock, int turn_on); + +-DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name)) +-DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr)) +-DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip)) +-DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode)) +-DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port)) +- +-union BIO_sock_info_u { +- BIO_ADDR *addr; +-}; +-enum BIO_sock_info_type { +- BIO_SOCK_INFO_ADDRESS +-}; +-int BIO_sock_info(int sock, +- enum BIO_sock_info_type type, union BIO_sock_info_u *info); +- +-# define BIO_SOCK_REUSEADDR 0x01 +-# define BIO_SOCK_V6_ONLY 0x02 +-# define BIO_SOCK_KEEPALIVE 0x04 +-# define BIO_SOCK_NONBLOCK 0x08 +-# define BIO_SOCK_NODELAY 0x10 +- +-int BIO_socket(int domain, int socktype, int protocol, int options); +-int BIO_connect(int sock, const BIO_ADDR *addr, int options); +-int BIO_listen(int sock, const BIO_ADDR *addr, int options); +-int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options); +-int BIO_closesocket(int sock); +- + BIO *BIO_new_socket(int sock, int close_flag); ++BIO *BIO_new_dgram(int fd, int close_flag); ++# ifndef OPENSSL_NO_SCTP ++BIO *BIO_new_dgram_sctp(int fd, int close_flag); ++int BIO_dgram_is_sctp(BIO *bio); ++int BIO_dgram_sctp_notification_cb(BIO *b, ++ void (*handle_notifications) (BIO *bio, ++ void ++ *context, ++ void *buf), ++ void *context); ++int BIO_dgram_sctp_wait_for_dry(BIO *b); ++int BIO_dgram_sctp_msg_waiting(BIO *b); ++# endif ++BIO *BIO_new_fd(int fd, int close_flag); + BIO *BIO_new_connect(const char *host_port); + BIO *BIO_new_accept(const char *host_port); +-# endif /* OPENSSL_NO_SOCK*/ +- +-BIO *BIO_new_fd(int fd, int close_flag); + + int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +@@ -730,59 +801,26 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) + __bio_h__attr__((__format__(__printf__, 3, 0))); + # undef __bio_h__attr__ + +- +-BIO_METHOD *BIO_meth_new(int type, const char *name); +-void BIO_meth_free(BIO_METHOD *biom); +-int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); +-int BIO_meth_set_write(BIO_METHOD *biom, +- int (*write) (BIO *, const char *, int)); +-int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); +-int BIO_meth_set_read(BIO_METHOD *biom, +- int (*read) (BIO *, char *, int)); +-int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); +-int BIO_meth_set_puts(BIO_METHOD *biom, +- int (*puts) (BIO *, const char *)); +-int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); +-int BIO_meth_set_gets(BIO_METHOD *biom, +- int (*gets) (BIO *, char *, int)); +-long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); +-int BIO_meth_set_ctrl(BIO_METHOD *biom, +- long (*ctrl) (BIO *, int, long, void *)); +-int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); +-int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +-int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); +-int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +-long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) +- (BIO *, int, bio_info_cb *); +-int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, +- long (*callback_ctrl) (BIO *, int, +- bio_info_cb *)); +- + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_BIO_strings(void); ++void ERR_load_BIO_strings(void); + + /* Error codes for the BIO functions. */ + + /* Function codes. */ + # define BIO_F_ACPT_STATE 100 +-# define BIO_F_ADDR_STRINGS 134 + # define BIO_F_BIO_ACCEPT 101 +-# define BIO_F_BIO_ACCEPT_EX 137 +-# define BIO_F_BIO_ADDR_NEW 144 ++# define BIO_F_BIO_BER_GET_HEADER 102 + # define BIO_F_BIO_CALLBACK_CTRL 131 +-# define BIO_F_BIO_CONNECT 138 + # define BIO_F_BIO_CTRL 103 ++# define BIO_F_BIO_GETHOSTBYNAME 120 + # define BIO_F_BIO_GETS 104 ++# define BIO_F_BIO_GET_ACCEPT_SOCKET 105 + # define BIO_F_BIO_GET_HOST_IP 106 +-# define BIO_F_BIO_GET_NEW_INDEX 102 + # define BIO_F_BIO_GET_PORT 107 +-# define BIO_F_BIO_LISTEN 139 +-# define BIO_F_BIO_LOOKUP 135 + # define BIO_F_BIO_MAKE_PAIR 121 + # define BIO_F_BIO_NEW 108 + # define BIO_F_BIO_NEW_FILE 109 +@@ -791,12 +829,8 @@ int ERR_load_BIO_strings(void); + # define BIO_F_BIO_NREAD0 124 + # define BIO_F_BIO_NWRITE 125 + # define BIO_F_BIO_NWRITE0 122 +-# define BIO_F_BIO_PARSE_HOSTSERV 136 + # define BIO_F_BIO_PUTS 110 + # define BIO_F_BIO_READ 111 +-# define BIO_F_BIO_SOCKET 140 +-# define BIO_F_BIO_SOCKET_NBIO 142 +-# define BIO_F_BIO_SOCK_INFO 141 + # define BIO_F_BIO_SOCK_INIT 112 + # define BIO_F_BIO_WRITE 113 + # define BIO_F_BUFFER_CTRL 114 +@@ -807,48 +841,43 @@ int ERR_load_BIO_strings(void); + # define BIO_F_FILE_CTRL 116 + # define BIO_F_FILE_READ 130 + # define BIO_F_LINEBUFFER_CTRL 129 ++# define BIO_F_MEM_READ 128 + # define BIO_F_MEM_WRITE 117 + # define BIO_F_SSL_NEW 118 ++# define BIO_F_WSASTARTUP 119 + + /* Reason codes. */ + # define BIO_R_ACCEPT_ERROR 100 +-# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET 141 +-# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE 129 + # define BIO_R_BAD_FOPEN_MODE 101 ++# define BIO_R_BAD_HOSTNAME_LOOKUP 102 + # define BIO_R_BROKEN_PIPE 124 + # define BIO_R_CONNECT_ERROR 103 ++# define BIO_R_EOF_ON_MEMORY_BIO 127 ++# define BIO_R_ERROR_SETTING_NBIO 104 ++# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 ++# define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 + # define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +-# define BIO_R_GETSOCKNAME_ERROR 132 +-# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS 133 +-# define BIO_R_GETTING_SOCKTYPE 134 + # define BIO_R_INVALID_ARGUMENT 125 +-# define BIO_R_INVALID_SOCKET 135 ++# define BIO_R_INVALID_IP_ADDRESS 108 + # define BIO_R_IN_USE 123 +-# define BIO_R_LISTEN_V6_ONLY 136 +-# define BIO_R_LOOKUP_RETURNED_NOTHING 142 +-# define BIO_R_MALFORMED_HOST_OR_SERVICE 130 ++# define BIO_R_KEEPALIVE 109 + # define BIO_R_NBIO_CONNECT_ERROR 110 +-# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED 143 +-# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED 144 ++# define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 ++# define BIO_R_NO_HOSTNAME_SPECIFIED 112 + # define BIO_R_NO_PORT_DEFINED 113 ++# define BIO_R_NO_PORT_SPECIFIED 114 + # define BIO_R_NO_SUCH_FILE 128 + # define BIO_R_NULL_PARAMETER 115 ++# define BIO_R_TAG_MISMATCH 116 + # define BIO_R_UNABLE_TO_BIND_SOCKET 117 + # define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +-# define BIO_R_UNABLE_TO_KEEPALIVE 137 + # define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +-# define BIO_R_UNABLE_TO_NODELAY 138 +-# define BIO_R_UNABLE_TO_REUSEADDR 139 +-# define BIO_R_UNAVAILABLE_IP_FAMILY 145 + # define BIO_R_UNINITIALIZED 120 +-# define BIO_R_UNKNOWN_INFO_TYPE 140 +-# define BIO_R_UNSUPPORTED_IP_FAMILY 146 + # define BIO_R_UNSUPPORTED_METHOD 121 +-# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY 131 + # define BIO_R_WRITE_TO_READ_ONLY_BIO 126 + # define BIO_R_WSASTARTUP 122 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/blowfish.h b/Cryptlib/Include/openssl/blowfish.h +index cd3e460..8329302 100644 +--- a/Cryptlib/Include/openssl/blowfish.h ++++ b/Cryptlib/Include/openssl/blowfish.h +@@ -1,21 +1,72 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bf/blowfish.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_BLOWFISH_H + # define HEADER_BLOWFISH_H + +-# include +- +-# ifndef OPENSSL_NO_BF + # include +-# ifdef __cplusplus ++ ++#ifdef __cplusplus + extern "C" { ++#endif ++ ++# ifdef OPENSSL_NO_BF ++# error BF is disabled. + # endif + + # define BF_ENCRYPT 1 +@@ -23,10 +74,26 @@ extern "C" { + + /*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- * ! BF_LONG has to be at least 32 bits wide. ! ++ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! ++ * ! BF_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +-# define BF_LONG unsigned int ++ ++# if defined(__LP32__) ++# define BF_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define BF_LONG unsigned long ++# define BF_LONG_LOG2 3 ++/* ++ * _CRAY note. I could declare short, but I have no idea what impact ++ * does it have on performance on none-T3E machines. I could declare ++ * int, but at least on C90 sizeof(int) can be chosen at compile time. ++ * So I've chosen long... ++ * ++ */ ++# else ++# define BF_LONG unsigned int ++# endif + + # define BF_ROUNDS 16 + # define BF_BLOCK 8 +@@ -36,6 +103,9 @@ typedef struct bf_key_st { + BF_LONG S[4 * 256]; + } BF_KEY; + ++# ifdef OPENSSL_FIPS ++void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data); ++# endif + void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + + void BF_encrypt(BF_LONG *data, const BF_KEY *key); +@@ -53,9 +123,8 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, + unsigned char *ivec, int *num); + const char *BF_options(void); + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/bn.h b/Cryptlib/Include/openssl/bn.h +index 17bd521..633d1b1 100644 +--- a/Cryptlib/Include/openssl/bn.h ++++ b/Cryptlib/Include/openssl/bn.h +@@ -1,12 +1,113 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +@@ -24,11 +125,11 @@ + #ifndef HEADER_BN_H + # define HEADER_BN_H + ++# include + # include +-# ifndef OPENSSL_NO_STDIO +-# include ++# ifndef OPENSSL_NO_FP_API ++# include /* FILE */ + # endif +-# include + # include + # include + +@@ -37,29 +138,126 @@ extern "C" { + #endif + + /* +- * 64-bit processor with LP64 ABI ++ * These preprocessor symbols control various aspects of the bignum headers ++ * and library code. They're not defined by any "normal" configuration, as ++ * they are intended for development and testing purposes. NB: defining all ++ * three can be useful for debugging application code as well as openssl ++ * itself. BN_DEBUG - turn on various debugging alterations to the bignum ++ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up ++ * mismanagement of bignum internals. You must also define BN_DEBUG. ++ */ ++/* #define BN_DEBUG */ ++/* #define BN_DEBUG_RAND */ ++ ++# ifndef OPENSSL_SMALL_FOOTPRINT ++# define BN_MUL_COMBA ++# define BN_SQR_COMBA ++# define BN_RECURSION ++# endif ++ ++/* ++ * This next option uses the C libraries (2 word)/(1 word) function. If it is ++ * not defined, I use my C version (which is slower). The reason for this ++ * flag is that when the particular C compiler library routine is used, and ++ * the library is linked with a different compiler, the library is missing. ++ * This mostly happens when the library is built with gcc and then linked ++ * using normal cc. This would be a common occurrence because gcc normally ++ * produces code that is 2 times faster than system compilers for the big ++ * number stuff. For machines with only one compiler (or shared libraries), ++ * this should be on. Again this in only really a problem on machines using ++ * "long long's", are 32bit, and are not using my assembler code. ++ */ ++# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ ++ defined(OPENSSL_SYS_WIN32) || defined(linux) ++# ifndef BN_DIV2W ++# define BN_DIV2W ++# endif ++# endif ++ ++/* ++ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only ++ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha + */ + # ifdef SIXTY_FOUR_BIT_LONG ++# define BN_ULLONG unsigned long long + # define BN_ULONG unsigned long ++# define BN_LONG long ++# define BN_BITS 128 + # define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) ++# define BN_MASK2 (0xffffffffffffffffL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000L) ++# define BN_MASK2h1 (0xffffffff80000000L) ++# define BN_TBIT (0x8000000000000000L) ++# define BN_DEC_CONV (10000000000000000000UL) ++# define BN_DEC_FMT1 "%lu" ++# define BN_DEC_FMT2 "%019lu" ++# define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%lX" ++# define BN_HEX_FMT2 "%016lX" + # endif + + /* +- * 64-bit processor other than LP64 ABI ++ * This is where the long long data type is 64 bits, but long is 32. For ++ * machines where there are 64bit registers, this is the mode to use. IRIX, ++ * on R4000 and above should use this mode, along with the relevant assembler ++ * code :-). Do NOT define BN_LLONG. + */ + # ifdef SIXTY_FOUR_BIT ++# undef BN_LLONG ++# undef BN_ULLONG + # define BN_ULONG unsigned long long ++# define BN_LONG long long ++# define BN_BITS 128 + # define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK2 (0xffffffffffffffffLL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000LL) ++# define BN_MASK2h1 (0xffffffff80000000LL) ++# define BN_TBIT (0x8000000000000000LL) ++# define BN_DEC_CONV (10000000000000000000ULL) ++# define BN_DEC_FMT1 "%llu" ++# define BN_DEC_FMT2 "%019llu" ++# define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%llX" ++# define BN_HEX_FMT2 "%016llX" + # endif + + # ifdef THIRTY_TWO_BIT ++# ifdef BN_LLONG ++# if defined(_WIN32) && !defined(__GNUC__) ++# define BN_ULLONG unsigned __int64 ++# define BN_MASK (0xffffffffffffffffI64) ++# else ++# define BN_ULLONG unsigned long long ++# define BN_MASK (0xffffffffffffffffLL) ++# endif ++# endif + # define BN_ULONG unsigned int ++# define BN_LONG int ++# define BN_BITS 64 + # define BN_BYTES 4 ++# define BN_BITS2 32 ++# define BN_BITS4 16 ++# define BN_MASK2 (0xffffffffL) ++# define BN_MASK2l (0xffff) ++# define BN_MASK2h1 (0xffff8000L) ++# define BN_MASK2h (0xffff0000L) ++# define BN_TBIT (0x80000000L) ++# define BN_DEC_CONV (1000000000L) ++# define BN_DEC_FMT1 "%u" ++# define BN_DEC_FMT2 "%09u" ++# define BN_DEC_NUM 9 ++# define BN_HEX_FMT1 "%X" ++# define BN_HEX_FMT2 "%08X" + # endif + +-# define BN_BITS2 (BN_BYTES * 8) +-# define BN_BITS (BN_BITS2 * 2) +-# define BN_TBIT ((BN_ULONG)1 << (BN_BITS2 - 1)) ++# define BN_DEFAULT_BITS 1280 + + # define BN_FLG_MALLOCED 0x01 + # define BN_FLG_STATIC_DATA 0x02 +@@ -71,49 +269,107 @@ extern "C" { + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ + # define BN_FLG_CONSTTIME 0x04 +-# define BN_FLG_SECURE 0x08 + +-# if OPENSSL_API_COMPAT < 0x00908000L ++# ifdef OPENSSL_NO_DEPRECATED + /* deprecated name for the flag */ + # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME +-# define BN_FLG_FREE 0x8000 /* used for debugging */ ++/* ++ * avoid leaking exponent information through timings ++ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) ++ */ + # endif + +-void BN_set_flags(BIGNUM *b, int n); +-int BN_get_flags(const BIGNUM *b, int n); +- +-/* Values for |top| in BN_rand() */ +-#define BN_RAND_TOP_ANY -1 +-#define BN_RAND_TOP_ONE 0 +-#define BN_RAND_TOP_TWO 1 +- +-/* Values for |bottom| in BN_rand() */ +-#define BN_RAND_BOTTOM_ANY 0 +-#define BN_RAND_BOTTOM_ODD 1 ++# ifndef OPENSSL_NO_DEPRECATED ++# define BN_FLG_FREE 0x8000 ++ /* used for debuging */ ++# endif ++# define BN_set_flags(b,n) ((b)->flags|=(n)) ++# define BN_get_flags(b,n) ((b)->flags&(n)) + + /* + * get a clone of a BIGNUM with changed flags, for *temporary* use only (the +- * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The +- * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that +- * has not been otherwise initialised or used. ++ * two BIGNUMs cannot not be used in parallel!) + */ +-void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags); +- +-/* Wrapper function to make using BN_GENCB easier */ +-int BN_GENCB_call(BN_GENCB *cb, int a, int b); +- +-BN_GENCB *BN_GENCB_new(void); +-void BN_GENCB_free(BN_GENCB *cb); +- +-/* Populate a BN_GENCB structure with an "old"-style callback */ +-void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), +- void *cb_arg); ++# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ ++ (dest)->top=(b)->top, \ ++ (dest)->dmax=(b)->dmax, \ ++ (dest)->neg=(b)->neg, \ ++ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ ++ | ((b)->flags & ~BN_FLG_MALLOCED) \ ++ | BN_FLG_STATIC_DATA \ ++ | (n))) ++ ++/* Already declared in ossl_typ.h */ ++# if 0 ++typedef struct bignum_st BIGNUM; ++/* Used for temp variables (declaration hidden in bn_lcl.h) */ ++typedef struct bignum_ctx BN_CTX; ++typedef struct bn_blinding_st BN_BLINDING; ++typedef struct bn_mont_ctx_st BN_MONT_CTX; ++typedef struct bn_recp_ctx_st BN_RECP_CTX; ++typedef struct bn_gencb_st BN_GENCB; ++# endif + +-/* Populate a BN_GENCB structure with a "new"-style callback */ +-void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), +- void *cb_arg); ++struct bignum_st { ++ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit ++ * chunks. */ ++ int top; /* Index of last used d +1. */ ++ /* The next are internal book keeping for bn_expand. */ ++ int dmax; /* Size of the d array. */ ++ int neg; /* one if the number is negative */ ++ int flags; ++}; ++ ++/* Used for montgomery multiplication */ ++struct bn_mont_ctx_st { ++ int ri; /* number of bits in R */ ++ BIGNUM RR; /* used to convert to montgomery form */ ++ BIGNUM N; /* The modulus */ ++ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only ++ * stored for bignum algorithm) */ ++ BN_ULONG n0[2]; /* least significant word(s) of Ni; (type ++ * changed with 0.9.9, was "BN_ULONG n0;" ++ * before) */ ++ int flags; ++}; + +-void *BN_GENCB_get_arg(BN_GENCB *cb); ++/* ++ * Used for reciprocal division/mod functions It cannot be shared between ++ * threads ++ */ ++struct bn_recp_ctx_st { ++ BIGNUM N; /* the divisor */ ++ BIGNUM Nr; /* the reciprocal */ ++ int num_bits; ++ int shift; ++ int flags; ++}; ++ ++/* Used for slow "generation" functions. */ ++struct bn_gencb_st { ++ unsigned int ver; /* To handle binary (in)compatibility */ ++ void *arg; /* callback-specific data */ ++ union { ++ /* if(ver==1) - handles old style callbacks */ ++ void (*cb_1) (int, int, void *); ++ /* if(ver==2) - new callback style */ ++ int (*cb_2) (int, int, BN_GENCB *); ++ } cb; ++}; ++/* Wrapper function to make using BN_GENCB easier, */ ++int BN_GENCB_call(BN_GENCB *cb, int a, int b); ++/* Macro to populate a BN_GENCB structure with an "old"-style callback */ ++# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 1; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_1 = (callback); } ++/* Macro to populate a BN_GENCB structure with a "new"-style callback */ ++# define BN_GENCB_set(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 2; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_2 = (callback); } + + # define BN_prime_checks 0 /* default: select number of iterations based + * on the size of the number */ +@@ -141,17 +397,22 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); + + # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +-int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +-int BN_is_zero(const BIGNUM *a); +-int BN_is_one(const BIGNUM *a); +-int BN_is_word(const BIGNUM *a, const BN_ULONG w); +-int BN_is_odd(const BIGNUM *a); ++/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ ++# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ ++ (((w) == 0) && ((a)->top == 0))) ++# define BN_is_zero(a) ((a)->top == 0) ++# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) ++# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) ++# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) + + # define BN_one(a) (BN_set_word((a),1)) +- +-void BN_zero_ex(BIGNUM *a); +- +-# if OPENSSL_API_COMPAT >= 0x00908000L ++# define BN_zero_ex(a) \ ++ do { \ ++ BIGNUM *_tmp_bn = (a); \ ++ _tmp_bn->top = 0; \ ++ _tmp_bn->neg = 0; \ ++ } while(0) ++# ifdef OPENSSL_NO_DEPRECATED + # define BN_zero(a) BN_zero_ex(a) + # else + # define BN_zero(a) (BN_set_word((a),0)) +@@ -160,7 +421,9 @@ void BN_zero_ex(BIGNUM *a); + const BIGNUM *BN_value_one(void); + char *BN_options(void); + BN_CTX *BN_CTX_new(void); +-BN_CTX *BN_CTX_secure_new(void); ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_CTX_init(BN_CTX *c); ++# endif + void BN_CTX_free(BN_CTX *c); + void BN_CTX_start(BN_CTX *ctx); + BIGNUM *BN_CTX_get(BN_CTX *ctx); +@@ -170,18 +433,14 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); + int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); + int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); + int BN_num_bits(const BIGNUM *a); +-int BN_num_bits_word(BN_ULONG l); +-int BN_security_bits(int L, int N); ++int BN_num_bits_word(BN_ULONG); + BIGNUM *BN_new(void); +-BIGNUM *BN_secure_new(void); ++void BN_init(BIGNUM *); + void BN_clear_free(BIGNUM *a); + BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); + void BN_swap(BIGNUM *a, BIGNUM *b); + BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); + int BN_bn2bin(const BIGNUM *a, unsigned char *to); +-int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +-BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +-int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); + BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); + int BN_bn2mpi(const BIGNUM *a, unsigned char *to); + int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +@@ -199,7 +458,7 @@ void BN_set_negative(BIGNUM *b, int n); + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +-int BN_is_negative(const BIGNUM *b); ++# define BN_is_negative(a) ((a)->neg != 0) + + int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +@@ -253,10 +512,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); + + int BN_mask_bits(BIGNUM *a, int n); +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int BN_print_fp(FILE *fp, const BIGNUM *a); + # endif +-int BN_print(BIO *bio, const BIGNUM *a); ++# ifdef HEADER_BIO_H ++int BN_print(BIO *fp, const BIGNUM *a); ++# else ++int BN_print(void *fp, const BIGNUM *a); ++# endif + int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); + int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); + int BN_rshift1(BIGNUM *r, const BIGNUM *a); +@@ -282,21 +545,17 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, + void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + + /* Deprecated versions */ +-DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, +- const BIGNUM *add, +- const BIGNUM *rem, +- void (*callback) (int, int, +- void *), +- void *cb_arg)) +-DEPRECATEDIN_0_9_8(int +- BN_is_prime(const BIGNUM *p, int nchecks, +- void (*callback) (int, int, void *), +- BN_CTX *ctx, void *cb_arg)) +-DEPRECATEDIN_0_9_8(int +- BN_is_prime_fasttest(const BIGNUM *p, int nchecks, +- void (*callback) (int, int, void *), +- BN_CTX *ctx, void *cb_arg, +- int do_trial_division)) ++# ifndef OPENSSL_NO_DEPRECATED ++BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, ++ const BIGNUM *add, const BIGNUM *rem, ++ void (*callback) (int, int, void *), void *cb_arg); ++int BN_is_prime(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), ++ BN_CTX *ctx, void *cb_arg); ++int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), BN_CTX *ctx, ++ void *cb_arg, int do_trial_division); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* Newer versions */ + int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, +@@ -316,16 +575,17 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BN_CTX *ctx, BN_GENCB *cb); + + BN_MONT_CTX *BN_MONT_CTX_new(void); ++void BN_MONT_CTX_init(BN_MONT_CTX *ctx); + int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +-int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, +- BN_CTX *ctx); +-int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, +- BN_CTX *ctx); ++# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ ++ (r),(a),&((mont)->RR),(mont),(ctx)) ++int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, ++ BN_MONT_CTX *mont, BN_CTX *ctx); + void BN_MONT_CTX_free(BN_MONT_CTX *mont); + int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); + BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, ++BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + + /* BN_BLINDING flags */ +@@ -340,12 +600,11 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); + int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); + int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + BN_CTX *); +- +-int BN_BLINDING_is_current_thread(BN_BLINDING *b); +-void BN_BLINDING_set_current_thread(BN_BLINDING *b); +-int BN_BLINDING_lock(BN_BLINDING *b); +-int BN_BLINDING_unlock(BN_BLINDING *b); +- ++# ifndef OPENSSL_NO_DEPRECATED ++unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); ++void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); ++# endif ++CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); + void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); + BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, +@@ -358,10 +617,12 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +-DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont)) +-DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3 +- * mont */ ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_set_params(int mul, int high, int low, int mont); ++int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ ++# endif + ++void BN_RECP_CTX_init(BN_RECP_CTX *recp); + BN_RECP_CTX *BN_RECP_CTX_new(void); + void BN_RECP_CTX_free(BN_RECP_CTX *recp); + int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); +@@ -459,35 +720,154 @@ const BIGNUM *BN_get0_nist_prime_256(void); + const BIGNUM *BN_get0_nist_prime_384(void); + const BIGNUM *BN_get0_nist_prime_521(void); + +-int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, +- const BIGNUM *field, BN_CTX *ctx); ++/* library internal functions */ ++ ++# define bn_expand(a,bits) \ ++ ( \ ++ bits > (INT_MAX - BN_BITS2 + 1) ? \ ++ NULL \ ++ : \ ++ (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ ++ (a) \ ++ : \ ++ bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ ++ ) ++ ++# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) ++BIGNUM *bn_expand2(BIGNUM *a, int words); ++# ifndef OPENSSL_NO_DEPRECATED ++BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ ++# endif ++ ++/*- ++ * Bignum consistency macros ++ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from ++ * bignum data after direct manipulations on the data. There is also an ++ * "internal" macro, bn_check_top(), for verifying that there are no leading ++ * zeroes. Unfortunately, some auditing is required due to the fact that ++ * bn_fix_top() has become an overabused duct-tape because bignum data is ++ * occasionally passed around in an inconsistent state. So the following ++ * changes have been made to sort this out; ++ * - bn_fix_top()s implementation has been moved to bn_correct_top() ++ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and ++ * bn_check_top() is as before. ++ * - if BN_DEBUG *is* defined; ++ * - bn_check_top() tries to pollute unused words even if the bignum 'top' is ++ * consistent. (ed: only if BN_DEBUG_RAND is defined) ++ * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. ++ * The idea is to have debug builds flag up inconsistent bignums when they ++ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if ++ * the use of bn_fix_top() was appropriate (ie. it follows directly after code ++ * that manipulates the bignum) it is converted to bn_correct_top(), and if it ++ * was not appropriate, we convert it permanently to bn_check_top() and track ++ * down the cause of the bug. Eventually, no internal code should be using the ++ * bn_fix_top() macro. External applications and libraries should try this with ++ * their own code too, both in terms of building against the openssl headers ++ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it ++ * defined. This not only improves external code, it provides more test ++ * coverage for openssl's own code. ++ */ + +-int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, +- const BIGNUM *priv, const unsigned char *message, +- size_t message_len, BN_CTX *ctx); ++# ifdef BN_DEBUG ++ ++/* We only need assert() when debugging */ ++# include ++ ++# ifdef BN_DEBUG_RAND ++/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ ++# ifndef RAND_pseudo_bytes ++int RAND_pseudo_bytes(unsigned char *buf, int num); ++# define BN_DEBUG_TRIX ++# endif ++# define bn_pollute(a) \ ++ do { \ ++ const BIGNUM *_bnum1 = (a); \ ++ if(_bnum1->top < _bnum1->dmax) { \ ++ unsigned char _tmp_char; \ ++ /* We cast away const without the compiler knowing, any \ ++ * *genuinely* constant variables that aren't mutable \ ++ * wouldn't be constructed with top!=dmax. */ \ ++ BN_ULONG *_not_const; \ ++ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ ++ /* Debug only - safe to ignore error return */ \ ++ RAND_pseudo_bytes(&_tmp_char, 1); \ ++ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ ++ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ ++ } \ ++ } while(0) ++# ifdef BN_DEBUG_TRIX ++# undef RAND_pseudo_bytes ++# endif ++# else ++# define bn_pollute(a) ++# endif ++# define bn_check_top(a) \ ++ do { \ ++ const BIGNUM *_bnum2 = (a); \ ++ if (_bnum2 != NULL) { \ ++ assert((_bnum2->top == 0) || \ ++ (_bnum2->d[_bnum2->top - 1] != 0)); \ ++ bn_pollute(_bnum2); \ ++ } \ ++ } while(0) ++ ++# define bn_fix_top(a) bn_check_top(a) ++ ++# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) ++# define bn_wcheck_size(bn, words) \ ++ do { \ ++ const BIGNUM *_bnum2 = (bn); \ ++ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ ++ /* avoid unused variable warning with NDEBUG */ \ ++ (void)(_bnum2); \ ++ } while(0) ++ ++# else /* !BN_DEBUG */ ++ ++# define bn_pollute(a) ++# define bn_check_top(a) ++# define bn_fix_top(a) bn_correct_top(a) ++# define bn_check_size(bn, bits) ++# define bn_wcheck_size(bn, words) ++ ++# endif ++ ++# define bn_correct_top(a) \ ++ { \ ++ BN_ULONG *ftl; \ ++ int tmp_top = (a)->top; \ ++ if (tmp_top > 0) \ ++ { \ ++ for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ ++ if (*(ftl--)) break; \ ++ (a)->top = tmp_top; \ ++ } \ ++ if ((a)->top == 0) \ ++ (a)->neg = 0; \ ++ bn_pollute(a); \ ++ } ++ ++BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, ++ BN_ULONG w); ++BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); ++void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); ++BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); ++BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); ++BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); + + /* Primes from RFC 2409 */ +-BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +-BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); ++BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); ++BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); + + /* Primes from RFC 3526 */ +-BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +-BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +-BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +-BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +-BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +-BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); +- +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define get_rfc2409_prime_768 BN_get_rfc2409_prime_768 +-# define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024 +-# define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536 +-# define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048 +-# define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072 +-# define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096 +-# define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144 +-# define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192 +-# endif ++BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); + + int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + +@@ -496,8 +876,7 @@ int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_BN_strings(void); ++void ERR_load_BN_strings(void); + + /* Error codes for the BN functions. */ + +@@ -510,17 +889,15 @@ int ERR_load_BN_strings(void); + # define BN_F_BN_BLINDING_UPDATE 103 + # define BN_F_BN_BN2DEC 104 + # define BN_F_BN_BN2HEX 105 +-# define BN_F_BN_COMPUTE_WNAF 142 + # define BN_F_BN_CTX_GET 116 + # define BN_F_BN_CTX_NEW 106 + # define BN_F_BN_CTX_START 129 + # define BN_F_BN_DIV 107 ++# define BN_F_BN_DIV_NO_BRANCH 138 + # define BN_F_BN_DIV_RECP 130 + # define BN_F_BN_EXP 123 ++# define BN_F_BN_EXPAND2 108 + # define BN_F_BN_EXPAND_INTERNAL 120 +-# define BN_F_BN_GENCB_NEW 143 +-# define BN_F_BN_GENERATE_DSA_NONCE 140 +-# define BN_F_BN_GENERATE_PRIME_EX 141 + # define BN_F_BN_GF2M_MOD 131 + # define BN_F_BN_GF2M_MOD_EXP 132 + # define BN_F_BN_GF2M_MOD_MUL 133 +@@ -538,13 +915,13 @@ int ERR_load_BN_strings(void); + # define BN_F_BN_MOD_INVERSE 110 + # define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 + # define BN_F_BN_MOD_LSHIFT_QUICK 119 ++# define BN_F_BN_MOD_MUL_RECIPROCAL 111 + # define BN_F_BN_MOD_SQRT 121 + # define BN_F_BN_MPI2BN 112 + # define BN_F_BN_NEW 113 + # define BN_F_BN_RAND 114 + # define BN_F_BN_RAND_RANGE 122 + # define BN_F_BN_RSHIFT 146 +-# define BN_F_BN_SET_WORDS 144 + # define BN_F_BN_USUB 115 + + /* Reason codes. */ +@@ -564,12 +941,11 @@ int ERR_load_BN_strings(void); + # define BN_R_NOT_INITIALIZED 107 + # define BN_R_NO_INVERSE 108 + # define BN_R_NO_SOLUTION 116 +-# define BN_R_PRIVATE_KEY_TOO_LARGE 117 + # define BN_R_P_IS_NOT_PRIME 112 + # define BN_R_TOO_MANY_ITERATIONS 113 + # define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/buffer.h b/Cryptlib/Include/openssl/buffer.h +index 91f0e07..efd240a 100644 +--- a/Cryptlib/Include/openssl/buffer.h ++++ b/Cryptlib/Include/openssl/buffer.h +@@ -1,20 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/buffer/buffer.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_BUFFER_H + # define HEADER_BUFFER_H + + # include +-# ifndef HEADER_CRYPTO_H +-# include +-# endif +- + + #ifdef __cplusplus + extern "C" { +@@ -26,51 +71,55 @@ extern "C" { + # include + # endif + +-/* +- * These names are outdated as of OpenSSL 1.1; a future release +- * will move them to be deprecated. +- */ +-# define BUF_strdup(s) OPENSSL_strdup(s) +-# define BUF_strndup(s, size) OPENSSL_strndup(s, size) +-# define BUF_memdup(data, size) OPENSSL_memdup(data, size) +-# define BUF_strlcpy(dst, src, size) OPENSSL_strlcpy(dst, src, size) +-# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size) +-# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen) ++/* Already declared in ossl_typ.h */ ++/* typedef struct buf_mem_st BUF_MEM; */ + + struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ +- unsigned long flags; + }; + +-# define BUF_MEM_FLAG_SECURE 0x01 +- + BUF_MEM *BUF_MEM_new(void); +-BUF_MEM *BUF_MEM_new_ex(unsigned long flags); + void BUF_MEM_free(BUF_MEM *a); +-size_t BUF_MEM_grow(BUF_MEM *str, size_t len); +-size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len); ++int BUF_MEM_grow(BUF_MEM *str, size_t len); ++int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); ++size_t BUF_strnlen(const char *str, size_t maxlen); ++char *BUF_strdup(const char *str); ++ ++/* ++ * Like strndup, but in addition, explicitly guarantees to never read past the ++ * first |siz| bytes of |str|. ++ */ ++char *BUF_strndup(const char *str, size_t siz); ++ ++void *BUF_memdup(const void *data, size_t siz); + void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + ++/* safe string functions */ ++size_t BUF_strlcpy(char *dst, const char *src, size_t siz); ++size_t BUF_strlcat(char *dst, const char *src, size_t siz); ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_BUF_strings(void); ++void ERR_load_BUF_strings(void); + + /* Error codes for the BUF functions. */ + + /* Function codes. */ ++# define BUF_F_BUF_MEMDUP 103 + # define BUF_F_BUF_MEM_GROW 100 + # define BUF_F_BUF_MEM_GROW_CLEAN 105 + # define BUF_F_BUF_MEM_NEW 101 ++# define BUF_F_BUF_STRDUP 102 ++# define BUF_F_BUF_STRNDUP 104 + + /* Reason codes. */ + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/camellia.h b/Cryptlib/Include/openssl/camellia.h +index 151f3c1..45e8d25 100644 +--- a/Cryptlib/Include/openssl/camellia.h ++++ b/Cryptlib/Include/openssl/camellia.h +@@ -1,10 +1,52 @@ +-/* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/camellia/camellia.h */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_CAMELLIA_H +@@ -12,11 +54,11 @@ + + # include + +-# ifndef OPENSSL_NO_CAMELLIA ++# ifdef OPENSSL_NO_CAMELLIA ++# error CAMELLIA is disabled. ++# endif ++ + # include +-#ifdef __cplusplus +-extern "C" { +-#endif + + # define CAMELLIA_ENCRYPT 1 + # define CAMELLIA_DECRYPT 0 +@@ -26,6 +68,10 @@ extern "C" { + * Both sizes are in bytes. + */ + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + /* This should be a hidden type, but EVP requires that the size be known */ + + # define CAMELLIA_BLOCK_SIZE 16 +@@ -44,6 +90,10 @@ struct camellia_key_st { + }; + typedef struct camellia_key_st CAMELLIA_KEY; + ++# ifdef OPENSSL_FIPS ++int private_Camellia_set_key(const unsigned char *userKey, const int bits, ++ CAMELLIA_KEY *key); ++# endif + int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +@@ -75,9 +125,8 @@ void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif +- + #endif ++ ++#endif /* !HEADER_Camellia_H */ +diff --git a/Cryptlib/Include/openssl/cast.h b/Cryptlib/Include/openssl/cast.h +index 2cc89ae..0003ec9 100644 +--- a/Cryptlib/Include/openssl/cast.h ++++ b/Cryptlib/Include/openssl/cast.h +@@ -1,20 +1,72 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/cast/cast.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_CAST_H + # define HEADER_CAST_H + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + # include + +-# ifndef OPENSSL_NO_CAST +-# ifdef __cplusplus +-extern "C" { ++# ifdef OPENSSL_NO_CAST ++# error CAST is disabled. + # endif + + # define CAST_ENCRYPT 1 +@@ -30,6 +82,9 @@ typedef struct cast_key_st { + int short_key; /* Use reduced rounds for short key */ + } CAST_KEY; + ++# ifdef OPENSSL_FIPS ++void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); ++# endif + void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); + void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAST_KEY *key, int enc); +@@ -45,9 +100,8 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, + unsigned char *ivec, int *num); + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/cmac.h b/Cryptlib/Include/openssl/cmac.h +index 3535a9a..175be83 100644 +--- a/Cryptlib/Include/openssl/cmac.h ++++ b/Cryptlib/Include/openssl/cmac.h +@@ -1,17 +1,60 @@ ++/* crypto/cmac/cmac.h */ + /* +- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #ifndef HEADER_CMAC_H + # define HEADER_CMAC_H + +-# ifndef OPENSSL_NO_CMAC +- + #ifdef __cplusplus + extern "C" { + #endif +@@ -36,6 +79,4 @@ int CMAC_resume(CMAC_CTX *ctx); + #ifdef __cplusplus + } + #endif +- +-# endif + #endif +diff --git a/Cryptlib/Include/openssl/cms.h b/Cryptlib/Include/openssl/cms.h +index 7e534e0..e6c7f96 100644 +--- a/Cryptlib/Include/openssl/cms.h ++++ b/Cryptlib/Include/openssl/cms.h +@@ -1,24 +1,70 @@ ++/* crypto/cms/cms.h */ + /* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #ifndef HEADER_CMS_H + # define HEADER_CMS_H + +-# include +- +-# ifndef OPENSSL_NO_CMS + # include +-# include +-# ifdef __cplusplus +-extern "C" { ++ ++# ifdef OPENSSL_NO_CMS ++# error CMS is disabled. + # endif + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + typedef struct CMS_ContentInfo_st CMS_ContentInfo; + typedef struct CMS_SignerInfo_st CMS_SignerInfo; + typedef struct CMS_CertificateChoices CMS_CertificateChoices; +@@ -29,10 +75,9 @@ typedef struct CMS_Receipt_st CMS_Receipt; + typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; + typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +-DEFINE_STACK_OF(CMS_SignerInfo) +-DEFINE_STACK_OF(CMS_RecipientEncryptedKey) +-DEFINE_STACK_OF(CMS_RecipientInfo) +-DEFINE_STACK_OF(CMS_RevocationInfoChoice) ++DECLARE_STACK_OF(CMS_SignerInfo) ++DECLARE_STACK_OF(GENERAL_NAMES) ++DECLARE_STACK_OF(CMS_RecipientEncryptedKey) + DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) + DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) + DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) +@@ -71,9 +116,8 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) + # define CMS_USE_KEYID 0x10000 + # define CMS_DEBUG_DECRYPT 0x20000 + # define CMS_KEY_PARAM 0x40000 +-# define CMS_ASCIICRLF 0x80000 + +-const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); ++const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); + + BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); + int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); +@@ -144,7 +188,7 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); + int CMS_decrypt_set1_key(CMS_ContentInfo *cms, + unsigned char *key, size_t keylen, +- const unsigned char *id, size_t idlen); ++ unsigned char *id, size_t idlen); + int CMS_decrypt_set1_password(CMS_ContentInfo *cms, + unsigned char *pass, ossl_ssize_t passlen); + +@@ -246,7 +290,7 @@ int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + int CMS_signed_get_attr_count(const CMS_SignerInfo *si); + int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, ++int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); + X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +@@ -260,14 +304,14 @@ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); +-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, ++void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + + int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); + int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, +- const ASN1_OBJECT *obj, int lastpos); ++int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, ++ int lastpos); + X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); + X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); + int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +@@ -334,8 +378,7 @@ int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_CMS_strings(void); ++void ERR_load_CMS_strings(void); + + /* Error codes for the CMS functions. */ + +@@ -440,6 +483,7 @@ int ERR_load_CMS_strings(void); + # define CMS_R_CTRL_ERROR 110 + # define CMS_R_CTRL_FAILURE 111 + # define CMS_R_DECRYPT_ERROR 112 ++# define CMS_R_DIGEST_ERROR 161 + # define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 + # define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 + # define CMS_R_ERROR_SETTING_KEY 115 +@@ -505,8 +549,7 @@ int ERR_load_CMS_strings(void); + # define CMS_R_VERIFICATION_FAILURE 158 + # define CMS_R_WRAP_ERROR 159 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/comp.h b/Cryptlib/Include/openssl/comp.h +index 260ff1e..df599ba 100644 +--- a/Cryptlib/Include/openssl/comp.h ++++ b/Cryptlib/Include/openssl/comp.h +@@ -1,46 +1,59 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ + + #ifndef HEADER_COMP_H + # define HEADER_COMP_H + +-# include +- +-# ifndef OPENSSL_NO_COMP + # include +-# ifdef __cplusplus +-extern "C" { ++ ++# ifdef OPENSSL_NO_COMP ++# error COMP is disabled. + # endif + ++#ifdef __cplusplus ++extern "C" { ++#endif + ++typedef struct comp_ctx_st COMP_CTX; ++ ++struct comp_method_st { ++ int type; /* NID for compression library */ ++ const char *name; /* A text string to identify the library */ ++ int (*init) (COMP_CTX *ctx); ++ void (*finish) (COMP_CTX *ctx); ++ int (*compress) (COMP_CTX *ctx, ++ unsigned char *out, unsigned int olen, ++ unsigned char *in, unsigned int ilen); ++ int (*expand) (COMP_CTX *ctx, ++ unsigned char *out, unsigned int olen, ++ unsigned char *in, unsigned int ilen); ++ /* ++ * The following two do NOTHING, but are kept for backward compatibility ++ */ ++ long (*ctrl) (void); ++ long (*callback_ctrl) (void); ++}; ++ ++struct comp_ctx_st { ++ COMP_METHOD *meth; ++ unsigned long compress_in; ++ unsigned long compress_out; ++ unsigned long expand_in; ++ unsigned long expand_out; ++ CRYPTO_EX_DATA ex_data; ++}; + + COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +-const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +-int COMP_CTX_get_type(const COMP_CTX* comp); +-int COMP_get_type(const COMP_METHOD *meth); +-const char *COMP_get_name(const COMP_METHOD *meth); + void COMP_CTX_free(COMP_CTX *ctx); +- + int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); + int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen); +- ++COMP_METHOD *COMP_rle(void); + COMP_METHOD *COMP_zlib(void); +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-#define COMP_zlib_cleanup() while(0) continue +-#endif ++void COMP_zlib_cleanup(void); + + # ifdef HEADER_BIO_H + # ifdef ZLIB +-const BIO_METHOD *BIO_f_zlib(void); ++BIO_METHOD *BIO_f_zlib(void); + # endif + # endif + +@@ -49,8 +62,7 @@ const BIO_METHOD *BIO_f_zlib(void); + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_COMP_strings(void); ++void ERR_load_COMP_strings(void); + + /* Error codes for the COMP functions. */ + +@@ -65,8 +77,7 @@ int ERR_load_COMP_strings(void); + # define COMP_R_ZLIB_INFLATE_ERROR 100 + # define COMP_R_ZLIB_NOT_SUPPORTED 101 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/conf.h b/Cryptlib/Include/openssl/conf.h +index 462e3c9..c29e97d 100644 +--- a/Cryptlib/Include/openssl/conf.h ++++ b/Cryptlib/Include/openssl/conf.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/conf/conf.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_CONF_H +@@ -28,8 +77,8 @@ typedef struct { + char *value; + } CONF_VALUE; + +-DEFINE_STACK_OF(CONF_VALUE) +-DEFINE_LHASH_OF(CONF_VALUE); ++DECLARE_STACK_OF(CONF_VALUE) ++DECLARE_LHASH_OF(CONF_VALUE); + + struct conf_st; + struct conf_method_st; +@@ -53,8 +102,8 @@ struct conf_method_st { + typedef struct conf_imodule_st CONF_IMODULE; + typedef struct conf_module_st CONF_MODULE; + +-DEFINE_STACK_OF(CONF_MODULE) +-DEFINE_STACK_OF(CONF_IMODULE) ++DECLARE_STACK_OF(CONF_MODULE) ++DECLARE_STACK_OF(CONF_IMODULE) + + /* DSO module function typedefs */ + typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf); +@@ -69,9 +118,11 @@ typedef void conf_finish_func (CONF_IMODULE *md); + + int CONF_set_default_method(CONF_METHOD *meth); + void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); ++# ifndef OPENSSL_NO_STDIO + LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +-# ifndef OPENSSL_NO_STDIO ++# endif ++# ifndef OPENSSL_NO_FP_API + LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); + # endif +@@ -84,17 +135,13 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); + void CONF_free(LHASH_OF(CONF_VALUE) *conf); +-#ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +-#endif ++# endif + int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); + +-DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define OPENSSL_no_config() \ +- OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL) +-#endif ++void OPENSSL_config(const char *config_name); ++void OPENSSL_no_config(void); + + /* + * New conf code. The semantics are different from the functions above. If +@@ -110,11 +157,17 @@ struct conf_st { + CONF *NCONF_new(CONF_METHOD *meth); + CONF_METHOD *NCONF_default(void); + CONF_METHOD *NCONF_WIN32(void); ++# if 0 /* Just to give you an idea of what I have in ++ * mind */ ++CONF_METHOD *NCONF_XML(void); ++# endif + void NCONF_free(CONF *conf); + void NCONF_free_data(CONF *conf); + +-int NCONF_load(CONF *conf, const char *file, long *eline); + # ifndef OPENSSL_NO_STDIO ++int NCONF_load(CONF *conf, const char *file, long *eline); ++# endif ++# ifndef OPENSSL_NO_FP_API + int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); + # endif + int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +@@ -123,24 +176,29 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, + char *NCONF_get_string(const CONF *conf, const char *group, const char *name); + int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); +-#ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int NCONF_dump_fp(const CONF *conf, FILE *out); +-#endif ++# endif + int NCONF_dump_bio(const CONF *conf, BIO *out); + +-#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) ++# if 0 /* The following function has no error ++ * checking, and should therefore be avoided */ ++long NCONF_get_number(CONF *conf, char *group, char *name); ++# else ++# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) ++# endif + + /* Module functions */ + + int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); ++# ifndef OPENSSL_NO_STDIO + int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); ++# endif + void CONF_modules_unload(int all); + void CONF_modules_finish(void); +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define CONF_modules_free() while(0) continue +-#endif ++void CONF_modules_free(void); + int CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc); + +@@ -167,15 +225,16 @@ void OPENSSL_load_builtin_modules(void); + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_CONF_strings(void); ++void ERR_load_CONF_strings(void); + + /* Error codes for the CONF functions. */ + + /* Function codes. */ + # define CONF_F_CONF_DUMP_FP 104 + # define CONF_F_CONF_LOAD 100 ++# define CONF_F_CONF_LOAD_BIO 102 + # define CONF_F_CONF_LOAD_FP 103 ++# define CONF_F_CONF_MODULES_LOAD 116 + # define CONF_F_CONF_PARSE_LIST 119 + # define CONF_F_DEF_LOAD 120 + # define CONF_F_DEF_LOAD_BIO 121 +@@ -184,6 +243,7 @@ int ERR_load_CONF_strings(void); + # define CONF_F_MODULE_RUN 118 + # define CONF_F_NCONF_DUMP_BIO 105 + # define CONF_F_NCONF_DUMP_FP 106 ++# define CONF_F_NCONF_GET_NUMBER 107 + # define CONF_F_NCONF_GET_NUMBER_E 112 + # define CONF_F_NCONF_GET_SECTION 108 + # define CONF_F_NCONF_GET_STRING 109 +@@ -198,6 +258,7 @@ int ERR_load_CONF_strings(void); + # define CONF_R_LIST_CANNOT_BE_NULL 115 + # define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 + # define CONF_R_MISSING_EQUAL_SIGN 101 ++# define CONF_R_MISSING_FINISH_FUNCTION 111 + # define CONF_R_MISSING_INIT_FUNCTION 112 + # define CONF_R_MODULE_INITIALIZATION_ERROR 109 + # define CONF_R_NO_CLOSE_BRACE 102 +@@ -210,7 +271,7 @@ int ERR_load_CONF_strings(void); + # define CONF_R_UNKNOWN_MODULE_NAME 113 + # define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/conf_api.h b/Cryptlib/Include/openssl/conf_api.h +index a0275ad..e478f7d 100644 +--- a/Cryptlib/Include/openssl/conf_api.h ++++ b/Cryptlib/Include/openssl/conf_api.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* conf_api.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_CONF_API_H +diff --git a/Cryptlib/Include/openssl/crypto.h b/Cryptlib/Include/openssl/crypto.h +index bd0b140..bea4ca1 100644 +--- a/Cryptlib/Include/openssl/crypto.h ++++ b/Cryptlib/Include/openssl/crypto.h +@@ -1,12 +1,113 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/crypto.h */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by +@@ -17,11 +118,10 @@ + # define HEADER_CRYPTO_H + + # include +-# include + + # include + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + # include + # endif + +@@ -29,7 +129,6 @@ + # include + # include + # include +-# include + + # ifdef CHARSET_EBCDIC + # include +@@ -41,292 +140,458 @@ + */ + # include + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# include +-# endif +- + #ifdef __cplusplus + extern "C" { + #endif + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define SSLeay OpenSSL_version_num +-# define SSLeay_version OpenSSL_version +-# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +-# define SSLEAY_VERSION OPENSSL_VERSION +-# define SSLEAY_CFLAGS OPENSSL_CFLAGS +-# define SSLEAY_BUILT_ON OPENSSL_BUILT_ON +-# define SSLEAY_PLATFORM OPENSSL_PLATFORM +-# define SSLEAY_DIR OPENSSL_DIR +- ++/* Backward compatibility to SSLeay */ + /* +- * Old type for allocating dynamic locks. No longer used. Use the new thread +- * API instead. ++ * This is more to be used to check the correct DLL is being used in the MS ++ * world. + */ +-typedef struct { +- int dummy; +-} CRYPTO_dynlock; ++# define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER ++# define SSLEAY_VERSION 0 ++/* #define SSLEAY_OPTIONS 1 no longer supported */ ++# define SSLEAY_CFLAGS 2 ++# define SSLEAY_BUILT_ON 3 ++# define SSLEAY_PLATFORM 4 ++# define SSLEAY_DIR 5 ++ ++/* Already declared in ossl_typ.h */ ++# if 0 ++typedef struct crypto_ex_data_st CRYPTO_EX_DATA; ++/* Called when a new object is created */ ++typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); ++/* Called when an object is free()ed */ ++typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); ++/* Called when we need to dup an object */ ++typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, ++ void *from_d, int idx, long argl, void *argp); ++# endif + +-# endif /* OPENSSL_API_COMPAT */ ++/* A generic structure to pass assorted data in a expandable way */ ++typedef struct openssl_item_st { ++ int code; ++ void *value; /* Not used for flag attributes */ ++ size_t value_size; /* Max size of value for output, length for ++ * input */ ++ size_t *value_length; /* Returned length of value for output */ ++} OPENSSL_ITEM; + +-typedef void CRYPTO_RWLOCK; ++/* ++ * When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock ++ * names in cryptlib.c ++ */ + +-CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); +-int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock); +-int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock); +-int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock); +-void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock); ++# define CRYPTO_LOCK_ERR 1 ++# define CRYPTO_LOCK_EX_DATA 2 ++# define CRYPTO_LOCK_X509 3 ++# define CRYPTO_LOCK_X509_INFO 4 ++# define CRYPTO_LOCK_X509_PKEY 5 ++# define CRYPTO_LOCK_X509_CRL 6 ++# define CRYPTO_LOCK_X509_REQ 7 ++# define CRYPTO_LOCK_DSA 8 ++# define CRYPTO_LOCK_RSA 9 ++# define CRYPTO_LOCK_EVP_PKEY 10 ++# define CRYPTO_LOCK_X509_STORE 11 ++# define CRYPTO_LOCK_SSL_CTX 12 ++# define CRYPTO_LOCK_SSL_CERT 13 ++# define CRYPTO_LOCK_SSL_SESSION 14 ++# define CRYPTO_LOCK_SSL_SESS_CERT 15 ++# define CRYPTO_LOCK_SSL 16 ++# define CRYPTO_LOCK_SSL_METHOD 17 ++# define CRYPTO_LOCK_RAND 18 ++# define CRYPTO_LOCK_RAND2 19 ++# define CRYPTO_LOCK_MALLOC 20 ++# define CRYPTO_LOCK_BIO 21 ++# define CRYPTO_LOCK_GETHOSTBYNAME 22 ++# define CRYPTO_LOCK_GETSERVBYNAME 23 ++# define CRYPTO_LOCK_READDIR 24 ++# define CRYPTO_LOCK_RSA_BLINDING 25 ++# define CRYPTO_LOCK_DH 26 ++# define CRYPTO_LOCK_MALLOC2 27 ++# define CRYPTO_LOCK_DSO 28 ++# define CRYPTO_LOCK_DYNLOCK 29 ++# define CRYPTO_LOCK_ENGINE 30 ++# define CRYPTO_LOCK_UI 31 ++# define CRYPTO_LOCK_ECDSA 32 ++# define CRYPTO_LOCK_EC 33 ++# define CRYPTO_LOCK_ECDH 34 ++# define CRYPTO_LOCK_BN 35 ++# define CRYPTO_LOCK_EC_PRE_COMP 36 ++# define CRYPTO_LOCK_STORE 37 ++# define CRYPTO_LOCK_COMP 38 ++# define CRYPTO_LOCK_FIPS 39 ++# define CRYPTO_LOCK_FIPS2 40 ++# define CRYPTO_NUM_LOCKS 41 ++ ++# define CRYPTO_LOCK 1 ++# define CRYPTO_UNLOCK 2 ++# define CRYPTO_READ 4 ++# define CRYPTO_WRITE 8 ++ ++# ifndef OPENSSL_NO_LOCKING ++# ifndef CRYPTO_w_lock ++# define CRYPTO_w_lock(type) \ ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) ++# define CRYPTO_w_unlock(type) \ ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) ++# define CRYPTO_r_lock(type) \ ++ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) ++# define CRYPTO_r_unlock(type) \ ++ CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) ++# define CRYPTO_add(addr,amount,type) \ ++ CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE) ++# endif ++# else ++# define CRYPTO_w_lock(a) ++# define CRYPTO_w_unlock(a) ++# define CRYPTO_r_lock(a) ++# define CRYPTO_r_unlock(a) ++# define CRYPTO_add(a,b,c) ((*(a))+=(b)) ++# endif + +-int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock); ++/* ++ * Some applications as well as some parts of OpenSSL need to allocate and ++ * deallocate locks in a dynamic fashion. The following typedef makes this ++ * possible in a type-safe manner. ++ */ ++/* struct CRYPTO_dynlock_value has to be defined by the application. */ ++typedef struct { ++ int references; ++ struct CRYPTO_dynlock_value *data; ++} CRYPTO_dynlock; + + /* +- * The following can be used to detect memory leaks in the library. If ++ * The following can be used to detect memory leaks in the SSLeay library. It + * used, it turns on malloc checking + */ +-# define CRYPTO_MEM_CHECK_OFF 0x0 /* Control only */ +-# define CRYPTO_MEM_CHECK_ON 0x1 /* Control and mode bit */ +-# define CRYPTO_MEM_CHECK_ENABLE 0x2 /* Control and mode bit */ +-# define CRYPTO_MEM_CHECK_DISABLE 0x3 /* Control only */ ++ ++# define CRYPTO_MEM_CHECK_OFF 0x0/* an enume */ ++# define CRYPTO_MEM_CHECK_ON 0x1/* a bit */ ++# define CRYPTO_MEM_CHECK_ENABLE 0x2/* a bit */ ++# define CRYPTO_MEM_CHECK_DISABLE 0x3/* an enume */ ++ ++/* ++ * The following are bit values to turn on or off options connected to the ++ * malloc checking functionality ++ */ ++ ++/* Adds time to the memory checking information */ ++# define V_CRYPTO_MDEBUG_TIME 0x1/* a bit */ ++/* Adds thread number to the memory checking information */ ++# define V_CRYPTO_MDEBUG_THREAD 0x2/* a bit */ ++ ++# define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) ++ ++/* predec of the BIO type */ ++typedef struct bio_st BIO_dummy; + + struct crypto_ex_data_st { + STACK_OF(void) *sk; ++ /* gcc is screwing up this data structure :-( */ ++ int dummy; + }; +-DEFINE_STACK_OF(void) ++DECLARE_STACK_OF(void) + + /* +- * Per class, we have a STACK of function pointers. ++ * This stuff is basically class callback functions The current classes are ++ * SSL_CTX, SSL, SSL_SESSION, and a few more + */ +-# define CRYPTO_EX_INDEX_SSL 0 +-# define CRYPTO_EX_INDEX_SSL_CTX 1 +-# define CRYPTO_EX_INDEX_SSL_SESSION 2 +-# define CRYPTO_EX_INDEX_X509 3 +-# define CRYPTO_EX_INDEX_X509_STORE 4 +-# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 +-# define CRYPTO_EX_INDEX_DH 6 +-# define CRYPTO_EX_INDEX_DSA 7 +-# define CRYPTO_EX_INDEX_EC_KEY 8 +-# define CRYPTO_EX_INDEX_RSA 9 +-# define CRYPTO_EX_INDEX_ENGINE 10 ++ ++typedef struct crypto_ex_data_func_st { ++ long argl; /* Arbitary long */ ++ void *argp; /* Arbitary void * */ ++ CRYPTO_EX_new *new_func; ++ CRYPTO_EX_free *free_func; ++ CRYPTO_EX_dup *dup_func; ++} CRYPTO_EX_DATA_FUNCS; ++ ++DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) ++ ++/* ++ * Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA ++ * entry. ++ */ ++ ++# define CRYPTO_EX_INDEX_BIO 0 ++# define CRYPTO_EX_INDEX_SSL 1 ++# define CRYPTO_EX_INDEX_SSL_CTX 2 ++# define CRYPTO_EX_INDEX_SSL_SESSION 3 ++# define CRYPTO_EX_INDEX_X509_STORE 4 ++# define CRYPTO_EX_INDEX_X509_STORE_CTX 5 ++# define CRYPTO_EX_INDEX_RSA 6 ++# define CRYPTO_EX_INDEX_DSA 7 ++# define CRYPTO_EX_INDEX_DH 8 ++# define CRYPTO_EX_INDEX_ENGINE 9 ++# define CRYPTO_EX_INDEX_X509 10 + # define CRYPTO_EX_INDEX_UI 11 +-# define CRYPTO_EX_INDEX_BIO 12 +-# define CRYPTO_EX_INDEX_APP 13 +-# define CRYPTO_EX_INDEX__COUNT 14 ++# define CRYPTO_EX_INDEX_ECDSA 12 ++# define CRYPTO_EX_INDEX_ECDH 13 ++# define CRYPTO_EX_INDEX_COMP 14 ++# define CRYPTO_EX_INDEX_STORE 15 ++ ++/* ++ * Dynamically assigned indexes start from this value (don't use directly, ++ * use via CRYPTO_ex_data_new_class). ++ */ ++# define CRYPTO_EX_INDEX_USER 100 + + /* + * This is the default callbacks, but we can have others as well: this is + * needed in Win32 where the application malloc and the library malloc may + * not be the same. + */ +-#define OPENSSL_malloc_init() \ +- CRYPTO_set_mem_functions(CRYPTO_malloc, CRYPTO_realloc, CRYPTO_free) ++# define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ ++ malloc, realloc, free) + +-int CRYPTO_mem_ctrl(int mode); ++# if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD ++# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ ++# define CRYPTO_MDEBUG ++# endif ++# endif + +-# define OPENSSL_malloc(num) \ +- CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_zalloc(num) \ +- CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_realloc(addr, num) \ +- CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_clear_realloc(addr, old_num, num) \ +- CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_clear_free(addr, num) \ +- CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_free(addr) \ +- CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_memdup(str, s) \ +- CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_strdup(str) \ +- CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_strndup(str, n) \ +- CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_secure_malloc(num) \ +- CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_secure_zalloc(num) \ +- CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_secure_free(addr) \ +- CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_secure_actual_size(ptr) \ +- CRYPTO_secure_actual_size(ptr) +- +-size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz); +-size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz); +-size_t OPENSSL_strnlen(const char *str, size_t maxlen); +-char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len); +-unsigned char *OPENSSL_hexstr2buf(const char *str, long *len); +-int OPENSSL_hexchar2int(unsigned char c); +- +-# define OPENSSL_MALLOC_MAX_NELEMS(type) (((1U<<(sizeof(int)*8-1))-1)/sizeof(type)) +- +-unsigned long OpenSSL_version_num(void); +-const char *OpenSSL_version(int type); +-# define OPENSSL_VERSION 0 +-# define OPENSSL_CFLAGS 1 +-# define OPENSSL_BUILT_ON 2 +-# define OPENSSL_PLATFORM 3 +-# define OPENSSL_DIR 4 +-# define OPENSSL_ENGINES_DIR 5 ++/* ++ * Set standard debugging functions (not done by default unless CRYPTO_MDEBUG ++ * is defined) ++ */ ++# define CRYPTO_malloc_debug_init() do {\ ++ CRYPTO_set_mem_debug_functions(\ ++ CRYPTO_dbg_malloc,\ ++ CRYPTO_dbg_realloc,\ ++ CRYPTO_dbg_free,\ ++ CRYPTO_dbg_set_options,\ ++ CRYPTO_dbg_get_options);\ ++ } while(0) ++ ++int CRYPTO_mem_ctrl(int mode); ++int CRYPTO_is_mem_check_on(void); ++ ++/* for applications */ ++# define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) ++# define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) ++ ++/* for library-internal use */ ++# define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) ++# define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) ++# define is_MemCheck_on() CRYPTO_is_mem_check_on() ++ ++# define OPENSSL_malloc(num) CRYPTO_malloc((int)num,OPENSSL_FILE,OPENSSL_LINE) ++# define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE) ++# define OPENSSL_realloc(addr,num) \ ++ CRYPTO_realloc((char *)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE) ++# define OPENSSL_realloc_clean(addr,old_num,num) \ ++ CRYPTO_realloc_clean(addr,old_num,num,OPENSSL_FILE,OPENSSL_LINE) ++# define OPENSSL_remalloc(addr,num) \ ++ CRYPTO_remalloc((char **)addr,(int)num,OPENSSL_FILE,OPENSSL_LINE) ++# define OPENSSL_freeFunc CRYPTO_free ++# define OPENSSL_free(addr) CRYPTO_free(addr) ++ ++# define OPENSSL_malloc_locked(num) \ ++ CRYPTO_malloc_locked((int)num,OPENSSL_FILE,OPENSSL_LINE) ++# define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) ++ ++const char *SSLeay_version(int type); ++unsigned long SSLeay(void); + + int OPENSSL_issetugid(void); + +-typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, +- int idx, long argl, void *argp); +-typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, +- int idx, long argl, void *argp); +-typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, +- void *srcp, int idx, long argl, void *argp); +-__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, ++/* An opaque type representing an implementation of "ex_data" support */ ++typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; ++/* Return an opaque pointer to the current "ex_data" implementation */ ++const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); ++/* Sets the "ex_data" implementation to be used (if it's not too late) */ ++int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); ++/* Get a new "ex_data" class, and return the corresponding "class_index" */ ++int CRYPTO_ex_data_new_class(void); ++/* Within a given class, get/register a new index */ ++int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +-/* No longer use an index. */ +-int CRYPTO_free_ex_index(int class_index, int idx); +- + /* + * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a + * given class (invokes whatever per-class callbacks are applicable) + */ + int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); + int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, +- const CRYPTO_EX_DATA *from); +- ++ CRYPTO_EX_DATA *from); + void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +- + /* + * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular + * index (relative to the class type involved) + */ + int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); + void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); +- +-# if OPENSSL_API_COMPAT < 0x10100000L + /* + * This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. + */ +-# define CRYPTO_cleanup_all_ex_data() while(0) continue ++void CRYPTO_cleanup_all_ex_data(void); ++ ++int CRYPTO_get_new_lockid(char *name); ++ ++int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ ++void CRYPTO_lock(int mode, int type, const char *file, int line); ++void CRYPTO_set_locking_callback(void (*func) (int mode, int type, ++ const char *file, int line)); ++void (*CRYPTO_get_locking_callback(void)) (int mode, int type, ++ const char *file, int line); ++void CRYPTO_set_add_lock_callback(int (*func) ++ (int *num, int mount, int type, ++ const char *file, int line)); ++int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, ++ const char *file, int line); ++ ++/* Don't use this structure directly. */ ++typedef struct crypto_threadid_st { ++ void *ptr; ++ unsigned long val; ++} CRYPTO_THREADID; ++/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ ++void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); ++void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); ++int CRYPTO_THREADID_set_callback(void (*threadid_func) (CRYPTO_THREADID *)); ++void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *); ++void CRYPTO_THREADID_current(CRYPTO_THREADID *id); ++int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); ++void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); ++unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); ++# ifndef OPENSSL_NO_DEPRECATED ++void CRYPTO_set_id_callback(unsigned long (*func) (void)); ++unsigned long (*CRYPTO_get_id_callback(void)) (void); ++unsigned long CRYPTO_thread_id(void); ++# endif + +-/* +- * The old locking functions have been removed completely without compatibility +- * macros. This is because the old functions either could not properly report +- * errors, or the returned error values were not clearly documented. +- * Replacing the locking functions with with no-ops would cause race condition +- * issues in the affected applications. It is far better for them to fail at +- * compile time. +- * On the other hand, the locking callbacks are no longer used. Consequently, +- * the callback management functions can be safely replaced with no-op macros. +- */ +-# define CRYPTO_num_locks() (1) +-# define CRYPTO_set_locking_callback(func) +-# define CRYPTO_get_locking_callback() (NULL) +-# define CRYPTO_set_add_lock_callback(func) +-# define CRYPTO_get_add_lock_callback() (NULL) ++const char *CRYPTO_get_lock_name(int type); ++int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, ++ int line); ++ ++int CRYPTO_get_new_dynlockid(void); ++void CRYPTO_destroy_dynlockid(int i); ++struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); ++void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value ++ *(*dyn_create_function) (const char ++ *file, ++ int line)); ++void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) ++ (int mode, ++ struct CRYPTO_dynlock_value *l, ++ const char *file, int line)); ++void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) ++ (struct CRYPTO_dynlock_value *l, ++ const char *file, int line)); ++struct CRYPTO_dynlock_value ++*(*CRYPTO_get_dynlock_create_callback(void)) (const char *file, int line); ++void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, ++ struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line); ++void (*CRYPTO_get_dynlock_destroy_callback(void)) (struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line); + + /* +- * These defines where used in combination with the old locking callbacks, +- * they are not called anymore, but old code that's not called might still +- * use them. ++ * CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- call ++ * the latter last if you need different functions + */ +-# define CRYPTO_LOCK 1 +-# define CRYPTO_UNLOCK 2 +-# define CRYPTO_READ 4 +-# define CRYPTO_WRITE 8 +- +-/* This structure is no longer used */ +-typedef struct crypto_threadid_st { +- int dummy; +-} CRYPTO_THREADID; +-/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */ +-# define CRYPTO_THREADID_set_numeric(id, val) +-# define CRYPTO_THREADID_set_pointer(id, ptr) +-# define CRYPTO_THREADID_set_callback(threadid_func) (0) +-# define CRYPTO_THREADID_get_callback() (NULL) +-# define CRYPTO_THREADID_current(id) +-# define CRYPTO_THREADID_cmp(a, b) (-1) +-# define CRYPTO_THREADID_cpy(dest, src) +-# define CRYPTO_THREADID_hash(id) (0UL) +- +-# if OPENSSL_API_COMPAT < 0x10000000L +-# define CRYPTO_set_id_callback(func) +-# define CRYPTO_get_id_callback() (NULL) +-# define CRYPTO_thread_id() (0UL) +-# endif /* OPENSSL_API_COMPAT < 0x10000000L */ +- +-# define CRYPTO_set_dynlock_create_callback(dyn_create_function) +-# define CRYPTO_set_dynlock_lock_callback(dyn_lock_function) +-# define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function) +-# define CRYPTO_get_dynlock_create_callback() (NULL) +-# define CRYPTO_get_dynlock_lock_callback() (NULL) +-# define CRYPTO_get_dynlock_destroy_callback() (NULL) +-# endif /* OPENSSL_API_COMPAT < 0x10100000L */ +- +-int CRYPTO_set_mem_functions( +- void *(*m) (size_t, const char *, int), +- void *(*r) (void *, size_t, const char *, int), +- void (*f) (void *, const char *, int)); +-int CRYPTO_set_mem_debug(int flag); +-void CRYPTO_get_mem_functions( +- void *(**m) (size_t, const char *, int), +- void *(**r) (void *, size_t, const char *, int), +- void (**f) (void *, const char *, int)); +- +-void *CRYPTO_malloc(size_t num, const char *file, int line); +-void *CRYPTO_zalloc(size_t num, const char *file, int line); +-void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); ++int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), ++ void (*f) (void *)); ++int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), ++ void (*free_func) (void *)); ++int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void *(*r) (void *, size_t, const char *, ++ int), void (*f) (void *)); ++int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void (*free_func) (void *)); ++int CRYPTO_set_mem_debug_functions(void (*m) ++ (void *, int, const char *, int, int), ++ void (*r) (void *, void *, int, ++ const char *, int, int), ++ void (*f) (void *, int), void (*so) (long), ++ long (*go) (void)); ++void CRYPTO_get_mem_functions(void *(**m) (size_t), ++ void *(**r) (void *, size_t), ++ void (**f) (void *)); ++void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), ++ void (**f) (void *)); ++void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), ++ void *(**r) (void *, size_t, const char *, ++ int), void (**f) (void *)); ++void CRYPTO_get_locked_mem_ex_functions(void ++ *(**m) (size_t, const char *, int), ++ void (**f) (void *)); ++void CRYPTO_get_mem_debug_functions(void (**m) ++ (void *, int, const char *, int, int), ++ void (**r) (void *, void *, int, ++ const char *, int, int), ++ void (**f) (void *, int), ++ void (**so) (long), long (**go) (void)); ++ ++void *CRYPTO_malloc_locked(int num, const char *file, int line); ++void CRYPTO_free_locked(void *ptr); ++void *CRYPTO_malloc(int num, const char *file, int line); + char *CRYPTO_strdup(const char *str, const char *file, int line); +-char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +-void CRYPTO_free(void *ptr, const char *file, int line); +-void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); +-void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); +-void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num, +- const char *file, int line); +- +-int CRYPTO_secure_malloc_init(size_t sz, int minsize); +-int CRYPTO_secure_malloc_done(void); +-void *CRYPTO_secure_malloc(size_t num, const char *file, int line); +-void *CRYPTO_secure_zalloc(size_t num, const char *file, int line); +-void CRYPTO_secure_free(void *ptr, const char *file, int line); +-int CRYPTO_secure_allocated(const void *ptr); +-int CRYPTO_secure_malloc_initialized(void); +-size_t CRYPTO_secure_actual_size(void *ptr); +-size_t CRYPTO_secure_used(void); ++void CRYPTO_free(void *ptr); ++void *CRYPTO_realloc(void *addr, int num, const char *file, int line); ++void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, ++ int line); ++void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); + + void OPENSSL_cleanse(void *ptr, size_t len); + +-# ifndef OPENSSL_NO_CRYPTO_MDEBUG +-# define OPENSSL_mem_debug_push(info) \ +- CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE) +-# define OPENSSL_mem_debug_pop() \ +- CRYPTO_mem_debug_pop() +-int CRYPTO_mem_debug_push(const char *info, const char *file, int line); +-int CRYPTO_mem_debug_pop(void); ++void CRYPTO_set_mem_debug_options(long bits); ++long CRYPTO_get_mem_debug_options(void); + ++# define CRYPTO_push_info(info) \ ++ CRYPTO_push_info_(info, OPENSSL_FILE, OPENSSL_LINE); ++int CRYPTO_push_info_(const char *info, const char *file, int line); ++int CRYPTO_pop_info(void); ++int CRYPTO_remove_all_info(void); ++ ++/* ++ * Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; ++ * used as default in CRYPTO_MDEBUG compilations): ++ */ + /*- +- * Debugging functions (enabled by CRYPTO_set_mem_debug(1)) +- * The flag argument has the following significance: +- * 0: called before the actual memory allocation has taken place +- * 1: called after the actual memory allocation has taken place ++ * The last argument has the following significance: ++ * ++ * 0: called before the actual memory allocation has taken place ++ * 1: called after the actual memory allocation has taken place + */ +-void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, +- const char *file, int line); +-void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag, +- const char *file, int line); +-void CRYPTO_mem_debug_free(void *addr, int flag, +- const char *file, int line); +- +-# ifndef OPENSSL_NO_STDIO +-int CRYPTO_mem_leaks_fp(FILE *); +-# endif +-int CRYPTO_mem_leaks(BIO *bio); ++void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, ++ int before_p); ++void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, ++ int line, int before_p); ++void CRYPTO_dbg_free(void *addr, int before_p); ++/*- ++ * Tell the debugging code about options. By default, the following values ++ * apply: ++ * ++ * 0: Clear all options. ++ * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. ++ * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. ++ * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 ++ */ ++void CRYPTO_dbg_set_options(long bits); ++long CRYPTO_dbg_get_options(void); ++ ++# ifndef OPENSSL_NO_FP_API ++void CRYPTO_mem_leaks_fp(FILE *); + # endif ++void CRYPTO_mem_leaks(struct bio_st *bio); ++/* unsigned long order, char *file, int line, int num_bytes, char *addr */ ++typedef void *CRYPTO_MEM_LEAK_CB (unsigned long, const char *, int, int, ++ void *); ++void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + + /* die if we have to */ +-ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line); +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l)) +-# endif +-# define OPENSSL_assert(e) \ +- (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1)) ++void OpenSSLDie(const char *file, int line, const char *assertion); ++# define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1)) + ++unsigned long *OPENSSL_ia32cap_loc(void); ++# define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc())) + int OPENSSL_isservice(void); + + int FIPS_mode(void); +@@ -334,10 +599,27 @@ int FIPS_mode_set(int r); + + void OPENSSL_init(void); + +-struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +-int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); +-int OPENSSL_gmtime_diff(int *pday, int *psec, +- const struct tm *from, const struct tm *to); ++# define fips_md_init(alg) fips_md_init_ctx(alg, alg) ++ ++# ifdef OPENSSL_FIPS ++# define fips_md_init_ctx(alg, cx) \ ++ int alg##_Init(cx##_CTX *c) \ ++ { \ ++ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \ ++ "Low level API call to digest " #alg " forbidden in FIPS mode!"); \ ++ return private_##alg##_Init(c); \ ++ } \ ++ int private_##alg##_Init(cx##_CTX *c) ++ ++# define fips_cipher_abort(alg) \ ++ if (FIPS_mode()) OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, \ ++ "Low level API call to cipher " #alg " forbidden in FIPS mode!") ++ ++# else ++# define fips_md_init_ctx(alg, cx) \ ++ int alg##_Init(cx##_CTX *c) ++# define fips_cipher_abort(alg) while(0) ++# endif + + /* + * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. +@@ -346,118 +628,34 @@ int OPENSSL_gmtime_diff(int *pday, int *psec, + * into a defined order as the return value when a != b is undefined, other + * than to be non-zero. + */ +-int CRYPTO_memcmp(const volatile void * volatile in_a, +- const volatile void * volatile in_b, +- size_t len); +- +-/* Standard initialisation options */ +-# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L +-# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS 0x00000002L +-# define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L +-# define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L +-# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS 0x00000010L +-# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS 0x00000020L +-# define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +-# define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000080L +-# define OPENSSL_INIT_ASYNC 0x00000100L +-# define OPENSSL_INIT_ENGINE_RDRAND 0x00000200L +-# define OPENSSL_INIT_ENGINE_DYNAMIC 0x00000400L +-# define OPENSSL_INIT_ENGINE_OPENSSL 0x00000800L +-# define OPENSSL_INIT_ENGINE_CRYPTODEV 0x00001000L +-# define OPENSSL_INIT_ENGINE_CAPI 0x00002000L +-# define OPENSSL_INIT_ENGINE_PADLOCK 0x00004000L +-# define OPENSSL_INIT_ENGINE_AFALG 0x00008000L +-/* OPENSSL_INIT flag 0x00010000 reserved for internal use */ +-/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */ +-/* Max OPENSSL_INIT flag value is 0x80000000 */ +- +-/* openssl and dasync not counted as builtin */ +-# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \ +- (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \ +- | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \ +- OPENSSL_INIT_ENGINE_PADLOCK) +- +- +-/* Library initialisation functions */ +-void OPENSSL_cleanup(void); +-int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +-int OPENSSL_atexit(void (*handler)(void)); +-void OPENSSL_thread_stop(void); +- +-/* Low-level control of initialization */ +-OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void); +-# ifndef OPENSSL_NO_STDIO +-int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, +- const char *config_file); +-# endif +-void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings); +- +-# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) +-# if defined(_WIN32) +-# if defined(BASETYPES) || defined(_WINDEF_H) +-/* application has to include in order to use this */ +-typedef DWORD CRYPTO_THREAD_LOCAL; +-typedef DWORD CRYPTO_THREAD_ID; +- +-typedef LONG CRYPTO_ONCE; +-# define CRYPTO_ONCE_STATIC_INIT 0 +-# endif +-# else +-# include +-typedef pthread_once_t CRYPTO_ONCE; +-typedef pthread_key_t CRYPTO_THREAD_LOCAL; +-typedef pthread_t CRYPTO_THREAD_ID; +- +-# define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT +-# endif +-# endif +- +-# if !defined(CRYPTO_ONCE_STATIC_INIT) +-typedef unsigned int CRYPTO_ONCE; +-typedef unsigned int CRYPTO_THREAD_LOCAL; +-typedef unsigned int CRYPTO_THREAD_ID; +-# define CRYPTO_ONCE_STATIC_INIT 0 +-# endif +- +-int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)); +- +-int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)); +-void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key); +-int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val); +-int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key); +- +-CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void); +-int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b); ++int CRYPTO_memcmp(const volatile void *a, const volatile void *b, size_t len); + + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_CRYPTO_strings(void); ++void ERR_load_CRYPTO_strings(void); + + /* Error codes for the CRYPTO functions. */ + + /* Function codes. */ +-# define CRYPTO_F_CRYPTO_DUP_EX_DATA 110 +-# define CRYPTO_F_CRYPTO_FREE_EX_DATA 111 + # define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +-# define CRYPTO_F_CRYPTO_MEMDUP 115 +-# define CRYPTO_F_CRYPTO_NEW_EX_DATA 112 ++# define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 ++# define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 + # define CRYPTO_F_CRYPTO_SET_EX_DATA 102 ++# define CRYPTO_F_DEF_ADD_INDEX 104 ++# define CRYPTO_F_DEF_GET_CLASS 105 + # define CRYPTO_F_FIPS_MODE_SET 109 +-# define CRYPTO_F_GET_AND_LOCK 113 +-# define CRYPTO_F_OPENSSL_BUF2HEXSTR 117 +-# define CRYPTO_F_OPENSSL_HEXSTR2BUF 118 +-# define CRYPTO_F_OPENSSL_INIT_CRYPTO 116 ++# define CRYPTO_F_INT_DUP_EX_DATA 106 ++# define CRYPTO_F_INT_FREE_EX_DATA 107 ++# define CRYPTO_F_INT_NEW_EX_DATA 108 + + /* Reason codes. */ + # define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +-# define CRYPTO_R_ILLEGAL_HEX_DIGIT 102 +-# define CRYPTO_R_ODD_NUMBER_OF_DIGITS 103 ++# define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/ct.h b/Cryptlib/Include/openssl/ct.h +deleted file mode 100644 +index bf29fba..0000000 +--- a/Cryptlib/Include/openssl/ct.h ++++ /dev/null +@@ -1,533 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_CT_H +-# define HEADER_CT_H +- +-# include +- +-# ifndef OPENSSL_NO_CT +-# include +-# include +-# include +-# ifdef __cplusplus +-extern "C" { +-# endif +- +- +-/* Minimum RSA key size, from RFC6962 */ +-# define SCT_MIN_RSA_BITS 2048 +- +-/* All hashes are SHA256 in v1 of Certificate Transparency */ +-# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH +- +-typedef enum { +- CT_LOG_ENTRY_TYPE_NOT_SET = -1, +- CT_LOG_ENTRY_TYPE_X509 = 0, +- CT_LOG_ENTRY_TYPE_PRECERT = 1 +-} ct_log_entry_type_t; +- +-typedef enum { +- SCT_VERSION_NOT_SET = -1, +- SCT_VERSION_V1 = 0 +-} sct_version_t; +- +-typedef enum { +- SCT_SOURCE_UNKNOWN, +- SCT_SOURCE_TLS_EXTENSION, +- SCT_SOURCE_X509V3_EXTENSION, +- SCT_SOURCE_OCSP_STAPLED_RESPONSE +-} sct_source_t; +- +-typedef enum { +- SCT_VALIDATION_STATUS_NOT_SET, +- SCT_VALIDATION_STATUS_UNKNOWN_LOG, +- SCT_VALIDATION_STATUS_VALID, +- SCT_VALIDATION_STATUS_INVALID, +- SCT_VALIDATION_STATUS_UNVERIFIED, +- SCT_VALIDATION_STATUS_UNKNOWN_VERSION +-} sct_validation_status_t; +- +-DEFINE_STACK_OF(SCT) +-DEFINE_STACK_OF(CTLOG) +- +-/****************************************** +- * CT policy evaluation context functions * +- ******************************************/ +- +-/* +- * Creates a new, empty policy evaluation context. +- * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished +- * with the CT_POLICY_EVAL_CTX. +- */ +-CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); +- +-/* Deletes a policy evaluation context and anything it owns. */ +-void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); +- +-/* Gets the peer certificate that the SCTs are for */ +-X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); +- +-/* +- * Sets the certificate associated with the received SCTs. +- * Increments the reference count of cert. +- * Returns 1 on success, 0 otherwise. +- */ +-int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); +- +-/* Gets the issuer of the aforementioned certificate */ +-X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); +- +-/* +- * Sets the issuer of the certificate associated with the received SCTs. +- * Increments the reference count of issuer. +- * Returns 1 on success, 0 otherwise. +- */ +-int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); +- +-/* Gets the CT logs that are trusted sources of SCTs */ +-const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); +- +-/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +-void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, +- CTLOG_STORE *log_store); +- +-/* +- * Gets the time, in milliseconds since the Unix epoch, that will be used as the +- * current time when checking whether an SCT was issued in the future. +- * Such SCTs will fail validation, as required by RFC6962. +- */ +-uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); +- +-/* +- * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. +- * If an SCT's timestamp is after this time, it will be interpreted as having +- * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs +- * whose timestamp is in the future", so an SCT will not validate in this case. +- */ +-void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); +- +-/***************** +- * SCT functions * +- *****************/ +- +-/* +- * Creates a new, blank SCT. +- * The caller is responsible for calling SCT_free when finished with the SCT. +- */ +-SCT *SCT_new(void); +- +-/* +- * Creates a new SCT from some base64-encoded strings. +- * The caller is responsible for calling SCT_free when finished with the SCT. +- */ +-SCT *SCT_new_from_base64(unsigned char version, +- const char *logid_base64, +- ct_log_entry_type_t entry_type, +- uint64_t timestamp, +- const char *extensions_base64, +- const char *signature_base64); +- +-/* +- * Frees the SCT and the underlying data structures. +- */ +-void SCT_free(SCT *sct); +- +-/* +- * Free a stack of SCTs, and the underlying SCTs themselves. +- * Intended to be compatible with X509V3_EXT_FREE. +- */ +-void SCT_LIST_free(STACK_OF(SCT) *a); +- +-/* +- * Returns the version of the SCT. +- */ +-sct_version_t SCT_get_version(const SCT *sct); +- +-/* +- * Set the version of an SCT. +- * Returns 1 on success, 0 if the version is unrecognized. +- */ +-__owur int SCT_set_version(SCT *sct, sct_version_t version); +- +-/* +- * Returns the log entry type of the SCT. +- */ +-ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); +- +-/* +- * Set the log entry type of an SCT. +- * Returns 1 on success, 0 otherwise. +- */ +-__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); +- +-/* +- * Gets the ID of the log that an SCT came from. +- * Ownership of the log ID remains with the SCT. +- * Returns the length of the log ID. +- */ +-size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); +- +-/* +- * Set the log ID of an SCT to point directly to the *log_id specified. +- * The SCT takes ownership of the specified pointer. +- * Returns 1 on success, 0 otherwise. +- */ +-__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); +- +-/* +- * Set the log ID of an SCT. +- * This makes a copy of the log_id. +- * Returns 1 on success, 0 otherwise. +- */ +-__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, +- size_t log_id_len); +- +-/* +- * Returns the timestamp for the SCT (epoch time in milliseconds). +- */ +-uint64_t SCT_get_timestamp(const SCT *sct); +- +-/* +- * Set the timestamp of an SCT (epoch time in milliseconds). +- */ +-void SCT_set_timestamp(SCT *sct, uint64_t timestamp); +- +-/* +- * Return the NID for the signature used by the SCT. +- * For CT v1, this will be either NID_sha256WithRSAEncryption or +- * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). +- */ +-int SCT_get_signature_nid(const SCT *sct); +- +-/* +- * Set the signature type of an SCT +- * For CT v1, this should be either NID_sha256WithRSAEncryption or +- * NID_ecdsa_with_SHA256. +- * Returns 1 on success, 0 otherwise. +- */ +-__owur int SCT_set_signature_nid(SCT *sct, int nid); +- +-/* +- * Set *ext to point to the extension data for the SCT. ext must not be NULL. +- * The SCT retains ownership of this pointer. +- * Returns length of the data pointed to. +- */ +-size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); +- +-/* +- * Set the extensions of an SCT to point directly to the *ext specified. +- * The SCT takes ownership of the specified pointer. +- */ +-void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); +- +-/* +- * Set the extensions of an SCT. +- * This takes a copy of the ext. +- * Returns 1 on success, 0 otherwise. +- */ +-__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext, +- size_t ext_len); +- +-/* +- * Set *sig to point to the signature for the SCT. sig must not be NULL. +- * The SCT retains ownership of this pointer. +- * Returns length of the data pointed to. +- */ +-size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); +- +-/* +- * Set the signature of an SCT to point directly to the *sig specified. +- * The SCT takes ownership of the specified pointer. +- */ +-void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); +- +-/* +- * Set the signature of an SCT to be a copy of the *sig specified. +- * Returns 1 on success, 0 otherwise. +- */ +-__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig, +- size_t sig_len); +- +-/* +- * The origin of this SCT, e.g. TLS extension, OCSP response, etc. +- */ +-sct_source_t SCT_get_source(const SCT *sct); +- +-/* +- * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. +- * Returns 1 on success, 0 otherwise. +- */ +-__owur int SCT_set_source(SCT *sct, sct_source_t source); +- +-/* +- * Returns a text string describing the validation status of |sct|. +- */ +-const char *SCT_validation_status_string(const SCT *sct); +- +-/* +- * Pretty-prints an |sct| to |out|. +- * It will be indented by the number of spaces specified by |indent|. +- * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came +- * from, so that the log name can be printed. +- */ +-void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); +- +-/* +- * Pretty-prints an |sct_list| to |out|. +- * It will be indented by the number of spaces specified by |indent|. +- * SCTs will be delimited by |separator|. +- * If |logs| is not NULL, it will be used to lookup the CT log that each SCT +- * came from, so that the log names can be printed. +- */ +-void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, +- const char *separator, const CTLOG_STORE *logs); +- +-/* +- * Gets the last result of validating this SCT. +- * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. +- */ +-sct_validation_status_t SCT_get_validation_status(const SCT *sct); +- +-/* +- * Validates the given SCT with the provided context. +- * Sets the "validation_status" field of the SCT. +- * Returns 1 if the SCT is valid and the signature verifies. +- * Returns 0 if the SCT is invalid or could not be verified. +- * Returns -1 if an error occurs. +- */ +-__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); +- +-/* +- * Validates the given list of SCTs with the provided context. +- * Sets the "validation_status" field of each SCT. +- * Returns 1 if there are no invalid SCTs and all signatures verify. +- * Returns 0 if at least one SCT is invalid or could not be verified. +- * Returns a negative integer if an error occurs. +- */ +-__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts, +- CT_POLICY_EVAL_CTX *ctx); +- +- +-/********************************* +- * SCT parsing and serialisation * +- *********************************/ +- +-/* +- * Serialize (to TLS format) a stack of SCTs and return the length. +- * "a" must not be NULL. +- * If "pp" is NULL, just return the length of what would have been serialized. +- * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer +- * for data that caller is responsible for freeing (only if function returns +- * successfully). +- * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring +- * that "*pp" is large enough to accept all of the serialized data. +- * Returns < 0 on error, >= 0 indicating bytes written (or would have been) +- * on success. +- */ +-__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); +- +-/* +- * Convert TLS format SCT list to a stack of SCTs. +- * If "a" or "*a" is NULL, a new stack will be created that the caller is +- * responsible for freeing (by calling SCT_LIST_free). +- * "**pp" and "*pp" must not be NULL. +- * Upon success, "*pp" will point to after the last bytes read, and a stack +- * will be returned. +- * Upon failure, a NULL pointer will be returned, and the position of "*pp" is +- * not defined. +- */ +-STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, +- size_t len); +- +-/* +- * Serialize (to DER format) a stack of SCTs and return the length. +- * "a" must not be NULL. +- * If "pp" is NULL, just returns the length of what would have been serialized. +- * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer +- * for data that caller is responsible for freeing (only if function returns +- * successfully). +- * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring +- * that "*pp" is large enough to accept all of the serialized data. +- * Returns < 0 on error, >= 0 indicating bytes written (or would have been) +- * on success. +- */ +-__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); +- +-/* +- * Parses an SCT list in DER format and returns it. +- * If "a" or "*a" is NULL, a new stack will be created that the caller is +- * responsible for freeing (by calling SCT_LIST_free). +- * "**pp" and "*pp" must not be NULL. +- * Upon success, "*pp" will point to after the last bytes read, and a stack +- * will be returned. +- * Upon failure, a NULL pointer will be returned, and the position of "*pp" is +- * not defined. +- */ +-STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, +- long len); +- +-/* +- * Serialize (to TLS format) an |sct| and write it to |out|. +- * If |out| is null, no SCT will be output but the length will still be returned. +- * If |out| points to a null pointer, a string will be allocated to hold the +- * TLS-format SCT. It is the responsibility of the caller to free it. +- * If |out| points to an allocated string, the TLS-format SCT will be written +- * to it. +- * The length of the SCT in TLS format will be returned. +- */ +-__owur int i2o_SCT(const SCT *sct, unsigned char **out); +- +-/* +- * Parses an SCT in TLS format and returns it. +- * If |psct| is not null, it will end up pointing to the parsed SCT. If it +- * already points to a non-null pointer, the pointer will be free'd. +- * |in| should be a pointer to a string containing the TLS-format SCT. +- * |in| will be advanced to the end of the SCT if parsing succeeds. +- * |len| should be the length of the SCT in |in|. +- * Returns NULL if an error occurs. +- * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' +- * fields will be populated (with |in| and |len| respectively). +- */ +-SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); +- +-/******************** +- * CT log functions * +- ********************/ +- +-/* +- * Creates a new CT log instance with the given |public_key| and |name|. +- * Takes ownership of |public_key| but copies |name|. +- * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. +- * Should be deleted by the caller using CTLOG_free when no longer needed. +- */ +-CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); +- +-/* +- * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER +- * in |pkey_base64|. The |name| is a string to help users identify this log. +- * Returns 1 on success, 0 on failure. +- * Should be deleted by the caller using CTLOG_free when no longer needed. +- */ +-int CTLOG_new_from_base64(CTLOG ** ct_log, +- const char *pkey_base64, const char *name); +- +-/* +- * Deletes a CT log instance and its fields. +- */ +-void CTLOG_free(CTLOG *log); +- +-/* Gets the name of the CT log */ +-const char *CTLOG_get0_name(const CTLOG *log); +-/* Gets the ID of the CT log */ +-void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, +- size_t *log_id_len); +-/* Gets the public key of the CT log */ +-EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); +- +-/************************** +- * CT log store functions * +- **************************/ +- +-/* +- * Creates a new CT log store. +- * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. +- */ +-CTLOG_STORE *CTLOG_STORE_new(void); +- +-/* +- * Deletes a CT log store and all of the CT log instances held within. +- */ +-void CTLOG_STORE_free(CTLOG_STORE *store); +- +-/* +- * Finds a CT log in the store based on its log ID. +- * Returns the CT log, or NULL if no match is found. +- */ +-const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, +- const uint8_t *log_id, +- size_t log_id_len); +- +-/* +- * Loads a CT log list into a |store| from a |file|. +- * Returns 1 if loading is successful, or 0 otherwise. +- */ +-__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); +- +-/* +- * Loads the default CT log list into a |store|. +- * See internal/cryptlib.h for the environment variable and file path that are +- * consulted to find the default file. +- * Returns 1 if loading is successful, or 0 otherwise. +- */ +-__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store); +- +-/* BEGIN ERROR CODES */ +-/* +- * The following lines are auto generated by the script mkerr.pl. Any changes +- * made after this point may be overwritten when the script is next run. +- */ +- +-int ERR_load_CT_strings(void); +- +-/* Error codes for the CT functions. */ +- +-/* Function codes. */ +-# define CT_F_CTLOG_NEW 117 +-# define CT_F_CTLOG_NEW_FROM_BASE64 118 +-# define CT_F_CTLOG_NEW_FROM_CONF 119 +-# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +-# define CT_F_CTLOG_STORE_LOAD_FILE 123 +-# define CT_F_CTLOG_STORE_LOAD_LOG 130 +-# define CT_F_CTLOG_STORE_NEW 131 +-# define CT_F_CT_BASE64_DECODE 124 +-# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +-# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +-# define CT_F_I2O_SCT 107 +-# define CT_F_I2O_SCT_LIST 108 +-# define CT_F_I2O_SCT_SIGNATURE 109 +-# define CT_F_O2I_SCT 110 +-# define CT_F_O2I_SCT_LIST 111 +-# define CT_F_O2I_SCT_SIGNATURE 112 +-# define CT_F_SCT_CTX_NEW 126 +-# define CT_F_SCT_CTX_VERIFY 128 +-# define CT_F_SCT_NEW 100 +-# define CT_F_SCT_NEW_FROM_BASE64 127 +-# define CT_F_SCT_SET0_LOG_ID 101 +-# define CT_F_SCT_SET1_EXTENSIONS 114 +-# define CT_F_SCT_SET1_LOG_ID 115 +-# define CT_F_SCT_SET1_SIGNATURE 116 +-# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +-# define CT_F_SCT_SET_SIGNATURE_NID 103 +-# define CT_F_SCT_SET_VERSION 104 +- +-/* Reason codes. */ +-# define CT_R_BASE64_DECODE_ERROR 108 +-# define CT_R_INVALID_LOG_ID_LENGTH 100 +-# define CT_R_LOG_CONF_INVALID 109 +-# define CT_R_LOG_CONF_INVALID_KEY 110 +-# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +-# define CT_R_LOG_CONF_MISSING_KEY 112 +-# define CT_R_LOG_KEY_INVALID 113 +-# define CT_R_SCT_FUTURE_TIMESTAMP 116 +-# define CT_R_SCT_INVALID 104 +-# define CT_R_SCT_INVALID_SIGNATURE 107 +-# define CT_R_SCT_LIST_INVALID 105 +-# define CT_R_SCT_LOG_ID_MISMATCH 114 +-# define CT_R_SCT_NOT_SET 106 +-# define CT_R_SCT_UNSUPPORTED_VERSION 115 +-# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +-# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +-# define CT_R_UNSUPPORTED_VERSION 103 +- +-# ifdef __cplusplus +-} +-# endif +-# endif +-#endif +diff --git a/Cryptlib/Include/openssl/des.h b/Cryptlib/Include/openssl/des.h +index be4abbd..1b40144 100644 +--- a/Cryptlib/Include/openssl/des.h ++++ b/Cryptlib/Include/openssl/des.h +@@ -1,30 +1,80 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/des/des.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#ifndef HEADER_DES_H +-# define HEADER_DES_H ++#ifndef HEADER_NEW_DES_H ++# define HEADER_NEW_DES_H + +-# include ++# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG ++ * (via openssl/opensslconf.h */ + +-# ifndef OPENSSL_NO_DES +-# ifdef __cplusplus +-extern "C" { ++# ifdef OPENSSL_NO_DES ++# error DES is disabled. + # endif +-# include +- +-typedef unsigned int DES_LONG; + + # ifdef OPENSSL_BUILD_SHLIBCRYPTO + # undef OPENSSL_EXTERN + # define OPENSSL_EXTERN OPENSSL_EXPORT + # endif + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + typedef unsigned char DES_cblock[8]; + typedef /* const */ unsigned char const_DES_cblock[8]; + /* +@@ -42,6 +92,16 @@ typedef struct DES_ks { + } ks[16]; + } DES_key_schedule; + ++# ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT ++# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT ++# define OPENSSL_ENABLE_OLD_DES_SUPPORT ++# endif ++# endif ++ ++# ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT ++# include ++# endif ++ + # define DES_KEY_SZ (sizeof(DES_cblock)) + # define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +@@ -65,6 +125,8 @@ typedef struct DES_ks { + + OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */ + # define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) ++OPENSSL_DECLARE_GLOBAL(int, DES_rw_mode); /* defaults to DES_PCBC_MODE */ ++# define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) + + const char *DES_options(void); + void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +@@ -120,6 +182,11 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); ++void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, ++ long length, ++ DES_key_schedule *ks1, DES_key_schedule *ks2, ++ DES_key_schedule *ks3, ++ DES_cblock *ivec1, DES_cblock *ivec2, int enc); + void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, +@@ -132,6 +199,15 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); ++# if 0 ++void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white, ++ DES_cblock *out_white); ++# endif ++ ++int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, ++ DES_cblock *iv); ++int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, ++ DES_cblock *iv); + char *DES_fcrypt(const char *buf, const char *salt, char *ret); + char *DES_crypt(const char *buf, const char *salt); + void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, +@@ -155,6 +231,10 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); + int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); + int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); + void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); ++# ifdef OPENSSL_FIPS ++void private_DES_set_key_unchecked(const_DES_cblock *key, ++ DES_key_schedule *schedule); ++# endif + void DES_string_to_key(const char *str, DES_cblock *key); + void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); + void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +@@ -164,11 +244,14 @@ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *schedule, + DES_cblock *ivec, int *num); + ++int DES_read_password(DES_cblock *key, const char *prompt, int verify); ++int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, ++ const char *prompt, int verify); ++ + # define DES_fixup_key_parity DES_set_odd_parity + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/des_old.h b/Cryptlib/Include/openssl/des_old.h +new file mode 100644 +index 0000000..ee7607a +--- /dev/null ++++ b/Cryptlib/Include/openssl/des_old.h +@@ -0,0 +1,497 @@ ++/* crypto/des/des_old.h */ ++ ++/*- ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ++ * ++ * The function names in here are deprecated and are only present to ++ * provide an interface compatible with openssl 0.9.6 and older as ++ * well as libdes. OpenSSL now provides functions where "des_" has ++ * been replaced with "DES_" in the names, to make it possible to ++ * make incompatible changes that are needed for C type security and ++ * other stuff. ++ * ++ * This include files has two compatibility modes: ++ * ++ * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API ++ * that is compatible with libdes and SSLeay. ++ * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an ++ * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. ++ * ++ * Note that these modes break earlier snapshots of OpenSSL, where ++ * libdes compatibility was the only available mode or (later on) the ++ * prefered compatibility mode. However, after much consideration ++ * (and more or less violent discussions with external parties), it ++ * was concluded that OpenSSL should be compatible with earlier versions ++ * of itself before anything else. Also, in all honesty, libdes is ++ * an old beast that shouldn't really be used any more. ++ * ++ * Please consider starting to use the DES_ functions rather than the ++ * des_ ones. The des_ functions will disappear completely before ++ * OpenSSL 1.0! ++ * ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ++ */ ++ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_DES_H ++# define HEADER_DES_H ++ ++# include /* OPENSSL_EXTERN, OPENSSL_NO_DES, DES_LONG */ ++ ++# ifdef OPENSSL_NO_DES ++# error DES is disabled. ++# endif ++ ++# ifndef HEADER_NEW_DES_H ++# error You must include des.h, not des_old.h directly. ++# endif ++ ++# ifdef _KERBEROS_DES_H ++# error replaces . ++# endif ++ ++# include ++ ++# ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++# endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# ifdef _ ++# undef _ ++# endif ++ ++typedef unsigned char _ossl_old_des_cblock[8]; ++typedef struct _ossl_old_des_ks_struct { ++ union { ++ _ossl_old_des_cblock _; ++ /* ++ * make sure things are correct size on machines with 8 byte longs ++ */ ++ DES_LONG pad[2]; ++ } ks; ++} _ossl_old_des_key_schedule[16]; ++ ++# ifndef OPENSSL_DES_LIBDES_COMPATIBILITY ++# define des_cblock DES_cblock ++# define const_des_cblock const_DES_cblock ++# define des_key_schedule DES_key_schedule ++# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ ++ DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) ++# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ ++ DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) ++# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ ++ DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) ++# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ ++ DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) ++# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ ++ DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) ++# define des_options()\ ++ DES_options() ++# define des_cbc_cksum(i,o,l,k,iv)\ ++ DES_cbc_cksum((i),(o),(l),&(k),(iv)) ++# define des_cbc_encrypt(i,o,l,k,iv,e)\ ++ DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) ++# define des_ncbc_encrypt(i,o,l,k,iv,e)\ ++ DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) ++# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ ++ DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) ++# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ ++ DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) ++# define des_ecb_encrypt(i,o,k,e)\ ++ DES_ecb_encrypt((i),(o),&(k),(e)) ++# define des_encrypt1(d,k,e)\ ++ DES_encrypt1((d),&(k),(e)) ++# define des_encrypt2(d,k,e)\ ++ DES_encrypt2((d),&(k),(e)) ++# define des_encrypt3(d,k1,k2,k3)\ ++ DES_encrypt3((d),&(k1),&(k2),&(k3)) ++# define des_decrypt3(d,k1,k2,k3)\ ++ DES_decrypt3((d),&(k1),&(k2),&(k3)) ++# define des_xwhite_in2out(k,i,o)\ ++ DES_xwhite_in2out((k),(i),(o)) ++# define des_enc_read(f,b,l,k,iv)\ ++ DES_enc_read((f),(b),(l),&(k),(iv)) ++# define des_enc_write(f,b,l,k,iv)\ ++ DES_enc_write((f),(b),(l),&(k),(iv)) ++# define des_fcrypt(b,s,r)\ ++ DES_fcrypt((b),(s),(r)) ++# if 0 ++# define des_crypt(b,s)\ ++ DES_crypt((b),(s)) ++# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__) ++# define crypt(b,s)\ ++ DES_crypt((b),(s)) ++# endif ++# endif ++# define des_ofb_encrypt(i,o,n,l,k,iv)\ ++ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) ++# define des_pcbc_encrypt(i,o,l,k,iv,e)\ ++ DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) ++# define des_quad_cksum(i,o,l,c,s)\ ++ DES_quad_cksum((i),(o),(l),(c),(s)) ++# define des_random_seed(k)\ ++ _ossl_096_des_random_seed((k)) ++# define des_random_key(r)\ ++ DES_random_key((r)) ++# define des_read_password(k,p,v) \ ++ DES_read_password((k),(p),(v)) ++# define des_read_2passwords(k1,k2,p,v) \ ++ DES_read_2passwords((k1),(k2),(p),(v)) ++# define des_set_odd_parity(k)\ ++ DES_set_odd_parity((k)) ++# define des_check_key_parity(k)\ ++ DES_check_key_parity((k)) ++# define des_is_weak_key(k)\ ++ DES_is_weak_key((k)) ++# define des_set_key(k,ks)\ ++ DES_set_key((k),&(ks)) ++# define des_key_sched(k,ks)\ ++ DES_key_sched((k),&(ks)) ++# define des_set_key_checked(k,ks)\ ++ DES_set_key_checked((k),&(ks)) ++# define des_set_key_unchecked(k,ks)\ ++ DES_set_key_unchecked((k),&(ks)) ++# define des_string_to_key(s,k)\ ++ DES_string_to_key((s),(k)) ++# define des_string_to_2keys(s,k1,k2)\ ++ DES_string_to_2keys((s),(k1),(k2)) ++# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ ++ DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) ++# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ ++ DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) ++ ++# define des_ecb2_encrypt(i,o,k1,k2,e) \ ++ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) ++ ++# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ ++ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) ++ ++# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ ++ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) ++ ++# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ ++ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) ++ ++# define des_check_key DES_check_key ++# define des_rw_mode DES_rw_mode ++# else /* libdes compatibility */ ++/* ++ * Map all symbol names to _ossl_old_des_* form, so we avoid all clashes with ++ * libdes ++ */ ++# define des_cblock _ossl_old_des_cblock ++# define des_key_schedule _ossl_old_des_key_schedule ++# define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ ++ _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) ++# define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ ++ _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) ++# define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ ++ _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) ++# define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ ++ _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) ++# define des_options()\ ++ _ossl_old_des_options() ++# define des_cbc_cksum(i,o,l,k,iv)\ ++ _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) ++# define des_cbc_encrypt(i,o,l,k,iv,e)\ ++ _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) ++# define des_ncbc_encrypt(i,o,l,k,iv,e)\ ++ _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) ++# define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ ++ _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) ++# define des_cfb_encrypt(i,o,n,l,k,iv,e)\ ++ _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) ++# define des_ecb_encrypt(i,o,k,e)\ ++ _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) ++# define des_encrypt(d,k,e)\ ++ _ossl_old_des_encrypt((d),(k),(e)) ++# define des_encrypt2(d,k,e)\ ++ _ossl_old_des_encrypt2((d),(k),(e)) ++# define des_encrypt3(d,k1,k2,k3)\ ++ _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) ++# define des_decrypt3(d,k1,k2,k3)\ ++ _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) ++# define des_xwhite_in2out(k,i,o)\ ++ _ossl_old_des_xwhite_in2out((k),(i),(o)) ++# define des_enc_read(f,b,l,k,iv)\ ++ _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) ++# define des_enc_write(f,b,l,k,iv)\ ++ _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) ++# define des_fcrypt(b,s,r)\ ++ _ossl_old_des_fcrypt((b),(s),(r)) ++# define des_crypt(b,s)\ ++ _ossl_old_des_crypt((b),(s)) ++# if 0 ++# define crypt(b,s)\ ++ _ossl_old_crypt((b),(s)) ++# endif ++# define des_ofb_encrypt(i,o,n,l,k,iv)\ ++ _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) ++# define des_pcbc_encrypt(i,o,l,k,iv,e)\ ++ _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) ++# define des_quad_cksum(i,o,l,c,s)\ ++ _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) ++# define des_random_seed(k)\ ++ _ossl_old_des_random_seed((k)) ++# define des_random_key(r)\ ++ _ossl_old_des_random_key((r)) ++# define des_read_password(k,p,v) \ ++ _ossl_old_des_read_password((k),(p),(v)) ++# define des_read_2passwords(k1,k2,p,v) \ ++ _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) ++# define des_set_odd_parity(k)\ ++ _ossl_old_des_set_odd_parity((k)) ++# define des_is_weak_key(k)\ ++ _ossl_old_des_is_weak_key((k)) ++# define des_set_key(k,ks)\ ++ _ossl_old_des_set_key((k),(ks)) ++# define des_key_sched(k,ks)\ ++ _ossl_old_des_key_sched((k),(ks)) ++# define des_string_to_key(s,k)\ ++ _ossl_old_des_string_to_key((s),(k)) ++# define des_string_to_2keys(s,k1,k2)\ ++ _ossl_old_des_string_to_2keys((s),(k1),(k2)) ++# define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ ++ _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) ++# define des_ofb64_encrypt(i,o,l,ks,iv,n)\ ++ _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) ++ ++# define des_ecb2_encrypt(i,o,k1,k2,e) \ ++ des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) ++ ++# define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ ++ des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) ++ ++# define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ ++ des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) ++ ++# define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ ++ des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) ++ ++# define des_check_key DES_check_key ++# define des_rw_mode DES_rw_mode ++# endif ++ ++const char *_ossl_old_des_options(void); ++void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, int enc); ++DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec); ++void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, ++ _ossl_old_des_cblock *inw, ++ _ossl_old_des_cblock *outw, int enc); ++void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ _ossl_old_des_key_schedule ks, int enc); ++void _ossl_old_des_encrypt(DES_LONG *data, _ossl_old_des_key_schedule ks, ++ int enc); ++void _ossl_old_des_encrypt2(DES_LONG *data, _ossl_old_des_key_schedule ks, ++ int enc); ++void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3); ++void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3); ++void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int enc); ++void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc); ++void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, ++ _ossl_old_des_key_schedule ks1, ++ _ossl_old_des_key_schedule ks2, ++ _ossl_old_des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num); ++# if 0 ++void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), ++ _ossl_old_des_cblock (*in_white), ++ _ossl_old_des_cblock (*out_white)); ++# endif ++ ++int _ossl_old_des_enc_read(int fd, char *buf, int len, ++ _ossl_old_des_key_schedule sched, ++ _ossl_old_des_cblock *iv); ++int _ossl_old_des_enc_write(int fd, char *buf, int len, ++ _ossl_old_des_key_schedule sched, ++ _ossl_old_des_cblock *iv); ++char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret); ++char *_ossl_old_des_crypt(const char *buf, const char *salt); ++# if !defined(PERL5) && !defined(NeXT) ++char *_ossl_old_crypt(const char *buf, const char *salt); ++# endif ++void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec); ++void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc); ++DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ int out_count, _ossl_old_des_cblock *seed); ++void _ossl_old_des_random_seed(_ossl_old_des_cblock key); ++void _ossl_old_des_random_key(_ossl_old_des_cblock ret); ++int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, ++ int verify); ++int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2, ++ const char *prompt, int verify); ++void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); ++int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); ++int _ossl_old_des_set_key(_ossl_old_des_cblock *key, ++ _ossl_old_des_key_schedule schedule); ++int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, ++ _ossl_old_des_key_schedule schedule); ++void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key); ++void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2); ++void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc); ++void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, ++ _ossl_old_des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num); ++ ++void _ossl_096_des_random_seed(des_cblock *key); ++ ++/* ++ * The following definitions provide compatibility with the MIT Kerberos ++ * library. The _ossl_old_des_key_schedule structure is not binary ++ * compatible. ++ */ ++ ++# define _KERBEROS_DES_H ++ ++# define KRBDES_ENCRYPT DES_ENCRYPT ++# define KRBDES_DECRYPT DES_DECRYPT ++ ++# ifdef KERBEROS ++# define ENCRYPT DES_ENCRYPT ++# define DECRYPT DES_DECRYPT ++# endif ++ ++# ifndef NCOMPAT ++# define C_Block des_cblock ++# define Key_schedule des_key_schedule ++# define KEY_SZ DES_KEY_SZ ++# define string_to_key des_string_to_key ++# define read_pw_string des_read_pw_string ++# define random_key des_random_key ++# define pcbc_encrypt des_pcbc_encrypt ++# define set_key des_set_key ++# define key_sched des_key_sched ++# define ecb_encrypt des_ecb_encrypt ++# define cbc_encrypt des_cbc_encrypt ++# define ncbc_encrypt des_ncbc_encrypt ++# define xcbc_encrypt des_xcbc_encrypt ++# define cbc_cksum des_cbc_cksum ++# define quad_cksum des_quad_cksum ++# define check_parity des_check_key_parity ++# endif ++ ++# define des_fixup_key_parity DES_fixup_key_parity ++ ++#ifdef __cplusplus ++} ++#endif ++ ++/* for DES_read_pw_string et al */ ++# include ++ ++#endif +diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h +index 6d149bc..6488879 100644 +--- a/Cryptlib/Include/openssl/dh.h ++++ b/Cryptlib/Include/openssl/dh.h +@@ -1,49 +1,98 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dh/dh.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_DH_H + # define HEADER_DH_H + +-# include +- +-# ifndef OPENSSL_NO_DH + # include +-# include +-# include +-# include +-# if OPENSSL_API_COMPAT < 0x10100000L +-# include ++ ++# ifdef OPENSSL_NO_DH ++# error DH is disabled. + # endif + +-# ifdef __cplusplus +-extern "C" { ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include + # endif + + # ifndef OPENSSL_DH_MAX_MODULUS_BITS + # define OPENSSL_DH_MAX_MODULUS_BITS 10000 + # endif + +-# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 +- + # define DH_FLAG_CACHE_MONT_P 0x01 + +-# if OPENSSL_API_COMPAT < 0x10100000L + /* +- * Does nothing. Previously this switched off constant time behaviour. ++ * new with 0.9.7h; the built-in DH ++ * implementation now uses constant time ++ * modular exponentiation for secret exponents ++ * by default. This flag causes the ++ * faster variable sliding window method to ++ * be used for all exponents. + */ +-# define DH_FLAG_NO_EXP_CONSTTIME 0x00 +-# endif ++# define DH_FLAG_NO_EXP_CONSTTIME 0x02 + + /* + * If this flag is set the DH method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application +- * sets this flag in its own methods it is its responsibility to ensure the ++ * sets this flag in its own methods it is its reposibility to ensure the + * result is compliant. + */ + +@@ -57,11 +106,57 @@ extern "C" { + + # define DH_FLAG_NON_FIPS_ALLOW 0x0400 + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + /* Already defined in ossl_typ.h */ + /* typedef struct dh_st DH; */ + /* typedef struct dh_method DH_METHOD; */ + +-DECLARE_ASN1_ITEM(DHparams) ++struct dh_method { ++ const char *name; ++ /* Methods here */ ++ int (*generate_key) (DH *dh); ++ int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); ++ /* Can be null */ ++ int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, ++ const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx); ++ int (*init) (DH *dh); ++ int (*finish) (DH *dh); ++ int flags; ++ char *app_data; ++ /* If this is non-NULL, it will be used to generate parameters */ ++ int (*generate_params) (DH *dh, int prime_len, int generator, ++ BN_GENCB *cb); ++}; ++ ++struct dh_st { ++ /* ++ * This first argument is used to pick up errors when a DH is passed ++ * instead of a EVP_PKEY ++ */ ++ int pad; ++ int version; ++ BIGNUM *p; ++ BIGNUM *g; ++ long length; /* optional */ ++ BIGNUM *pub_key; /* g^x % p */ ++ BIGNUM *priv_key; /* x */ ++ int flags; ++ BN_MONT_CTX *method_mont_p; ++ /* Place holders if we want to do X9.42 DH */ ++ BIGNUM *q; ++ BIGNUM *j; ++ unsigned char *seed; ++ int seedlen; ++ BIGNUM *counter; ++ int references; ++ CRYPTO_EX_DATA ex_data; ++ const DH_METHOD *meth; ++ ENGINE *engine; ++}; + + # define DH_GENERATOR_2 2 + /* #define DH_GENERATOR_3 3 */ +@@ -106,25 +201,22 @@ DH *DH_new_method(ENGINE *engine); + DH *DH_new(void); + void DH_free(DH *dh); + int DH_up_ref(DH *dh); +-int DH_bits(const DH *dh); + int DH_size(const DH *dh); +-int DH_security_bits(const DH *dh); +-#define DH_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef) ++int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int DH_set_ex_data(DH *d, int idx, void *arg); + void *DH_get_ex_data(DH *d, int idx); + + /* Deprecated version */ +-DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator, +- void (*callback) (int, int, +- void *), +- void *cb_arg)) ++# ifndef OPENSSL_NO_DEPRECATED ++DH *DH_generate_parameters(int prime_len, int generator, ++ void (*callback) (int, int, void *), void *cb_arg); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* New version */ + int DH_generate_parameters_ex(DH *dh, int prime_len, int generator, + BN_GENCB *cb); + +-int DH_check_params(const DH *dh, int *ret); + int DH_check(const DH *dh, int *codes); + int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes); + int DH_generate_key(DH *dh); +@@ -134,10 +226,14 @@ DH *d2i_DHparams(DH **a, const unsigned char **pp, long length); + int i2d_DHparams(const DH *a, unsigned char **pp); + DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length); + int i2d_DHxparams(const DH *a, unsigned char **pp); +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int DHparams_print_fp(FILE *fp, const DH *x); + # endif ++# ifndef OPENSSL_NO_BIO + int DHparams_print(BIO *bp, const DH *x); ++# else ++int DHparams_print(char *bp, const DH *x); ++# endif + + /* RFC 5114 parameters */ + DH *DH_get_1024_160(void); +@@ -152,50 +248,6 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, + const unsigned char *ukm, size_t ukmlen, const EVP_MD *md); + # endif + +-void DH_get0_pqg(const DH *dh, +- const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +-void DH_get0_key(const DH *dh, +- const BIGNUM **pub_key, const BIGNUM **priv_key); +-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +-void DH_clear_flags(DH *dh, int flags); +-int DH_test_flags(const DH *dh, int flags); +-void DH_set_flags(DH *dh, int flags); +-ENGINE *DH_get0_engine(DH *d); +-long DH_get_length(const DH *dh); +-int DH_set_length(DH *dh, long length); +- +-DH_METHOD *DH_meth_new(const char *name, int flags); +-void DH_meth_free(DH_METHOD *dhm); +-DH_METHOD *DH_meth_dup(const DH_METHOD *dhm); +-const char *DH_meth_get0_name(const DH_METHOD *dhm); +-int DH_meth_set1_name(DH_METHOD *dhm, const char *name); +-int DH_meth_get_flags(DH_METHOD *dhm); +-int DH_meth_set_flags(DH_METHOD *dhm, int flags); +-void *DH_meth_get0_app_data(const DH_METHOD *dhm); +-int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data); +-int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *); +-int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)); +-int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) +- (unsigned char *key, const BIGNUM *pub_key, DH *dh); +-int DH_meth_set_compute_key(DH_METHOD *dhm, +- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)); +-int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) +- (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, +- BN_CTX *, BN_MONT_CTX *); +-int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, +- int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +-int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *); +-int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)); +-int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *); +-int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)); +-int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) +- (DH *, int, int, BN_GENCB *); +-int DH_meth_set_generate_params(DH_METHOD *dhm, +- int (*generate_params) (DH *, int, int, BN_GENCB *)); +- +- + # define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) +@@ -296,8 +348,7 @@ int DH_meth_set_generate_params(DH_METHOD *dhm, + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_DH_strings(void); ++void ERR_load_DH_strings(void); + + /* Error codes for the DH functions. */ + +@@ -305,12 +356,12 @@ int ERR_load_DH_strings(void); + # define DH_F_COMPUTE_KEY 102 + # define DH_F_DHPARAMS_PRINT_FP 101 + # define DH_F_DH_BUILTIN_GENPARAMS 106 +-# define DH_F_DH_CMS_DECRYPT 114 +-# define DH_F_DH_CMS_SET_PEERKEY 115 +-# define DH_F_DH_CMS_SET_SHARED_INFO 116 +-# define DH_F_DH_METH_DUP 117 +-# define DH_F_DH_METH_NEW 118 +-# define DH_F_DH_METH_SET1_NAME 119 ++# define DH_F_DH_CMS_DECRYPT 117 ++# define DH_F_DH_CMS_SET_PEERKEY 118 ++# define DH_F_DH_CMS_SET_SHARED_INFO 119 ++# define DH_F_DH_COMPUTE_KEY 114 ++# define DH_F_DH_GENERATE_KEY 115 ++# define DH_F_DH_GENERATE_PARAMETERS_EX 116 + # define DH_F_DH_NEW_METHOD 105 + # define DH_F_DH_PARAM_DECODE 107 + # define DH_F_DH_PRIV_DECODE 110 +@@ -319,6 +370,7 @@ int ERR_load_DH_strings(void); + # define DH_F_DH_PUB_ENCODE 109 + # define DH_F_DO_DH_PRINT 100 + # define DH_F_GENERATE_KEY 103 ++# define DH_F_GENERATE_PARAMETERS 104 + # define DH_F_PKEY_DH_DERIVE 112 + # define DH_F_PKEY_DH_KEYGEN 113 + +@@ -330,15 +382,16 @@ int ERR_load_DH_strings(void); + # define DH_R_INVALID_PUBKEY 102 + # define DH_R_KDF_PARAMETER_ERROR 112 + # define DH_R_KEYS_NOT_SET 108 ++# define DH_R_KEY_SIZE_TOO_SMALL 110 + # define DH_R_MODULUS_TOO_LARGE 103 ++# define DH_R_NON_FIPS_METHOD 111 + # define DH_R_NO_PARAMETERS_SET 107 + # define DH_R_NO_PRIVATE_VALUE 100 + # define DH_R_PARAMETER_ENCODING_ERROR 105 +-# define DH_R_PEER_KEY_ERROR 111 +-# define DH_R_SHARED_INFO_ERROR 113 ++# define DH_R_PEER_KEY_ERROR 113 ++# define DH_R_SHARED_INFO_ERROR 114 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/dsa.h b/Cryptlib/Include/openssl/dsa.h +index 139718e..545358f 100644 +--- a/Cryptlib/Include/openssl/dsa.h ++++ b/Cryptlib/Include/openssl/dsa.h +@@ -1,54 +1,105 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dsa/dsa.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* + * The DSS routines are based on patches supplied by +- * Steven Schoch . +- */ ++ * Steven Schoch . He basically did the ++ * work and I have just tweaked them a little to fit into my ++ * stylistic vision for SSLeay :-) */ + + #ifndef HEADER_DSA_H + # define HEADER_DSA_H + +-# include ++# include + +-# ifndef OPENSSL_NO_DSA +-# ifdef __cplusplus +-extern "C" { ++# ifdef OPENSSL_NO_DSA ++# error DSA is disabled. ++# endif ++ ++# ifndef OPENSSL_NO_BIO ++# include + # endif +-# include +-# include + # include + # include +-# include +-# include +-# if OPENSSL_API_COMPAT < 0x10100000L +-# include ++ ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# ifndef OPENSSL_NO_DH ++# include ++# endif + # endif + + # ifndef OPENSSL_DSA_MAX_MODULUS_BITS + # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 + # endif + +-# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 +- + # define DSA_FLAG_CACHE_MONT_P 0x01 +-# if OPENSSL_API_COMPAT < 0x10100000L + /* +- * Does nothing. Previously this switched off constant time behaviour. ++ * new with 0.9.7h; the built-in DSA implementation now uses constant time ++ * modular exponentiation for secret exponents by default. This flag causes ++ * the faster variable sliding window method to be used for all exponents. + */ +-# define DSA_FLAG_NO_EXP_CONSTTIME 0x00 +-# endif ++# define DSA_FLAG_NO_EXP_CONSTTIME 0x02 + + /* + * If this flag is set the DSA method is FIPS compliant and can be used in + * FIPS mode. This is set in the validated module method. If an application +- * sets this flag in its own methods it is its responsibility to ensure the ++ * sets this flag in its own methods it is its reposibility to ensure the + * result is compliant. + */ + +@@ -61,13 +112,70 @@ extern "C" { + */ + + # define DSA_FLAG_NON_FIPS_ALLOW 0x0400 +-# define DSA_FLAG_FIPS_CHECKED 0x0800 ++ ++#ifdef __cplusplus ++extern "C" { ++#endif + + /* Already defined in ossl_typ.h */ + /* typedef struct dsa_st DSA; */ + /* typedef struct dsa_method DSA_METHOD; */ + +-typedef struct DSA_SIG_st DSA_SIG; ++typedef struct DSA_SIG_st { ++ BIGNUM *r; ++ BIGNUM *s; ++} DSA_SIG; ++ ++struct dsa_method { ++ const char *name; ++ DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); ++ int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, ++ BIGNUM **rp); ++ int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, ++ DSA_SIG *sig, DSA *dsa); ++ int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, ++ BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont); ++ /* Can be null */ ++ int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ int (*init) (DSA *dsa); ++ int (*finish) (DSA *dsa); ++ int flags; ++ char *app_data; ++ /* If this is non-NULL, it is used to generate DSA parameters */ ++ int (*dsa_paramgen) (DSA *dsa, int bits, ++ const unsigned char *seed, int seed_len, ++ int *counter_ret, unsigned long *h_ret, ++ BN_GENCB *cb); ++ /* If this is non-NULL, it is used to generate DSA keys */ ++ int (*dsa_keygen) (DSA *dsa); ++}; ++ ++struct dsa_st { ++ /* ++ * This first variable is used to pick up errors where a DSA is passed ++ * instead of of a EVP_PKEY ++ */ ++ int pad; ++ long version; ++ int write_params; ++ BIGNUM *p; ++ BIGNUM *q; /* == 20 */ ++ BIGNUM *g; ++ BIGNUM *pub_key; /* y public key */ ++ BIGNUM *priv_key; /* x private key */ ++ BIGNUM *kinv; /* Signing pre-calc */ ++ BIGNUM *r; /* Signing pre-calc */ ++ int flags; ++ /* Normally used to cache montgomery values */ ++ BN_MONT_CTX *method_mont_p; ++ int references; ++ CRYPTO_EX_DATA ex_data; ++ const DSA_METHOD *meth; ++ /* functional reference if 'meth' is ENGINE-provided */ ++ ENGINE *engine; ++}; + + # define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ + (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) +@@ -81,8 +189,6 @@ DSA_SIG *DSA_SIG_new(void); + void DSA_SIG_free(DSA_SIG *a); + int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); + DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + + DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); + int DSA_do_verify(const unsigned char *dgst, int dgst_len, +@@ -93,7 +199,6 @@ const DSA_METHOD *DSA_OpenSSL(void); + void DSA_set_default_method(const DSA_METHOD *); + const DSA_METHOD *DSA_get_default_method(void); + int DSA_set_method(DSA *dsa, const DSA_METHOD *); +-const DSA_METHOD *DSA_get_method(DSA *d); + + DSA *DSA_new(void); + DSA *DSA_new_method(ENGINE *engine); +@@ -101,16 +206,14 @@ void DSA_free(DSA *r); + /* "up" the DSA object's reference count */ + int DSA_up_ref(DSA *r); + int DSA_size(const DSA *); +-int DSA_bits(const DSA *d); +-int DSA_security_bits(const DSA *d); + /* next 4 return -1 on error */ + int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); + int DSA_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); + int DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +-#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef) ++int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int DSA_set_ex_data(DSA *d, int idx, void *arg); + void *DSA_get_ex_data(DSA *d, int idx); + +@@ -119,14 +222,12 @@ DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); + DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); + + /* Deprecated version */ +-DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits, +- unsigned char *seed, +- int seed_len, +- int *counter_ret, +- unsigned long *h_ret, void +- (*callback) (int, int, +- void *), +- void *cb_arg)) ++# ifndef OPENSSL_NO_DEPRECATED ++DSA *DSA_generate_parameters(int bits, ++ unsigned char *seed, int seed_len, ++ int *counter_ret, unsigned long *h_ret, void ++ (*callback) (int, int, void *), void *cb_arg); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* New version */ + int DSA_generate_parameters_ex(DSA *dsa, int bits, +@@ -139,9 +240,11 @@ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); + int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); + int i2d_DSAparams(const DSA *a, unsigned char **pp); + ++# ifndef OPENSSL_NO_BIO + int DSAparams_print(BIO *bp, const DSA *x); + int DSA_print(BIO *bp, const DSA *x, int off); +-# ifndef OPENSSL_NO_STDIO ++# endif ++# ifndef OPENSSL_NO_FP_API + int DSAparams_print_fp(FILE *fp, const DSA *x); + int DSA_print_fp(FILE *bp, const DSA *x, int off); + # endif +@@ -170,84 +273,25 @@ DH *DSA_dup_DH(const DSA *r); + # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) + # define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +-void DSA_get0_pqg(const DSA *d, +- const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +-void DSA_get0_key(const DSA *d, +- const BIGNUM **pub_key, const BIGNUM **priv_key); +-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +-void DSA_clear_flags(DSA *d, int flags); +-int DSA_test_flags(const DSA *d, int flags); +-void DSA_set_flags(DSA *d, int flags); +-ENGINE *DSA_get0_engine(DSA *d); +- +-DSA_METHOD *DSA_meth_new(const char *name, int flags); +-void DSA_meth_free(DSA_METHOD *dsam); +-DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam); +-const char *DSA_meth_get0_name(const DSA_METHOD *dsam); +-int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name); +-int DSA_meth_get_flags(DSA_METHOD *dsam); +-int DSA_meth_set_flags(DSA_METHOD *dsam, int flags); +-void *DSA_meth_get0_app_data(const DSA_METHOD *dsam); +-int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data); +-DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam)) +- (const unsigned char *, int, DSA *); +-int DSA_meth_set_sign(DSA_METHOD *dsam, +- DSA_SIG *(*sign) (const unsigned char *, int, DSA *)); +-int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam)) +- (DSA *, BN_CTX *, BIGNUM **, BIGNUM **); +-int DSA_meth_set_sign_setup(DSA_METHOD *dsam, +- int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)); +-int (*DSA_meth_get_verify(const DSA_METHOD *dsam)) +- (const unsigned char *, int , DSA_SIG *, DSA *); +-int DSA_meth_set_verify(DSA_METHOD *dsam, +- int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *)); +-int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam)) +- (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, +- const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *); +-int DSA_meth_set_mod_exp(DSA_METHOD *dsam, +- int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, +- const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *, +- BN_MONT_CTX *)); +-int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam)) +- (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, +- BN_CTX *, BN_MONT_CTX *); +-int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam, +- int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *, BN_MONT_CTX *)); +-int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *); +-int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *)); +-int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *); +-int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *)); +-int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam)) +- (DSA *, int, const unsigned char *, int, int *, unsigned long *, +- BN_GENCB *); +-int DSA_meth_set_paramgen(DSA_METHOD *dsam, +- int (*paramgen) (DSA *, int, const unsigned char *, int, int *, +- unsigned long *, BN_GENCB *)); +-int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *); +-int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *)); +- + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_DSA_strings(void); ++void ERR_load_DSA_strings(void); + + /* Error codes for the DSA functions. */ + + /* Function codes. */ ++# define DSA_F_D2I_DSA_SIG 110 ++# define DSA_F_DO_DSA_PRINT 104 + # define DSA_F_DSAPARAMS_PRINT 100 + # define DSA_F_DSAPARAMS_PRINT_FP 101 +-# define DSA_F_DSA_BUILTIN_PARAMGEN 125 + # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 + # define DSA_F_DSA_DO_SIGN 112 + # define DSA_F_DSA_DO_VERIFY 113 +-# define DSA_F_DSA_METH_DUP 127 +-# define DSA_F_DSA_METH_NEW 128 +-# define DSA_F_DSA_METH_SET1_NAME 129 ++# define DSA_F_DSA_GENERATE_KEY 124 ++# define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 + # define DSA_F_DSA_NEW_METHOD 103 + # define DSA_F_DSA_PARAM_DECODE 119 + # define DSA_F_DSA_PRINT_FP 105 +@@ -257,27 +301,32 @@ int ERR_load_DSA_strings(void); + # define DSA_F_DSA_PUB_ENCODE 118 + # define DSA_F_DSA_SIGN 106 + # define DSA_F_DSA_SIGN_SETUP 107 +-# define DSA_F_DSA_SIG_NEW 102 ++# define DSA_F_DSA_SIG_NEW 109 ++# define DSA_F_DSA_SIG_PRINT 125 ++# define DSA_F_DSA_VERIFY 108 ++# define DSA_F_I2D_DSA_SIG 111 + # define DSA_F_OLD_DSA_PRIV_DECODE 122 + # define DSA_F_PKEY_DSA_CTRL 120 + # define DSA_F_PKEY_DSA_KEYGEN 121 ++# define DSA_F_SIG_CB 114 + + /* Reason codes. */ + # define DSA_R_BAD_Q_VALUE 102 + # define DSA_R_BN_DECODE_ERROR 108 + # define DSA_R_BN_ERROR 109 ++# define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 + # define DSA_R_DECODE_ERROR 104 + # define DSA_R_INVALID_DIGEST_TYPE 106 + # define DSA_R_INVALID_PARAMETERS 112 + # define DSA_R_MISSING_PARAMETERS 101 + # define DSA_R_MODULUS_TOO_LARGE 103 ++# define DSA_R_NEED_NEW_SETUP_VALUES 110 ++# define DSA_R_NON_FIPS_DSA_METHOD 111 + # define DSA_R_NO_PARAMETERS_SET 107 + # define DSA_R_PARAMETER_ENCODING_ERROR 105 + # define DSA_R_Q_NOT_PRIME 113 +-# define DSA_R_SEED_LEN_SMALL 110 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/dso.h b/Cryptlib/Include/openssl/dso.h +new file mode 100644 +index 0000000..c9013f5 +--- /dev/null ++++ b/Cryptlib/Include/openssl/dso.h +@@ -0,0 +1,451 @@ ++/* dso.h */ ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_DSO_H ++# define HEADER_DSO_H ++ ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* These values are used as commands to DSO_ctrl() */ ++# define DSO_CTRL_GET_FLAGS 1 ++# define DSO_CTRL_SET_FLAGS 2 ++# define DSO_CTRL_OR_FLAGS 3 ++ ++/* ++ * By default, DSO_load() will translate the provided filename into a form ++ * typical for the platform (more specifically the DSO_METHOD) using the ++ * dso_name_converter function of the method. Eg. win32 will transform "blah" ++ * into "blah.dll", and dlfcn will transform it into "libblah.so". The ++ * behaviour can be overriden by setting the name_converter callback in the ++ * DSO object (using DSO_set_name_converter()). This callback could even ++ * utilise the DSO_METHOD's converter too if it only wants to override ++ * behaviour for one or two possible DSO methods. However, the following flag ++ * can be set in a DSO to prevent *any* native name-translation at all - eg. ++ * if the caller has prompted the user for a path to a driver library so the ++ * filename should be interpreted as-is. ++ */ ++# define DSO_FLAG_NO_NAME_TRANSLATION 0x01 ++/* ++ * An extra flag to give if only the extension should be added as ++ * translation. This is obviously only of importance on Unix and other ++ * operating systems where the translation also may prefix the name with ++ * something, like 'lib', and ignored everywhere else. This flag is also ++ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time. ++ */ ++# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 ++ ++/* ++ * The following flag controls the translation of symbol names to upper case. ++ * This is currently only being implemented for OpenVMS. ++ */ ++# define DSO_FLAG_UPCASE_SYMBOL 0x10 ++ ++/* ++ * This flag loads the library with public symbols. Meaning: The exported ++ * symbols of this library are public to all libraries loaded after this ++ * library. At the moment only implemented in unix. ++ */ ++# define DSO_FLAG_GLOBAL_SYMBOLS 0x20 ++ ++typedef void (*DSO_FUNC_TYPE) (void); ++ ++typedef struct dso_st DSO; ++ ++/* ++ * The function prototype used for method functions (or caller-provided ++ * callbacks) that transform filenames. They are passed a DSO structure ++ * pointer (or NULL if they are to be used independantly of a DSO object) and ++ * a filename to transform. They should either return NULL (if there is an ++ * error condition) or a newly allocated string containing the transformed ++ * form that the caller will need to free with OPENSSL_free() when done. ++ */ ++typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); ++/* ++ * The function prototype used for method functions (or caller-provided ++ * callbacks) that merge two file specifications. They are passed a DSO ++ * structure pointer (or NULL if they are to be used independantly of a DSO ++ * object) and two file specifications to merge. They should either return ++ * NULL (if there is an error condition) or a newly allocated string ++ * containing the result of merging that the caller will need to free with ++ * OPENSSL_free() when done. Here, merging means that bits and pieces are ++ * taken from each of the file specifications and added together in whatever ++ * fashion that is sensible for the DSO method in question. The only rule ++ * that really applies is that if the two specification contain pieces of the ++ * same type, the copy from the first string takes priority. One could see ++ * it as the first specification is the one given by the user and the second ++ * being a bunch of defaults to add on if they're missing in the first. ++ */ ++typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *); ++ ++typedef struct dso_meth_st { ++ const char *name; ++ /* ++ * Loads a shared library, NB: new DSO_METHODs must ensure that a ++ * successful load populates the loaded_filename field, and likewise a ++ * successful unload OPENSSL_frees and NULLs it out. ++ */ ++ int (*dso_load) (DSO *dso); ++ /* Unloads a shared library */ ++ int (*dso_unload) (DSO *dso); ++ /* Binds a variable */ ++ void *(*dso_bind_var) (DSO *dso, const char *symname); ++ /* ++ * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should ++ * be cast to the real function prototype by the caller. Platforms that ++ * don't have compatible representations for different prototypes (this ++ * is possible within ANSI C) are highly unlikely to have shared ++ * libraries at all, let alone a DSO_METHOD implemented for them. ++ */ ++ DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); ++/* I don't think this would actually be used in any circumstances. */ ++# if 0 ++ /* Unbinds a variable */ ++ int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr); ++ /* Unbinds a function */ ++ int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr); ++# endif ++ /* ++ * The generic (yuck) "ctrl()" function. NB: Negative return values ++ * (rather than zero) indicate errors. ++ */ ++ long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); ++ /* ++ * The default DSO_METHOD-specific function for converting filenames to a ++ * canonical native form. ++ */ ++ DSO_NAME_CONVERTER_FUNC dso_name_converter; ++ /* ++ * The default DSO_METHOD-specific function for converting filenames to a ++ * canonical native form. ++ */ ++ DSO_MERGER_FUNC dso_merger; ++ /* [De]Initialisation handlers. */ ++ int (*init) (DSO *dso); ++ int (*finish) (DSO *dso); ++ /* Return pathname of the module containing location */ ++ int (*pathbyaddr) (void *addr, char *path, int sz); ++ /* Perform global symbol lookup, i.e. among *all* modules */ ++ void *(*globallookup) (const char *symname); ++} DSO_METHOD; ++ ++/**********************************************************************/ ++/* The low-level handle type used to refer to a loaded shared library */ ++ ++struct dso_st { ++ DSO_METHOD *meth; ++ /* ++ * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use ++ * anything but will need to cache the filename for use in the dso_bind ++ * handler. All in all, let each method control its own destiny. ++ * "Handles" and such go in a STACK. ++ */ ++ STACK_OF(void) *meth_data; ++ int references; ++ int flags; ++ /* ++ * For use by applications etc ... use this for your bits'n'pieces, don't ++ * touch meth_data! ++ */ ++ CRYPTO_EX_DATA ex_data; ++ /* ++ * If this callback function pointer is set to non-NULL, then it will be ++ * used in DSO_load() in place of meth->dso_name_converter. NB: This ++ * should normally set using DSO_set_name_converter(). ++ */ ++ DSO_NAME_CONVERTER_FUNC name_converter; ++ /* ++ * If this callback function pointer is set to non-NULL, then it will be ++ * used in DSO_load() in place of meth->dso_merger. NB: This should ++ * normally set using DSO_set_merger(). ++ */ ++ DSO_MERGER_FUNC merger; ++ /* ++ * This is populated with (a copy of) the platform-independant filename ++ * used for this DSO. ++ */ ++ char *filename; ++ /* ++ * This is populated with (a copy of) the translated filename by which ++ * the DSO was actually loaded. It is NULL iff the DSO is not currently ++ * loaded. NB: This is here because the filename translation process may ++ * involve a callback being invoked more than once not only to convert to ++ * a platform-specific form, but also to try different filenames in the ++ * process of trying to perform a load. As such, this variable can be ++ * used to indicate (a) whether this DSO structure corresponds to a ++ * loaded library or not, and (b) the filename with which it was actually ++ * loaded. ++ */ ++ char *loaded_filename; ++}; ++ ++DSO *DSO_new(void); ++DSO *DSO_new_method(DSO_METHOD *method); ++int DSO_free(DSO *dso); ++int DSO_flags(DSO *dso); ++int DSO_up_ref(DSO *dso); ++long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); ++ ++/* ++ * This function sets the DSO's name_converter callback. If it is non-NULL, ++ * then it will be used instead of the associated DSO_METHOD's function. If ++ * oldcb is non-NULL then it is set to the function pointer value being ++ * replaced. Return value is non-zero for success. ++ */ ++int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, ++ DSO_NAME_CONVERTER_FUNC *oldcb); ++/* ++ * These functions can be used to get/set the platform-independant filename ++ * used for a DSO. NB: set will fail if the DSO is already loaded. ++ */ ++const char *DSO_get_filename(DSO *dso); ++int DSO_set_filename(DSO *dso, const char *filename); ++/* ++ * This function will invoke the DSO's name_converter callback to translate a ++ * filename, or if the callback isn't set it will instead use the DSO_METHOD's ++ * converter. If "filename" is NULL, the "filename" in the DSO itself will be ++ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is ++ * simply duplicated. NB: This function is usually called from within a ++ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so ++ * that caller-created DSO_METHODs can do the same thing. A non-NULL return ++ * value will need to be OPENSSL_free()'d. ++ */ ++char *DSO_convert_filename(DSO *dso, const char *filename); ++/* ++ * This function will invoke the DSO's merger callback to merge two file ++ * specifications, or if the callback isn't set it will instead use the ++ * DSO_METHOD's merger. A non-NULL return value will need to be ++ * OPENSSL_free()'d. ++ */ ++char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); ++/* ++ * If the DSO is currently loaded, this returns the filename that it was ++ * loaded under, otherwise it returns NULL. So it is also useful as a test as ++ * to whether the DSO is currently loaded. NB: This will not necessarily ++ * return the same value as DSO_convert_filename(dso, dso->filename), because ++ * the DSO_METHOD's load function may have tried a variety of filenames (with ++ * and/or without the aid of the converters) before settling on the one it ++ * actually loaded. ++ */ ++const char *DSO_get_loaded_filename(DSO *dso); ++ ++void DSO_set_default_method(DSO_METHOD *meth); ++DSO_METHOD *DSO_get_default_method(void); ++DSO_METHOD *DSO_get_method(DSO *dso); ++DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); ++ ++/* ++ * The all-singing all-dancing load function, you normally pass NULL for the ++ * first and third parameters. Use DSO_up and DSO_free for subsequent ++ * reference count handling. Any flags passed in will be set in the ++ * constructed DSO after its init() function but before the load operation. ++ * If 'dso' is non-NULL, 'flags' is ignored. ++ */ ++DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); ++ ++/* This function binds to a variable inside a shared library. */ ++void *DSO_bind_var(DSO *dso, const char *symname); ++ ++/* This function binds to a function inside a shared library. */ ++DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname); ++ ++/* ++ * This method is the default, but will beg, borrow, or steal whatever method ++ * should be the default on any particular platform (including ++ * DSO_METH_null() if necessary). ++ */ ++DSO_METHOD *DSO_METHOD_openssl(void); ++ ++/* ++ * This method is defined for all platforms - if a platform has no DSO ++ * support then this will be the only method! ++ */ ++DSO_METHOD *DSO_METHOD_null(void); ++ ++/* ++ * If DSO_DLFCN is defined, the standard dlfcn.h-style functions (dlopen, ++ * dlclose, dlsym, etc) will be used and incorporated into this method. If ++ * not, this method will return NULL. ++ */ ++DSO_METHOD *DSO_METHOD_dlfcn(void); ++ ++/* ++ * If DSO_DL is defined, the standard dl.h-style functions (shl_load, ++ * shl_unload, shl_findsym, etc) will be used and incorporated into this ++ * method. If not, this method will return NULL. ++ */ ++DSO_METHOD *DSO_METHOD_dl(void); ++ ++/* If WIN32 is defined, use DLLs. If not, return NULL. */ ++DSO_METHOD *DSO_METHOD_win32(void); ++ ++/* If VMS is defined, use shared images. If not, return NULL. */ ++DSO_METHOD *DSO_METHOD_vms(void); ++ ++/* ++ * This function writes null-terminated pathname of DSO module containing ++ * 'addr' into 'sz' large caller-provided 'path' and returns the number of ++ * characters [including trailing zero] written to it. If 'sz' is 0 or ++ * negative, 'path' is ignored and required amount of charachers [including ++ * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then ++ * pathname of cryptolib itself is returned. Negative or zero return value ++ * denotes error. ++ */ ++int DSO_pathbyaddr(void *addr, char *path, int sz); ++ ++/* ++ * This function should be used with caution! It looks up symbols in *all* ++ * loaded modules and if module gets unloaded by somebody else attempt to ++ * dereference the pointer is doomed to have fatal consequences. Primary ++ * usage for this function is to probe *core* system functionality, e.g. ++ * check if getnameinfo(3) is available at run-time without bothering about ++ * OS-specific details such as libc.so.versioning or where does it actually ++ * reside: in libc itself or libsocket. ++ */ ++void *DSO_global_lookup(const char *name); ++ ++/* If BeOS is defined, use shared images. If not, return NULL. */ ++DSO_METHOD *DSO_METHOD_beos(void); ++ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_DSO_strings(void); ++ ++/* Error codes for the DSO functions. */ ++ ++/* Function codes. */ ++# define DSO_F_BEOS_BIND_FUNC 144 ++# define DSO_F_BEOS_BIND_VAR 145 ++# define DSO_F_BEOS_LOAD 146 ++# define DSO_F_BEOS_NAME_CONVERTER 147 ++# define DSO_F_BEOS_UNLOAD 148 ++# define DSO_F_DLFCN_BIND_FUNC 100 ++# define DSO_F_DLFCN_BIND_VAR 101 ++# define DSO_F_DLFCN_LOAD 102 ++# define DSO_F_DLFCN_MERGER 130 ++# define DSO_F_DLFCN_NAME_CONVERTER 123 ++# define DSO_F_DLFCN_UNLOAD 103 ++# define DSO_F_DL_BIND_FUNC 104 ++# define DSO_F_DL_BIND_VAR 105 ++# define DSO_F_DL_LOAD 106 ++# define DSO_F_DL_MERGER 131 ++# define DSO_F_DL_NAME_CONVERTER 124 ++# define DSO_F_DL_UNLOAD 107 ++# define DSO_F_DSO_BIND_FUNC 108 ++# define DSO_F_DSO_BIND_VAR 109 ++# define DSO_F_DSO_CONVERT_FILENAME 126 ++# define DSO_F_DSO_CTRL 110 ++# define DSO_F_DSO_FREE 111 ++# define DSO_F_DSO_GET_FILENAME 127 ++# define DSO_F_DSO_GET_LOADED_FILENAME 128 ++# define DSO_F_DSO_GLOBAL_LOOKUP 139 ++# define DSO_F_DSO_LOAD 112 ++# define DSO_F_DSO_MERGE 132 ++# define DSO_F_DSO_NEW_METHOD 113 ++# define DSO_F_DSO_PATHBYADDR 140 ++# define DSO_F_DSO_SET_FILENAME 129 ++# define DSO_F_DSO_SET_NAME_CONVERTER 122 ++# define DSO_F_DSO_UP_REF 114 ++# define DSO_F_GLOBAL_LOOKUP_FUNC 138 ++# define DSO_F_PATHBYADDR 137 ++# define DSO_F_VMS_BIND_SYM 115 ++# define DSO_F_VMS_LOAD 116 ++# define DSO_F_VMS_MERGER 133 ++# define DSO_F_VMS_UNLOAD 117 ++# define DSO_F_WIN32_BIND_FUNC 118 ++# define DSO_F_WIN32_BIND_VAR 119 ++# define DSO_F_WIN32_GLOBALLOOKUP 142 ++# define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 ++# define DSO_F_WIN32_JOINER 135 ++# define DSO_F_WIN32_LOAD 120 ++# define DSO_F_WIN32_MERGER 134 ++# define DSO_F_WIN32_NAME_CONVERTER 125 ++# define DSO_F_WIN32_PATHBYADDR 141 ++# define DSO_F_WIN32_SPLITTER 136 ++# define DSO_F_WIN32_UNLOAD 121 ++ ++/* Reason codes. */ ++# define DSO_R_CTRL_FAILED 100 ++# define DSO_R_DSO_ALREADY_LOADED 110 ++# define DSO_R_EMPTY_FILE_STRUCTURE 113 ++# define DSO_R_FAILURE 114 ++# define DSO_R_FILENAME_TOO_BIG 101 ++# define DSO_R_FINISH_FAILED 102 ++# define DSO_R_INCORRECT_FILE_SYNTAX 115 ++# define DSO_R_LOAD_FAILED 103 ++# define DSO_R_NAME_TRANSLATION_FAILED 109 ++# define DSO_R_NO_FILENAME 111 ++# define DSO_R_NO_FILE_SPECIFICATION 116 ++# define DSO_R_NULL_HANDLE 104 ++# define DSO_R_SET_FILENAME_FAILED 112 ++# define DSO_R_STACK_ERROR 105 ++# define DSO_R_SYM_FAILURE 106 ++# define DSO_R_UNLOAD_FAILED 107 ++# define DSO_R_UNSUPPORTED 108 ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/dtls1.h b/Cryptlib/Include/openssl/dtls1.h +index f4769f8..30bbcf2 100644 +--- a/Cryptlib/Include/openssl/dtls1.h ++++ b/Cryptlib/Include/openssl/dtls1.h +@@ -1,22 +1,90 @@ ++/* ssl/dtls1.h */ + /* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * DTLS implementation written by Nagendra Modadugu ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_DTLS1_H + # define HEADER_DTLS1_H + ++# include ++# include ++# ifdef OPENSSL_SYS_VMS ++# include ++# include ++# endif ++# ifdef OPENSSL_SYS_WIN32 ++/* Needed for struct timeval */ ++# include ++# elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_) ++# include ++# else ++# if defined(OPENSSL_SYS_VXWORKS) ++# include ++# else ++# include ++# endif ++# endif ++ + #ifdef __cplusplus + extern "C" { + #endif + + # define DTLS1_VERSION 0xFEFF + # define DTLS1_2_VERSION 0xFEFD +-# define DTLS_MIN_VERSION DTLS1_VERSION + # define DTLS_MAX_VERSION DTLS1_2_VERSION + # define DTLS1_VERSION_MAJOR 0xFE + +@@ -25,6 +93,11 @@ extern "C" { + /* Special value for method supporting multiple versions */ + # define DTLS_ANY_VERSION 0x1FFFF + ++# if 0 ++/* this alert description is not specified anywhere... */ ++# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 ++# endif ++ + /* lengths of messages */ + # define DTLS1_COOKIE_LENGTH 256 + +@@ -43,6 +116,149 @@ extern "C" { + # define DTLS1_AL_HEADER_LENGTH 2 + # endif + ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++# ifndef OPENSSL_NO_SCTP ++# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" ++# endif ++ ++/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ ++# define DTLS1_MAX_MTU_OVERHEAD 48 ++ ++typedef struct dtls1_bitmap_st { ++ unsigned long map; /* track 32 packets on 32-bit systems and 64 ++ * - on 64-bit systems */ ++ unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit ++ * value in big-endian encoding */ ++} DTLS1_BITMAP; ++ ++struct dtls1_retransmit_state { ++ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ ++ EVP_MD_CTX *write_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP ++ COMP_CTX *compress; /* compression */ ++# else ++ char *compress; ++# endif ++ SSL_SESSION *session; ++ unsigned short epoch; ++}; ++ ++struct hm_header_st { ++ unsigned char type; ++ unsigned long msg_len; ++ unsigned short seq; ++ unsigned long frag_off; ++ unsigned long frag_len; ++ unsigned int is_ccs; ++ struct dtls1_retransmit_state saved_retransmit_state; ++}; ++ ++struct ccs_header_st { ++ unsigned char type; ++ unsigned short seq; ++}; ++ ++struct dtls1_timeout_st { ++ /* Number of read timeouts so far */ ++ unsigned int read_timeouts; ++ /* Number of write timeouts so far */ ++ unsigned int write_timeouts; ++ /* Number of alerts received so far */ ++ unsigned int num_alerts; ++}; ++ ++typedef struct record_pqueue_st { ++ unsigned short epoch; ++ pqueue q; ++} record_pqueue; ++ ++typedef struct hm_fragment_st { ++ struct hm_header_st msg_header; ++ unsigned char *fragment; ++ unsigned char *reassembly; ++} hm_fragment; ++ ++typedef struct dtls1_state_st { ++ unsigned int send_cookie; ++ unsigned char cookie[DTLS1_COOKIE_LENGTH]; ++ unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; ++ unsigned int cookie_len; ++ /* ++ * The current data and handshake epoch. This is initially ++ * undefined, and starts at zero once the initial handshake is ++ * completed ++ */ ++ unsigned short r_epoch; ++ unsigned short w_epoch; ++ /* records being received in the current epoch */ ++ DTLS1_BITMAP bitmap; ++ /* renegotiation starts a new set of sequence numbers */ ++ DTLS1_BITMAP next_bitmap; ++ /* handshake message numbers */ ++ unsigned short handshake_write_seq; ++ unsigned short next_handshake_write_seq; ++ unsigned short handshake_read_seq; ++ /* save last sequence number for retransmissions */ ++ unsigned char last_write_sequence[8]; ++ /* Received handshake records (processed and unprocessed) */ ++ record_pqueue unprocessed_rcds; ++ record_pqueue processed_rcds; ++ /* Buffered handshake messages */ ++ pqueue buffered_messages; ++ /* Buffered (sent) handshake records */ ++ pqueue sent_messages; ++ /* ++ * Buffered application records. Only for records between CCS and ++ * Finished to prevent either protocol violation or unnecessary message ++ * loss. ++ */ ++ record_pqueue buffered_app_data; ++ /* Is set when listening for new connections with dtls1_listen() */ ++ unsigned int listen; ++ unsigned int link_mtu; /* max on-the-wire DTLS packet size */ ++ unsigned int mtu; /* max DTLS packet size */ ++ struct hm_header_st w_msg_hdr; ++ struct hm_header_st r_msg_hdr; ++ struct dtls1_timeout_st timeout; ++ /* ++ * Indicates when the last handshake msg or heartbeat sent will timeout ++ */ ++ struct timeval next_timeout; ++ /* Timeout duration */ ++ unsigned short timeout_duration; ++ /* ++ * storage for Alert/Handshake protocol data received but not yet ++ * processed by ssl3_read_bytes: ++ */ ++ unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; ++ unsigned int alert_fragment_len; ++ unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; ++ unsigned int handshake_fragment_len; ++ unsigned int retransmitting; ++ /* ++ * Set when the handshake is ready to process peer's ChangeCipherSpec message. ++ * Cleared after the message has been processed. ++ */ ++ unsigned int change_cipher_spec_ok; ++# ifndef OPENSSL_NO_SCTP ++ /* used when SSL_ST_XX_FLUSH is entered */ ++ int next_state; ++ int shutdown_received; ++# endif ++} DTLS1_STATE; ++ ++typedef struct dtls1_record_data_st { ++ unsigned char *packet; ++ unsigned int packet_length; ++ SSL3_BUFFER rbuf; ++ SSL3_RECORD rrec; ++# ifndef OPENSSL_NO_SCTP ++ struct bio_dgram_sctp_rcvinfo recordinfo; ++# endif ++} DTLS1_RECORD_DATA; ++ ++# endif + + /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ + # define DTLS1_TMO_READ_COUNT 2 +diff --git a/Cryptlib/Include/openssl/e_os2.h b/Cryptlib/Include/openssl/e_os2.h +index f11cffe..909e22f 100644 +--- a/Cryptlib/Include/openssl/e_os2.h ++++ b/Cryptlib/Include/openssl/e_os2.h +@@ -1,17 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* e_os2.h */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + ++#include ++ + #ifndef HEADER_E_OS2_H + # define HEADER_E_OS2_H + +-# include +- + #ifdef __cplusplus + extern "C" { + #endif +@@ -24,14 +70,27 @@ extern "C" { + + # define OPENSSL_SYS_UNIX + ++/* ---------------------- Macintosh, before MacOS X ----------------------- */ ++# if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_MACINTOSH_CLASSIC ++# endif ++ ++/* ---------------------- NetWare ----------------------------------------- */ ++# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_NETWARE ++# endif ++ + /* --------------------- Microsoft operating systems ---------------------- */ + + /* + * Note that MSDOS actually denotes 32-bit environments running on top of + * MS-DOS, such as DJGPP one. + */ +-# if defined(OPENSSL_SYS_MSDOS) ++# if defined(OPENSSL_SYSNAME_MSDOS) + # undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_MSDOS + # endif + + /* +@@ -42,33 +101,34 @@ extern "C" { + * UEFI lives here because it might be built with a Microsoft toolchain and + * we need to avoid the false positive match on Windows. + */ +-# if defined(OPENSSL_SYS_UEFI) ++# if defined(OPENSSL_SYSNAME_UEFI) + # undef OPENSSL_SYS_UNIX +-# elif defined(OPENSSL_SYS_UWIN) ++# define OPENSSL_SYS_UEFI ++# elif defined(OPENSSL_SYSNAME_UWIN) + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WIN32_UWIN + # else +-# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) ++# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) + # undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_WIN32_CYGWIN + # else +-# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) ++# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) + # undef OPENSSL_SYS_UNIX +-# if !defined(OPENSSL_SYS_WIN32) +-# define OPENSSL_SYS_WIN32 +-# endif ++# define OPENSSL_SYS_WIN32 + # endif +-# if defined(_WIN64) || defined(OPENSSL_SYS_WIN64) ++# if defined(_WIN64) || defined(OPENSSL_SYSNAME_WIN64) + # undef OPENSSL_SYS_UNIX + # if !defined(OPENSSL_SYS_WIN64) + # define OPENSSL_SYS_WIN64 + # endif + # endif +-# if defined(OPENSSL_SYS_WINNT) ++# if defined(OPENSSL_SYSNAME_WINNT) + # undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_WINNT + # endif +-# if defined(OPENSSL_SYS_WINCE) ++# if defined(OPENSSL_SYSNAME_WINCE) + # undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_WINCE + # endif + # endif + # endif +@@ -97,10 +157,8 @@ extern "C" { + # endif + + /* ------------------------------- OpenVMS -------------------------------- */ +-# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +-# if !defined(OPENSSL_SYS_VMS) +-# undef OPENSSL_SYS_UNIX +-# endif ++# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) ++# undef OPENSSL_SYS_UNIX + # define OPENSSL_SYS_VMS + # if defined(__DECC) + # define OPENSSL_SYS_VMS_DECC +@@ -112,18 +170,49 @@ extern "C" { + # endif + # endif + ++/* -------------------------------- OS/2 ---------------------------------- */ ++# if defined(__EMX__) || defined(__OS2__) ++# undef OPENSSL_SYS_UNIX ++# define OPENSSL_SYS_OS2 ++# endif ++ + /* -------------------------------- Unix ---------------------------------- */ + # ifdef OPENSSL_SYS_UNIX +-# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) ++# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) + # define OPENSSL_SYS_LINUX + # endif +-# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) ++# ifdef OPENSSL_SYSNAME_MPE ++# define OPENSSL_SYS_MPE ++# endif ++# ifdef OPENSSL_SYSNAME_SNI ++# define OPENSSL_SYS_SNI ++# endif ++# ifdef OPENSSL_SYSNAME_ULTRASPARC ++# define OPENSSL_SYS_ULTRASPARC ++# endif ++# ifdef OPENSSL_SYSNAME_NEWS4 ++# define OPENSSL_SYS_NEWS4 ++# endif ++# ifdef OPENSSL_SYSNAME_MACOSX ++# define OPENSSL_SYS_MACOSX ++# endif ++# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY ++# define OPENSSL_SYS_MACOSX_RHAPSODY ++# define OPENSSL_SYS_MACOSX ++# endif ++# ifdef OPENSSL_SYSNAME_SUNOS ++# define OPENSSL_SYS_SUNOS ++# endif ++# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) ++# define OPENSSL_SYS_CRAY ++# endif ++# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) + # define OPENSSL_SYS_AIX + # endif + # endif + + /* -------------------------------- VOS ----------------------------------- */ +-# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) ++# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) + # define OPENSSL_SYS_VOS + # ifdef __HPPA__ + # define OPENSSL_SYS_VOS_HPPA +@@ -133,6 +222,22 @@ extern "C" { + # endif + # endif + ++/* ------------------------------ VxWorks --------------------------------- */ ++# ifdef OPENSSL_SYSNAME_VXWORKS ++# define OPENSSL_SYS_VXWORKS ++# endif ++ ++/* -------------------------------- BeOS ---------------------------------- */ ++# if defined(__BEOS__) ++# define OPENSSL_SYS_BEOS ++# include ++# if defined(BONE_VERSION) ++# define OPENSSL_SYS_BEOS_BONE ++# else ++# define OPENSSL_SYS_BEOS_R5 ++# endif ++# endif ++ + /** + * That's it for OS-specific stuff + *****************************************************************************/ +@@ -149,7 +254,7 @@ extern "C" { + /*- + * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare + * certain global symbols that, with some compilers under VMS, have to be +- * defined and declared explicitly with globaldef and globalref. ++ * defined and declared explicitely with globaldef and globalref. + * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare + * DLL exports and imports for compilers under Win32. These are a little + * more complicated to use. Basically, for any library that exports some +@@ -161,23 +266,25 @@ extern "C" { + * # define OPENSSL_EXTERN OPENSSL_EXPORT + * #endif + * +- * The default is to have OPENSSL_EXPORT, OPENSSL_EXTERN and OPENSSL_GLOBAL +- * have some generally sensible values. ++ * The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL ++ * have some generally sensible values, and for OPENSSL_EXTERN to have the ++ * value OPENSSL_IMPORT. + */ + + # if defined(OPENSSL_SYS_VMS_NODECC) + # define OPENSSL_EXPORT globalref +-# define OPENSSL_EXTERN globalref ++# define OPENSSL_IMPORT globalref + # define OPENSSL_GLOBAL globaldef + # elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL) + # define OPENSSL_EXPORT extern __declspec(dllexport) +-# define OPENSSL_EXTERN extern __declspec(dllimport) ++# define OPENSSL_IMPORT extern __declspec(dllimport) + # define OPENSSL_GLOBAL + # else + # define OPENSSL_EXPORT extern +-# define OPENSSL_EXTERN extern ++# define OPENSSL_IMPORT extern + # define OPENSSL_GLOBAL + # endif ++# define OPENSSL_EXTERN OPENSSL_IMPORT + + /*- + * Macros to allow global variables to be reached through function calls when +@@ -202,108 +309,24 @@ extern "C" { + # define OPENSSL_GLOBAL_REF(name) _shadow_##name + # endif + +-# ifdef _WIN32 +-# ifdef _WIN64 +-# define ossl_ssize_t __int64 +-# define OSSL_SSIZE_MAX _I64_MAX +-# else +-# define ossl_ssize_t int +-# define OSSL_SSIZE_MAX INT_MAX +-# endif ++# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE) ++# define ossl_ssize_t long + # endif + +-# if defined(OPENSSL_SYS_UEFI) && !defined(ssize_t) +-# define ossl_ssize_t int +-# define OSSL_SSIZE_MAX INT_MAX +-# endif +- +-# ifndef ossl_ssize_t +-# define ossl_ssize_t ssize_t +-# if defined(SSIZE_MAX) +-# define OSSL_SSIZE_MAX SSIZE_MAX +-# elif defined(_POSIX_SSIZE_MAX) +-# define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +-# endif +-# endif +- +-# ifdef DEBUG_UNUSED +-# define __owur __attribute__((__warn_unused_result__)) +-# else +-# define __owur +-# endif +- +-/* Standard integer types */ +-# if defined(OPENSSL_SYS_UEFI) +-#include +-typedef INT8 int8_t; +-typedef UINT8 uint8_t; +-typedef INT16 int16_t; +-typedef UINT16 uint16_t; +-typedef INT32 int32_t; +-typedef UINT32 uint32_t; +-typedef INT64 int64_t; +-typedef UINT64 uint64_t; +-# define PRIu64 "%Lu" +-# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \ +- defined(__osf__) || defined(__sgi) || defined(__hpux) || \ +- defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__) +-# include +-# elif defined(_MSC_VER) && _MSC_VER<=1500 +-/* +- * minimally required typdefs for systems not supporting inttypes.h or +- * stdint.h: currently just older VC++ +- */ +-typedef signed char int8_t; +-typedef unsigned char uint8_t; +-typedef short int16_t; +-typedef unsigned short uint16_t; +-typedef int int32_t; +-typedef unsigned int uint32_t; +-typedef __int64 int64_t; +-typedef unsigned __int64 uint64_t; +-# else +-# include ++# ifdef OPENSSL_SYS_MSDOS ++# define ossl_ssize_t long + # endif + +-/* +- * We need a format operator for some client tools for uint64_t. If inttypes.h +- * isn't available or did not define it, just go with hard-coded. +- */ +-# ifndef PRIu64 +-# ifdef SIXTY_FOUR_BIT_LONG +-# define PRIu64 "lu" +-# else +-# define PRIu64 "llu" +-# endif ++# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS) ++# define ssize_t int + # endif + +-/* ossl_inline: portable inline definition usable in public headers */ +-# if !defined(inline) && !defined(__cplusplus) +-# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L +- /* just use inline */ +-# define ossl_inline inline +-# elif defined(__GNUC__) && __GNUC__>=2 +-# define ossl_inline __inline__ +-# elif defined(_MSC_VER) +- /* +- * Visual Studio: inline is available in C++ only, however +- * __inline is available for C, see +- * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx +- */ +-# define ossl_inline __inline +-# else +-# define ossl_inline +-# endif +-# else +-# define ossl_inline inline ++# if defined(__ultrix) && !defined(ssize_t) ++# define ossl_ssize_t int + # endif + +-# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L +-# define ossl_noreturn _Noreturn +-# elif defined(__GNUC__) && __GNUC__ >= 2 +-# define ossl_noreturn __attribute__((noreturn)) +-# else +-# define ossl_noreturn ++# ifndef ossl_ssize_t ++# define ossl_ssize_t ssize_t + # endif + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/ebcdic.h b/Cryptlib/Include/openssl/ebcdic.h +index aa01285..4cbdfeb 100644 +--- a/Cryptlib/Include/openssl/ebcdic.h ++++ b/Cryptlib/Include/openssl/ebcdic.h +@@ -1,16 +1,9 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ ++/* crypto/ebcdic.h */ + + #ifndef HEADER_EBCDIC_H + # define HEADER_EBCDIC_H + +-# include ++# include + + #ifdef __cplusplus + extern "C" { +diff --git a/Cryptlib/Include/openssl/ec.h b/Cryptlib/Include/openssl/ec.h +index 656cb41..81e6faf 100644 +--- a/Cryptlib/Include/openssl/ec.h ++++ b/Cryptlib/Include/openssl/ec.h +@@ -1,12 +1,64 @@ ++/* crypto/ec/ec.h */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Originally written by Bodo Moeller for the OpenSSL project. ++ */ ++/** ++ * \file crypto/ec/ec.h Include file for the OpenSSL EC functions ++ * \author Originally written by Bodo Moeller for the OpenSSL project ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +@@ -26,14 +78,22 @@ + + # include + +-# ifndef OPENSSL_NO_EC ++# ifdef OPENSSL_NO_EC ++# error EC is disabled. ++# endif ++ + # include + # include +-# if OPENSSL_API_COMPAT < 0x10100000L ++# ifndef OPENSSL_NO_DEPRECATED + # include + # endif ++ + # ifdef __cplusplus + extern "C" { ++# elif defined(__SUNPRO_C) ++# if __SUNPRO_C >= 0x520 ++# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) ++# endif + # endif + + # ifndef OPENSSL_ECC_MAX_FIELD_BITS +@@ -54,10 +114,19 @@ typedef enum { + } point_conversion_form_t; + + typedef struct ec_method_st EC_METHOD; +-typedef struct ec_group_st EC_GROUP; ++ ++typedef struct ec_group_st ++ /*- ++ EC_METHOD *meth; ++ -- field definition ++ -- curve coefficients ++ -- optional generator with associated information (order, cofactor) ++ -- optional extra data (precomputed table for fast computation of multiples of generator) ++ -- ASN1 stuff ++ */ ++ EC_GROUP; ++ + typedef struct ec_point_st EC_POINT; +-typedef struct ecpk_parameters_st ECPKPARAMETERS; +-typedef struct ec_parameters_st ECPARAMETERS; + + /********************************************************************/ + /* EC_METHODs for curves over GF(p) */ +@@ -160,7 +229,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth); + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); +@@ -173,45 +242,27 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + + /** Returns the montgomery data for order(Generator) + * \param group EC_GROUP object +- * \return the currently used montgomery data (possibly NULL). ++ * \return the currently used generator (possibly NULL). + */ + BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group); + + /** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied +- * \param ctx unused +- * \return 1 on success and 0 if an error occurred ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +-/** Gets the order of an EC_GROUP +- * \param group EC_GROUP object +- * \return the group order +- */ +-const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group); +- +-/** Gets the number of bits of the order of an EC_GROUP +- * \param group EC_GROUP object +- * \return number of bits of group order. +- */ +-int EC_GROUP_order_bits(const EC_GROUP *group); +- + /** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied +- * \param ctx unused +- * \return 1 on success and 0 if an error occurred ++ * \param ctx BN_CTX object (optional) ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, + BN_CTX *ctx); + +-/** Gets the cofactor of an EC_GROUP +- * \param group EC_GROUP object +- * \return the group cofactor +- */ +-const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group); +- + /** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID +@@ -241,7 +292,7 @@ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +@@ -252,7 +303,7 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); +@@ -264,7 +315,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +@@ -275,7 +326,7 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); +@@ -304,7 +355,7 @@ int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) +- * \return 0 if the groups are equal, 1 if not, or -1 on error ++ * \return 0 if both groups are equal and 1 otherwise + */ + int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +@@ -335,7 +386,6 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + # endif +- + /** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL +@@ -343,38 +393,6 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, + */ + EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +-/** Creates a new EC_GROUP object from an ECPARAMETERS object +- * \param params pointer to the ECPARAMETERS object +- * \return newly created EC_GROUP object with specified curve or NULL +- * if an error occurred +- */ +-EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params); +- +-/** Creates an ECPARAMETERS object for the the given EC_GROUP object. +- * \param group pointer to the EC_GROUP object +- * \param params pointer to an existing ECPARAMETERS object or NULL +- * \return pointer to the new ECPARAMETERS object or NULL +- * if an error occurred. +- */ +-ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group, +- ECPARAMETERS *params); +- +-/** Creates a new EC_GROUP object from an ECPKPARAMETERS object +- * \param params pointer to an existing ECPKPARAMETERS object, or NULL +- * \return newly created EC_GROUP object with specified curve, or NULL +- * if an error occurred +- */ +-EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params); +- +-/** Creates an ECPKPARAMETERS object for the the given EC_GROUP object. +- * \param group pointer to the EC_GROUP object +- * \param params pointer to an existing ECPKPARAMETERS object or NULL +- * \return pointer to the new ECPKPARAMETERS object or NULL +- * if an error occurred. +- */ +-ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group, +- ECPKPARAMETERS *params); +- + /********************************************************************/ + /* handling of internal curves */ + /********************************************************************/ +@@ -386,7 +404,7 @@ typedef struct { + + /* + * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all +- * available curves or zero if a error occurred. In case r is not zero, ++ * available curves or zero if a error occurred. In case r ist not zero + * nitems EC_builtin_curve structures are filled with the data of the first + * nitems internal groups + */ +@@ -418,7 +436,7 @@ void EC_POINT_clear_free(EC_POINT *point); + /** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +@@ -439,7 +457,7 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + /** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +@@ -450,7 +468,7 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, +@@ -464,7 +482,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, +@@ -477,7 +495,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, +@@ -489,7 +507,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, +@@ -501,7 +519,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, +@@ -513,7 +531,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, +@@ -525,7 +543,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, +@@ -537,7 +555,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, const BIGNUM *x, +@@ -563,25 +581,11 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +-/** Encodes an EC_POINT object to an allocated octet string +- * \param group underlying EC_GROUP object +- * \param point EC_POINT object +- * \param form point conversion form +- * \param pbuf returns pointer to allocated buffer +- * \param len length of the memory buffer +- * \param ctx BN_CTX object (optional) +- * \return the length of the encoded octet string or 0 if an error occurred +- */ +- +-size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, +- point_conversion_form_t form, +- unsigned char **pbuf, BN_CTX *ctx); +- + /* other interfaces to point2oct/oct2point: */ + BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +@@ -602,7 +606,7 @@ EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); +@@ -612,7 +616,7 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); +@@ -621,7 +625,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +@@ -636,7 +640,7 @@ int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) +- * \return 1 if the point is on the curve, 0 if not, or -1 on error ++ * \return 1 if point if on the curve and 0 otherwise + */ + int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); +@@ -646,7 +650,7 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) +- * \return 1 if the points are not equal, 0 if they are, or -1 on error ++ * \return 0 if both points are equal and a value != 0 otherwise + */ + int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); +@@ -655,15 +659,15 @@ int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); + int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx); + +-/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i] ++/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) +- * \param num number further summands ++ * \param num number futher summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + size_t num, const EC_POINT *p[], const BIGNUM *m[], +@@ -676,7 +680,7 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); +@@ -684,7 +688,7 @@ int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + /** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred ++ * \return 1 on success and 0 if an error occured + */ + int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +@@ -698,11 +702,6 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + /* ASN1 stuff */ + /********************************************************************/ + +-DECLARE_ASN1_ITEM(ECPKPARAMETERS) +-DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS) +-DECLARE_ASN1_ITEM(ECPARAMETERS) +-DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS) +- + /* + * EC_GROUP_get_basis_type() returns the NID of the basis type used to + * represent the field elements +@@ -714,8 +713,9 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); + # endif + +-# define OPENSSL_EC_EXPLICIT_CURVE 0x000 +-# define OPENSSL_EC_NAMED_CURVE 0x001 ++# define OPENSSL_EC_NAMED_CURVE 0x001 ++ ++typedef struct ecpk_parameters_st ECPKPARAMETERS; + + EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); + int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); +@@ -727,8 +727,10 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + # define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + ++# ifndef OPENSSL_NO_BIO + int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +-# ifndef OPENSSL_NO_STDIO ++# endif ++# ifndef OPENSSL_NO_FP_API + int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + # endif + +@@ -736,6 +738,8 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + /* EC_KEY functions */ + /********************************************************************/ + ++typedef struct ec_key_st EC_KEY; ++ + /* some values for the encoding_flag */ + # define EC_PKEY_NO_PARAMETERS 0x001 + # define EC_PKEY_NO_PUBKEY 0x002 +@@ -743,7 +747,6 @@ int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + /* some values for the flags field */ + # define EC_FLAG_NON_FIPS_ALLOW 0x1 + # define EC_FLAG_FIPS_CHECKED 0x2 +-# define EC_FLAG_COFACTOR_ECDH 0x1000 + + /** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. +@@ -833,12 +836,23 @@ unsigned EC_KEY_get_enc_flags(const EC_KEY *key); + void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); + point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); + void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +- +-#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +-int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +-void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); +- ++/* functions to set/get method specific data */ ++void *EC_KEY_get_key_method_data(EC_KEY *key, ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)); ++/** Sets the key method data of an EC_KEY object, if none has yet been set. ++ * \param key EC_KEY object ++ * \param data opaque data to install. ++ * \param dup_func a function that duplicates |data|. ++ * \param free_func a function that frees |data|. ++ * \param clear_free_func a function that wipes and frees |data|. ++ * \return the previously set data pointer, or NULL if |data| was inserted. ++ */ ++void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, ++ void *(*dup_func) (void *), ++ void (*free_func) (void *), ++ void (*clear_free_func) (void *)); + /* wrapper functions for the underlying EC_GROUP object */ + void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +@@ -862,14 +876,8 @@ int EC_KEY_generate_key(EC_KEY *key); + */ + int EC_KEY_check_key(const EC_KEY *key); + +-/** Indicates if an EC_KEY can be used for signing. +- * \param key the EC_KEY object +- * \return 1 if can can sign and 0 otherwise. +- */ +-int EC_KEY_can_sign(const EC_KEY *eckey); +- +-/** Sets a public key from affine coordinates performing +- * necessary NIST PKV tests. ++/** Sets a public key from affine coordindates performing ++ * neccessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate +@@ -878,56 +886,6 @@ int EC_KEY_can_sign(const EC_KEY *eckey); + int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, + BIGNUM *y); + +-/** Encodes an EC_KEY public key to an allocated octet string +- * \param key key to encode +- * \param form point conversion form +- * \param pbuf returns pointer to allocated buffer +- * \param len length of the memory buffer +- * \param ctx BN_CTX object (optional) +- * \return the length of the encoded octet string or 0 if an error occurred +- */ +- +-size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form, +- unsigned char **pbuf, BN_CTX *ctx); +- +-/** Decodes a EC_KEY public key from a octet string +- * \param key key to decode +- * \param buf memory buffer with the encoded ec point +- * \param len length of the encoded ec point +- * \param ctx BN_CTX object (optional) +- * \return 1 on success and 0 if an error occurred +- */ +- +-int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len, +- BN_CTX *ctx); +- +-/** Decodes an EC_KEY private key from an octet string +- * \param key key to decode +- * \param buf memory buffer with the encoded private key +- * \param len length of the encoded key +- * \return 1 on success and 0 if an error occurred +- */ +- +-int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len); +- +-/** Encodes a EC_KEY private key to an octet string +- * \param key key to encode +- * \param buf memory buffer for the result. If NULL the function returns +- * required buffer size. +- * \param len length of the memory buffer +- * \return the length of the encoded octet string or 0 if an error occurred +- */ +- +-size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len); +- +-/** Encodes an EC_KEY private key to an allocated octet string +- * \param key key to encode +- * \param pbuf returns pointer to allocated buffer +- * \return the length of the encoded octet string or 0 if an error occurred +- */ +- +-size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf); +- + /********************************************************************/ + /* de- and encoding functions for SEC1 ECPrivateKey */ + /********************************************************************/ +@@ -962,7 +920,7 @@ int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + + /** Encodes ec parameter and stores the result in a buffer. +- * \param key the EC_KEY object with ec parameters to encode ++ * \param key the EC_KEY object with ec paramters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. +@@ -989,8 +947,9 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +-int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); ++int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); + ++# ifndef OPENSSL_NO_BIO + /** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object +@@ -1006,7 +965,8 @@ int ECParameters_print(BIO *bp, const EC_KEY *key); + */ + int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +-# ifndef OPENSSL_NO_STDIO ++# endif ++# ifndef OPENSSL_NO_FP_API + /** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object +@@ -1024,254 +984,6 @@ int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + + # endif + +-const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +-const EC_KEY_METHOD *EC_KEY_get_default_method(void); +-void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +-const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +-int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +-EC_KEY *EC_KEY_new_method(ENGINE *engine); +- +-int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, +- const unsigned char *Z, size_t Zlen, +- const unsigned char *sinfo, size_t sinfolen, +- const EVP_MD *md); +- +-int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, +- const EC_KEY *ecdh, +- void *(*KDF) (const void *in, size_t inlen, +- void *out, size_t *outlen)); +- +-typedef struct ECDSA_SIG_st ECDSA_SIG; +- +-/** Allocates and initialize a ECDSA_SIG structure +- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred +- */ +-ECDSA_SIG *ECDSA_SIG_new(void); +- +-/** frees a ECDSA_SIG structure +- * \param sig pointer to the ECDSA_SIG structure +- */ +-void ECDSA_SIG_free(ECDSA_SIG *sig); +- +-/** DER encode content of ECDSA_SIG object (note: this function modifies *pp +- * (*pp += length of the DER encoded signature)). +- * \param sig pointer to the ECDSA_SIG object +- * \param pp pointer to a unsigned char pointer for the output or NULL +- * \return the length of the DER encoded ECDSA_SIG object or 0 +- */ +-int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); +- +-/** Decodes a DER encoded ECDSA signature (note: this function changes *pp +- * (*pp += len)). +- * \param sig pointer to ECDSA_SIG pointer (may be NULL) +- * \param pp memory buffer with the DER encoded signature +- * \param len length of the buffer +- * \return pointer to the decoded ECDSA_SIG structure (or NULL) +- */ +-ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); +- +-/** Accessor for r and s fields of ECDSA_SIG +- * \param sig pointer to ECDSA_SIG pointer +- * \param pr pointer to BIGNUM pointer for r (may be NULL) +- * \param ps pointer to BIGNUM pointer for s (may be NULL) +- */ +-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +- +-/** Setter for r and s fields of ECDSA_SIG +- * \param sig pointer to ECDSA_SIG pointer +- * \param r pointer to BIGNUM for r (may be NULL) +- * \param s pointer to BIGNUM for s (may be NULL) +- */ +-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +- +-/** Computes the ECDSA signature of the given hash value using +- * the supplied private key and returns the created signature. +- * \param dgst pointer to the hash value +- * \param dgst_len length of the hash value +- * \param eckey EC_KEY object containing a private EC key +- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred +- */ +-ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, +- EC_KEY *eckey); +- +-/** Computes ECDSA signature of a given hash value using the supplied +- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). +- * \param dgst pointer to the hash value to sign +- * \param dgstlen length of the hash value +- * \param kinv BIGNUM with a pre-computed inverse k (optional) +- * \param rp BIGNUM with a pre-computed rp value (optional), +- * see ECDSA_sign_setup +- * \param eckey EC_KEY object containing a private EC key +- * \return pointer to a ECDSA_SIG structure or NULL if an error occurred +- */ +-ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, +- const BIGNUM *kinv, const BIGNUM *rp, +- EC_KEY *eckey); +- +-/** Verifies that the supplied signature is a valid ECDSA +- * signature of the supplied hash value using the supplied public key. +- * \param dgst pointer to the hash value +- * \param dgst_len length of the hash value +- * \param sig ECDSA_SIG structure +- * \param eckey EC_KEY object containing a public EC key +- * \return 1 if the signature is valid, 0 if the signature is invalid +- * and -1 on error +- */ +-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, +- const ECDSA_SIG *sig, EC_KEY *eckey); +- +-/** Precompute parts of the signing operation +- * \param eckey EC_KEY object containing a private EC key +- * \param ctx BN_CTX object (optional) +- * \param kinv BIGNUM pointer for the inverse of k +- * \param rp BIGNUM pointer for x coordinate of k * generator +- * \return 1 on success and 0 otherwise +- */ +-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); +- +-/** Computes ECDSA signature of a given hash value using the supplied +- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). +- * \param type this parameter is ignored +- * \param dgst pointer to the hash value to sign +- * \param dgstlen length of the hash value +- * \param sig memory for the DER encoded created signature +- * \param siglen pointer to the length of the returned signature +- * \param eckey EC_KEY object containing a private EC key +- * \return 1 on success and 0 otherwise +- */ +-int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, +- unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); +- +-/** Computes ECDSA signature of a given hash value using the supplied +- * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). +- * \param type this parameter is ignored +- * \param dgst pointer to the hash value to sign +- * \param dgstlen length of the hash value +- * \param sig buffer to hold the DER encoded signature +- * \param siglen pointer to the length of the returned signature +- * \param kinv BIGNUM with a pre-computed inverse k (optional) +- * \param rp BIGNUM with a pre-computed rp value (optional), +- * see ECDSA_sign_setup +- * \param eckey EC_KEY object containing a private EC key +- * \return 1 on success and 0 otherwise +- */ +-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, +- unsigned char *sig, unsigned int *siglen, +- const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); +- +-/** Verifies that the given signature is valid ECDSA signature +- * of the supplied hash value using the specified public key. +- * \param type this parameter is ignored +- * \param dgst pointer to the hash value +- * \param dgstlen length of the hash value +- * \param sig pointer to the DER encoded signature +- * \param siglen length of the DER encoded signature +- * \param eckey EC_KEY object containing a public EC key +- * \return 1 if the signature is valid, 0 if the signature is invalid +- * and -1 on error +- */ +-int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, +- const unsigned char *sig, int siglen, EC_KEY *eckey); +- +-/** Returns the maximum length of the DER encoded signature +- * \param eckey EC_KEY object +- * \return numbers of bytes required for the DER encoded signature +- */ +-int ECDSA_size(const EC_KEY *eckey); +- +-/********************************************************************/ +-/* EC_KEY_METHOD constructors, destructors, writers and accessors */ +-/********************************************************************/ +- +-EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +-void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +-void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, +- int (*init)(EC_KEY *key), +- void (*finish)(EC_KEY *key), +- int (*copy)(EC_KEY *dest, const EC_KEY *src), +- int (*set_group)(EC_KEY *key, const EC_GROUP *grp), +- int (*set_private)(EC_KEY *key, +- const BIGNUM *priv_key), +- int (*set_public)(EC_KEY *key, +- const EC_POINT *pub_key)); +- +-void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, +- int (*keygen)(EC_KEY *key)); +- +-void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, +- int (*ckey)(unsigned char **psec, +- size_t *pseclen, +- const EC_POINT *pub_key, +- const EC_KEY *ecdh)); +- +-void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, +- int (*sign)(int type, const unsigned char *dgst, +- int dlen, unsigned char *sig, +- unsigned int *siglen, +- const BIGNUM *kinv, const BIGNUM *r, +- EC_KEY *eckey), +- int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, +- BIGNUM **kinvp, BIGNUM **rp), +- ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, +- int dgst_len, +- const BIGNUM *in_kinv, +- const BIGNUM *in_r, +- EC_KEY *eckey)); +- +-void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, +- int (*verify)(int type, const unsigned +- char *dgst, int dgst_len, +- const unsigned char *sigbuf, +- int sig_len, EC_KEY *eckey), +- int (*verify_sig)(const unsigned char *dgst, +- int dgst_len, +- const ECDSA_SIG *sig, +- EC_KEY *eckey)); +- +-void EC_KEY_METHOD_get_init(EC_KEY_METHOD *meth, +- int (**pinit)(EC_KEY *key), +- void (**pfinish)(EC_KEY *key), +- int (**pcopy)(EC_KEY *dest, const EC_KEY *src), +- int (**pset_group)(EC_KEY *key, +- const EC_GROUP *grp), +- int (**pset_private)(EC_KEY *key, +- const BIGNUM *priv_key), +- int (**pset_public)(EC_KEY *key, +- const EC_POINT *pub_key)); +- +-void EC_KEY_METHOD_get_keygen(EC_KEY_METHOD *meth, +- int (**pkeygen)(EC_KEY *key)); +- +-void EC_KEY_METHOD_get_compute_key(EC_KEY_METHOD *meth, +- int (**pck)(unsigned char **psec, +- size_t *pseclen, +- const EC_POINT *pub_key, +- const EC_KEY *ecdh)); +- +-void EC_KEY_METHOD_get_sign(EC_KEY_METHOD *meth, +- int (**psign)(int type, const unsigned char *dgst, +- int dlen, unsigned char *sig, +- unsigned int *siglen, +- const BIGNUM *kinv, const BIGNUM *r, +- EC_KEY *eckey), +- int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, +- BIGNUM **kinvp, BIGNUM **rp), +- ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, +- int dgst_len, +- const BIGNUM *in_kinv, +- const BIGNUM *in_r, +- EC_KEY *eckey)); +- +-void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, +- int (**pverify)(int type, const unsigned +- char *dgst, int dgst_len, +- const unsigned char *sigbuf, +- int sig_len, EC_KEY *eckey), +- int (**pverify_sig)(const unsigned char *dgst, +- int dgst_len, +- const ECDSA_SIG *sig, +- EC_KEY *eckey)); +- + # define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x) + + # ifndef __cplusplus +@@ -1361,27 +1073,19 @@ void EC_KEY_METHOD_get_verify(EC_KEY_METHOD *meth, + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_EC_strings(void); ++void ERR_load_EC_strings(void); + + /* Error codes for the EC functions. */ + + /* Function codes. */ + # define EC_F_BN_TO_FELEM 224 ++# define EC_F_COMPUTE_WNAF 143 + # define EC_F_D2I_ECPARAMETERS 144 + # define EC_F_D2I_ECPKPARAMETERS 145 + # define EC_F_D2I_ECPRIVATEKEY 146 + # define EC_F_DO_EC_KEY_PRINT 221 + # define EC_F_ECDH_CMS_DECRYPT 238 + # define EC_F_ECDH_CMS_SET_SHARED_INFO 239 +-# define EC_F_ECDH_COMPUTE_KEY 246 +-# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257 +-# define EC_F_ECDSA_DO_SIGN_EX 251 +-# define EC_F_ECDSA_DO_VERIFY 252 +-# define EC_F_ECDSA_SIGN_EX 254 +-# define EC_F_ECDSA_SIGN_SETUP 248 +-# define EC_F_ECDSA_SIG_NEW 265 +-# define EC_F_ECDSA_VERIFY 253 + # define EC_F_ECKEY_PARAM2TYPE 223 + # define EC_F_ECKEY_PARAM_DECODE 212 + # define EC_F_ECKEY_PRIV_DECODE 213 +@@ -1397,12 +1101,19 @@ int ERR_load_EC_strings(void); + # define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 + # define EC_F_ECP_NISTZ256_POINTS_MUL 241 + # define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 ++# define EC_F_ECP_NISTZ256_SET_WORDS 245 + # define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +-# define EC_F_ECX_KEY_OP 266 +-# define EC_F_ECX_PRIV_ENCODE 267 +-# define EC_F_ECX_PUB_ENCODE 268 ++# define EC_F_ECP_NIST_MOD_192 203 ++# define EC_F_ECP_NIST_MOD_224 204 ++# define EC_F_ECP_NIST_MOD_256 205 ++# define EC_F_ECP_NIST_MOD_521 206 + # define EC_F_EC_ASN1_GROUP2CURVE 153 + # define EC_F_EC_ASN1_GROUP2FIELDID 154 ++# define EC_F_EC_ASN1_GROUP2PARAMETERS 155 ++# define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 ++# define EC_F_EC_ASN1_PARAMETERS2GROUP 157 ++# define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 ++# define EC_F_EC_EX_DATA_SET_DATA 211 + # define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 + # define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 + # define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +@@ -1417,6 +1128,7 @@ int ERR_load_EC_strings(void); + # define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 + # define EC_F_EC_GFP_MONT_FIELD_SQR 132 + # define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 ++# define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 + # define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 + # define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 + # define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +@@ -1431,44 +1143,44 @@ int ERR_load_EC_strings(void); + # define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 + # define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 + # define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 ++# define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 ++# define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 + # define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 + # define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 + # define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 + # define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 + # define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 ++# define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 + # define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 ++# define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 + # define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 ++# define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 + # define EC_F_EC_GROUP_CHECK 170 + # define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 + # define EC_F_EC_GROUP_COPY 106 ++# define EC_F_EC_GROUP_GET0_GENERATOR 139 ++# define EC_F_EC_GROUP_GET_COFACTOR 140 + # define EC_F_EC_GROUP_GET_CURVE_GF2M 172 + # define EC_F_EC_GROUP_GET_CURVE_GFP 130 + # define EC_F_EC_GROUP_GET_DEGREE 173 +-# define EC_F_EC_GROUP_GET_ECPARAMETERS 261 +-# define EC_F_EC_GROUP_GET_ECPKPARAMETERS 262 ++# define EC_F_EC_GROUP_GET_ORDER 141 + # define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 + # define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 + # define EC_F_EC_GROUP_NEW 108 + # define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 + # define EC_F_EC_GROUP_NEW_FROM_DATA 175 +-# define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 +-# define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 ++# define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 + # define EC_F_EC_GROUP_SET_CURVE_GF2M 176 + # define EC_F_EC_GROUP_SET_CURVE_GFP 109 ++# define EC_F_EC_GROUP_SET_EXTRA_DATA 110 + # define EC_F_EC_GROUP_SET_GENERATOR 111 + # define EC_F_EC_KEY_CHECK_KEY 177 + # define EC_F_EC_KEY_COPY 178 + # define EC_F_EC_KEY_GENERATE_KEY 179 + # define EC_F_EC_KEY_NEW 182 +-# define EC_F_EC_KEY_NEW_METHOD 245 +-# define EC_F_EC_KEY_OCT2PRIV 255 + # define EC_F_EC_KEY_PRINT 180 + # define EC_F_EC_KEY_PRINT_FP 181 +-# define EC_F_EC_KEY_PRIV2OCT 256 + # define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +-# define EC_F_EC_KEY_SIMPLE_CHECK_KEY 258 +-# define EC_F_EC_KEY_SIMPLE_OCT2PRIV 259 +-# define EC_F_EC_KEY_SIMPLE_PRIV2OCT 260 + # define EC_F_EC_POINTS_MAKE_AFFINE 136 + # define EC_F_EC_POINT_ADD 112 + # define EC_F_EC_POINT_CMP 113 +@@ -1481,6 +1193,7 @@ int ERR_load_EC_strings(void); + # define EC_F_EC_POINT_IS_AT_INFINITY 118 + # define EC_F_EC_POINT_IS_ON_CURVE 119 + # define EC_F_EC_POINT_MAKE_AFFINE 120 ++# define EC_F_EC_POINT_MUL 184 + # define EC_F_EC_POINT_NEW 121 + # define EC_F_EC_POINT_OCT2POINT 122 + # define EC_F_EC_POINT_POINT2OCT 123 +@@ -1490,6 +1203,7 @@ int ERR_load_EC_strings(void); + # define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 + # define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 + # define EC_F_EC_POINT_SET_TO_INFINITY 127 ++# define EC_F_EC_PRE_COMP_DUP 207 + # define EC_F_EC_PRE_COMP_NEW 196 + # define EC_F_EC_WNAF_MUL 187 + # define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +@@ -1502,10 +1216,6 @@ int ERR_load_EC_strings(void); + # define EC_F_NISTP521_PRE_COMP_NEW 237 + # define EC_F_O2I_ECPUBLICKEY 152 + # define EC_F_OLD_EC_PRIV_DECODE 222 +-# define EC_F_OSSL_ECDH_COMPUTE_KEY 247 +-# define EC_F_OSSL_ECDSA_SIGN_SIG 249 +-# define EC_F_OSSL_ECDSA_VERIFY_SIG 250 +-# define EC_F_PKEY_ECX_DERIVE 269 + # define EC_F_PKEY_EC_CTRL 197 + # define EC_F_PKEY_EC_CTRL_STR 198 + # define EC_F_PKEY_EC_DERIVE 217 +@@ -1515,12 +1225,10 @@ int ERR_load_EC_strings(void); + + /* Reason codes. */ + # define EC_R_ASN1_ERROR 115 +-# define EC_R_BAD_SIGNATURE 156 ++# define EC_R_ASN1_UNKNOWN_FIELD 116 + # define EC_R_BIGNUM_OUT_OF_RANGE 144 + # define EC_R_BUFFER_TOO_SMALL 100 + # define EC_R_COORDINATES_OUT_OF_RANGE 146 +-# define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +-# define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 + # define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 + # define EC_R_DECODE_ERROR 142 + # define EC_R_DISCRIMINANT_IS_ZERO 118 +@@ -1540,9 +1248,6 @@ int ERR_load_EC_strings(void); + # define EC_R_INVALID_FIELD 103 + # define EC_R_INVALID_FORM 104 + # define EC_R_INVALID_GROUP_ORDER 122 +-# define EC_R_INVALID_KEY 116 +-# define EC_R_INVALID_OUTPUT_LENGTH 161 +-# define EC_R_INVALID_PEER_KEY 133 + # define EC_R_INVALID_PENTANOMIAL_BASIS 132 + # define EC_R_INVALID_PRIVATE_KEY 123 + # define EC_R_INVALID_TRINOMIAL_BASIS 137 +@@ -1550,20 +1255,17 @@ int ERR_load_EC_strings(void); + # define EC_R_KEYS_NOT_SET 140 + # define EC_R_MISSING_PARAMETERS 124 + # define EC_R_MISSING_PRIVATE_KEY 125 +-# define EC_R_NEED_NEW_SETUP_VALUES 157 + # define EC_R_NOT_A_NIST_PRIME 135 ++# define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 + # define EC_R_NOT_IMPLEMENTED 126 + # define EC_R_NOT_INITIALIZED 111 ++# define EC_R_NO_FIELD_MOD 133 + # define EC_R_NO_PARAMETERS_SET 139 +-# define EC_R_NO_PRIVATE_VALUE 154 +-# define EC_R_OPERATION_NOT_SUPPORTED 152 + # define EC_R_PASSED_NULL_PARAMETER 134 + # define EC_R_PEER_KEY_ERROR 149 + # define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +-# define EC_R_POINT_ARITHMETIC_FAILURE 155 + # define EC_R_POINT_AT_INFINITY 106 + # define EC_R_POINT_IS_NOT_ON_CURVE 107 +-# define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 + # define EC_R_SHARED_INFO_ERROR 150 + # define EC_R_SLOT_FULL 108 + # define EC_R_UNDEFINED_GENERATOR 113 +@@ -1574,8 +1276,7 @@ int ERR_load_EC_strings(void); + # define EC_R_WRONG_CURVE_PARAMETERS 145 + # define EC_R_WRONG_ORDER 130 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/ecdh.h b/Cryptlib/Include/openssl/ecdh.h +index 681f3d5..25348b3 100644 +--- a/Cryptlib/Include/openssl/ecdh.h ++++ b/Cryptlib/Include/openssl/ecdh.h +@@ -1,10 +1,134 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/ecdh/ecdh.h */ ++/* ==================================================================== ++ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. ++ * ++ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included ++ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed ++ * to the OpenSSL project. ++ * ++ * The ECC Code is licensed pursuant to the OpenSSL open source ++ * license provided below. ++ * ++ * The ECDH software is originally written by Douglas Stebila of ++ * Sun Microsystems Laboratories. ++ * ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ ++#ifndef HEADER_ECDH_H ++# define HEADER_ECDH_H ++ ++# include ++ ++# ifdef OPENSSL_NO_ECDH ++# error ECDH is disabled. ++# endif ++ ++# include ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# define EC_FLAG_COFACTOR_ECDH 0x1000 ++ ++const ECDH_METHOD *ECDH_OpenSSL(void); ++ ++void ECDH_set_default_method(const ECDH_METHOD *); ++const ECDH_METHOD *ECDH_get_default_method(void); ++int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); ++ ++int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, ++ EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, ++ void *out, size_t *outlen)); ++ ++int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new ++ *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); ++void *ECDH_get_ex_data(EC_KEY *d, int idx); ++ ++int ECDH_KDF_X9_62(unsigned char *out, size_t outlen, ++ const unsigned char *Z, size_t Zlen, ++ const unsigned char *sinfo, size_t sinfolen, ++ const EVP_MD *md); ++ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_ECDH_strings(void); ++ ++/* Error codes for the ECDH functions. */ ++ ++/* Function codes. */ ++# define ECDH_F_ECDH_CHECK 102 ++# define ECDH_F_ECDH_COMPUTE_KEY 100 ++# define ECDH_F_ECDH_DATA_NEW_METHOD 101 ++ ++/* Reason codes. */ ++# define ECDH_R_KDF_FAILED 102 ++# define ECDH_R_NON_FIPS_METHOD 103 ++# define ECDH_R_NO_PRIVATE_VALUE 100 ++# define ECDH_R_POINT_ARITHMETIC_FAILURE 101 + +-#include ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/ecdsa.h b/Cryptlib/Include/openssl/ecdsa.h +index 681f3d5..a6f0930 100644 +--- a/Cryptlib/Include/openssl/ecdsa.h ++++ b/Cryptlib/Include/openssl/ecdsa.h +@@ -1,10 +1,335 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/ecdsa/ecdsa.h */ ++/** ++ * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions ++ * \author Written by Nils Larsch for the OpenSSL project ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++#ifndef HEADER_ECDSA_H ++# define HEADER_ECDSA_H ++ ++# include ++ ++# ifdef OPENSSL_NO_ECDSA ++# error ECDSA is disabled. ++# endif ++ ++# include ++# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++typedef struct ECDSA_SIG_st { ++ BIGNUM *r; ++ BIGNUM *s; ++} ECDSA_SIG; ++ ++/** Allocates and initialize a ECDSA_SIG structure ++ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred ++ */ ++ECDSA_SIG *ECDSA_SIG_new(void); ++ ++/** frees a ECDSA_SIG structure ++ * \param sig pointer to the ECDSA_SIG structure ++ */ ++void ECDSA_SIG_free(ECDSA_SIG *sig); ++ ++/** DER encode content of ECDSA_SIG object (note: this function modifies *pp ++ * (*pp += length of the DER encoded signature)). ++ * \param sig pointer to the ECDSA_SIG object ++ * \param pp pointer to a unsigned char pointer for the output or NULL ++ * \return the length of the DER encoded ECDSA_SIG object or 0 ++ */ ++int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); ++ ++/** Decodes a DER encoded ECDSA signature (note: this function changes *pp ++ * (*pp += len)). ++ * \param sig pointer to ECDSA_SIG pointer (may be NULL) ++ * \param pp memory buffer with the DER encoded signature ++ * \param len length of the buffer ++ * \return pointer to the decoded ECDSA_SIG structure (or NULL) ++ */ ++ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); ++ ++/** Computes the ECDSA signature of the given hash value using ++ * the supplied private key and returns the created signature. ++ * \param dgst pointer to the hash value ++ * \param dgst_len length of the hash value ++ * \param eckey EC_KEY object containing a private EC key ++ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred ++ */ ++ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, ++ EC_KEY *eckey); ++ ++/** Computes ECDSA signature of a given hash value using the supplied ++ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). ++ * \param dgst pointer to the hash value to sign ++ * \param dgstlen length of the hash value ++ * \param kinv BIGNUM with a pre-computed inverse k (optional) ++ * \param rp BIGNUM with a pre-computed rp value (optioanl), ++ * see ECDSA_sign_setup ++ * \param eckey EC_KEY object containing a private EC key ++ * \return pointer to a ECDSA_SIG structure or NULL if an error occurred ++ */ ++ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, ++ const BIGNUM *kinv, const BIGNUM *rp, ++ EC_KEY *eckey); ++ ++/** Verifies that the supplied signature is a valid ECDSA ++ * signature of the supplied hash value using the supplied public key. ++ * \param dgst pointer to the hash value ++ * \param dgst_len length of the hash value ++ * \param sig ECDSA_SIG structure ++ * \param eckey EC_KEY object containing a public EC key ++ * \return 1 if the signature is valid, 0 if the signature is invalid ++ * and -1 on error ++ */ ++int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ++ const ECDSA_SIG *sig, EC_KEY *eckey); ++ ++const ECDSA_METHOD *ECDSA_OpenSSL(void); ++ ++/** Sets the default ECDSA method ++ * \param meth new default ECDSA_METHOD ++ */ ++void ECDSA_set_default_method(const ECDSA_METHOD *meth); ++ ++/** Returns the default ECDSA method ++ * \return pointer to ECDSA_METHOD structure containing the default method ++ */ ++const ECDSA_METHOD *ECDSA_get_default_method(void); ++ ++/** Sets method to be used for the ECDSA operations ++ * \param eckey EC_KEY object ++ * \param meth new method ++ * \return 1 on success and 0 otherwise ++ */ ++int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); ++ ++/** Returns the maximum length of the DER encoded signature ++ * \param eckey EC_KEY object ++ * \return numbers of bytes required for the DER encoded signature ++ */ ++int ECDSA_size(const EC_KEY *eckey); ++ ++/** Precompute parts of the signing operation ++ * \param eckey EC_KEY object containing a private EC key ++ * \param ctx BN_CTX object (optional) ++ * \param kinv BIGNUM pointer for the inverse of k ++ * \param rp BIGNUM pointer for x coordinate of k * generator ++ * \return 1 on success and 0 otherwise ++ */ ++int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); ++ ++/** Computes ECDSA signature of a given hash value using the supplied ++ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). ++ * \param type this parameter is ignored ++ * \param dgst pointer to the hash value to sign ++ * \param dgstlen length of the hash value ++ * \param sig memory for the DER encoded created signature ++ * \param siglen pointer to the length of the returned signature ++ * \param eckey EC_KEY object containing a private EC key ++ * \return 1 on success and 0 otherwise ++ */ ++int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, ++ unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); ++ ++/** Computes ECDSA signature of a given hash value using the supplied ++ * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). ++ * \param type this parameter is ignored ++ * \param dgst pointer to the hash value to sign ++ * \param dgstlen length of the hash value ++ * \param sig buffer to hold the DER encoded signature ++ * \param siglen pointer to the length of the returned signature ++ * \param kinv BIGNUM with a pre-computed inverse k (optional) ++ * \param rp BIGNUM with a pre-computed rp value (optioanl), ++ * see ECDSA_sign_setup ++ * \param eckey EC_KEY object containing a private EC key ++ * \return 1 on success and 0 otherwise ++ */ ++int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, ++ unsigned char *sig, unsigned int *siglen, ++ const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); ++ ++/** Verifies that the given signature is valid ECDSA signature ++ * of the supplied hash value using the specified public key. ++ * \param type this parameter is ignored ++ * \param dgst pointer to the hash value ++ * \param dgstlen length of the hash value ++ * \param sig pointer to the DER encoded signature ++ * \param siglen length of the DER encoded signature ++ * \param eckey EC_KEY object containing a public EC key ++ * \return 1 if the signature is valid, 0 if the signature is invalid ++ * and -1 on error ++ */ ++int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, ++ const unsigned char *sig, int siglen, EC_KEY *eckey); ++ ++/* the standard ex_data functions */ ++int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new ++ *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); ++void *ECDSA_get_ex_data(EC_KEY *d, int idx); ++ ++/** Allocates and initialize a ECDSA_METHOD structure ++ * \param ecdsa_method pointer to ECDSA_METHOD to copy. (May be NULL) ++ * \return pointer to a ECDSA_METHOD structure or NULL if an error occurred ++ */ ++ ++ECDSA_METHOD *ECDSA_METHOD_new(const ECDSA_METHOD *ecdsa_method); ++ ++/** frees a ECDSA_METHOD structure ++ * \param ecdsa_method pointer to the ECDSA_METHOD structure ++ */ ++void ECDSA_METHOD_free(ECDSA_METHOD *ecdsa_method); ++ ++/** Sets application specific data in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param app application specific data to set ++ */ ++ ++void ECDSA_METHOD_set_app_data(ECDSA_METHOD *ecdsa_method, void *app); ++ ++/** Returns application specific data from a ECDSA_METHOD structure ++ * \param ecdsa_method pointer to ECDSA_METHOD structure ++ * \return pointer to application specific data. ++ */ ++ ++void *ECDSA_METHOD_get_app_data(ECDSA_METHOD *ecdsa_method); ++ ++/** Set the ECDSA_do_sign function in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param ecdsa_do_sign a funtion of type ECDSA_do_sign ++ */ ++ ++void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method, ++ ECDSA_SIG *(*ecdsa_do_sign) (const unsigned char ++ *dgst, int dgst_len, ++ const BIGNUM *inv, ++ const BIGNUM *rp, ++ EC_KEY *eckey)); ++ ++/** Set the ECDSA_sign_setup function in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param ecdsa_sign_setup a funtion of type ECDSA_sign_setup ++ */ ++ ++void ECDSA_METHOD_set_sign_setup(ECDSA_METHOD *ecdsa_method, ++ int (*ecdsa_sign_setup) (EC_KEY *eckey, ++ BN_CTX *ctx, ++ BIGNUM **kinv, ++ BIGNUM **r)); ++ ++/** Set the ECDSA_do_verify function in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param ecdsa_do_verify a funtion of type ECDSA_do_verify ++ */ ++ ++void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method, ++ int (*ecdsa_do_verify) (const unsigned char ++ *dgst, int dgst_len, ++ const ECDSA_SIG *sig, ++ EC_KEY *eckey)); ++ ++void ECDSA_METHOD_set_flags(ECDSA_METHOD *ecdsa_method, int flags); ++ ++/** Set the flags field in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param flags flags value to set ++ */ ++ ++void ECDSA_METHOD_set_name(ECDSA_METHOD *ecdsa_method, char *name); ++ ++/** Set the name field in the ECDSA_METHOD ++ * \param ecdsa_method pointer to existing ECDSA_METHOD ++ * \param name name to set ++ */ ++ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. + */ ++void ERR_load_ECDSA_strings(void); ++ ++/* Error codes for the ECDSA functions. */ ++ ++/* Function codes. */ ++# define ECDSA_F_ECDSA_CHECK 104 ++# define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 ++# define ECDSA_F_ECDSA_DO_SIGN 101 ++# define ECDSA_F_ECDSA_DO_VERIFY 102 ++# define ECDSA_F_ECDSA_METHOD_NEW 105 ++# define ECDSA_F_ECDSA_SIGN_SETUP 103 ++ ++/* Reason codes. */ ++# define ECDSA_R_BAD_SIGNATURE 100 ++# define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 ++# define ECDSA_R_ERR_EC_LIB 102 ++# define ECDSA_R_MISSING_PARAMETERS 103 ++# define ECDSA_R_NEED_NEW_SETUP_VALUES 106 ++# define ECDSA_R_NON_FIPS_METHOD 107 ++# define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 ++# define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 + +-#include ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/engine.h b/Cryptlib/Include/openssl/engine.h +index 26cf714..bd7b591 100644 +--- a/Cryptlib/Include/openssl/engine.h ++++ b/Cryptlib/Include/openssl/engine.h +@@ -1,12 +1,61 @@ ++/* openssl/engine.h */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by +@@ -18,23 +67,40 @@ + + # include + +-# ifndef OPENSSL_NO_ENGINE +-# if OPENSSL_API_COMPAT < 0x10100000L ++# ifdef OPENSSL_NO_ENGINE ++# error ENGINE is disabled. ++# endif ++ ++# ifndef OPENSSL_NO_DEPRECATED + # include +-# include +-# include +-# include +-# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++# ifndef OPENSSL_NO_ECDH ++# include ++# endif ++# ifndef OPENSSL_NO_ECDSA ++# include ++# endif + # include + # include + # include + # endif ++ + # include + # include ++ + # include +-# ifdef __cplusplus ++ ++#ifdef __cplusplus + extern "C" { +-# endif ++#endif + + /* + * These flags are used to control combinations of algorithm (methods) by +@@ -44,11 +110,13 @@ extern "C" { + # define ENGINE_METHOD_DSA (unsigned int)0x0002 + # define ENGINE_METHOD_DH (unsigned int)0x0004 + # define ENGINE_METHOD_RAND (unsigned int)0x0008 ++# define ENGINE_METHOD_ECDH (unsigned int)0x0010 ++# define ENGINE_METHOD_ECDSA (unsigned int)0x0020 + # define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 + # define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 ++# define ENGINE_METHOD_STORE (unsigned int)0x0100 + # define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 + # define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +-# define ENGINE_METHOD_EC (unsigned int)0x0800 + /* Obvious all-or-nothing cases. */ + # define ENGINE_METHOD_ALL (unsigned int)0xFFFF + # define ENGINE_METHOD_NONE (unsigned int)0x0000 +@@ -323,25 +391,29 @@ int ENGINE_add(ENGINE *e); + int ENGINE_remove(ENGINE *e); + /* Retrieve an engine from the list by its unique "id" value. */ + ENGINE *ENGINE_by_id(const char *id); +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define ENGINE_load_openssl() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL) +-# define ENGINE_load_dynamic() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL) ++/* Add all the built-in engines. */ ++void ENGINE_load_openssl(void); ++void ENGINE_load_dynamic(void); + # ifndef OPENSSL_NO_STATIC_ENGINE +-# define ENGINE_load_padlock() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL) +-# define ENGINE_load_capi() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL) +-# define ENGINE_load_afalg() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL) ++void ENGINE_load_4758cca(void); ++void ENGINE_load_aep(void); ++void ENGINE_load_atalla(void); ++void ENGINE_load_chil(void); ++void ENGINE_load_cswift(void); ++void ENGINE_load_nuron(void); ++void ENGINE_load_sureware(void); ++void ENGINE_load_ubsec(void); ++void ENGINE_load_padlock(void); ++void ENGINE_load_capi(void); ++# ifndef OPENSSL_NO_GMP ++void ENGINE_load_gmp(void); ++# endif ++# ifndef OPENSSL_NO_GOST ++void ENGINE_load_gost(void); ++# endif + # endif +-# define ENGINE_load_cryptodev() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL) +-# define ENGINE_load_rdrand() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL) +-#endif ++void ENGINE_load_cryptodev(void); ++void ENGINE_load_rdrand(void); + void ENGINE_load_builtin_engines(void); + + /* +@@ -356,7 +428,8 @@ void ENGINE_set_table_flags(unsigned int flags); + * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) + * ENGINE_unregister_***(e) - unregister the implementation from 'e' + * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list +- * Cleanup is automatically registered from each table when required. ++ * Cleanup is automatically registered from each table when required, so ++ * ENGINE_cleanup() will reverse any "register" operations. + */ + + int ENGINE_register_RSA(ENGINE *e); +@@ -367,9 +440,13 @@ int ENGINE_register_DSA(ENGINE *e); + void ENGINE_unregister_DSA(ENGINE *e); + void ENGINE_register_all_DSA(void); + +-int ENGINE_register_EC(ENGINE *e); +-void ENGINE_unregister_EC(ENGINE *e); +-void ENGINE_register_all_EC(void); ++int ENGINE_register_ECDH(ENGINE *e); ++void ENGINE_unregister_ECDH(ENGINE *e); ++void ENGINE_register_all_ECDH(void); ++ ++int ENGINE_register_ECDSA(ENGINE *e); ++void ENGINE_unregister_ECDSA(ENGINE *e); ++void ENGINE_register_all_ECDSA(void); + + int ENGINE_register_DH(ENGINE *e); + void ENGINE_unregister_DH(ENGINE *e); +@@ -379,6 +456,10 @@ int ENGINE_register_RAND(ENGINE *e); + void ENGINE_unregister_RAND(ENGINE *e); + void ENGINE_register_all_RAND(void); + ++int ENGINE_register_STORE(ENGINE *e); ++void ENGINE_unregister_STORE(ENGINE *e); ++void ENGINE_register_all_STORE(void); ++ + int ENGINE_register_ciphers(ENGINE *e); + void ENGINE_unregister_ciphers(ENGINE *e); + void ENGINE_register_all_ciphers(void); +@@ -473,9 +554,11 @@ int ENGINE_set_id(ENGINE *e, const char *id); + int ENGINE_set_name(ENGINE *e, const char *name); + int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); + int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +-int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth); ++int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); ++int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); + int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); + int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); ++int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); + int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); + int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); + int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +@@ -493,18 +576,19 @@ int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); + int ENGINE_set_flags(ENGINE *e, int flags); + int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); + /* These functions allow control over any per-structure ENGINE data. */ +-#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef) ++int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); + int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); + void *ENGINE_get_ex_data(const ENGINE *e, int idx); + +-#if OPENSSL_API_COMPAT < 0x10100000L + /* +- * This function previously cleaned up anything that needs it. Auto-deinit will +- * now take care of it so it is no longer required to call this function. ++ * This function cleans up anything that needs it. Eg. the ENGINE_add() ++ * function automatically ensures the list cleanup function is registered to ++ * be called from ENGINE_cleanup(). Similarly, all ENGINE_register_*** ++ * functions ensure ENGINE_cleanup() will clean up after them. + */ +-# define ENGINE_cleanup() while(0) continue +-#endif ++void ENGINE_cleanup(void); + + /* + * These return values from within the ENGINE structure. These can be useful +@@ -516,9 +600,11 @@ const char *ENGINE_get_id(const ENGINE *e); + const char *ENGINE_get_name(const ENGINE *e); + const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); + const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +-const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); ++const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); ++const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); + const DH_METHOD *ENGINE_get_DH(const ENGINE *e); + const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); ++const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); + ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); + ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); + ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +@@ -593,7 +679,8 @@ int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + ENGINE *ENGINE_get_default_RSA(void); + /* Same for the other "methods" */ + ENGINE *ENGINE_get_default_DSA(void); +-ENGINE *ENGINE_get_default_EC(void); ++ENGINE *ENGINE_get_default_ECDH(void); ++ENGINE *ENGINE_get_default_ECDSA(void); + ENGINE *ENGINE_get_default_DH(void); + ENGINE *ENGINE_get_default_RAND(void); + /* +@@ -615,7 +702,8 @@ int ENGINE_set_default_RSA(ENGINE *e); + int ENGINE_set_default_string(ENGINE *e, const char *def_list); + /* Same for the other "methods" */ + int ENGINE_set_default_DSA(ENGINE *e); +-int ENGINE_set_default_EC(ENGINE *e); ++int ENGINE_set_default_ECDH(ENGINE *e); ++int ENGINE_set_default_ECDSA(ENGINE *e); + int ENGINE_set_default_DH(ENGINE *e); + int ENGINE_set_default_RAND(ENGINE *e); + int ENGINE_set_default_ciphers(ENGINE *e); +@@ -642,12 +730,12 @@ void ENGINE_add_conf_module(void); + /**************************/ + + /* Binary/behaviour compatibility levels */ +-# define OSSL_DYNAMIC_VERSION (unsigned long)0x00030000 ++# define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 + /* + * Binary versions older than this are too old for us (whether we're a loader + * or a loadee) + */ +-# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00030000 ++# define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 + + /* + * When compiling an ENGINE entirely as an external shared library, loadable +@@ -660,22 +748,40 @@ void ENGINE_add_conf_module(void); + * same static data as the calling application (or library), and thus whether + * these callbacks need to be set or not. + */ +-typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int); +-typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int); +-typedef void (*dyn_MEM_free_fn) (void *, const char *, int); ++typedef void *(*dyn_MEM_malloc_cb) (size_t); ++typedef void *(*dyn_MEM_realloc_cb) (void *, size_t); ++typedef void (*dyn_MEM_free_cb) (void *); + typedef struct st_dynamic_MEM_fns { +- dyn_MEM_malloc_fn malloc_fn; +- dyn_MEM_realloc_fn realloc_fn; +- dyn_MEM_free_fn free_fn; ++ dyn_MEM_malloc_cb malloc_cb; ++ dyn_MEM_realloc_cb realloc_cb; ++ dyn_MEM_free_cb free_cb; + } dynamic_MEM_fns; + /* + * FIXME: Perhaps the memory and locking code (crypto.h) should declare and +- * use these types so we (and any other dependent code) can simplify a bit?? +- */ ++ * use these types so we (and any other dependant code) can simplify a bit?? ++ */ ++typedef void (*dyn_lock_locking_cb) (int, int, const char *, int); ++typedef int (*dyn_lock_add_lock_cb) (int *, int, int, const char *, int); ++typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb) (const char *, ++ int); ++typedef void (*dyn_dynlock_lock_cb) (int, struct CRYPTO_dynlock_value *, ++ const char *, int); ++typedef void (*dyn_dynlock_destroy_cb) (struct CRYPTO_dynlock_value *, ++ const char *, int); ++typedef struct st_dynamic_LOCK_fns { ++ dyn_lock_locking_cb lock_locking_cb; ++ dyn_lock_add_lock_cb lock_add_lock_cb; ++ dyn_dynlock_create_cb dynlock_create_cb; ++ dyn_dynlock_lock_cb dynlock_lock_cb; ++ dyn_dynlock_destroy_cb dynlock_destroy_cb; ++} dynamic_LOCK_fns; + /* The top-level structure */ + typedef struct st_dynamic_fns { + void *static_state; ++ const ERR_FNS *err_fns; ++ const CRYPTO_EX_DATA_IMPL *ex_data_fns; + dynamic_MEM_fns mem_fns; ++ dynamic_LOCK_fns lock_fns; + } dynamic_fns; + + /* +@@ -694,7 +800,7 @@ typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version); + # define IMPLEMENT_DYNAMIC_CHECK_FN() \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v); \ + OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \ +- if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ ++ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ + return 0; } + + /* +@@ -722,13 +828,21 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + OPENSSL_EXPORT \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ +- if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ +- CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ +- fns->mem_fns.realloc_fn, \ +- fns->mem_fns.free_fn); \ ++ if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ ++ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ ++ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ ++ return 0; \ ++ CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ ++ CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ ++ CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ ++ CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ ++ CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ ++ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ ++ return 0; \ ++ if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ +- if (!fn(e, id)) return 0; \ +- return 1; } ++ if(!fn(e,id)) return 0; \ ++ return 1; } + + /* + * If the loading application (or library) and the loaded ENGINE library +@@ -744,7 +858,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, + void *ENGINE_get_static_state(void); + + # if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV) +-DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) ++void ENGINE_setup_bsd_cryptodev(void); + # endif + + /* BEGIN ERROR CODES */ +@@ -752,8 +866,7 @@ DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void)) + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_ENGINE_strings(void); ++void ERR_load_ENGINE_strings(void); + + /* Error codes for the ENGINE functions. */ + +@@ -769,10 +882,10 @@ int ERR_load_ENGINE_strings(void); + # define ENGINE_F_ENGINE_CTRL_CMD 178 + # define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 + # define ENGINE_F_ENGINE_FINISH 107 ++# define ENGINE_F_ENGINE_FREE_UTIL 108 + # define ENGINE_F_ENGINE_GET_CIPHER 185 ++# define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 + # define ENGINE_F_ENGINE_GET_DIGEST 186 +-# define ENGINE_F_ENGINE_GET_FIRST 195 +-# define ENGINE_F_ENGINE_GET_LAST 196 + # define ENGINE_F_ENGINE_GET_NEXT 115 + # define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 + # define ENGINE_F_ENGINE_GET_PKEY_METH 192 +@@ -784,17 +897,19 @@ int ERR_load_ENGINE_strings(void); + # define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 + # define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 + # define ENGINE_F_ENGINE_NEW 122 +-# define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR 197 + # define ENGINE_F_ENGINE_REMOVE 123 + # define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 ++# define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 + # define ENGINE_F_ENGINE_SET_ID 129 + # define ENGINE_F_ENGINE_SET_NAME 130 + # define ENGINE_F_ENGINE_TABLE_REGISTER 184 ++# define ENGINE_F_ENGINE_UNLOAD_KEY 152 + # define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 + # define ENGINE_F_ENGINE_UP_REF 190 + # define ENGINE_F_INT_CTRL_HELPER 172 + # define ENGINE_F_INT_ENGINE_CONFIGURE 188 + # define ENGINE_F_INT_ENGINE_MODULE_INIT 187 ++# define ENGINE_F_LOG_MESSAGE 141 + + /* Reason codes. */ + # define ENGINE_R_ALREADY_LOADED 100 +@@ -804,6 +919,8 @@ int ERR_load_ENGINE_strings(void); + # define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 + # define ENGINE_R_CONFLICTING_ENGINE_ID 103 + # define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 ++# define ENGINE_R_DH_NOT_IMPLEMENTED 139 ++# define ENGINE_R_DSA_NOT_IMPLEMENTED 140 + # define ENGINE_R_DSO_FAILURE 104 + # define ENGINE_R_DSO_NOT_FOUND 132 + # define ENGINE_R_ENGINES_SECTION_ERROR 148 +@@ -813,6 +930,7 @@ int ERR_load_ENGINE_strings(void); + # define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 + # define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 + # define ENGINE_R_FINISH_FAILED 106 ++# define ENGINE_R_GET_HANDLE_FAILED 107 + # define ENGINE_R_ID_OR_NAME_MISSING 108 + # define ENGINE_R_INIT_FAILED 109 + # define ENGINE_R_INTERNAL_LIST_ERROR 110 +@@ -828,13 +946,15 @@ int ERR_load_ENGINE_strings(void); + # define ENGINE_R_NO_LOAD_FUNCTION 125 + # define ENGINE_R_NO_REFERENCE 130 + # define ENGINE_R_NO_SUCH_ENGINE 116 ++# define ENGINE_R_NO_UNLOAD_FUNCTION 126 ++# define ENGINE_R_PROVIDE_PARAMETERS 113 ++# define ENGINE_R_RSA_NOT_IMPLEMENTED 141 + # define ENGINE_R_UNIMPLEMENTED_CIPHER 146 + # define ENGINE_R_UNIMPLEMENTED_DIGEST 147 + # define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 + # define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/err.h b/Cryptlib/Include/openssl/err.h +index 9bbe9e1..04c6cfc 100644 +--- a/Cryptlib/Include/openssl/err.h ++++ b/Cryptlib/Include/openssl/err.h +@@ -1,10 +1,112 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/err/err.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_ERR_H +@@ -12,14 +114,18 @@ + + # include + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + # include + # include + # endif + + # include +-# include +-# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# ifndef OPENSSL_NO_LHASH ++# include ++# endif + + #ifdef __cplusplus + extern "C" { +@@ -40,6 +146,7 @@ extern "C" { + + # define ERR_NUM_ERRORS 16 + typedef struct err_state_st { ++ CRYPTO_THREADID tid; + int err_flags[ERR_NUM_ERRORS]; + unsigned long err_buffer[ERR_NUM_ERRORS]; + char *err_data[ERR_NUM_ERRORS]; +@@ -89,10 +196,7 @@ typedef struct err_state_st { + # define ERR_LIB_CMS 46 + # define ERR_LIB_TS 47 + # define ERR_LIB_HMAC 48 +-/* # define ERR_LIB_JPAKE 49 */ +-# define ERR_LIB_CT 50 +-# define ERR_LIB_ASYNC 51 +-# define ERR_LIB_KDF 52 ++# define ERR_LIB_JPAKE 49 + + # define ERR_LIB_USER 128 + +@@ -128,18 +232,19 @@ typedef struct err_state_st { + # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +-# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) ++# define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) + +-# define ERR_PACK(l,f,r) ( \ +- (((unsigned int)(l) & 0x0FF) << 24L) | \ +- (((unsigned int)(f) & 0xFFF) << 12L) | \ +- (((unsigned int)(r) & 0xFFF) ) ) +-# define ERR_GET_LIB(l) (int)(((l) >> 24L) & 0x0FFL) +-# define ERR_GET_FUNC(l) (int)(((l) >> 12L) & 0xFFFL) +-# define ERR_GET_REASON(l) (int)( (l) & 0xFFFL) +-# define ERR_FATAL_ERROR(l) (int)( (l) & ERR_R_FATAL) ++/* ++ * Borland C seems too stupid to be able to shift and do longs in the ++ * pre-processor :-( ++ */ ++# define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ ++ ((((unsigned long)f)&0xfffL)*0x1000)| \ ++ ((((unsigned long)r)&0xfffL))) ++# define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) ++# define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) ++# define ERR_GET_REASON(l) (int)((l)&0xfffL) ++# define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) + + /* OS functions */ + # define SYS_F_FOPEN 1 +@@ -153,12 +258,6 @@ typedef struct err_state_st { + # define SYS_F_WSASTARTUP 9/* Winsock stuff */ + # define SYS_F_OPENDIR 10 + # define SYS_F_FREAD 11 +-# define SYS_F_GETADDRINFO 12 +-# define SYS_F_GETNAMEINFO 13 +-# define SYS_F_SETSOCKOPT 14 +-# define SYS_F_GETSOCKOPT 15 +-# define SYS_F_GETSOCKNAME 16 +-# define SYS_F_GETHOSTBYNAME 17 + + /* reasons */ + # define ERR_R_SYS_LIB ERR_LIB_SYS/* 2 */ +@@ -172,14 +271,30 @@ typedef struct err_state_st { + # define ERR_R_DSA_LIB ERR_LIB_DSA/* 10 */ + # define ERR_R_X509_LIB ERR_LIB_X509/* 11 */ + # define ERR_R_ASN1_LIB ERR_LIB_ASN1/* 13 */ ++# define ERR_R_CONF_LIB ERR_LIB_CONF/* 14 */ ++# define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO/* 15 */ + # define ERR_R_EC_LIB ERR_LIB_EC/* 16 */ ++# define ERR_R_SSL_LIB ERR_LIB_SSL/* 20 */ + # define ERR_R_BIO_LIB ERR_LIB_BIO/* 32 */ + # define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */ + # define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */ ++# define ERR_R_PKCS12_LIB ERR_LIB_PKCS12/* 35 */ ++# define ERR_R_RAND_LIB ERR_LIB_RAND/* 36 */ ++# define ERR_R_DSO_LIB ERR_LIB_DSO/* 37 */ + # define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */ ++# define ERR_R_OCSP_LIB ERR_LIB_OCSP/* 39 */ ++# define ERR_R_UI_LIB ERR_LIB_UI/* 40 */ ++# define ERR_R_COMP_LIB ERR_LIB_COMP/* 41 */ + # define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */ ++# define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ ++# define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ ++# define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ + + # define ERR_R_NESTED_ASN1_ERROR 58 ++# define ERR_R_BAD_ASN1_OBJECT_HEADER 59 ++# define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 ++# define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 ++# define ERR_R_ASN1_LENGTH_MISMATCH 62 + # define ERR_R_MISSING_ASN1_EOS 63 + + /* fatal error */ +@@ -189,8 +304,6 @@ typedef struct err_state_st { + # define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) + # define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) + # define ERR_R_DISABLED (5|ERR_R_FATAL) +-# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) +-# define ERR_R_PASSED_INVALID_ARGUMENT (7) + + /* + * 99 is the maximum possible ERR_R_... code, higher values are reserved for +@@ -202,8 +315,6 @@ typedef struct ERR_string_data_st { + const char *string; + } ERR_STRING_DATA; + +-DEFINE_LHASH_OF(ERR_STRING_DATA); +- + void ERR_put_error(int lib, int func, int reason, const char *file, int line); + void ERR_set_error_data(char *data, int flags); + +@@ -227,31 +338,50 @@ const char *ERR_func_error_string(unsigned long e); + const char *ERR_reason_error_string(unsigned long e); + void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + void *u); +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + void ERR_print_errors_fp(FILE *fp); + # endif ++# ifndef OPENSSL_NO_BIO + void ERR_print_errors(BIO *bp); ++# endif + void ERR_add_error_data(int num, ...); + void ERR_add_error_vdata(int num, va_list args); +-int ERR_load_strings(int lib, ERR_STRING_DATA str[]); +-int ERR_unload_strings(int lib, ERR_STRING_DATA str[]); +-int ERR_load_ERR_strings(void); +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define ERR_load_crypto_strings() \ +- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +-# define ERR_free_strings() while(0) continue +-#endif ++void ERR_load_strings(int lib, ERR_STRING_DATA str[]); ++void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); ++void ERR_load_ERR_strings(void); ++void ERR_load_crypto_strings(void); ++void ERR_free_strings(void); + +-DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *)) +-DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid)) ++void ERR_remove_thread_state(const CRYPTO_THREADID *tid); ++# ifndef OPENSSL_NO_DEPRECATED ++void ERR_remove_state(unsigned long pid); /* if zero we look it up */ ++# endif + ERR_STATE *ERR_get_state(void); + ++# ifndef OPENSSL_NO_LHASH ++LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); ++LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); ++void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); ++# endif ++ + int ERR_get_next_error_library(void); + + int ERR_set_mark(void); + int ERR_pop_to_mark(void); + ++/* Already defined in ossl_typ.h */ ++/* typedef struct st_ERR_FNS ERR_FNS; */ ++/* ++ * An application can use this function and provide the return value to ++ * loaded modules that should use the application's ERR state/functionality ++ */ ++const ERR_FNS *ERR_get_implementation(void); ++/* ++ * A loaded module should call this function prior to any ERR operations ++ * using the application's "ERR_FNS". ++ */ ++int ERR_set_implementation(const ERR_FNS *fns); ++ + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/evp.h b/Cryptlib/Include/openssl/evp.h +index 01f51b7..376f260 100644 +--- a/Cryptlib/Include/openssl/evp.h ++++ b/Cryptlib/Include/openssl/evp.h +@@ -1,20 +1,87 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/evp.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_ENVELOPE_H + # define HEADER_ENVELOPE_H + +-# include ++# ifdef OPENSSL_ALGORITHM_DEFINES ++# include ++# else ++# define OPENSSL_ALGORITHM_DEFINES ++# include ++# undef OPENSSL_ALGORITHM_DEFINES ++# endif ++ + # include ++ + # include +-# include + ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++ ++/*- ++#define EVP_RC2_KEY_SIZE 16 ++#define EVP_RC4_KEY_SIZE 16 ++#define EVP_BLOWFISH_KEY_SIZE 16 ++#define EVP_CAST5_KEY_SIZE 16 ++#define EVP_RC5_32_12_16_KEY_SIZE 16 ++*/ + # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ + # define EVP_MAX_KEY_LENGTH 64 + # define EVP_MAX_IV_LENGTH 16 +@@ -50,58 +117,92 @@ + # define EVP_PKEY_EC NID_X9_62_id_ecPublicKey + # define EVP_PKEY_HMAC NID_hmac + # define EVP_PKEY_CMAC NID_cmac +-# define EVP_PKEY_TLS1_PRF NID_tls1_prf +-# define EVP_PKEY_HKDF NID_hkdf + + #ifdef __cplusplus + extern "C" { + #endif + ++/* ++ * Type needs to be a bit field Sub-type needs to be for variations on the ++ * method, as in, can it do arbitrary encryption.... ++ */ ++struct evp_pkey_st { ++ int type; ++ int save_type; ++ int references; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ ENGINE *engine; ++ union { ++ char *ptr; ++# ifndef OPENSSL_NO_RSA ++ struct rsa_st *rsa; /* RSA */ ++# endif ++# ifndef OPENSSL_NO_DSA ++ struct dsa_st *dsa; /* DSA */ ++# endif ++# ifndef OPENSSL_NO_DH ++ struct dh_st *dh; /* DH */ ++# endif ++# ifndef OPENSSL_NO_EC ++ struct ec_key_st *ec; /* ECC */ ++# endif ++ } pkey; ++ int save_parameters; ++ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ ++} /* EVP_PKEY */ ; ++ + # define EVP_PKEY_MO_SIGN 0x0001 + # define EVP_PKEY_MO_VERIFY 0x0002 + # define EVP_PKEY_MO_ENCRYPT 0x0004 + # define EVP_PKEY_MO_DECRYPT 0x0008 + + # ifndef EVP_MD +-EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type); +-EVP_MD *EVP_MD_meth_dup(const EVP_MD *md); +-void EVP_MD_meth_free(EVP_MD *md); +- +-int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize); +-int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize); +-int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize); +-int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags); +-int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)); +-int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, +- const void *data, +- size_t count)); +-int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, +- unsigned char *md)); +-int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, +- const EVP_MD_CTX *from)); +-int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)); +-int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, +- int p1, void *p2)); +- +-int EVP_MD_meth_get_input_blocksize(const EVP_MD *md); +-int EVP_MD_meth_get_result_size(const EVP_MD *md); +-int EVP_MD_meth_get_app_datasize(const EVP_MD *md); +-unsigned long EVP_MD_meth_get_flags(const EVP_MD *md); +-int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx); +-int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, +- const void *data, +- size_t count); +-int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, +- unsigned char *md); +-int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, +- const EVP_MD_CTX *from); +-int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx); +-int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, +- int p1, void *p2); ++struct env_md_st { ++ int type; ++ int pkey_type; ++ int md_size; ++ unsigned long flags; ++ int (*init) (EVP_MD_CTX *ctx); ++ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); ++ int (*final) (EVP_MD_CTX *ctx, unsigned char *md); ++ int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); ++ int (*cleanup) (EVP_MD_CTX *ctx); ++ /* FIXME: prototype these some day */ ++ int (*sign) (int type, const unsigned char *m, unsigned int m_length, ++ unsigned char *sigret, unsigned int *siglen, void *key); ++ int (*verify) (int type, const unsigned char *m, unsigned int m_length, ++ const unsigned char *sigbuf, unsigned int siglen, ++ void *key); ++ int required_pkey_type[5]; /* EVP_PKEY_xxx */ ++ int block_size; ++ int ctx_size; /* how big does the ctx->md_data need to be */ ++ /* control function */ ++ int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); ++} /* EVP_MD */ ; ++ ++typedef int evp_sign_method(int type, const unsigned char *m, ++ unsigned int m_length, unsigned char *sigret, ++ unsigned int *siglen, void *key); ++typedef int evp_verify_method(int type, const unsigned char *m, ++ unsigned int m_length, ++ const unsigned char *sigbuf, ++ unsigned int siglen, void *key); + + /* digest can only handle a single block */ + # define EVP_MD_FLAG_ONESHOT 0x0001 + ++/* ++ * digest is a "clone" digest used ++ * which is a copy of an existing ++ * one for a specific public key type. ++ * EVP_dss1() etc ++ */ ++# define EVP_MD_FLAG_PKEY_DIGEST 0x0002 ++ ++/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ ++ ++# define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 ++ + /* DigestAlgorithmIdentifier flags... */ + + # define EVP_MD_FLAG_DIGALGID_MASK 0x0018 +@@ -130,8 +231,52 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + + # define EVP_MD_CTRL_ALG_CTRL 0x1000 + ++# define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} ++ ++# ifndef OPENSSL_NO_DSA ++# define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ ++ (evp_verify_method *)DSA_verify, \ ++ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ ++ EVP_PKEY_DSA4,0} ++# else ++# define EVP_PKEY_DSA_method EVP_PKEY_NULL_method ++# endif ++ ++# ifndef OPENSSL_NO_ECDSA ++# define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ ++ (evp_verify_method *)ECDSA_verify, \ ++ {EVP_PKEY_EC,0,0,0} ++# else ++# define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method ++# endif ++ ++# ifndef OPENSSL_NO_RSA ++# define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ ++ (evp_verify_method *)RSA_verify, \ ++ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} ++# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ ++ (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ ++ (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ ++ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} ++# else ++# define EVP_PKEY_RSA_method EVP_PKEY_NULL_method ++# define EVP_PKEY_RSA_ASN1_OCTET_STRING_method EVP_PKEY_NULL_method ++# endif ++ + # endif /* !EVP_MD */ + ++struct env_md_ctx_st { ++ const EVP_MD *digest; ++ ENGINE *engine; /* functional reference if 'digest' is ++ * ENGINE-provided */ ++ unsigned long flags; ++ void *md_data; ++ /* Public key context for sign/verify */ ++ EVP_PKEY_CTX *pctx; ++ /* Update function: usually copied from EVP_MD */ ++ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); ++} /* EVP_MD_CTX */ ; ++ + /* values for EVP_MD_CTX flags */ + + # define EVP_MD_CTX_FLAG_ONESHOT 0x0001/* digest update will be +@@ -139,7 +284,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + # define EVP_MD_CTX_FLAG_CLEANED 0x0002/* context has already been + * cleaned */ + # define EVP_MD_CTX_FLAG_REUSE 0x0004/* Don't free up ctx->md_data +- * in EVP_MD_CTX_reset */ ++ * in EVP_MD_CTX_cleanup */ + /* + * FIPS and pad options are ignored in 1.0.0, definitions are here so we + * don't accidentally reuse the values for other purposes. +@@ -159,59 +304,34 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, + # define EVP_MD_CTX_FLAG_PAD_PSS 0x20/* PSS mode */ + + # define EVP_MD_CTX_FLAG_NO_INIT 0x0100/* Don't initialize md_data */ +-/* +- * Some functions such as EVP_DigestSign only finalise copies of internal +- * contexts so additional data can be included after the finalisation call. +- * This is inefficient if this functionality is not required: it is disabled +- * if the following flag is set. +- */ +-# define EVP_MD_CTX_FLAG_FINALISE 0x0200 +- +-EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +-EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +-void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); +- +-int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +-int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +-int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +-int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +- int (*init) (EVP_CIPHER_CTX *ctx, +- const unsigned char *key, +- const unsigned char *iv, +- int enc)); +-int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, +- int (*do_cipher) (EVP_CIPHER_CTX *ctx, +- unsigned char *out, +- const unsigned char *in, +- size_t inl)); +-int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, +- int (*cleanup) (EVP_CIPHER_CTX *)); +-int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, +- int (*set_asn1_parameters) (EVP_CIPHER_CTX *, +- ASN1_TYPE *)); +-int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, +- int (*get_asn1_parameters) (EVP_CIPHER_CTX *, +- ASN1_TYPE *)); +-int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, +- int (*ctrl) (EVP_CIPHER_CTX *, int type, +- int arg, void *ptr)); +- +-int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +- const unsigned char *key, +- const unsigned char *iv, +- int enc); +-int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +- unsigned char *out, +- const unsigned char *in, +- size_t inl); +-int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); +-int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +- ASN1_TYPE *); +-int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +- ASN1_TYPE *); +-int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +- int type, int arg, +- void *ptr); ++ ++struct evp_cipher_st { ++ int nid; ++ int block_size; ++ /* Default value for variable length ciphers */ ++ int key_len; ++ int iv_len; ++ /* Various flags */ ++ unsigned long flags; ++ /* init key */ ++ int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, ++ const unsigned char *iv, int enc); ++ /* encrypt/decrypt data */ ++ int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, ++ const unsigned char *in, size_t inl); ++ /* cleanup ctx */ ++ int (*cleanup) (EVP_CIPHER_CTX *); ++ /* how big ctx->cipher_data needs to be */ ++ int ctx_size; ++ /* Populate a ASN1_TYPE with parameters */ ++ int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); ++ /* Get parameters from a ASN1_TYPE */ ++ int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); ++ /* Miscellaneous operations */ ++ int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); ++ /* Application data */ ++ void *app_data; ++} /* EVP_CIPHER */ ; + + /* Values for cipher flags */ + +@@ -227,7 +347,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + # define EVP_CIPH_CCM_MODE 0x7 + # define EVP_CIPH_XTS_MODE 0x10001 + # define EVP_CIPH_WRAP_MODE 0x10002 +-# define EVP_CIPH_OCB_MODE 0x10003 + # define EVP_CIPH_MODE 0xF0007 + /* Set if variable length cipher */ + # define EVP_CIPH_VARIABLE_LENGTH 0x8 +@@ -259,8 +378,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + # define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 + # define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 + # define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000 +-/* Cipher can handle pipeline operations */ +-# define EVP_CIPH_FLAG_PIPELINE 0X800000 + + /* + * Cipher context flag to indicate we can handle wrap mode: if allowed in +@@ -280,19 +397,14 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + # define EVP_CTRL_RAND_KEY 0x6 + # define EVP_CTRL_PBE_PRF_NID 0x7 + # define EVP_CTRL_COPY 0x8 +-# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +-# define EVP_CTRL_AEAD_GET_TAG 0x10 +-# define EVP_CTRL_AEAD_SET_TAG 0x11 +-# define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +-# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +-# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +-# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +-# define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED ++# define EVP_CTRL_GCM_SET_IVLEN 0x9 ++# define EVP_CTRL_GCM_GET_TAG 0x10 ++# define EVP_CTRL_GCM_SET_TAG 0x11 ++# define EVP_CTRL_GCM_SET_IV_FIXED 0x12 + # define EVP_CTRL_GCM_IV_GEN 0x13 +-# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +-# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +-# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +-# define EVP_CTRL_CCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED ++# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN ++# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG ++# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG + # define EVP_CTRL_CCM_SET_L 0x14 + # define EVP_CTRL_CCM_SET_MSGLEN 0x15 + /* +@@ -311,36 +423,6 @@ int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, + # define EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT 0x1b + # define EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE 0x1c + +-# define EVP_CTRL_SSL3_MASTER_SECRET 0x1d +- +-/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */ +-# define EVP_CTRL_SET_SBOX 0x1e +-/* +- * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a +- * pre-allocated buffer with specified size +- */ +-# define EVP_CTRL_SBOX_USED 0x1f +-/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after, +- * 0 switches meshing off +- */ +-# define EVP_CTRL_KEY_MESH 0x20 +-/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */ +-# define EVP_CTRL_BLOCK_PADDING_MODE 0x21 +- +-/* Set the output buffers to use for a pipelined operation */ +-# define EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS 0x22 +-/* Set the input buffers to use for a pipelined operation */ +-# define EVP_CTRL_SET_PIPELINE_INPUT_BUFS 0x23 +-/* Set the input buffer lengths to use for a pipelined operation */ +-# define EVP_CTRL_SET_PIPELINE_INPUT_LENS 0x24 +- +-/* Padding modes */ +-#define EVP_PADDING_PKCS7 1 +-#define EVP_PADDING_ISO7816_4 2 +-#define EVP_PADDING_ANSI923 3 +-#define EVP_PADDING_ISO10126 4 +-#define EVP_PADDING_ZERO 5 +- + /* RFC 5246 defines additional data to be 13 bytes in length */ + # define EVP_AEAD_TLS1_AAD_LEN 13 + +@@ -359,17 +441,45 @@ typedef struct { + /* Length of tag for TLS */ + # define EVP_GCM_TLS_TAG_LEN 16 + +-/* CCM TLS constants */ +-/* Length of fixed part of IV derived from PRF */ +-# define EVP_CCM_TLS_FIXED_IV_LEN 4 +-/* Length of explicit part of IV part of TLS records */ +-# define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +- + typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; + } EVP_CIPHER_INFO; + ++struct evp_cipher_ctx_st { ++ const EVP_CIPHER *cipher; ++ ENGINE *engine; /* functional reference if 'cipher' is ++ * ENGINE-provided */ ++ int encrypt; /* encrypt or decrypt */ ++ int buf_len; /* number we have left */ ++ unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ ++ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ ++ unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ ++ int num; /* used by cfb/ofb/ctr mode */ ++ void *app_data; /* application stuff */ ++ int key_len; /* May change for variable length cipher */ ++ unsigned long flags; /* Various flags */ ++ void *cipher_data; /* per EVP data */ ++ int final_used; ++ int block_mask; ++ unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ ++} /* EVP_CIPHER_CTX */ ; ++ ++typedef struct evp_Encode_Ctx_st { ++ /* number saved in a partial encode/decode */ ++ int num; ++ /* ++ * The length is either the output line length (in input bytes) or the ++ * shortest input line length that is ok. Once decoding begins, the ++ * length is adjusted up each time a longer line is decoded ++ */ ++ int length; ++ /* data to encode */ ++ unsigned char enc_data[80]; ++ /* number read on current line */ ++ int line_num; ++ int expect_nl; ++} EVP_ENCODE_CTX; + + /* Password based encryption function */ + typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass, +@@ -412,48 +522,29 @@ int EVP_MD_block_size(const EVP_MD *md); + unsigned long EVP_MD_flags(const EVP_MD *md); + + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +-int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, +- const void *data, size_t count); +-void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, +- int (*update) (EVP_MD_CTX *ctx, +- const void *data, size_t count)); + # define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) + # define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) + # define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) +-EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +-void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + + int EVP_CIPHER_nid(const EVP_CIPHER *cipher); + # define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) + int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +-int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher); + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); + int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); + unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); + # define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + + const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +-int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +-const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); +-const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx); +-unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); +-unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +-int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx); +-void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); + int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); + void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +-void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +-void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); + # define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define EVP_CIPHER_CTX_flags(c) EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c)) +-# endif +-# define EVP_CIPHER_CTX_mode(c) EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c)) ++unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); ++# define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) + + # define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) + # define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) +@@ -480,9 +571,8 @@ void BIO_set_md(BIO *, const EVP_MD *md); + # define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) + # define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) + +-/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c, +- unsigned char *out, +- const unsigned char *in, unsigned int inl); ++int EVP_Cipher(EVP_CIPHER_CTX *c, ++ unsigned char *out, const unsigned char *in, unsigned int inl); + + # define EVP_add_cipher_alias(n,alias) \ + OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) +@@ -493,31 +583,24 @@ void BIO_set_md(BIO *, const EVP_MD *md); + # define EVP_delete_digest_alias(alias) \ + OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); + +-int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +-EVP_MD_CTX *EVP_MD_CTX_new(void); +-int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +-void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +-# define EVP_MD_CTX_create() EVP_MD_CTX_new() +-# define EVP_MD_CTX_init(ctx) EVP_MD_CTX_reset((ctx)) +-# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx)) +-__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); ++void EVP_MD_CTX_init(EVP_MD_CTX *ctx); ++int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); ++EVP_MD_CTX *EVP_MD_CTX_create(void); ++void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); ++int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); + void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); + int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); +-__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, +- ENGINE *impl); +-__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, +- size_t cnt); +-__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, +- unsigned int *s); +-__owur int EVP_Digest(const void *data, size_t count, +- unsigned char *md, unsigned int *size, +- const EVP_MD *type, ENGINE *impl); +- +-__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +-__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +-__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +- unsigned int *s); ++int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); ++int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); ++int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); ++int EVP_Digest(const void *data, size_t count, ++ unsigned char *md, unsigned int *size, const EVP_MD *type, ++ ENGINE *impl); ++ ++int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); ++int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); ++int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); + + #ifndef OPENSSL_NO_UI + int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +@@ -527,92 +610,75 @@ void EVP_set_pw_prompt(const char *prompt); + char *EVP_get_pw_prompt(void); + #endif + +-__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, +- const unsigned char *salt, +- const unsigned char *data, int datal, int count, +- unsigned char *key, unsigned char *iv); ++int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, ++ const unsigned char *salt, const unsigned char *data, ++ int datal, int count, unsigned char *key, ++ unsigned char *iv); + + void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); + void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); + int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +-__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv); +-/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, +- const unsigned char *iv); +-/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl, const unsigned char *in, int inl); +-/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl); +-/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl); +- +-__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv); +-/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, +- const unsigned char *iv); +-/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl, const unsigned char *in, int inl); +-__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +- int *outl); +-/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, +- int *outl); +- +-__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, +- const unsigned char *key, const unsigned char *iv, +- int enc); +-/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, +- const EVP_CIPHER *cipher, ENGINE *impl, +- const unsigned char *key, +- const unsigned char *iv, int enc); +-__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +- int *outl, const unsigned char *in, int inl); +-__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +- int *outl); +-__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, +- int *outl); +- +-__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, +- EVP_PKEY *pkey); +- +-__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, +- unsigned int siglen, EVP_PKEY *pkey); +- +-/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +- const EVP_MD *type, ENGINE *e, +- EVP_PKEY *pkey); +-__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, +- size_t *siglen); +- +-__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +- const EVP_MD *type, ENGINE *e, +- EVP_PKEY *pkey); +-__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, +- size_t siglen); ++int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ const unsigned char *key, const unsigned char *iv); ++int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv); ++int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); ++int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); ++ ++int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ const unsigned char *key, const unsigned char *iv); ++int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv); ++int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); ++int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); ++ ++int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ const unsigned char *key, const unsigned char *iv, ++ int enc); ++int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ++ ENGINE *impl, const unsigned char *key, ++ const unsigned char *iv, int enc); ++int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); ++int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); ++int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +-# ifndef OPENSSL_NO_RSA +-__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +- const unsigned char *ek, int ekl, +- const unsigned char *iv, EVP_PKEY *priv); +-__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +- +-__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +- unsigned char **ek, int *ekl, unsigned char *iv, +- EVP_PKEY **pubk, int npubk); +-__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +-# endif ++int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, ++ EVP_PKEY *pkey); ++ ++int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, ++ unsigned int siglen, EVP_PKEY *pkey); ++ ++int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ++ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); ++int EVP_DigestSignFinal(EVP_MD_CTX *ctx, ++ unsigned char *sigret, size_t *siglen); ++ ++int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, ++ const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); ++int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, ++ const unsigned char *sig, size_t siglen); ++ ++int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ++ const unsigned char *ek, int ekl, const unsigned char *iv, ++ EVP_PKEY *priv); ++int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); ++ ++int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ++ unsigned char **ek, int *ekl, unsigned char *iv, ++ EVP_PKEY **pubk, int npubk); ++int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +-EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +-void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +-int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx); +-int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx); + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +-int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, +- const unsigned char *in, int inl); ++void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, ++ const unsigned char *in, int inl); + void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); + int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +@@ -623,24 +689,23 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned + char *out, int *outl); + int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define EVP_CIPHER_CTX_init(c) EVP_CIPHER_CTX_reset(c) +-# define EVP_CIPHER_CTX_cleanup(c) EVP_CIPHER_CTX_reset(c) +-# endif ++void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); ++int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); + EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +-int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c); +-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c); ++void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); + int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); + int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); + int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); + int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +-const BIO_METHOD *BIO_f_md(void); +-const BIO_METHOD *BIO_f_base64(void); +-const BIO_METHOD *BIO_f_cipher(void); +-const BIO_METHOD *BIO_f_reliable(void); +-__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, +- const unsigned char *i, int enc); ++# ifndef OPENSSL_NO_BIO ++BIO_METHOD *BIO_f_md(void); ++BIO_METHOD *BIO_f_base64(void); ++BIO_METHOD *BIO_f_cipher(void); ++BIO_METHOD *BIO_f_reliable(void); ++void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, ++ const unsigned char *i, int enc); ++# endif + + const EVP_MD *EVP_md_null(void); + # ifndef OPENSSL_NO_MD2 +@@ -651,21 +716,26 @@ const EVP_MD *EVP_md4(void); + # endif + # ifndef OPENSSL_NO_MD5 + const EVP_MD *EVP_md5(void); +-const EVP_MD *EVP_md5_sha1(void); +-# endif +-# ifndef OPENSSL_NO_BLAKE2 +-const EVP_MD *EVP_blake2b512(void); +-const EVP_MD *EVP_blake2s256(void); + # endif ++# ifndef OPENSSL_NO_SHA ++const EVP_MD *EVP_sha(void); + const EVP_MD *EVP_sha1(void); ++const EVP_MD *EVP_dss(void); ++const EVP_MD *EVP_dss1(void); ++const EVP_MD *EVP_ecdsa(void); ++# endif ++# ifndef OPENSSL_NO_SHA256 + const EVP_MD *EVP_sha224(void); + const EVP_MD *EVP_sha256(void); ++# endif ++# ifndef OPENSSL_NO_SHA512 + const EVP_MD *EVP_sha384(void); + const EVP_MD *EVP_sha512(void); ++# endif + # ifndef OPENSSL_NO_MDC2 + const EVP_MD *EVP_mdc2(void); + # endif +-# ifndef OPENSSL_NO_RMD160 ++# ifndef OPENSSL_NO_RIPEMD + const EVP_MD *EVP_ripemd160(void); + # endif + # ifndef OPENSSL_NO_WHIRLPOOL +@@ -684,6 +754,10 @@ const EVP_CIPHER *EVP_des_cfb1(void); + const EVP_CIPHER *EVP_des_cfb8(void); + const EVP_CIPHER *EVP_des_ede_cfb64(void); + # define EVP_des_ede_cfb EVP_des_ede_cfb64 ++# if 0 ++const EVP_CIPHER *EVP_des_ede_cfb1(void); ++const EVP_CIPHER *EVP_des_ede_cfb8(void); ++# endif + const EVP_CIPHER *EVP_des_ede3_cfb64(void); + # define EVP_des_ede3_cfb EVP_des_ede3_cfb64 + const EVP_CIPHER *EVP_des_ede3_cfb1(void); +@@ -701,6 +775,13 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void); + * are rc4 and md5 declarations made here inside a "NO_DES" precompiler + * branch? + */ ++# if 0 ++# ifdef OPENSSL_OPENBSD_DEV_CRYPTO ++const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); ++const EVP_CIPHER *EVP_dev_crypto_rc4(void); ++const EVP_MD *EVP_dev_crypto_md5(void); ++# endif ++# endif + # endif + # ifndef OPENSSL_NO_RC4 + const EVP_CIPHER *EVP_rc4(void); +@@ -746,57 +827,51 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void); + # define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64 + const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); + # endif ++# ifndef OPENSSL_NO_AES + const EVP_CIPHER *EVP_aes_128_ecb(void); + const EVP_CIPHER *EVP_aes_128_cbc(void); + const EVP_CIPHER *EVP_aes_128_cfb1(void); + const EVP_CIPHER *EVP_aes_128_cfb8(void); + const EVP_CIPHER *EVP_aes_128_cfb128(void); +-# define EVP_aes_128_cfb EVP_aes_128_cfb128 ++# define EVP_aes_128_cfb EVP_aes_128_cfb128 + const EVP_CIPHER *EVP_aes_128_ofb(void); + const EVP_CIPHER *EVP_aes_128_ctr(void); + const EVP_CIPHER *EVP_aes_128_ccm(void); + const EVP_CIPHER *EVP_aes_128_gcm(void); + const EVP_CIPHER *EVP_aes_128_xts(void); + const EVP_CIPHER *EVP_aes_128_wrap(void); +-const EVP_CIPHER *EVP_aes_128_wrap_pad(void); +-# ifndef OPENSSL_NO_OCB +-const EVP_CIPHER *EVP_aes_128_ocb(void); +-# endif + const EVP_CIPHER *EVP_aes_192_ecb(void); + const EVP_CIPHER *EVP_aes_192_cbc(void); + const EVP_CIPHER *EVP_aes_192_cfb1(void); + const EVP_CIPHER *EVP_aes_192_cfb8(void); + const EVP_CIPHER *EVP_aes_192_cfb128(void); +-# define EVP_aes_192_cfb EVP_aes_192_cfb128 ++# define EVP_aes_192_cfb EVP_aes_192_cfb128 + const EVP_CIPHER *EVP_aes_192_ofb(void); + const EVP_CIPHER *EVP_aes_192_ctr(void); + const EVP_CIPHER *EVP_aes_192_ccm(void); + const EVP_CIPHER *EVP_aes_192_gcm(void); + const EVP_CIPHER *EVP_aes_192_wrap(void); +-const EVP_CIPHER *EVP_aes_192_wrap_pad(void); +-# ifndef OPENSSL_NO_OCB +-const EVP_CIPHER *EVP_aes_192_ocb(void); +-# endif + const EVP_CIPHER *EVP_aes_256_ecb(void); + const EVP_CIPHER *EVP_aes_256_cbc(void); + const EVP_CIPHER *EVP_aes_256_cfb1(void); + const EVP_CIPHER *EVP_aes_256_cfb8(void); + const EVP_CIPHER *EVP_aes_256_cfb128(void); +-# define EVP_aes_256_cfb EVP_aes_256_cfb128 ++# define EVP_aes_256_cfb EVP_aes_256_cfb128 + const EVP_CIPHER *EVP_aes_256_ofb(void); + const EVP_CIPHER *EVP_aes_256_ctr(void); + const EVP_CIPHER *EVP_aes_256_ccm(void); + const EVP_CIPHER *EVP_aes_256_gcm(void); + const EVP_CIPHER *EVP_aes_256_xts(void); + const EVP_CIPHER *EVP_aes_256_wrap(void); +-const EVP_CIPHER *EVP_aes_256_wrap_pad(void); +-# ifndef OPENSSL_NO_OCB +-const EVP_CIPHER *EVP_aes_256_ocb(void); +-# endif ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); + const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); ++# endif ++# ifndef OPENSSL_NO_SHA256 + const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); + const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); ++# endif ++# endif + # ifndef OPENSSL_NO_CAMELLIA + const EVP_CIPHER *EVP_camellia_128_ecb(void); + const EVP_CIPHER *EVP_camellia_128_cbc(void); +@@ -805,7 +880,6 @@ const EVP_CIPHER *EVP_camellia_128_cfb8(void); + const EVP_CIPHER *EVP_camellia_128_cfb128(void); + # define EVP_camellia_128_cfb EVP_camellia_128_cfb128 + const EVP_CIPHER *EVP_camellia_128_ofb(void); +-const EVP_CIPHER *EVP_camellia_128_ctr(void); + const EVP_CIPHER *EVP_camellia_192_ecb(void); + const EVP_CIPHER *EVP_camellia_192_cbc(void); + const EVP_CIPHER *EVP_camellia_192_cfb1(void); +@@ -813,7 +887,6 @@ const EVP_CIPHER *EVP_camellia_192_cfb8(void); + const EVP_CIPHER *EVP_camellia_192_cfb128(void); + # define EVP_camellia_192_cfb EVP_camellia_192_cfb128 + const EVP_CIPHER *EVP_camellia_192_ofb(void); +-const EVP_CIPHER *EVP_camellia_192_ctr(void); + const EVP_CIPHER *EVP_camellia_256_ecb(void); + const EVP_CIPHER *EVP_camellia_256_cbc(void); + const EVP_CIPHER *EVP_camellia_256_cfb1(void); +@@ -821,13 +894,6 @@ const EVP_CIPHER *EVP_camellia_256_cfb8(void); + const EVP_CIPHER *EVP_camellia_256_cfb128(void); + # define EVP_camellia_256_cfb EVP_camellia_256_cfb128 + const EVP_CIPHER *EVP_camellia_256_ofb(void); +-const EVP_CIPHER *EVP_camellia_256_ctr(void); +-# endif +-# ifndef OPENSSL_NO_CHACHA +-const EVP_CIPHER *EVP_chacha20(void); +-# ifndef OPENSSL_NO_POLY1305 +-const EVP_CIPHER *EVP_chacha20_poly1305(void); +-# endif + # endif + + # ifndef OPENSSL_NO_SEED +@@ -838,39 +904,29 @@ const EVP_CIPHER *EVP_seed_cfb128(void); + const EVP_CIPHER *EVP_seed_ofb(void); + # endif + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define OPENSSL_add_all_algorithms_conf() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ +- | OPENSSL_INIT_ADD_ALL_DIGESTS \ +- | OPENSSL_INIT_LOAD_CONFIG, NULL) +-# define OPENSSL_add_all_algorithms_noconf() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ +- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +- +-# ifdef OPENSSL_LOAD_CONF +-# define OpenSSL_add_all_algorithms() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ +- | OPENSSL_INIT_ADD_ALL_DIGESTS \ +- | OPENSSL_INIT_LOAD_CONFIG, NULL) +-# else +-# define OpenSSL_add_all_algorithms() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \ +- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) +-# endif +- +-# define OpenSSL_add_all_ciphers() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL) +-# define OpenSSL_add_all_digests() \ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) ++void OPENSSL_add_all_algorithms_noconf(void); ++void OPENSSL_add_all_algorithms_conf(void); + +-# define EVP_cleanup() while(0) continue ++# ifdef OPENSSL_LOAD_CONF ++# define OpenSSL_add_all_algorithms() \ ++ OPENSSL_add_all_algorithms_conf() ++# else ++# define OpenSSL_add_all_algorithms() \ ++ OPENSSL_add_all_algorithms_noconf() + # endif + ++void OpenSSL_add_all_ciphers(void); ++void OpenSSL_add_all_digests(void); ++# define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() ++# define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() ++# define SSLeay_add_all_digests() OpenSSL_add_all_digests() ++ + int EVP_add_cipher(const EVP_CIPHER *cipher); + int EVP_add_digest(const EVP_MD *digest); + + const EVP_CIPHER *EVP_get_cipherbyname(const char *name); + const EVP_MD *EVP_get_digestbyname(const char *name); ++void EVP_cleanup(void); + + void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), +@@ -895,42 +951,35 @@ int EVP_PKEY_encrypt_old(unsigned char *enc_key, + int EVP_PKEY_type(int type); + int EVP_PKEY_id(const EVP_PKEY *pkey); + int EVP_PKEY_base_id(const EVP_PKEY *pkey); +-int EVP_PKEY_bits(const EVP_PKEY *pkey); +-int EVP_PKEY_security_bits(const EVP_PKEY *pkey); ++int EVP_PKEY_bits(EVP_PKEY *pkey); + int EVP_PKEY_size(EVP_PKEY *pkey); + int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); + int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); + int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +-void *EVP_PKEY_get0(const EVP_PKEY *pkey); +-const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); ++void *EVP_PKEY_get0(EVP_PKEY *pkey); + + # ifndef OPENSSL_NO_RSA + struct rsa_st; + int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +-struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); + struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); + # endif + # ifndef OPENSSL_NO_DSA + struct dsa_st; + int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +-struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); + struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); + # endif + # ifndef OPENSSL_NO_DH + struct dh_st; + int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +-struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); + struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); + # endif + # ifndef OPENSSL_NO_EC + struct ec_key_st; + int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +-struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); + struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); + # endif + + EVP_PKEY *EVP_PKEY_new(void); +-int EVP_PKEY_up_ref(EVP_PKEY *pkey); + void EVP_PKEY_free(EVP_PKEY *pkey); + + EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, +@@ -959,10 +1008,6 @@ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + + int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +-int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, +- const unsigned char *pt, size_t ptlen); +-size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt); +- + int EVP_CIPHER_type(const EVP_CIPHER *ctx); + + /* calls methods */ +@@ -987,17 +1032,6 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de); + +-#ifndef OPENSSL_NO_SCRYPT +-int EVP_PBE_scrypt(const char *pass, size_t passlen, +- const unsigned char *salt, size_t saltlen, +- uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, +- unsigned char *key, size_t keylen); +- +-int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, +- int passlen, ASN1_TYPE *param, +- const EVP_CIPHER *c, const EVP_MD *md, int en_de); +-#endif +- + void PKCS5_PBE_add(void); + + int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, +@@ -1009,8 +1043,6 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + # define EVP_PBE_TYPE_OUTER 0x0 + /* Is an PRF type OID */ + # define EVP_PBE_TYPE_PRF 0x1 +-/* Is a PKCS#5 v2.0 KDF */ +-# define EVP_PBE_TYPE_KDF 0x2 + + int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); +@@ -1019,7 +1051,6 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); + void EVP_PBE_cleanup(void); +-int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + + # define ASN1_PKEY_ALIAS 0x1 + # define ASN1_PKEY_DYNAMIC 0x2 +@@ -1032,9 +1063,6 @@ int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num); + # define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 + # define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +-# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT 0x9 +-# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT 0xa +- + int EVP_PKEY_asn1_get_count(void); + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +@@ -1047,7 +1075,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, + const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey); + EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, + const char *info); +@@ -1068,7 +1096,7 @@ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_bits) (const EVP_PKEY *pk)); + void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, +- const PKCS8_PRIV_KEY_INFO ++ PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), +@@ -1111,10 +1139,6 @@ void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + X509_ALGOR *alg2, + ASN1_BIT_STRING *sig)); + +-void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, +- int (*pkey_security_bits) (const EVP_PKEY +- *pk)); +- + # define EVP_PKEY_OP_UNDEFINED 0 + # define EVP_PKEY_OP_PARAMGEN (1<<1) + # define EVP_PKEY_OP_KEYGEN (1<<2) +@@ -1135,7 +1159,7 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + + # define EVP_PKEY_OP_TYPE_NOGEN \ +- (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE) ++ (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + + # define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) +@@ -1148,10 +1172,6 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)pmd) + +-# define EVP_PKEY_CTX_set_mac_key(ctx, key, len) \ +- EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN, \ +- EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)key) +- + # define EVP_PKEY_CTRL_MD 1 + # define EVP_PKEY_CTRL_PEER_KEY 2 + +@@ -1201,9 +1221,6 @@ int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, + int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +-int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); +-int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); +- + int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); + void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +@@ -1244,7 +1261,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); + int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +-typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); ++typedef int EVP_PKEY_gen_cb (EVP_PKEY_CTX *ctx); + + int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); + int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +@@ -1348,98 +1365,6 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + const char *type, + const char *value)); + +-void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +- int (**pinit) (EVP_PKEY_CTX *ctx)); +- +-void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +- int (**pcopy) (EVP_PKEY_CTX *dst, +- EVP_PKEY_CTX *src)); +- +-void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +- void (**pcleanup) (EVP_PKEY_CTX *ctx)); +- +-void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +- int (**pparamgen_init) (EVP_PKEY_CTX *ctx), +- int (**pparamgen) (EVP_PKEY_CTX *ctx, +- EVP_PKEY *pkey)); +- +-void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +- int (**pkeygen_init) (EVP_PKEY_CTX *ctx), +- int (**pkeygen) (EVP_PKEY_CTX *ctx, +- EVP_PKEY *pkey)); +- +-void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +- int (**psign_init) (EVP_PKEY_CTX *ctx), +- int (**psign) (EVP_PKEY_CTX *ctx, +- unsigned char *sig, size_t *siglen, +- const unsigned char *tbs, +- size_t tbslen)); +- +-void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +- int (**pverify_init) (EVP_PKEY_CTX *ctx), +- int (**pverify) (EVP_PKEY_CTX *ctx, +- const unsigned char *sig, +- size_t siglen, +- const unsigned char *tbs, +- size_t tbslen)); +- +-void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +- int (**pverify_recover_init) (EVP_PKEY_CTX +- *ctx), +- int (**pverify_recover) (EVP_PKEY_CTX +- *ctx, +- unsigned char +- *sig, +- size_t *siglen, +- const unsigned +- char *tbs, +- size_t tbslen)); +- +-void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +- int (**psignctx_init) (EVP_PKEY_CTX *ctx, +- EVP_MD_CTX *mctx), +- int (**psignctx) (EVP_PKEY_CTX *ctx, +- unsigned char *sig, +- size_t *siglen, +- EVP_MD_CTX *mctx)); +- +-void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +- int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, +- EVP_MD_CTX *mctx), +- int (**pverifyctx) (EVP_PKEY_CTX *ctx, +- const unsigned char *sig, +- int siglen, +- EVP_MD_CTX *mctx)); +- +-void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +- int (**pencrypt_init) (EVP_PKEY_CTX *ctx), +- int (**pencryptfn) (EVP_PKEY_CTX *ctx, +- unsigned char *out, +- size_t *outlen, +- const unsigned char *in, +- size_t inlen)); +- +-void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +- int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), +- int (**pdecrypt) (EVP_PKEY_CTX *ctx, +- unsigned char *out, +- size_t *outlen, +- const unsigned char *in, +- size_t inlen)); +- +-void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +- int (**pderive_init) (EVP_PKEY_CTX *ctx), +- int (**pderive) (EVP_PKEY_CTX *ctx, +- unsigned char *key, +- size_t *keylen)); +- +-void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +- int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +- void *p2), +- int (**pctrl_str) (EVP_PKEY_CTX *ctx, +- const char *type, +- const char *value)); +- + void EVP_add_alg_module(void); + + /* BEGIN ERROR CODES */ +@@ -1448,40 +1373,43 @@ void EVP_add_alg_module(void); + * made after this point may be overwritten when the script is next run. + */ + +-int ERR_load_EVP_strings(void); ++void ERR_load_EVP_strings(void); + + /* Error codes for the EVP functions. */ + + /* Function codes. */ + # define EVP_F_AESNI_INIT_KEY 165 ++# define EVP_F_AESNI_XTS_CIPHER 176 + # define EVP_F_AES_INIT_KEY 133 +-# define EVP_F_AES_OCB_CIPHER 169 + # define EVP_F_AES_T4_INIT_KEY 178 +-# define EVP_F_AES_WRAP_CIPHER 170 ++# define EVP_F_AES_XTS 172 ++# define EVP_F_AES_XTS_CIPHER 175 + # define EVP_F_ALG_MODULE_INIT 177 + # define EVP_F_CAMELLIA_INIT_KEY 159 +-# define EVP_F_CHACHA20_POLY1305_CTRL 182 ++# define EVP_F_CMAC_INIT 173 + # define EVP_F_CMLL_T4_INIT_KEY 179 +-# define EVP_F_DES_EDE3_WRAP_CIPHER 171 ++# define EVP_F_D2I_PKEY 100 + # define EVP_F_DO_SIGVER_INIT 161 ++# define EVP_F_DSAPKEY2PKCS8 134 ++# define EVP_F_DSA_PKEY2PKCS8 135 ++# define EVP_F_ECDSA_PKEY2PKCS8 129 ++# define EVP_F_ECKEY_PKEY2PKCS8 132 + # define EVP_F_EVP_CIPHERINIT_EX 123 + # define EVP_F_EVP_CIPHER_CTX_COPY 163 + # define EVP_F_EVP_CIPHER_CTX_CTRL 124 + # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 + # define EVP_F_EVP_DECRYPTFINAL_EX 101 +-# define EVP_F_EVP_DECRYPTUPDATE 166 + # define EVP_F_EVP_DIGESTINIT_EX 128 + # define EVP_F_EVP_ENCRYPTFINAL_EX 127 +-# define EVP_F_EVP_ENCRYPTUPDATE 167 + # define EVP_F_EVP_MD_CTX_COPY_EX 110 + # define EVP_F_EVP_MD_SIZE 162 + # define EVP_F_EVP_OPENINIT 102 + # define EVP_F_EVP_PBE_ALG_ADD 115 + # define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 + # define EVP_F_EVP_PBE_CIPHERINIT 116 +-# define EVP_F_EVP_PBE_SCRYPT 181 + # define EVP_F_EVP_PKCS82PKEY 111 +-# define EVP_F_EVP_PKEY2PKCS8 113 ++# define EVP_F_EVP_PKCS82PKEY_BROKEN 136 ++# define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 + # define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 + # define EVP_F_EVP_PKEY_CTX_CTRL 137 + # define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +@@ -1495,11 +1423,11 @@ int ERR_load_EVP_strings(void); + # define EVP_F_EVP_PKEY_ENCRYPT 105 + # define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 + # define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +-# define EVP_F_EVP_PKEY_GET0_DH 119 +-# define EVP_F_EVP_PKEY_GET0_DSA 120 +-# define EVP_F_EVP_PKEY_GET0_EC_KEY 131 +-# define EVP_F_EVP_PKEY_GET0_HMAC 183 +-# define EVP_F_EVP_PKEY_GET0_RSA 121 ++# define EVP_F_EVP_PKEY_GET1_DH 119 ++# define EVP_F_EVP_PKEY_GET1_DSA 120 ++# define EVP_F_EVP_PKEY_GET1_ECDSA 130 ++# define EVP_F_EVP_PKEY_GET1_EC_KEY 131 ++# define EVP_F_EVP_PKEY_GET1_RSA 121 + # define EVP_F_EVP_PKEY_KEYGEN 146 + # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 + # define EVP_F_EVP_PKEY_NEW 106 +@@ -1511,78 +1439,98 @@ int ERR_load_EVP_strings(void); + # define EVP_F_EVP_PKEY_VERIFY_INIT 143 + # define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 + # define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 ++# define EVP_F_EVP_RIJNDAEL 126 + # define EVP_F_EVP_SIGNFINAL 107 + # define EVP_F_EVP_VERIFYFINAL 108 ++# define EVP_F_FIPS_CIPHERINIT 166 ++# define EVP_F_FIPS_CIPHER_CTX_COPY 170 ++# define EVP_F_FIPS_CIPHER_CTX_CTRL 167 ++# define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 ++# define EVP_F_FIPS_DIGESTINIT 168 ++# define EVP_F_FIPS_MD_CTX_COPY 169 ++# define EVP_F_HMAC_INIT_EX 174 + # define EVP_F_INT_CTX_NEW 157 + # define EVP_F_PKCS5_PBE_KEYIVGEN 117 + # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 + # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +-# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 ++# define EVP_F_PKCS8_SET_BROKEN 112 + # define EVP_F_PKEY_SET_TYPE 158 + # define EVP_F_RC2_MAGIC_TO_METH 109 + # define EVP_F_RC5_CTRL 125 + + /* Reason codes. */ ++# define EVP_R_AES_IV_SETUP_FAILED 162 + # define EVP_R_AES_KEY_SETUP_FAILED 143 ++# define EVP_R_ASN1_LIB 140 ++# define EVP_R_BAD_BLOCK_LENGTH 136 + # define EVP_R_BAD_DECRYPT 100 ++# define EVP_R_BAD_KEY_LENGTH 137 ++# define EVP_R_BN_DECODE_ERROR 112 ++# define EVP_R_BN_PUBKEY_ERROR 113 + # define EVP_R_BUFFER_TOO_SMALL 155 + # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 + # define EVP_R_CIPHER_PARAMETER_ERROR 122 + # define EVP_R_COMMAND_NOT_SUPPORTED 147 +-# define EVP_R_COPY_ERROR 173 + # define EVP_R_CTRL_NOT_IMPLEMENTED 132 + # define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 + # define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 + # define EVP_R_DECODE_ERROR 114 + # define EVP_R_DIFFERENT_KEY_TYPES 101 + # define EVP_R_DIFFERENT_PARAMETERS 153 ++# define EVP_R_DISABLED_FOR_FIPS 163 ++# define EVP_R_ENCODE_ERROR 115 + # define EVP_R_ERROR_LOADING_SECTION 165 + # define EVP_R_ERROR_SETTING_FIPS_MODE 166 +-# define EVP_R_EXPECTING_AN_HMAC_KEY 174 ++# define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 + # define EVP_R_EXPECTING_AN_RSA_KEY 127 + # define EVP_R_EXPECTING_A_DH_KEY 128 + # define EVP_R_EXPECTING_A_DSA_KEY 129 ++# define EVP_R_EXPECTING_A_ECDSA_KEY 141 + # define EVP_R_EXPECTING_A_EC_KEY 142 + # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +-# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 + # define EVP_R_INITIALIZATION_ERROR 134 + # define EVP_R_INPUT_NOT_INITIALIZED 111 + # define EVP_R_INVALID_DIGEST 152 + # define EVP_R_INVALID_FIPS_MODE 168 +-# define EVP_R_INVALID_KEY 163 ++# define EVP_R_INVALID_KEY 171 + # define EVP_R_INVALID_KEY_LENGTH 130 + # define EVP_R_INVALID_OPERATION 148 ++# define EVP_R_IV_TOO_LARGE 102 + # define EVP_R_KEYGEN_FAILURE 120 +-# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 + # define EVP_R_MESSAGE_DIGEST_IS_NULL 159 + # define EVP_R_METHOD_NOT_SUPPORTED 144 + # define EVP_R_MISSING_PARAMETERS 103 + # define EVP_R_NO_CIPHER_SET 131 + # define EVP_R_NO_DEFAULT_DIGEST 158 + # define EVP_R_NO_DIGEST_SET 139 ++# define EVP_R_NO_DSA_PARAMETERS 116 + # define EVP_R_NO_KEY_SET 154 + # define EVP_R_NO_OPERATION_SET 149 ++# define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 ++# define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 + # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 + # define EVP_R_OPERATON_NOT_INITIALIZED 151 +-# define EVP_R_PARTIALLY_OVERLAPPING 162 ++# define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 + # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 + # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 + # define EVP_R_PUBLIC_KEY_NOT_RSA 106 ++# define EVP_R_TOO_LARGE 164 + # define EVP_R_UNKNOWN_CIPHER 160 + # define EVP_R_UNKNOWN_DIGEST 161 + # define EVP_R_UNKNOWN_OPTION 169 + # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 ++# define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 + # define EVP_R_UNSUPPORTED_ALGORITHM 156 + # define EVP_R_UNSUPPORTED_CIPHER 107 + # define EVP_R_UNSUPPORTED_KEYLENGTH 123 + # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 + # define EVP_R_UNSUPPORTED_KEY_SIZE 108 +-# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 + # define EVP_R_UNSUPPORTED_PRF 125 + # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 + # define EVP_R_UNSUPPORTED_SALT_TYPE 126 + # define EVP_R_WRAP_MODE_NOT_ALLOWED 170 + # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 ++# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 + + # ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/hmac.h b/Cryptlib/Include/openssl/hmac.h +index 9f06896..b8b55cd 100644 +--- a/Cryptlib/Include/openssl/hmac.h ++++ b/Cryptlib/Include/openssl/hmac.h +@@ -1,17 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/hmac/hmac.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ +- + #ifndef HEADER_HMAC_H + # define HEADER_HMAC_H + + # include + ++# ifdef OPENSSL_NO_HMAC ++# error HMAC is disabled. ++# endif ++ + # include + + # define HMAC_MAX_MD_CBLOCK 128/* largest known is SHA512 */ +@@ -20,27 +72,35 @@ + extern "C" { + #endif + +-size_t HMAC_size(const HMAC_CTX *e); +-HMAC_CTX *HMAC_CTX_new(void); +-int HMAC_CTX_reset(HMAC_CTX *ctx); +-void HMAC_CTX_free(HMAC_CTX *ctx); ++typedef struct hmac_ctx_st { ++ const EVP_MD *md; ++ EVP_MD_CTX md_ctx; ++ EVP_MD_CTX i_ctx; ++ EVP_MD_CTX o_ctx; ++ unsigned int key_length; ++ unsigned char key[HMAC_MAX_MD_CBLOCK]; ++} HMAC_CTX; ++ ++# define HMAC_size(e) (EVP_MD_size((e)->md)) ++ ++void HMAC_CTX_init(HMAC_CTX *ctx); ++void HMAC_CTX_cleanup(HMAC_CTX *ctx); + +-DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md)) ++/* deprecated */ ++# define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) + +-/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, +- const EVP_MD *md, ENGINE *impl); +-/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, +- size_t len); +-/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, +- unsigned int *len); ++/* deprecated */ ++int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md); ++int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, ++ const EVP_MD *md, ENGINE *impl); ++int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); ++int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); + unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len); +-__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); ++int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +-const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/idea.h b/Cryptlib/Include/openssl/idea.h +index 4334f3e..6075984 100644 +--- a/Cryptlib/Include/openssl/idea.h ++++ b/Cryptlib/Include/openssl/idea.h +@@ -1,64 +1,105 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/idea/idea.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_IDEA_H + # define HEADER_IDEA_H + +-# include ++# include /* IDEA_INT, OPENSSL_NO_IDEA */ + +-# ifndef OPENSSL_NO_IDEA +-# ifdef __cplusplus +-extern "C" { ++# ifdef OPENSSL_NO_IDEA ++# error IDEA is disabled. + # endif + +-typedef unsigned int IDEA_INT; +- + # define IDEA_ENCRYPT 1 + # define IDEA_DECRYPT 0 + + # define IDEA_BLOCK 8 + # define IDEA_KEY_LENGTH 16 + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + typedef struct idea_key_st { + IDEA_INT data[9][6]; + } IDEA_KEY_SCHEDULE; + +-const char *IDEA_options(void); +-void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out, ++const char *idea_options(void); ++void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +-void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +-void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +-void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out, ++# ifdef OPENSSL_FIPS ++void private_idea_set_encrypt_key(const unsigned char *key, ++ IDEA_KEY_SCHEDULE *ks); ++# endif ++void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); ++void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); ++void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int enc); +-void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out, ++void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +-void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out, ++void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num); +-void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); +- +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define idea_options IDEA_options +-# define idea_ecb_encrypt IDEA_ecb_encrypt +-# define idea_set_encrypt_key IDEA_set_encrypt_key +-# define idea_set_decrypt_key IDEA_set_decrypt_key +-# define idea_cbc_encrypt IDEA_cbc_encrypt +-# define idea_cfb64_encrypt IDEA_cfb64_encrypt +-# define idea_ofb64_encrypt IDEA_ofb64_encrypt +-# define idea_encrypt IDEA_encrypt +-# endif +- +-# ifdef __cplusplus ++void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/kdf.h b/Cryptlib/Include/openssl/kdf.h +deleted file mode 100644 +index 9f87f78..0000000 +--- a/Cryptlib/Include/openssl/kdf.h ++++ /dev/null +@@ -1,75 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_KDF_H +-# define HEADER_KDF_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL) +-# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +-# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) +-# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +-# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +-# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +-# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +- +-# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ +- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +- EVP_PKEY_CTRL_TLS_MD, 0, (void *)md) +- +-# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ +- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +- EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)sec) +- +-# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ +- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +- EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)seed) +- +-# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ +- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +- EVP_PKEY_CTRL_HKDF_MD, 0, (void *)md) +- +-# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ +- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +- EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)salt) +- +-# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ +- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +- EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)key) +- +-# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ +- EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ +- EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)info) +- +-/* BEGIN ERROR CODES */ +-/* +- * The following lines are auto generated by the script mkerr.pl. Any changes +- * made after this point may be overwritten when the script is next run. +- */ +- +-int ERR_load_KDF_strings(void); +- +-/* Error codes for the KDF functions. */ +- +-/* Function codes. */ +-# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +-# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +- +-/* Reason codes. */ +-# define KDF_R_INVALID_DIGEST 100 +-# define KDF_R_MISSING_PARAMETER 101 +-# define KDF_R_VALUE_MISSING 102 +- +-# ifdef __cplusplus +-} +-# endif +-#endif +diff --git a/Cryptlib/Include/openssl/krb5_asn.h b/Cryptlib/Include/openssl/krb5_asn.h +new file mode 100644 +index 0000000..9cf5a26 +--- /dev/null ++++ b/Cryptlib/Include/openssl/krb5_asn.h +@@ -0,0 +1,240 @@ ++/* krb5_asn.h */ ++/* ++ * Written by Vern Staats for the OpenSSL project, ** ++ * using ocsp/{*.h,*asn*.c} as a starting point ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_KRB5_ASN_H ++# define HEADER_KRB5_ASN_H ++ ++/* ++ * #include ++ */ ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ * ASN.1 from Kerberos RFC 1510 ++ */ ++ ++/*- EncryptedData ::= SEQUENCE { ++ * etype[0] INTEGER, -- EncryptionType ++ * kvno[1] INTEGER OPTIONAL, ++ * cipher[2] OCTET STRING -- ciphertext ++ * } ++ */ ++typedef struct krb5_encdata_st { ++ ASN1_INTEGER *etype; ++ ASN1_INTEGER *kvno; ++ ASN1_OCTET_STRING *cipher; ++} KRB5_ENCDATA; ++ ++DECLARE_STACK_OF(KRB5_ENCDATA) ++ ++/*- PrincipalName ::= SEQUENCE { ++ * name-type[0] INTEGER, ++ * name-string[1] SEQUENCE OF GeneralString ++ * } ++ */ ++typedef struct krb5_princname_st { ++ ASN1_INTEGER *nametype; ++ STACK_OF(ASN1_GENERALSTRING) *namestring; ++} KRB5_PRINCNAME; ++ ++DECLARE_STACK_OF(KRB5_PRINCNAME) ++ ++/*- Ticket ::= [APPLICATION 1] SEQUENCE { ++ * tkt-vno[0] INTEGER, ++ * realm[1] Realm, ++ * sname[2] PrincipalName, ++ * enc-part[3] EncryptedData ++ * } ++ */ ++typedef struct krb5_tktbody_st { ++ ASN1_INTEGER *tktvno; ++ ASN1_GENERALSTRING *realm; ++ KRB5_PRINCNAME *sname; ++ KRB5_ENCDATA *encdata; ++} KRB5_TKTBODY; ++ ++typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; ++DECLARE_STACK_OF(KRB5_TKTBODY) ++ ++/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { ++ * pvno[0] INTEGER, ++ * msg-type[1] INTEGER, ++ * ap-options[2] APOptions, ++ * ticket[3] Ticket, ++ * authenticator[4] EncryptedData ++ * } ++ * ++ * APOptions ::= BIT STRING { ++ * reserved(0), use-session-key(1), mutual-required(2) } ++ */ ++typedef struct krb5_ap_req_st { ++ ASN1_INTEGER *pvno; ++ ASN1_INTEGER *msgtype; ++ ASN1_BIT_STRING *apoptions; ++ KRB5_TICKET *ticket; ++ KRB5_ENCDATA *authenticator; ++} KRB5_APREQBODY; ++ ++typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; ++DECLARE_STACK_OF(KRB5_APREQBODY) ++ ++/* Authenticator Stuff */ ++ ++/*- Checksum ::= SEQUENCE { ++ * cksumtype[0] INTEGER, ++ * checksum[1] OCTET STRING ++ * } ++ */ ++typedef struct krb5_checksum_st { ++ ASN1_INTEGER *ctype; ++ ASN1_OCTET_STRING *checksum; ++} KRB5_CHECKSUM; ++ ++DECLARE_STACK_OF(KRB5_CHECKSUM) ++ ++/*- EncryptionKey ::= SEQUENCE { ++ * keytype[0] INTEGER, ++ * keyvalue[1] OCTET STRING ++ * } ++ */ ++typedef struct krb5_encryptionkey_st { ++ ASN1_INTEGER *ktype; ++ ASN1_OCTET_STRING *keyvalue; ++} KRB5_ENCKEY; ++ ++DECLARE_STACK_OF(KRB5_ENCKEY) ++ ++/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { ++ * ad-type[0] INTEGER, ++ * ad-data[1] OCTET STRING ++ * } ++ */ ++typedef struct krb5_authorization_st { ++ ASN1_INTEGER *adtype; ++ ASN1_OCTET_STRING *addata; ++} KRB5_AUTHDATA; ++ ++DECLARE_STACK_OF(KRB5_AUTHDATA) ++ ++/*- -- Unencrypted authenticator ++ * Authenticator ::= [APPLICATION 2] SEQUENCE { ++ * authenticator-vno[0] INTEGER, ++ * crealm[1] Realm, ++ * cname[2] PrincipalName, ++ * cksum[3] Checksum OPTIONAL, ++ * cusec[4] INTEGER, ++ * ctime[5] KerberosTime, ++ * subkey[6] EncryptionKey OPTIONAL, ++ * seq-number[7] INTEGER OPTIONAL, ++ * authorization-data[8] AuthorizationData OPTIONAL ++ * } ++ */ ++typedef struct krb5_authenticator_st { ++ ASN1_INTEGER *avno; ++ ASN1_GENERALSTRING *crealm; ++ KRB5_PRINCNAME *cname; ++ KRB5_CHECKSUM *cksum; ++ ASN1_INTEGER *cusec; ++ ASN1_GENERALIZEDTIME *ctime; ++ KRB5_ENCKEY *subkey; ++ ASN1_INTEGER *seqnum; ++ KRB5_AUTHDATA *authorization; ++} KRB5_AUTHENTBODY; ++ ++typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; ++DECLARE_STACK_OF(KRB5_AUTHENTBODY) ++ ++/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = ++ * type *name##_new(void); ++ * void name##_free(type *a); ++ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = ++ * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = ++ * type *d2i_##name(type **a, const unsigned char **in, long len); ++ * int i2d_##name(type *a, unsigned char **out); ++ * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it ++ */ ++ ++DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) ++DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) ++DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY) ++DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY) ++DECLARE_ASN1_FUNCTIONS(KRB5_TICKET) ++DECLARE_ASN1_FUNCTIONS(KRB5_APREQ) ++ ++DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM) ++DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY) ++DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) ++DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) ++DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) ++ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/kssl.h b/Cryptlib/Include/openssl/kssl.h +new file mode 100644 +index 0000000..ae8a51f +--- /dev/null ++++ b/Cryptlib/Include/openssl/kssl.h +@@ -0,0 +1,197 @@ ++/* ssl/kssl.h */ ++/* ++ * Written by Vern Staats for the OpenSSL project ++ * 2000. project 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ ** 19990701 VRS Started. ++ */ ++ ++#ifndef KSSL_H ++# define KSSL_H ++ ++# include ++ ++# ifndef OPENSSL_NO_KRB5 ++ ++# include ++# include ++# include ++# ifdef OPENSSL_SYS_WIN32 ++/* ++ * These can sometimes get redefined indirectly by krb5 header files after ++ * they get undefed in ossl_typ.h ++ */ ++# undef X509_NAME ++# undef X509_EXTENSIONS ++# undef OCSP_REQUEST ++# undef OCSP_RESPONSE ++# endif ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ * Depending on which KRB5 implementation used, some types from ++ * the other may be missing. Resolve that here and now ++ */ ++# ifdef KRB5_HEIMDAL ++typedef unsigned char krb5_octet; ++# define FAR ++# else ++ ++# ifndef FAR ++# define FAR ++# endif ++ ++# endif ++ ++/*- ++ * Uncomment this to debug kssl problems or ++ * to trace usage of the Kerberos session key ++ * ++ * #define KSSL_DEBUG ++ */ ++ ++# ifndef KRB5SVC ++# define KRB5SVC "host" ++# endif ++ ++# ifndef KRB5KEYTAB ++# define KRB5KEYTAB "/etc/krb5.keytab" ++# endif ++ ++# ifndef KRB5SENDAUTH ++# define KRB5SENDAUTH 1 ++# endif ++ ++# ifndef KRB5CHECKAUTH ++# define KRB5CHECKAUTH 1 ++# endif ++ ++# ifndef KSSL_CLOCKSKEW ++# define KSSL_CLOCKSKEW 300; ++# endif ++ ++# define KSSL_ERR_MAX 255 ++typedef struct kssl_err_st { ++ int reason; ++ char text[KSSL_ERR_MAX + 1]; ++} KSSL_ERR; ++ ++/*- Context for passing ++ * (1) Kerberos session key to SSL, and ++ * (2) Config data between application and SSL lib ++ */ ++typedef struct kssl_ctx_st { ++ /* used by: disposition: */ ++ char *service_name; /* C,S default ok (kssl) */ ++ char *service_host; /* C input, REQUIRED */ ++ char *client_princ; /* S output from krb5 ticket */ ++ char *keytab_file; /* S NULL (/etc/krb5.keytab) */ ++ char *cred_cache; /* C NULL (default) */ ++ krb5_enctype enctype; ++ int length; ++ krb5_octet FAR *key; ++} KSSL_CTX; ++ ++# define KSSL_CLIENT 1 ++# define KSSL_SERVER 2 ++# define KSSL_SERVICE 3 ++# define KSSL_KEYTAB 4 ++ ++# define KSSL_CTX_OK 0 ++# define KSSL_CTX_ERR 1 ++# define KSSL_NOMEM 2 ++ ++/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ ++krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); ++KSSL_CTX *kssl_ctx_new(void); ++KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); ++void kssl_ctx_show(KSSL_CTX *kssl_ctx); ++krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, ++ krb5_data *realm, krb5_data *entity, ++ int nentities); ++krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, ++ krb5_data *authenp, KSSL_ERR *kssl_err); ++krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, ++ krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); ++krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); ++void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); ++void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); ++krb5_error_code kssl_build_principal_2(krb5_context context, ++ krb5_principal *princ, int rlen, ++ const char *realm, int slen, ++ const char *svc, int hlen, ++ const char *host); ++krb5_error_code kssl_validate_times(krb5_timestamp atime, ++ krb5_ticket_times *ttimes); ++krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, ++ krb5_timestamp *atimep, ++ KSSL_ERR *kssl_err); ++unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); ++ ++void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); ++KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); ++char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); ++ ++#ifdef __cplusplus ++} ++#endif ++# endif /* OPENSSL_NO_KRB5 */ ++#endif /* KSSL_H */ +diff --git a/Cryptlib/Include/openssl/lhash.h b/Cryptlib/Include/openssl/lhash.h +index e2ccb65..b6c328b 100644 +--- a/Cryptlib/Include/openssl/lhash.h ++++ b/Cryptlib/Include/openssl/lhash.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/lhash/lhash.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* +@@ -15,18 +64,30 @@ + # define HEADER_LHASH_H + + # include +-# include ++# ifndef OPENSSL_NO_FP_API ++# include ++# endif ++ ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + + #ifdef __cplusplus + extern "C" { + #endif + +-typedef struct lhash_node_st OPENSSL_LH_NODE; +-typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *); +-typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *); +-typedef void (*OPENSSL_LH_DOALL_FUNC) (void *); +-typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *); +-typedef struct lhash_st OPENSSL_LHASH; ++typedef struct lhash_node_st { ++ void *data; ++ struct lhash_node_st *next; ++# ifndef OPENSSL_NO_HASH_COMP ++ unsigned long hash; ++# endif ++} LHASH_NODE; ++ ++typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *); ++typedef unsigned long (*LHASH_HASH_FN_TYPE) (const void *); ++typedef void (*LHASH_DOALL_FN_TYPE) (void *); ++typedef void (*LHASH_DOALL_ARG_FN_TYPE) (void *, void *); + + /* + * Macros for declaring and implementing type-safe wrappers for LHASH +@@ -56,6 +117,15 @@ typedef struct lhash_st OPENSSL_LHASH; + return name##_cmp(a,b); } + # define LHASH_COMP_FN(name) name##_LHASH_COMP + ++/* Third: "doall" functions */ ++# define DECLARE_LHASH_DOALL_FN(name, o_type) \ ++ void name##_LHASH_DOALL(void *); ++# define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ ++ void name##_LHASH_DOALL(void *arg) { \ ++ o_type *a = arg; \ ++ name##_doall(a); } ++# define LHASH_DOALL_FN(name) name##_LHASH_DOALL ++ + /* Fourth: "doall_arg" functions */ + # define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +@@ -66,136 +136,102 @@ typedef struct lhash_st OPENSSL_LHASH; + name##_doall_arg(a, b); } + # define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + ++typedef struct lhash_st { ++ LHASH_NODE **b; ++ LHASH_COMP_FN_TYPE comp; ++ LHASH_HASH_FN_TYPE hash; ++ unsigned int num_nodes; ++ unsigned int num_alloc_nodes; ++ unsigned int p; ++ unsigned int pmax; ++ unsigned long up_load; /* load times 256 */ ++ unsigned long down_load; /* load times 256 */ ++ unsigned long num_items; ++ unsigned long num_expands; ++ unsigned long num_expand_reallocs; ++ unsigned long num_contracts; ++ unsigned long num_contract_reallocs; ++ unsigned long num_hash_calls; ++ unsigned long num_comp_calls; ++ unsigned long num_insert; ++ unsigned long num_replace; ++ unsigned long num_delete; ++ unsigned long num_no_delete; ++ unsigned long num_retrieve; ++ unsigned long num_retrieve_miss; ++ unsigned long num_hash_comps; ++ int error; ++} _LHASH; /* Do not use _LHASH directly, use LHASH_OF ++ * and friends */ + + # define LH_LOAD_MULT 256 + +-int OPENSSL_LH_error(OPENSSL_LHASH *lh); +-OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c); +-void OPENSSL_LH_free(OPENSSL_LHASH *lh); +-void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data); +-void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data); +-void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data); +-void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); +-void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); +-unsigned long OPENSSL_LH_strhash(const char *c); +-unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh); +-unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh); +-void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load); +- +-# ifndef OPENSSL_NO_STDIO +-void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp); +-void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp); +-void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp); ++/* ++ * Indicates a malloc() error in the last call, this is only bad in ++ * lh_insert(). ++ */ ++# define lh_error(lh) ((lh)->error) ++ ++_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); ++void lh_free(_LHASH *lh); ++void *lh_insert(_LHASH *lh, void *data); ++void *lh_delete(_LHASH *lh, const void *data); ++void *lh_retrieve(_LHASH *lh, const void *data); ++void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); ++void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); ++unsigned long lh_strhash(const char *c); ++unsigned long lh_num_items(const _LHASH *lh); ++ ++# ifndef OPENSSL_NO_FP_API ++void lh_stats(const _LHASH *lh, FILE *out); ++void lh_node_stats(const _LHASH *lh, FILE *out); ++void lh_node_usage_stats(const _LHASH *lh, FILE *out); + # endif +-void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +-void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +-void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out); +- +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define _LHASH OPENSSL_LHASH +-# define LHASH_NODE OPENSSL_LH_NODE +-# define lh_error OPENSSL_LH_error +-# define lh_new OPENSSL_lh_new +-# define lh_free OPENSSL_LH_free +-# define lh_insert OPENSSL_LH_insert +-# define lh_delete OPENSSL_LH_delete +-# define lh_retrieve OPENSSL_LH_retrieve +-# define lh_doall OPENSSL_LH_doall +-# define lh_doall_arg OPENSSL_LH_doall_arg +-# define lh_strhash OPENSSL_LH_strhash +-# define lh_num_items OPENSSL_LH_num_items +-# ifndef OPENSSL_NO_STDIO +-# define lh_stats OPENSSL_LH_stats +-# define lh_node_stats OPENSSL_LH_node_stats +-# define lh_node_usage_stats OPENSSL_LH_node_usage_stats +-# endif +-# define lh_stats_bio OPENSSL_LH_stats_bio +-# define lh_node_stats_bio OPENSSL_LH_node_stats_bio +-# define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio ++ ++# ifndef OPENSSL_NO_BIO ++void lh_stats_bio(const _LHASH *lh, BIO *out); ++void lh_node_stats_bio(const _LHASH *lh, BIO *out); ++void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); + # endif + + /* Type checking... */ + + # define LHASH_OF(type) struct lhash_st_##type + +-# define DEFINE_LHASH_OF(type) \ +- LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \ +- static ossl_inline LHASH_OF(type) * \ +- lh_##type##_new(unsigned long (*hfn)(const type *), \ +- int (*cfn)(const type *, const type *)) \ +- { \ +- return (LHASH_OF(type) *) \ +- OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \ +- } \ +- static ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \ +- { \ +- OPENSSL_LH_free((OPENSSL_LHASH *)lh); \ +- } \ +- static ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \ +- { \ +- return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \ +- } \ +- static ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \ +- { \ +- return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \ +- } \ +- static ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \ +- { \ +- return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \ +- } \ +- static ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \ +- { \ +- return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \ +- } \ +- static ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \ +- { \ +- return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \ +- } \ +- static ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ +- { \ +- OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \ +- } \ +- static ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ +- { \ +- OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \ +- } \ +- static ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \ +- { \ +- OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \ +- } \ +- static ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \ +- { \ +- return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \ +- } \ +- static ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \ +- { \ +- OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \ +- } \ +- static ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \ +- void (*doall)(type *)) \ +- { \ +- OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \ +- } \ +- LHASH_OF(type) +- +-#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \ +- int_implement_lhash_doall(type, argtype, const type) +- +-#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \ +- int_implement_lhash_doall(type, argtype, type) +- +-#define int_implement_lhash_doall(type, argtype, cbargtype) \ +- static ossl_inline void \ +- lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \ +- void (*fn)(cbargtype *, argtype *), \ +- argtype *arg) \ +- { \ +- OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \ +- } \ +- LHASH_OF(type) +- +-DEFINE_LHASH_OF(OPENSSL_STRING); +-DEFINE_LHASH_OF(OPENSSL_CSTRING); ++# define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } ++ ++# define CHECKED_LHASH_OF(type,lh) \ ++ ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) ++ ++/* Define wrapper functions. */ ++# define LHM_lh_new(type, name) \ ++ ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) ++# define LHM_lh_error(type, lh) \ ++ lh_error(CHECKED_LHASH_OF(type,lh)) ++# define LHM_lh_insert(type, lh, inst) \ ++ ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ ++ CHECKED_PTR_OF(type, inst))) ++# define LHM_lh_retrieve(type, lh, inst) \ ++ ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ ++ CHECKED_PTR_OF(type, inst))) ++# define LHM_lh_delete(type, lh, inst) \ ++ ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ ++ CHECKED_PTR_OF(type, inst))) ++# define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) ++# define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ ++ lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) ++# define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) ++# define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) ++# define LHM_lh_node_stats_bio(type, lh, out) \ ++ lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) ++# define LHM_lh_node_usage_stats_bio(type, lh, out) \ ++ lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) ++# define LHM_lh_stats_bio(type, lh, out) \ ++ lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) ++# define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) ++ ++DECLARE_LHASH_OF(OPENSSL_STRING); ++DECLARE_LHASH_OF(OPENSSL_CSTRING); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/md2.h b/Cryptlib/Include/openssl/md2.h +deleted file mode 100644 +index 7faf8e3..0000000 +--- a/Cryptlib/Include/openssl/md2.h ++++ /dev/null +@@ -1,44 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_MD2_H +-# define HEADER_MD2_H +- +-# include +- +-# ifndef OPENSSL_NO_MD2 +-# include +-# ifdef __cplusplus +-extern "C" { +-# endif +- +-typedef unsigned char MD2_INT; +- +-# define MD2_DIGEST_LENGTH 16 +-# define MD2_BLOCK 16 +- +-typedef struct MD2state_st { +- unsigned int num; +- unsigned char data[MD2_BLOCK]; +- MD2_INT cksm[MD2_BLOCK]; +- MD2_INT state[MD2_BLOCK]; +-} MD2_CTX; +- +-const char *MD2_options(void); +-int MD2_Init(MD2_CTX *c); +-int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len); +-int MD2_Final(unsigned char *md, MD2_CTX *c); +-unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md); +- +-# ifdef __cplusplus +-} +-# endif +-# endif +- +-#endif +diff --git a/Cryptlib/Include/openssl/md4.h b/Cryptlib/Include/openssl/md4.h +index 940e29d..11fd712 100644 +--- a/Cryptlib/Include/openssl/md4.h ++++ b/Cryptlib/Include/openssl/md4.h +@@ -1,30 +1,97 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/md4/md4.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_MD4_H + # define HEADER_MD4_H + +-# include +- +-# ifndef OPENSSL_NO_MD4 + # include + # include +-# ifdef __cplusplus ++ ++#ifdef __cplusplus + extern "C" { ++#endif ++ ++# ifdef OPENSSL_NO_MD4 ++# error MD4 is disabled. + # endif + + /*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- * ! MD4_LONG has to be at least 32 bits wide. ! ++ * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! ++ * ! MD4_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +-# define MD4_LONG unsigned int ++ ++# if defined(__LP32__) ++# define MD4_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define MD4_LONG unsigned long ++# define MD4_LONG_LOG2 3 ++/* ++ * _CRAY note. I could declare short, but I have no idea what impact ++ * does it have on performance on none-T3E machines. I could declare ++ * int, but at least on C90 sizeof(int) can be chosen at compile time. ++ * So I've chosen long... ++ * ++ */ ++# else ++# define MD4_LONG unsigned int ++# endif + + # define MD4_CBLOCK 64 + # define MD4_LBLOCK (MD4_CBLOCK/4) +@@ -37,15 +104,16 @@ typedef struct MD4state_st { + unsigned int num; + } MD4_CTX; + ++# ifdef OPENSSL_FIPS ++int private_MD4_Init(MD4_CTX *c); ++# endif + int MD4_Init(MD4_CTX *c); + int MD4_Update(MD4_CTX *c, const void *data, size_t len); + int MD4_Final(unsigned char *md, MD4_CTX *c); + unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); + void MD4_Transform(MD4_CTX *c, const unsigned char *b); +- +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/md5.h b/Cryptlib/Include/openssl/md5.h +index 2deb772..2659038 100644 +--- a/Cryptlib/Include/openssl/md5.h ++++ b/Cryptlib/Include/openssl/md5.h +@@ -1,30 +1,97 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/md5/md5.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_MD5_H + # define HEADER_MD5_H + +-# include +- +-# ifndef OPENSSL_NO_MD5 + # include + # include +-# ifdef __cplusplus ++ ++#ifdef __cplusplus + extern "C" { ++#endif ++ ++# ifdef OPENSSL_NO_MD5 ++# error MD5 is disabled. + # endif + + /* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- * ! MD5_LONG has to be at least 32 bits wide. ! ++ * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! ++ * ! MD5_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +-# define MD5_LONG unsigned int ++ ++# if defined(__LP32__) ++# define MD5_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define MD5_LONG unsigned long ++# define MD5_LONG_LOG2 3 ++/* ++ * _CRAY note. I could declare short, but I have no idea what impact ++ * does it have on performance on none-T3E machines. I could declare ++ * int, but at least on C90 sizeof(int) can be chosen at compile time. ++ * So I've chosen long... ++ * ++ */ ++# else ++# define MD5_LONG unsigned int ++# endif + + # define MD5_CBLOCK 64 + # define MD5_LBLOCK (MD5_CBLOCK/4) +@@ -37,14 +104,16 @@ typedef struct MD5state_st { + unsigned int num; + } MD5_CTX; + ++# ifdef OPENSSL_FIPS ++int private_MD5_Init(MD5_CTX *c); ++# endif + int MD5_Init(MD5_CTX *c); + int MD5_Update(MD5_CTX *c, const void *data, size_t len); + int MD5_Final(unsigned char *md, MD5_CTX *c); + unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md); + void MD5_Transform(MD5_CTX *c, const unsigned char *b); +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/mdc2.h b/Cryptlib/Include/openssl/mdc2.h +index aabd2bf..7efe53b 100644 +--- a/Cryptlib/Include/openssl/mdc2.h ++++ b/Cryptlib/Include/openssl/mdc2.h +@@ -1,22 +1,72 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/mdc2/mdc2.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_MDC2_H + # define HEADER_MDC2_H + +-# include +- +-#ifndef OPENSSL_NO_MDC2 +-# include + # include +-# ifdef __cplusplus ++ ++#ifdef __cplusplus + extern "C" { ++#endif ++ ++# ifdef OPENSSL_NO_MDC2 ++# error MDC2 is disabled. + # endif + + # define MDC2_BLOCK 8 +@@ -29,14 +79,16 @@ typedef struct mdc2_ctx_st { + int pad_type; /* either 1 or 2, default 1 */ + } MDC2_CTX; + ++# ifdef OPENSSL_FIPS ++int private_MDC2_Init(MDC2_CTX *c); ++# endif + int MDC2_Init(MDC2_CTX *c); + int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len); + int MDC2_Final(unsigned char *md, MDC2_CTX *c); + unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md); + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/modes.h b/Cryptlib/Include/openssl/modes.h +index a04c6a5..fd48849 100644 +--- a/Cryptlib/Include/openssl/modes.h ++++ b/Cryptlib/Include/openssl/modes.h +@@ -1,10 +1,8 @@ +-/* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Rights for redistribution and usage in source and binary ++ * forms are granted according to the OpenSSL license. + */ + + #include +@@ -159,44 +157,6 @@ size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, + block128_f block); +-size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, +- unsigned char *out, const unsigned char *in, +- size_t inlen, block128_f block); +-size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, +- unsigned char *out, const unsigned char *in, +- size_t inlen, block128_f block); +- +-#ifndef OPENSSL_NO_OCB +-typedef struct ocb128_context OCB128_CONTEXT; +- +-typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out, +- size_t blocks, const void *key, +- size_t start_block_num, +- unsigned char offset_i[16], +- const unsigned char L_[][16], +- unsigned char checksum[16]); +- +-OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, +- block128_f encrypt, block128_f decrypt, +- ocb128_f stream); +-int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, +- block128_f encrypt, block128_f decrypt, +- ocb128_f stream); +-int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, +- void *keyenc, void *keydec); +-int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, +- size_t len, size_t taglen); +-int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, +- size_t len); +-int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in, +- unsigned char *out, size_t len); +-int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in, +- unsigned char *out, size_t len); +-int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, +- size_t len); +-int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); +-void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); +-#endif /* OPENSSL_NO_OCB */ + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/obj_mac.h b/Cryptlib/Include/openssl/obj_mac.h +index f97f3ea..779c309 100644 +--- a/Cryptlib/Include/openssl/obj_mac.h ++++ b/Cryptlib/Include/openssl/obj_mac.h +@@ -1,12 +1,65 @@ ++/* crypto/objects/obj_mac.h */ ++ + /* +- * WARNING: do not edit! +- * Generated by crypto/objects/objects.pl ++ * THIS FILE IS GENERATED FROM objects.txt by objects.pl via the following ++ * command: perl objects.pl objects.txt obj_mac.num obj_mac.h ++ */ ++ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #define SN_undef "UNDEF" +@@ -800,22 +853,10 @@ + #define NID_id_smime_ct_compressedData 786 + #define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +-#define SN_id_smime_ct_contentCollection "id-smime-ct-contentCollection" +-#define NID_id_smime_ct_contentCollection 1058 +-#define OBJ_id_smime_ct_contentCollection OBJ_id_smime_ct,19L +- +-#define SN_id_smime_ct_authEnvelopedData "id-smime-ct-authEnvelopedData" +-#define NID_id_smime_ct_authEnvelopedData 1059 +-#define OBJ_id_smime_ct_authEnvelopedData OBJ_id_smime_ct,23L +- + #define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" + #define NID_id_ct_asciiTextWithCRLF 787 + #define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +-#define SN_id_ct_xml "id-ct-xml" +-#define NID_id_ct_xml 1060 +-#define OBJ_id_ct_xml OBJ_id_smime_ct,28L +- + #define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" + #define NID_id_smime_aa_receiptRequest 212 + #define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L +@@ -1449,11 +1490,6 @@ + #define NID_proxyCertInfo 663 + #define OBJ_proxyCertInfo OBJ_id_pe,14L + +-#define SN_tlsfeature "tlsfeature" +-#define LN_tlsfeature "TLS Feature" +-#define NID_tlsfeature 1020 +-#define OBJ_tlsfeature OBJ_id_pe,24L +- + #define SN_id_qt_cps "id-qt-cps" + #define LN_id_qt_cps "Policy Qualifier CPS" + #define NID_id_qt_cps 164 +@@ -1518,51 +1554,6 @@ + #define NID_dvcs 297 + #define OBJ_dvcs OBJ_id_kp,10L + +-#define SN_ipsec_IKE "ipsecIKE" +-#define LN_ipsec_IKE "ipsec Internet Key Exchange" +-#define NID_ipsec_IKE 1022 +-#define OBJ_ipsec_IKE OBJ_id_kp,17L +- +-#define SN_capwapAC "capwapAC" +-#define LN_capwapAC "Ctrl/provision WAP Access" +-#define NID_capwapAC 1023 +-#define OBJ_capwapAC OBJ_id_kp,18L +- +-#define SN_capwapWTP "capwapWTP" +-#define LN_capwapWTP "Ctrl/Provision WAP Termination" +-#define NID_capwapWTP 1024 +-#define OBJ_capwapWTP OBJ_id_kp,19L +- +-#define SN_sshClient "secureShellClient" +-#define LN_sshClient "SSH Client" +-#define NID_sshClient 1025 +-#define OBJ_sshClient OBJ_id_kp,21L +- +-#define SN_sshServer "secureShellServer" +-#define LN_sshServer "SSH Server" +-#define NID_sshServer 1026 +-#define OBJ_sshServer OBJ_id_kp,22L +- +-#define SN_sendRouter "sendRouter" +-#define LN_sendRouter "Send Router" +-#define NID_sendRouter 1027 +-#define OBJ_sendRouter OBJ_id_kp,23L +- +-#define SN_sendProxiedRouter "sendProxiedRouter" +-#define LN_sendProxiedRouter "Send Proxied Router" +-#define NID_sendProxiedRouter 1028 +-#define OBJ_sendProxiedRouter OBJ_id_kp,24L +- +-#define SN_sendOwner "sendOwner" +-#define LN_sendOwner "Send Owner" +-#define NID_sendOwner 1029 +-#define OBJ_sendOwner OBJ_id_kp,25L +- +-#define SN_sendProxiedOwner "sendProxiedOwner" +-#define LN_sendProxiedOwner "Send Proxied Owner" +-#define NID_sendProxiedOwner 1030 +-#define OBJ_sendProxiedOwner OBJ_id_kp,26L +- + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" + #define NID_id_it_caProtEncCert 298 + #define OBJ_id_it_caProtEncCert OBJ_id_it,1L +@@ -2039,16 +2030,6 @@ + #define NID_ripemd160WithRSA 119 + #define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +-#define SN_blake2b512 "BLAKE2b512" +-#define LN_blake2b512 "blake2b512" +-#define NID_blake2b512 1056 +-#define OBJ_blake2b512 1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L +- +-#define SN_blake2s256 "BLAKE2s256" +-#define LN_blake2s256 "blake2s256" +-#define NID_blake2s256 1057 +-#define OBJ_blake2s256 1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L +- + #define SN_sxnet "SXNetID" + #define LN_sxnet "Strong Extranet ID" + #define NID_sxnet 143 +@@ -2373,7 +2354,7 @@ + #define OBJ_delta_crl OBJ_id_ce,27L + + #define SN_issuing_distribution_point "issuingDistributionPoint" +-#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" ++#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" + #define NID_issuing_distribution_point 770 + #define OBJ_issuing_distribution_point OBJ_id_ce,28L + +@@ -2598,6 +2579,11 @@ + #define NID_id_hex_multipart_message 508 + #define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + ++#define SN_rle_compression "RLE" ++#define LN_rle_compression "run length compression" ++#define NID_rle_compression 124 ++#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L ++ + #define SN_zlib_compression "ZLIB" + #define LN_zlib_compression "zlib compression" + #define NID_zlib_compression 125 +@@ -2759,18 +2745,6 @@ + #define LN_aes_256_ctr "aes-256-ctr" + #define NID_aes_256_ctr 906 + +-#define SN_aes_128_ocb "AES-128-OCB" +-#define LN_aes_128_ocb "aes-128-ocb" +-#define NID_aes_128_ocb 958 +- +-#define SN_aes_192_ocb "AES-192-OCB" +-#define LN_aes_192_ocb "aes-192-ocb" +-#define NID_aes_192_ocb 959 +- +-#define SN_aes_256_ocb "AES-256-OCB" +-#define LN_aes_256_ocb "aes-256-ocb" +-#define NID_aes_256_ocb 960 +- + #define SN_aes_128_xts "AES-128-XTS" + #define LN_aes_128_xts "aes-128-xts" + #define NID_aes_128_xts 913 +@@ -3089,11 +3063,6 @@ + #define NID_friendlyCountryName 490 + #define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +-#define SN_uniqueIdentifier "uid" +-#define LN_uniqueIdentifier "uniqueIdentifier" +-#define NID_uniqueIdentifier 102 +-#define OBJ_uniqueIdentifier OBJ_pilotAttributeType,44L +- + #define LN_organizationalStatus "organizationalStatus" + #define NID_organizationalStatus 491 + #define OBJ_organizationalStatus OBJ_pilotAttributeType,45L +@@ -3709,10 +3678,6 @@ + #define NID_cryptocom 806 + #define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +-#define SN_id_tc26 "id-tc26" +-#define NID_id_tc26 974 +-#define OBJ_id_tc26 OBJ_member_body,643L,7L,1L +- + #define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" + #define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" + #define NID_id_GostR3411_94_with_GostR3410_2001 807 +@@ -3751,26 +3716,11 @@ + #define SN_gost89_cnt "gost89-cnt" + #define NID_gost89_cnt 814 + +-#define SN_gost89_cnt_12 "gost89-cnt-12" +-#define NID_gost89_cnt_12 975 +- +-#define SN_gost89_cbc "gost89-cbc" +-#define NID_gost89_cbc 1009 +- +-#define SN_gost89_ecb "gost89-ecb" +-#define NID_gost89_ecb 1010 +- +-#define SN_gost89_ctr "gost89-ctr" +-#define NID_gost89_ctr 1011 +- + #define SN_id_Gost28147_89_MAC "gost-mac" + #define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" + #define NID_id_Gost28147_89_MAC 815 + #define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +-#define SN_gost_mac_12 "gost-mac-12" +-#define NID_gost_mac_12 976 +- + #define SN_id_GostR3411_94_prf "prf-gostr3411-94" + #define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" + #define NID_id_GostR3411_94_prf 816 +@@ -3936,169 +3886,6 @@ + #define NID_id_GostR3410_2001_ParamSet_cc 854 + #define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +-#define SN_id_tc26_algorithms "id-tc26-algorithms" +-#define NID_id_tc26_algorithms 977 +-#define OBJ_id_tc26_algorithms OBJ_id_tc26,1L +- +-#define SN_id_tc26_sign "id-tc26-sign" +-#define NID_id_tc26_sign 978 +-#define OBJ_id_tc26_sign OBJ_id_tc26_algorithms,1L +- +-#define SN_id_GostR3410_2012_256 "gost2012_256" +-#define LN_id_GostR3410_2012_256 "GOST R 34.10-2012 with 256 bit modulus" +-#define NID_id_GostR3410_2012_256 979 +-#define OBJ_id_GostR3410_2012_256 OBJ_id_tc26_sign,1L +- +-#define SN_id_GostR3410_2012_512 "gost2012_512" +-#define LN_id_GostR3410_2012_512 "GOST R 34.10-2012 with 512 bit modulus" +-#define NID_id_GostR3410_2012_512 980 +-#define OBJ_id_GostR3410_2012_512 OBJ_id_tc26_sign,2L +- +-#define SN_id_tc26_digest "id-tc26-digest" +-#define NID_id_tc26_digest 981 +-#define OBJ_id_tc26_digest OBJ_id_tc26_algorithms,2L +- +-#define SN_id_GostR3411_2012_256 "md_gost12_256" +-#define LN_id_GostR3411_2012_256 "GOST R 34.11-2012 with 256 bit hash" +-#define NID_id_GostR3411_2012_256 982 +-#define OBJ_id_GostR3411_2012_256 OBJ_id_tc26_digest,2L +- +-#define SN_id_GostR3411_2012_512 "md_gost12_512" +-#define LN_id_GostR3411_2012_512 "GOST R 34.11-2012 with 512 bit hash" +-#define NID_id_GostR3411_2012_512 983 +-#define OBJ_id_GostR3411_2012_512 OBJ_id_tc26_digest,3L +- +-#define SN_id_tc26_signwithdigest "id-tc26-signwithdigest" +-#define NID_id_tc26_signwithdigest 984 +-#define OBJ_id_tc26_signwithdigest OBJ_id_tc26_algorithms,3L +- +-#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +-#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" +-#define NID_id_tc26_signwithdigest_gost3410_2012_256 985 +-#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_id_tc26_signwithdigest,2L +- +-#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +-#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" +-#define NID_id_tc26_signwithdigest_gost3410_2012_512 986 +-#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_id_tc26_signwithdigest,3L +- +-#define SN_id_tc26_mac "id-tc26-mac" +-#define NID_id_tc26_mac 987 +-#define OBJ_id_tc26_mac OBJ_id_tc26_algorithms,4L +- +-#define SN_id_tc26_hmac_gost_3411_2012_256 "id-tc26-hmac-gost-3411-2012-256" +-#define LN_id_tc26_hmac_gost_3411_2012_256 "HMAC GOST 34.11-2012 256 bit" +-#define NID_id_tc26_hmac_gost_3411_2012_256 988 +-#define OBJ_id_tc26_hmac_gost_3411_2012_256 OBJ_id_tc26_mac,1L +- +-#define SN_id_tc26_hmac_gost_3411_2012_512 "id-tc26-hmac-gost-3411-2012-512" +-#define LN_id_tc26_hmac_gost_3411_2012_512 "HMAC GOST 34.11-2012 512 bit" +-#define NID_id_tc26_hmac_gost_3411_2012_512 989 +-#define OBJ_id_tc26_hmac_gost_3411_2012_512 OBJ_id_tc26_mac,2L +- +-#define SN_id_tc26_cipher "id-tc26-cipher" +-#define NID_id_tc26_cipher 990 +-#define OBJ_id_tc26_cipher OBJ_id_tc26_algorithms,5L +- +-#define SN_id_tc26_agreement "id-tc26-agreement" +-#define NID_id_tc26_agreement 991 +-#define OBJ_id_tc26_agreement OBJ_id_tc26_algorithms,6L +- +-#define SN_id_tc26_agreement_gost_3410_2012_256 "id-tc26-agreement-gost-3410-2012-256" +-#define NID_id_tc26_agreement_gost_3410_2012_256 992 +-#define OBJ_id_tc26_agreement_gost_3410_2012_256 OBJ_id_tc26_agreement,1L +- +-#define SN_id_tc26_agreement_gost_3410_2012_512 "id-tc26-agreement-gost-3410-2012-512" +-#define NID_id_tc26_agreement_gost_3410_2012_512 993 +-#define OBJ_id_tc26_agreement_gost_3410_2012_512 OBJ_id_tc26_agreement,2L +- +-#define SN_id_tc26_constants "id-tc26-constants" +-#define NID_id_tc26_constants 994 +-#define OBJ_id_tc26_constants OBJ_id_tc26,2L +- +-#define SN_id_tc26_sign_constants "id-tc26-sign-constants" +-#define NID_id_tc26_sign_constants 995 +-#define OBJ_id_tc26_sign_constants OBJ_id_tc26_constants,1L +- +-#define SN_id_tc26_gost_3410_2012_512_constants "id-tc26-gost-3410-2012-512-constants" +-#define NID_id_tc26_gost_3410_2012_512_constants 996 +-#define OBJ_id_tc26_gost_3410_2012_512_constants OBJ_id_tc26_sign_constants,2L +- +-#define SN_id_tc26_gost_3410_2012_512_paramSetTest "id-tc26-gost-3410-2012-512-paramSetTest" +-#define LN_id_tc26_gost_3410_2012_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +-#define NID_id_tc26_gost_3410_2012_512_paramSetTest 997 +-#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest OBJ_id_tc26_gost_3410_2012_512_constants,0L +- +-#define SN_id_tc26_gost_3410_2012_512_paramSetA "id-tc26-gost-3410-2012-512-paramSetA" +-#define LN_id_tc26_gost_3410_2012_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +-#define NID_id_tc26_gost_3410_2012_512_paramSetA 998 +-#define OBJ_id_tc26_gost_3410_2012_512_paramSetA OBJ_id_tc26_gost_3410_2012_512_constants,1L +- +-#define SN_id_tc26_gost_3410_2012_512_paramSetB "id-tc26-gost-3410-2012-512-paramSetB" +-#define LN_id_tc26_gost_3410_2012_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +-#define NID_id_tc26_gost_3410_2012_512_paramSetB 999 +-#define OBJ_id_tc26_gost_3410_2012_512_paramSetB OBJ_id_tc26_gost_3410_2012_512_constants,2L +- +-#define SN_id_tc26_digest_constants "id-tc26-digest-constants" +-#define NID_id_tc26_digest_constants 1000 +-#define OBJ_id_tc26_digest_constants OBJ_id_tc26_constants,2L +- +-#define SN_id_tc26_cipher_constants "id-tc26-cipher-constants" +-#define NID_id_tc26_cipher_constants 1001 +-#define OBJ_id_tc26_cipher_constants OBJ_id_tc26_constants,5L +- +-#define SN_id_tc26_gost_28147_constants "id-tc26-gost-28147-constants" +-#define NID_id_tc26_gost_28147_constants 1002 +-#define OBJ_id_tc26_gost_28147_constants OBJ_id_tc26_cipher_constants,1L +- +-#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +-#define LN_id_tc26_gost_28147_param_Z "GOST 28147-89 TC26 parameter set" +-#define NID_id_tc26_gost_28147_param_Z 1003 +-#define OBJ_id_tc26_gost_28147_param_Z OBJ_id_tc26_gost_28147_constants,1L +- +-#define SN_INN "INN" +-#define LN_INN "INN" +-#define NID_INN 1004 +-#define OBJ_INN OBJ_member_body,643L,3L,131L,1L,1L +- +-#define SN_OGRN "OGRN" +-#define LN_OGRN "OGRN" +-#define NID_OGRN 1005 +-#define OBJ_OGRN OBJ_member_body,643L,100L,1L +- +-#define SN_SNILS "SNILS" +-#define LN_SNILS "SNILS" +-#define NID_SNILS 1006 +-#define OBJ_SNILS OBJ_member_body,643L,100L,3L +- +-#define SN_subjectSignTool "subjectSignTool" +-#define LN_subjectSignTool "Signing Tool of Subject" +-#define NID_subjectSignTool 1007 +-#define OBJ_subjectSignTool OBJ_member_body,643L,100L,111L +- +-#define SN_issuerSignTool "issuerSignTool" +-#define LN_issuerSignTool "Signing Tool of Issuer" +-#define NID_issuerSignTool 1008 +-#define OBJ_issuerSignTool OBJ_member_body,643L,100L,112L +- +-#define SN_grasshopper_ecb "grasshopper-ecb" +-#define NID_grasshopper_ecb 1012 +- +-#define SN_grasshopper_ctr "grasshopper-ctr" +-#define NID_grasshopper_ctr 1013 +- +-#define SN_grasshopper_ofb "grasshopper-ofb" +-#define NID_grasshopper_ofb 1014 +- +-#define SN_grasshopper_cbc "grasshopper-cbc" +-#define NID_grasshopper_cbc 1015 +- +-#define SN_grasshopper_cfb "grasshopper-cfb" +-#define NID_grasshopper_cfb 1016 +- +-#define SN_grasshopper_mac "grasshopper-mac" +-#define NID_grasshopper_mac 1017 +- + #define SN_camellia_128_cbc "CAMELLIA-128-CBC" + #define LN_camellia_128_cbc "camellia-128-cbc" + #define NID_camellia_128_cbc 751 +@@ -4145,26 +3932,6 @@ + #define NID_camellia_128_cfb128 757 + #define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +-#define SN_camellia_128_gcm "CAMELLIA-128-GCM" +-#define LN_camellia_128_gcm "camellia-128-gcm" +-#define NID_camellia_128_gcm 961 +-#define OBJ_camellia_128_gcm OBJ_camellia,6L +- +-#define SN_camellia_128_ccm "CAMELLIA-128-CCM" +-#define LN_camellia_128_ccm "camellia-128-ccm" +-#define NID_camellia_128_ccm 962 +-#define OBJ_camellia_128_ccm OBJ_camellia,7L +- +-#define SN_camellia_128_ctr "CAMELLIA-128-CTR" +-#define LN_camellia_128_ctr "camellia-128-ctr" +-#define NID_camellia_128_ctr 963 +-#define OBJ_camellia_128_ctr OBJ_camellia,9L +- +-#define SN_camellia_128_cmac "CAMELLIA-128-CMAC" +-#define LN_camellia_128_cmac "camellia-128-cmac" +-#define NID_camellia_128_cmac 964 +-#define OBJ_camellia_128_cmac OBJ_camellia,10L +- + #define SN_camellia_192_ecb "CAMELLIA-192-ECB" + #define LN_camellia_192_ecb "camellia-192-ecb" + #define NID_camellia_192_ecb 755 +@@ -4180,26 +3947,6 @@ + #define NID_camellia_192_cfb128 758 + #define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +-#define SN_camellia_192_gcm "CAMELLIA-192-GCM" +-#define LN_camellia_192_gcm "camellia-192-gcm" +-#define NID_camellia_192_gcm 965 +-#define OBJ_camellia_192_gcm OBJ_camellia,26L +- +-#define SN_camellia_192_ccm "CAMELLIA-192-CCM" +-#define LN_camellia_192_ccm "camellia-192-ccm" +-#define NID_camellia_192_ccm 966 +-#define OBJ_camellia_192_ccm OBJ_camellia,27L +- +-#define SN_camellia_192_ctr "CAMELLIA-192-CTR" +-#define LN_camellia_192_ctr "camellia-192-ctr" +-#define NID_camellia_192_ctr 967 +-#define OBJ_camellia_192_ctr OBJ_camellia,29L +- +-#define SN_camellia_192_cmac "CAMELLIA-192-CMAC" +-#define LN_camellia_192_cmac "camellia-192-cmac" +-#define NID_camellia_192_cmac 968 +-#define OBJ_camellia_192_cmac OBJ_camellia,30L +- + #define SN_camellia_256_ecb "CAMELLIA-256-ECB" + #define LN_camellia_256_ecb "camellia-256-ecb" + #define NID_camellia_256_ecb 756 +@@ -4215,26 +3962,6 @@ + #define NID_camellia_256_cfb128 759 + #define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +-#define SN_camellia_256_gcm "CAMELLIA-256-GCM" +-#define LN_camellia_256_gcm "camellia-256-gcm" +-#define NID_camellia_256_gcm 969 +-#define OBJ_camellia_256_gcm OBJ_camellia,46L +- +-#define SN_camellia_256_ccm "CAMELLIA-256-CCM" +-#define LN_camellia_256_ccm "camellia-256-ccm" +-#define NID_camellia_256_ccm 970 +-#define OBJ_camellia_256_ccm OBJ_camellia,47L +- +-#define SN_camellia_256_ctr "CAMELLIA-256-CTR" +-#define LN_camellia_256_ctr "camellia-256-ctr" +-#define NID_camellia_256_ctr 971 +-#define OBJ_camellia_256_ctr OBJ_camellia,49L +- +-#define SN_camellia_256_cmac "CAMELLIA-256-CMAC" +-#define LN_camellia_256_cmac "camellia-256-cmac" +-#define NID_camellia_256_cmac 972 +-#define OBJ_camellia_256_cmac OBJ_camellia,50L +- + #define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" + #define LN_camellia_128_cfb1 "camellia-128-cfb1" + #define NID_camellia_128_cfb1 760 +@@ -4320,14 +4047,6 @@ + #define LN_aes_256_cbc_hmac_sha256 "aes-256-cbc-hmac-sha256" + #define NID_aes_256_cbc_hmac_sha256 950 + +-#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +-#define LN_chacha20_poly1305 "chacha20-poly1305" +-#define NID_chacha20_poly1305 1018 +- +-#define SN_chacha20 "ChaCha20" +-#define LN_chacha20 "chacha20" +-#define NID_chacha20 1019 +- + #define SN_dhpublicnumber "dhpublicnumber" + #define LN_dhpublicnumber "X9.42 DH" + #define NID_dhpublicnumber 920 +@@ -4473,105 +4192,3 @@ + #define LN_jurisdictionCountryName "jurisdictionCountryName" + #define NID_jurisdictionCountryName 957 + #define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L +- +-#define SN_id_scrypt "id-scrypt" +-#define NID_id_scrypt 973 +-#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L +- +-#define SN_tls1_prf "TLS1-PRF" +-#define LN_tls1_prf "tls1-prf" +-#define NID_tls1_prf 1021 +- +-#define SN_hkdf "HKDF" +-#define LN_hkdf "hkdf" +-#define NID_hkdf 1036 +- +-#define SN_id_pkinit "id-pkinit" +-#define NID_id_pkinit 1031 +-#define OBJ_id_pkinit 1L,3L,6L,1L,5L,2L,3L +- +-#define SN_pkInitClientAuth "pkInitClientAuth" +-#define LN_pkInitClientAuth "PKINIT Client Auth" +-#define NID_pkInitClientAuth 1032 +-#define OBJ_pkInitClientAuth OBJ_id_pkinit,4L +- +-#define SN_pkInitKDC "pkInitKDC" +-#define LN_pkInitKDC "Signing KDC Response" +-#define NID_pkInitKDC 1033 +-#define OBJ_pkInitKDC OBJ_id_pkinit,5L +- +-#define SN_X25519 "X25519" +-#define NID_X25519 1034 +-#define OBJ_X25519 1L,3L,101L,110L +- +-#define SN_X448 "X448" +-#define NID_X448 1035 +-#define OBJ_X448 1L,3L,101L,111L +- +-#define SN_kx_rsa "KxRSA" +-#define LN_kx_rsa "kx-rsa" +-#define NID_kx_rsa 1037 +- +-#define SN_kx_ecdhe "KxECDHE" +-#define LN_kx_ecdhe "kx-ecdhe" +-#define NID_kx_ecdhe 1038 +- +-#define SN_kx_dhe "KxDHE" +-#define LN_kx_dhe "kx-dhe" +-#define NID_kx_dhe 1039 +- +-#define SN_kx_ecdhe_psk "KxECDHE-PSK" +-#define LN_kx_ecdhe_psk "kx-ecdhe-psk" +-#define NID_kx_ecdhe_psk 1040 +- +-#define SN_kx_dhe_psk "KxDHE-PSK" +-#define LN_kx_dhe_psk "kx-dhe-psk" +-#define NID_kx_dhe_psk 1041 +- +-#define SN_kx_rsa_psk "KxRSA_PSK" +-#define LN_kx_rsa_psk "kx-rsa-psk" +-#define NID_kx_rsa_psk 1042 +- +-#define SN_kx_psk "KxPSK" +-#define LN_kx_psk "kx-psk" +-#define NID_kx_psk 1043 +- +-#define SN_kx_srp "KxSRP" +-#define LN_kx_srp "kx-srp" +-#define NID_kx_srp 1044 +- +-#define SN_kx_gost "KxGOST" +-#define LN_kx_gost "kx-gost" +-#define NID_kx_gost 1045 +- +-#define SN_auth_rsa "AuthRSA" +-#define LN_auth_rsa "auth-rsa" +-#define NID_auth_rsa 1046 +- +-#define SN_auth_ecdsa "AuthECDSA" +-#define LN_auth_ecdsa "auth-ecdsa" +-#define NID_auth_ecdsa 1047 +- +-#define SN_auth_psk "AuthPSK" +-#define LN_auth_psk "auth-psk" +-#define NID_auth_psk 1048 +- +-#define SN_auth_dss "AuthDSS" +-#define LN_auth_dss "auth-dss" +-#define NID_auth_dss 1049 +- +-#define SN_auth_gost01 "AuthGOST01" +-#define LN_auth_gost01 "auth-gost01" +-#define NID_auth_gost01 1050 +- +-#define SN_auth_gost12 "AuthGOST12" +-#define LN_auth_gost12 "auth-gost12" +-#define NID_auth_gost12 1051 +- +-#define SN_auth_srp "AuthSRP" +-#define LN_auth_srp "auth-srp" +-#define NID_auth_srp 1052 +- +-#define SN_auth_null "AuthNULL" +-#define LN_auth_null "auth-null" +-#define NID_auth_null 1053 +diff --git a/Cryptlib/Include/openssl/objects.h b/Cryptlib/Include/openssl/objects.h +index 09d614f..b8dafa8 100644 +--- a/Cryptlib/Include/openssl/objects.h ++++ b/Cryptlib/Include/openssl/objects.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/objects/objects.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_OBJECTS_H +@@ -1055,26 +1104,23 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num, + int OBJ_new_nid(int num); + int OBJ_add_object(const ASN1_OBJECT *obj); + int OBJ_create(const char *oid, const char *sn, const char *ln); +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define OBJ_cleanup() while(0) continue +-#endif ++void OBJ_cleanup(void); + int OBJ_create_objects(BIO *in); + +-size_t OBJ_length(const ASN1_OBJECT *obj); +-const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); +- + int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); + int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); + int OBJ_add_sigid(int signid, int dig_id, int pkey_id); + void OBJ_sigid_free(void); + ++extern int obj_cleanup_defer; ++void check_defer(int nid); ++ + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_OBJ_strings(void); ++void ERR_load_OBJ_strings(void); + + /* Error codes for the OBJ functions. */ + +@@ -1088,10 +1134,10 @@ int ERR_load_OBJ_strings(void); + # define OBJ_F_OBJ_NID2SN 104 + + /* Reason codes. */ +-# define OBJ_R_OID_EXISTS 102 ++# define OBJ_R_MALLOC_FAILURE 100 + # define OBJ_R_UNKNOWN_NID 101 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/ocsp.h b/Cryptlib/Include/openssl/ocsp.h +index 08debc5..ca2ee76 100644 +--- a/Cryptlib/Include/openssl/ocsp.h ++++ b/Cryptlib/Include/openssl/ocsp.h +@@ -1,22 +1,306 @@ ++/* ocsp.h */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ ++ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_OCSP_H + # define HEADER_OCSP_H + +-#include ++# include ++# include ++# include ++# include + +-/* +- * These definitions are outside the OPENSSL_NO_OCSP guard because although for +- * historical reasons they have OCSP_* names, they can actually be used +- * independently of OCSP. E.g. see RFC5280 ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* Various flags and values */ ++ ++# define OCSP_DEFAULT_NONCE_LENGTH 16 ++ ++# define OCSP_NOCERTS 0x1 ++# define OCSP_NOINTERN 0x2 ++# define OCSP_NOSIGS 0x4 ++# define OCSP_NOCHAIN 0x8 ++# define OCSP_NOVERIFY 0x10 ++# define OCSP_NOEXPLICIT 0x20 ++# define OCSP_NOCASIGN 0x40 ++# define OCSP_NODELEGATED 0x80 ++# define OCSP_NOCHECKS 0x100 ++# define OCSP_TRUSTOTHER 0x200 ++# define OCSP_RESPID_KEY 0x400 ++# define OCSP_NOTIME 0x800 ++ ++/*- CertID ::= SEQUENCE { ++ * hashAlgorithm AlgorithmIdentifier, ++ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN ++ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) ++ * serialNumber CertificateSerialNumber } ++ */ ++typedef struct ocsp_cert_id_st { ++ X509_ALGOR *hashAlgorithm; ++ ASN1_OCTET_STRING *issuerNameHash; ++ ASN1_OCTET_STRING *issuerKeyHash; ++ ASN1_INTEGER *serialNumber; ++} OCSP_CERTID; ++ ++DECLARE_STACK_OF(OCSP_CERTID) ++ ++/*- Request ::= SEQUENCE { ++ * reqCert CertID, ++ * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } ++ */ ++typedef struct ocsp_one_request_st { ++ OCSP_CERTID *reqCert; ++ STACK_OF(X509_EXTENSION) *singleRequestExtensions; ++} OCSP_ONEREQ; ++ ++DECLARE_STACK_OF(OCSP_ONEREQ) ++DECLARE_ASN1_SET_OF(OCSP_ONEREQ) ++ ++/*- TBSRequest ::= SEQUENCE { ++ * version [0] EXPLICIT Version DEFAULT v1, ++ * requestorName [1] EXPLICIT GeneralName OPTIONAL, ++ * requestList SEQUENCE OF Request, ++ * requestExtensions [2] EXPLICIT Extensions OPTIONAL } ++ */ ++typedef struct ocsp_req_info_st { ++ ASN1_INTEGER *version; ++ GENERAL_NAME *requestorName; ++ STACK_OF(OCSP_ONEREQ) *requestList; ++ STACK_OF(X509_EXTENSION) *requestExtensions; ++} OCSP_REQINFO; ++ ++/*- Signature ::= SEQUENCE { ++ * signatureAlgorithm AlgorithmIdentifier, ++ * signature BIT STRING, ++ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } ++ */ ++typedef struct ocsp_signature_st { ++ X509_ALGOR *signatureAlgorithm; ++ ASN1_BIT_STRING *signature; ++ STACK_OF(X509) *certs; ++} OCSP_SIGNATURE; ++ ++/*- OCSPRequest ::= SEQUENCE { ++ * tbsRequest TBSRequest, ++ * optionalSignature [0] EXPLICIT Signature OPTIONAL } ++ */ ++typedef struct ocsp_request_st { ++ OCSP_REQINFO *tbsRequest; ++ OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ ++} OCSP_REQUEST; ++ ++/*- OCSPResponseStatus ::= ENUMERATED { ++ * successful (0), --Response has valid confirmations ++ * malformedRequest (1), --Illegal confirmation request ++ * internalError (2), --Internal error in issuer ++ * tryLater (3), --Try again later ++ * --(4) is not used ++ * sigRequired (5), --Must sign the request ++ * unauthorized (6) --Request unauthorized ++ * } ++ */ ++# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 ++# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 ++# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 ++# define OCSP_RESPONSE_STATUS_TRYLATER 3 ++# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 ++# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 ++ ++/*- ResponseBytes ::= SEQUENCE { ++ * responseType OBJECT IDENTIFIER, ++ * response OCTET STRING } ++ */ ++typedef struct ocsp_resp_bytes_st { ++ ASN1_OBJECT *responseType; ++ ASN1_OCTET_STRING *response; ++} OCSP_RESPBYTES; ++ ++/*- OCSPResponse ::= SEQUENCE { ++ * responseStatus OCSPResponseStatus, ++ * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } ++ */ ++struct ocsp_response_st { ++ ASN1_ENUMERATED *responseStatus; ++ OCSP_RESPBYTES *responseBytes; ++}; ++ ++/*- ResponderID ::= CHOICE { ++ * byName [1] Name, ++ * byKey [2] KeyHash } ++ */ ++# define V_OCSP_RESPID_NAME 0 ++# define V_OCSP_RESPID_KEY 1 ++struct ocsp_responder_id_st { ++ int type; ++ union { ++ X509_NAME *byName; ++ ASN1_OCTET_STRING *byKey; ++ } value; ++}; ++ ++DECLARE_STACK_OF(OCSP_RESPID) ++DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) ++ ++/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key ++ * --(excluding the tag and length fields) ++ */ ++ ++/*- RevokedInfo ::= SEQUENCE { ++ * revocationTime GeneralizedTime, ++ * revocationReason [0] EXPLICIT CRLReason OPTIONAL } ++ */ ++typedef struct ocsp_revoked_info_st { ++ ASN1_GENERALIZEDTIME *revocationTime; ++ ASN1_ENUMERATED *revocationReason; ++} OCSP_REVOKEDINFO; ++ ++/*- CertStatus ::= CHOICE { ++ * good [0] IMPLICIT NULL, ++ * revoked [1] IMPLICIT RevokedInfo, ++ * unknown [2] IMPLICIT UnknownInfo } ++ */ ++# define V_OCSP_CERTSTATUS_GOOD 0 ++# define V_OCSP_CERTSTATUS_REVOKED 1 ++# define V_OCSP_CERTSTATUS_UNKNOWN 2 ++typedef struct ocsp_cert_status_st { ++ int type; ++ union { ++ ASN1_NULL *good; ++ OCSP_REVOKEDINFO *revoked; ++ ASN1_NULL *unknown; ++ } value; ++} OCSP_CERTSTATUS; ++ ++/*- SingleResponse ::= SEQUENCE { ++ * certID CertID, ++ * certStatus CertStatus, ++ * thisUpdate GeneralizedTime, ++ * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, ++ * singleExtensions [1] EXPLICIT Extensions OPTIONAL } ++ */ ++typedef struct ocsp_single_response_st { ++ OCSP_CERTID *certId; ++ OCSP_CERTSTATUS *certStatus; ++ ASN1_GENERALIZEDTIME *thisUpdate; ++ ASN1_GENERALIZEDTIME *nextUpdate; ++ STACK_OF(X509_EXTENSION) *singleExtensions; ++} OCSP_SINGLERESP; ++ ++DECLARE_STACK_OF(OCSP_SINGLERESP) ++DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) ++ ++/*- ResponseData ::= SEQUENCE { ++ * version [0] EXPLICIT Version DEFAULT v1, ++ * responderID ResponderID, ++ * producedAt GeneralizedTime, ++ * responses SEQUENCE OF SingleResponse, ++ * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ ++typedef struct ocsp_response_data_st { ++ ASN1_INTEGER *version; ++ OCSP_RESPID *responderId; ++ ASN1_GENERALIZEDTIME *producedAt; ++ STACK_OF(OCSP_SINGLERESP) *responses; ++ STACK_OF(X509_EXTENSION) *responseExtensions; ++} OCSP_RESPDATA; ++ ++/*- BasicOCSPResponse ::= SEQUENCE { ++ * tbsResponseData ResponseData, ++ * signatureAlgorithm AlgorithmIdentifier, ++ * signature BIT STRING, ++ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } ++ */ ++ /* ++ * Note 1: The value for "signature" is specified in the OCSP rfc2560 as ++ * follows: "The value for the signature SHALL be computed on the hash of ++ * the DER encoding ResponseData." This means that you must hash the ++ * DER-encoded tbsResponseData, and then run it through a crypto-signing ++ * function, which will (at least w/RSA) do a hash-'n'-private-encrypt ++ * operation. This seems a bit odd, but that's the spec. Also note that ++ * the data structures do not leave anywhere to independently specify the ++ * algorithm used for the initial hash. So, we look at the ++ * signature-specification algorithm, and try to do something intelligent. ++ * -- Kathy Weinhold, CertCo ++ */ ++ /* ++ * Note 2: It seems that the mentioned passage from RFC 2560 (section ++ * 4.2.1) is open for interpretation. I've done tests against another ++ * responder, and found that it doesn't do the double hashing that the RFC ++ * seems to say one should. Therefore, all relevant functions take a flag ++ * saying which variant should be used. -- Richard Levitte, OpenSSL team ++ * and CeloCom ++ */ ++typedef struct ocsp_basic_response_st { ++ OCSP_RESPDATA *tbsResponseData; ++ X509_ALGOR *signatureAlgorithm; ++ ASN1_BIT_STRING *signature; ++ STACK_OF(X509) *certs; ++} OCSP_BASICRESP; ++ + /*- + * CRLReason ::= ENUMERATED { + * unspecified (0), +@@ -28,135 +312,83 @@ + * certificateHold (6), + * removeFromCRL (8) } + */ +-# define OCSP_REVOKED_STATUS_NOSTATUS -1 +-# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +-# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +-# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +-# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +-# define OCSP_REVOKED_STATUS_SUPERSEDED 4 +-# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +-# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +-# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +- +- +-# ifndef OPENSSL_NO_OCSP +- +-# include +-# include +-# include +-# include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* Various flags and values */ +- +-# define OCSP_DEFAULT_NONCE_LENGTH 16 +- +-# define OCSP_NOCERTS 0x1 +-# define OCSP_NOINTERN 0x2 +-# define OCSP_NOSIGS 0x4 +-# define OCSP_NOCHAIN 0x8 +-# define OCSP_NOVERIFY 0x10 +-# define OCSP_NOEXPLICIT 0x20 +-# define OCSP_NOCASIGN 0x40 +-# define OCSP_NODELEGATED 0x80 +-# define OCSP_NOCHECKS 0x100 +-# define OCSP_TRUSTOTHER 0x200 +-# define OCSP_RESPID_KEY 0x400 +-# define OCSP_NOTIME 0x800 +- +-typedef struct ocsp_cert_id_st OCSP_CERTID; +- +-DEFINE_STACK_OF(OCSP_CERTID) +- +-typedef struct ocsp_one_request_st OCSP_ONEREQ; +- +-DEFINE_STACK_OF(OCSP_ONEREQ) +- +-typedef struct ocsp_req_info_st OCSP_REQINFO; +-typedef struct ocsp_signature_st OCSP_SIGNATURE; +-typedef struct ocsp_request_st OCSP_REQUEST; +- +-# define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +-# define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +-# define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +-# define OCSP_RESPONSE_STATUS_TRYLATER 3 +-# define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +-# define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 ++# define OCSP_REVOKED_STATUS_NOSTATUS -1 ++# define OCSP_REVOKED_STATUS_UNSPECIFIED 0 ++# define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 ++# define OCSP_REVOKED_STATUS_CACOMPROMISE 2 ++# define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 ++# define OCSP_REVOKED_STATUS_SUPERSEDED 4 ++# define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 ++# define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 ++# define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + +-typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; +- +-# define V_OCSP_RESPID_NAME 0 +-# define V_OCSP_RESPID_KEY 1 +- +-DEFINE_STACK_OF(OCSP_RESPID) +-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) +- +-typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; +- +-# define V_OCSP_CERTSTATUS_GOOD 0 +-# define V_OCSP_CERTSTATUS_REVOKED 1 +-# define V_OCSP_CERTSTATUS_UNKNOWN 2 +- +-typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +-typedef struct ocsp_single_response_st OCSP_SINGLERESP; +- +-DEFINE_STACK_OF(OCSP_SINGLERESP) +- +-typedef struct ocsp_response_data_st OCSP_RESPDATA; +- +-typedef struct ocsp_basic_response_st OCSP_BASICRESP; ++/*- ++ * CrlID ::= SEQUENCE { ++ * crlUrl [0] EXPLICIT IA5String OPTIONAL, ++ * crlNum [1] EXPLICIT INTEGER OPTIONAL, ++ * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } ++ */ ++typedef struct ocsp_crl_id_st { ++ ASN1_IA5STRING *crlUrl; ++ ASN1_INTEGER *crlNum; ++ ASN1_GENERALIZEDTIME *crlTime; ++} OCSP_CRLID; + +-typedef struct ocsp_crl_id_st OCSP_CRLID; +-typedef struct ocsp_service_locator_st OCSP_SERVICELOC; ++/*- ++ * ServiceLocator ::= SEQUENCE { ++ * issuer Name, ++ * locator AuthorityInfoAccessSyntax OPTIONAL } ++ */ ++typedef struct ocsp_service_locator_st { ++ X509_NAME *issuer; ++ STACK_OF(ACCESS_DESCRIPTION) *locator; ++} OCSP_SERVICELOC; + +-# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +-# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" ++# define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" ++# define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +-# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) ++# define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p) + +-# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) ++# define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p) + +-# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ ++# define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ + (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) + +-# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ ++# define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ + (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) + +-# define PEM_write_bio_OCSP_REQUEST(bp,o) \ ++# define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +-# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ ++# define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +-# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) ++# define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o) + +-# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) ++# define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o) + +-# define OCSP_REQUEST_sign(o,pkey,md) \ ++# define OCSP_REQUEST_sign(o,pkey,md) \ + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ +- &o->optionalSignature->signatureAlgorithm,NULL,\ +- o->optionalSignature->signature,&o->tbsRequest,pkey,md) ++ o->optionalSignature->signatureAlgorithm,NULL,\ ++ o->optionalSignature->signature,o->tbsRequest,pkey,md) + +-# define OCSP_BASICRESP_sign(o,pkey,md,d) \ +- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ +- o->signature,&o->tbsResponseData,pkey,md) ++# define OCSP_BASICRESP_sign(o,pkey,md,d) \ ++ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ ++ o->signature,o->tbsResponseData,pkey,md) + +-# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ +- &a->optionalSignature->signatureAlgorithm,\ +- a->optionalSignature->signature,&a->tbsRequest,r) ++# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ ++ a->optionalSignature->signatureAlgorithm,\ ++ a->optionalSignature->signature,a->tbsRequest,r) + +-# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ +- &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) ++# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ ++ a->signatureAlgorithm,a->signature,a->tbsResponseData,r) + +-# define ASN1_BIT_STRING_digest(data,type,md,len) \ ++# define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + +-# define OCSP_CERTSTATUS_dup(cs)\ ++# define OCSP_CERTSTATUS_dup(cs)\ + (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ + (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) + +@@ -182,13 +414,12 @@ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); + int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, + const char *name, const char *value); + +-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, +- const X509 *issuer); ++OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); + + OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +- const X509_NAME *issuerName, +- const ASN1_BIT_STRING *issuerKey, +- const ASN1_INTEGER *serialNumber); ++ X509_NAME *issuerName, ++ ASN1_BIT_STRING *issuerKey, ++ ASN1_INTEGER *serialNumber); + + OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +@@ -209,16 +440,8 @@ int OCSP_request_sign(OCSP_REQUEST *req, + int OCSP_response_status(OCSP_RESPONSE *resp); + OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +-const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +- + int OCSP_resp_count(OCSP_BASICRESP *bs); + OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +-const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs); +-const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +-int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, +- const ASN1_OCTET_STRING **pid, +- const X509_NAME **pname); +- + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); + int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, +@@ -259,21 +482,18 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); + int OCSP_basic_sign(OCSP_BASICRESP *brsp, + X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, + STACK_OF(X509) *certs, unsigned long flags); +-int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert); +-int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert); +-int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert); + +-X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); ++X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); + + X509_EXTENSION *OCSP_accept_responses_new(char **oids); + + X509_EXTENSION *OCSP_archive_cutoff_new(char *tim); + +-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls); ++X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls); + + int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); + int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, ++int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, + int lastpos); + int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); + X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +@@ -286,7 +506,7 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + + int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); + int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); ++int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos); + int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); + X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); + X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +@@ -297,7 +517,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + + int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); + int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, ++int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, + int lastpos); + int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +@@ -311,7 +531,7 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + + int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); + int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); +-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, ++int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, + int lastpos); + int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +@@ -322,7 +542,6 @@ void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); + int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); +-const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + + DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) + DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +@@ -355,12 +574,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_OCSP_strings(void); ++void ERR_load_OCSP_strings(void); + + /* Error codes for the OCSP functions. */ + + /* Function codes. */ ++# define OCSP_F_ASN1_STRING_ENCODE 100 + # define OCSP_F_D2I_OCSP_NONCE 102 + # define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 + # define OCSP_F_OCSP_BASIC_SIGN 104 +@@ -375,9 +594,13 @@ int ERR_load_OCSP_strings(void); + # define OCSP_F_OCSP_REQUEST_SIGN 110 + # define OCSP_F_OCSP_REQUEST_VERIFY 116 + # define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 ++# define OCSP_F_OCSP_SENDREQ_BIO 112 ++# define OCSP_F_OCSP_SENDREQ_NBIO 117 + # define OCSP_F_PARSE_HTTP_LINE1 118 ++# define OCSP_F_REQUEST_VERIFY 113 + + /* Reason codes. */ ++# define OCSP_R_BAD_DATA 100 + # define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 + # define OCSP_R_DIGEST_ERR 102 + # define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +@@ -387,15 +610,18 @@ int ERR_load_OCSP_strings(void); + # define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 + # define OCSP_R_NOT_BASIC_RESPONSE 104 + # define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 ++# define OCSP_R_NO_CONTENT 106 ++# define OCSP_R_NO_PUBLIC_KEY 107 + # define OCSP_R_NO_RESPONSE_DATA 108 + # define OCSP_R_NO_REVOKED_TIME 109 +-# define OCSP_R_NO_SIGNER_KEY 130 + # define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 + # define OCSP_R_REQUEST_NOT_SIGNED 128 + # define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 + # define OCSP_R_ROOT_CA_NOT_TRUSTED 112 ++# define OCSP_R_SERVER_READ_ERROR 113 + # define OCSP_R_SERVER_RESPONSE_ERROR 114 + # define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 ++# define OCSP_R_SERVER_WRITE_ERROR 116 + # define OCSP_R_SIGNATURE_FAILURE 117 + # define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 + # define OCSP_R_STATUS_EXPIRED 125 +@@ -405,8 +631,7 @@ int ERR_load_OCSP_strings(void); + # define OCSP_R_UNKNOWN_NID 120 + # define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h +index c73d03a..52c83b7 100644 +--- a/Cryptlib/Include/openssl/opensslconf.h ++++ b/Cryptlib/Include/openssl/opensslconf.h +@@ -1,314 +1,497 @@ +-/* +- * WARNING: do not edit! +- * Generated from include/openssl/opensslconf.h.in +- * +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#ifdef OPENSSL_ALGORITHM_DEFINES +-# error OPENSSL_ALGORITHM_DEFINES no longer supported +-#endif +- +-/* +- * OpenSSL was configured with the following options: +- */ +- +-#ifndef OPENSSL_SYS_UEFI +-# define OPENSSL_SYS_UEFI 1 +-#endif +-#define OPENSSL_MIN_API 0x10100000L +-#ifndef OPENSSL_NO_BF +-# define OPENSSL_NO_BF +-#endif +-#ifndef OPENSSL_NO_BLAKE2 +-# define OPENSSL_NO_BLAKE2 +-#endif +-#ifndef OPENSSL_NO_CAMELLIA +-# define OPENSSL_NO_CAMELLIA +-#endif +-#ifndef OPENSSL_NO_CAST +-# define OPENSSL_NO_CAST +-#endif +-#ifndef OPENSSL_NO_CHACHA +-# define OPENSSL_NO_CHACHA +-#endif +-#ifndef OPENSSL_NO_CMS +-# define OPENSSL_NO_CMS +-#endif +-#ifndef OPENSSL_NO_CT +-# define OPENSSL_NO_CT +-#endif +-#ifndef OPENSSL_NO_DES +-# define OPENSSL_NO_DES +-#endif +-#ifndef OPENSSL_NO_DSA +-# define OPENSSL_NO_DSA +-#endif +-#ifndef OPENSSL_NO_EC +-# define OPENSSL_NO_EC +-#endif +-#ifndef OPENSSL_NO_IDEA +-# define OPENSSL_NO_IDEA +-#endif +-#ifndef OPENSSL_NO_MD2 +-# define OPENSSL_NO_MD2 +-#endif +-#ifndef OPENSSL_NO_MD4 +-# define OPENSSL_NO_MD4 +-#endif +-#ifndef OPENSSL_NO_MDC2 +-# define OPENSSL_NO_MDC2 +-#endif +-#ifndef OPENSSL_NO_POLY1305 +-# define OPENSSL_NO_POLY1305 +-#endif +-#ifndef OPENSSL_NO_RC2 +-# define OPENSSL_NO_RC2 +-#endif +-#ifndef OPENSSL_NO_RC5 +-# define OPENSSL_NO_RC5 +-#endif +-#ifndef OPENSSL_NO_RMD160 +-# define OPENSSL_NO_RMD160 +-#endif +-#ifndef OPENSSL_NO_SEED +-# define OPENSSL_NO_SEED +-#endif +-#ifndef OPENSSL_NO_SRP +-# define OPENSSL_NO_SRP +-#endif +-#ifndef OPENSSL_NO_TS +-# define OPENSSL_NO_TS +-#endif +-#ifndef OPENSSL_NO_UI +-# define OPENSSL_NO_UI +-#endif +-#ifndef OPENSSL_NO_WHIRLPOOL +-# define OPENSSL_NO_WHIRLPOOL +-#endif +-#ifndef OPENSSL_NO_AFALGENG +-# define OPENSSL_NO_AFALGENG +-#endif +-#ifndef OPENSSL_NO_APPS +-# define OPENSSL_NO_APPS +-#endif +-#ifndef OPENSSL_NO_ASAN +-# define OPENSSL_NO_ASAN +-#endif +-#ifndef OPENSSL_NO_ASM +-# define OPENSSL_NO_ASM +-#endif +-#ifndef OPENSSL_NO_ASYNC +-# define OPENSSL_NO_ASYNC +-#endif +-#ifndef OPENSSL_NO_AUTOALGINIT +-# define OPENSSL_NO_AUTOALGINIT +-#endif +-#ifndef OPENSSL_NO_AUTOERRINIT +-# define OPENSSL_NO_AUTOERRINIT +-#endif +-#ifndef OPENSSL_NO_CAPIENG +-# define OPENSSL_NO_CAPIENG +-#endif +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +-# define OPENSSL_NO_CRYPTO_MDEBUG +-#endif +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +-# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +-#endif +-#ifndef OPENSSL_NO_DEPRECATED +-# define OPENSSL_NO_DEPRECATED +-#endif +-#ifndef OPENSSL_NO_DGRAM +-# define OPENSSL_NO_DGRAM +-#endif +-#ifndef OPENSSL_NO_DTLS +-# define OPENSSL_NO_DTLS +-#endif +-#ifndef OPENSSL_NO_DTLS1 +-# define OPENSSL_NO_DTLS1 +-#endif +-#ifndef OPENSSL_NO_DTLS1_2 +-# define OPENSSL_NO_DTLS1_2 +-#endif +-#ifndef OPENSSL_NO_EC2M +-# define OPENSSL_NO_EC2M +-#endif +-#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +-# define OPENSSL_NO_EC_NISTP_64_GCC_128 +-#endif +-#ifndef OPENSSL_NO_ECDH +-# define OPENSSL_NO_ECDH +-#endif +-#ifndef OPENSSL_NO_ECDSA +-# define OPENSSL_NO_ECDSA +-#endif +-#ifndef OPENSSL_NO_EGD +-# define OPENSSL_NO_EGD +-#endif +-#ifndef OPENSSL_NO_ENGINE +-# define OPENSSL_NO_ENGINE +-#endif +-#ifndef OPENSSL_NO_ERR +-# define OPENSSL_NO_ERR +-#endif +-#ifndef OPENSSL_NO_FILENAMES +-# define OPENSSL_NO_FILENAMES +-#endif +-#ifndef OPENSSL_NO_FUZZ_AFL +-# define OPENSSL_NO_FUZZ_AFL +-#endif +-#ifndef OPENSSL_NO_FUZZ_LIBFUZZER +-# define OPENSSL_NO_FUZZ_LIBFUZZER +-#endif +-#ifndef OPENSSL_NO_GOST +-# define OPENSSL_NO_GOST +-#endif +-#ifndef OPENSSL_NO_HEARTBEATS +-# define OPENSSL_NO_HEARTBEATS +-#endif +-#ifndef OPENSSL_NO_HW +-# define OPENSSL_NO_HW +-#endif +-#ifndef OPENSSL_NO_MSAN +-# define OPENSSL_NO_MSAN +-#endif +-#ifndef OPENSSL_NO_OCB +-# define OPENSSL_NO_OCB +-#endif +-#ifndef OPENSSL_NO_POSIX_IO +-# define OPENSSL_NO_POSIX_IO +-#endif +-#ifndef OPENSSL_NO_RFC3779 +-# define OPENSSL_NO_RFC3779 +-#endif +-#ifndef OPENSSL_NO_SCRYPT +-# define OPENSSL_NO_SCRYPT +-#endif +-#ifndef OPENSSL_NO_SCTP +-# define OPENSSL_NO_SCTP +-#endif +-#ifndef OPENSSL_NO_SOCK +-# define OPENSSL_NO_SOCK +-#endif +-#ifndef OPENSSL_NO_SSL_TRACE +-# define OPENSSL_NO_SSL_TRACE +-#endif +-#ifndef OPENSSL_NO_SSL3 +-# define OPENSSL_NO_SSL3 +-#endif +-#ifndef OPENSSL_NO_SSL3_METHOD +-# define OPENSSL_NO_SSL3_METHOD +-#endif +-#ifndef OPENSSL_NO_STDIO +-# define OPENSSL_NO_STDIO +-#endif +-#ifndef OPENSSL_NO_TESTS +-# define OPENSSL_NO_TESTS +-#endif +-#ifndef OPENSSL_NO_UBSAN +-# define OPENSSL_NO_UBSAN +-#endif +-#ifndef OPENSSL_NO_UNIT_TEST +-# define OPENSSL_NO_UNIT_TEST +-#endif +-#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS +-# define OPENSSL_NO_WEAK_SSL_CIPHERS +-#endif +-#ifndef OPENSSL_NO_AFALGENG +-# define OPENSSL_NO_AFALGENG +-#endif +- +- +-/* +- * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers +- * don't like that. This will hopefully silence them. +- */ +-#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy; +- +-/* +- * Applications should use -DOPENSSL_API_COMPAT= to suppress the +- * declarations of functions deprecated in or before . Otherwise, they +- * still won't see them if the library has been built to disable deprecated +- * functions. +- */ +-#if defined(OPENSSL_NO_DEPRECATED) +-# define DECLARE_DEPRECATED(f) +-#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +-# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +-#else +-# define DECLARE_DEPRECATED(f) f; +-#endif +- +-#ifndef OPENSSL_FILE +-# ifdef OPENSSL_NO_FILENAMES +-# define OPENSSL_FILE "" +-# define OPENSSL_LINE 0 +-# else +-# define OPENSSL_FILE __FILE__ +-# define OPENSSL_LINE __LINE__ +-# endif +-#endif +- +-#ifndef OPENSSL_MIN_API +-# define OPENSSL_MIN_API 0 +-#endif +- +-#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API +-# undef OPENSSL_API_COMPAT +-# define OPENSSL_API_COMPAT OPENSSL_MIN_API +-#endif +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define DEPRECATEDIN_1_1_0(f) DECLARE_DEPRECATED(f) +-#else +-# define DEPRECATEDIN_1_1_0(f) +-#endif +- +-#if OPENSSL_API_COMPAT < 0x10000000L +-# define DEPRECATEDIN_1_0_0(f) DECLARE_DEPRECATED(f) +-#else +-# define DEPRECATEDIN_1_0_0(f) +-#endif +- +-#if OPENSSL_API_COMPAT < 0x00908000L +-# define DEPRECATEDIN_0_9_8(f) DECLARE_DEPRECATED(f) +-#else +-# define DEPRECATEDIN_0_9_8(f) +-#endif +- +- +- +-/* Generate 80386 code? */ +-#undef I386_ONLY +- +-#undef OPENSSL_UNISTD +-#define OPENSSL_UNISTD +- +-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION +- +-/* +- * The following are cipher-specific, but are part of the public API. +- */ +-#if !defined(OPENSSL_SYS_UEFI) +-# undef BN_LLONG +-/* Only one for the following should be defined */ +-# undef SIXTY_FOUR_BIT_LONG +-# undef SIXTY_FOUR_BIT +-# define THIRTY_TWO_BIT +-#endif +- +-#define RC4_INT unsigned int +- +-#ifdef __cplusplus +-} +-#endif ++/* opensslconf.h */ ++/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++/* OpenSSL was configured with the following options: */ ++#ifndef OPENSSL_SYSNAME_UEFI ++# define OPENSSL_SYSNAME_UEFI ++#endif ++#ifndef OPENSSL_DOING_MAKEDEPEND ++ ++ ++#ifndef OPENSSL_NO_BF ++# define OPENSSL_NO_BF ++#endif ++#ifndef OPENSSL_NO_CAMELLIA ++# define OPENSSL_NO_CAMELLIA ++#endif ++#ifndef OPENSSL_NO_CAPIENG ++# define OPENSSL_NO_CAPIENG ++#endif ++#ifndef OPENSSL_NO_CAST ++# define OPENSSL_NO_CAST ++#endif ++#ifndef OPENSSL_NO_CMS ++# define OPENSSL_NO_CMS ++#endif ++#ifndef OPENSSL_NO_DEPRECATED ++# define OPENSSL_NO_DEPRECATED ++#endif ++#ifndef OPENSSL_NO_DGRAM ++# define OPENSSL_NO_DGRAM ++#endif ++#ifndef OPENSSL_NO_DSA ++# define OPENSSL_NO_DSA ++#endif ++#ifndef OPENSSL_NO_DYNAMIC_ENGINE ++# define OPENSSL_NO_DYNAMIC_ENGINE ++#endif ++#ifndef OPENSSL_NO_EC ++# define OPENSSL_NO_EC ++#endif ++#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 ++# define OPENSSL_NO_EC_NISTP_64_GCC_128 ++#endif ++#ifndef OPENSSL_NO_ECDH ++# define OPENSSL_NO_ECDH ++#endif ++#ifndef OPENSSL_NO_ECDSA ++# define OPENSSL_NO_ECDSA ++#endif ++#ifndef OPENSSL_NO_ENGINE ++# define OPENSSL_NO_ENGINE ++#endif ++#ifndef OPENSSL_NO_ENGINES ++# define OPENSSL_NO_ENGINES ++#endif ++#ifdef OPENSSL_NO_FILENAMES ++# undef OPENSSL_NO_FILENAMES ++#endif ++#ifndef OPENSSL_NO_FP_API ++# define OPENSSL_NO_FP_API ++#endif ++#ifndef OPENSSL_NO_GMP ++# define OPENSSL_NO_GMP ++#endif ++#ifndef OPENSSL_NO_GOST ++# define OPENSSL_NO_GOST ++#endif ++#ifndef OPENSSL_NO_IDEA ++# define OPENSSL_NO_IDEA ++#endif ++#ifndef OPENSSL_NO_JPAKE ++# define OPENSSL_NO_JPAKE ++#endif ++#ifndef OPENSSL_NO_KRB5 ++# define OPENSSL_NO_KRB5 ++#endif ++#ifndef OPENSSL_NO_LIBUNBOUND ++# define OPENSSL_NO_LIBUNBOUND ++#endif ++#ifndef OPENSSL_NO_LOCKING ++# define OPENSSL_NO_LOCKING ++#endif ++#ifndef OPENSSL_NO_MD2 ++# define OPENSSL_NO_MD2 ++#endif ++#ifndef OPENSSL_NO_MDC2 ++# define OPENSSL_NO_MDC2 ++#endif ++#ifndef OPENSSL_NO_POSIX_IO ++# define OPENSSL_NO_POSIX_IO ++#endif ++#ifndef OPENSSL_NO_RC2 ++# define OPENSSL_NO_RC2 ++#endif ++#ifndef OPENSSL_NO_RC5 ++# define OPENSSL_NO_RC5 ++#endif ++#ifndef OPENSSL_NO_RCS ++# define OPENSSL_NO_RCS ++#endif ++#ifndef OPENSSL_NO_RFC3779 ++# define OPENSSL_NO_RFC3779 ++#endif ++#ifndef OPENSSL_NO_RIPEMD ++# define OPENSSL_NO_RIPEMD ++#endif ++#ifndef OPENSSL_NO_SCRYPT ++# define OPENSSL_NO_SCRYPT ++#endif ++#ifndef OPENSSL_NO_SCT ++# define OPENSSL_NO_SCT ++#endif ++#ifndef OPENSSL_NO_SCTP ++# define OPENSSL_NO_SCTP ++#endif ++#ifndef OPENSSL_NO_SEED ++# define OPENSSL_NO_SEED ++#endif ++#ifndef OPENSSL_NO_SHA0 ++# define OPENSSL_NO_SHA0 ++#endif ++#ifndef OPENSSL_NO_SOCK ++# define OPENSSL_NO_SOCK ++#endif ++#ifndef OPENSSL_NO_SRP ++# define OPENSSL_NO_SRP ++#endif ++#ifndef OPENSSL_NO_SSL_TRACE ++# define OPENSSL_NO_SSL_TRACE ++#endif ++#ifndef OPENSSL_NO_SSL2 ++# define OPENSSL_NO_SSL2 ++#endif ++#ifndef OPENSSL_NO_SSL3 ++# define OPENSSL_NO_SSL3 ++#endif ++#ifndef OPENSSL_NO_STDIO ++# define OPENSSL_NO_STDIO ++#endif ++#ifndef OPENSSL_NO_STORE ++# define OPENSSL_NO_STORE ++#endif ++#ifndef OPENSSL_NO_TS ++# define OPENSSL_NO_TS ++#endif ++#ifndef OPENSSL_NO_UI ++# define OPENSSL_NO_UI ++#endif ++#ifndef OPENSSL_NO_UNIT_TEST ++# define OPENSSL_NO_UNIT_TEST ++#endif ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS ++# define OPENSSL_NO_WEAK_SSL_CIPHERS ++#endif ++#ifndef OPENSSL_NO_WHIRLPOOL ++# define OPENSSL_NO_WHIRLPOOL ++#endif ++ ++#endif /* OPENSSL_DOING_MAKEDEPEND */ ++ ++#ifndef OPENSSL_NO_ASM ++# define OPENSSL_NO_ASM ++#endif ++#ifndef OPENSSL_NO_ERR ++# define OPENSSL_NO_ERR ++#endif ++#ifndef OPENSSL_NO_HW ++# define OPENSSL_NO_HW ++#endif ++#ifndef OPENSSL_NO_DYNAMIC_ENGINE ++# define OPENSSL_NO_DYNAMIC_ENGINE ++#endif ++ ++/* The OPENSSL_NO_* macros are also defined as NO_* if the application ++ asks for it. This is a transient feature that is provided for those ++ who haven't had the time to do the appropriate changes in their ++ applications. */ ++#ifdef OPENSSL_ALGORITHM_DEFINES ++# if defined(OPENSSL_NO_BF) && !defined(NO_BF) ++# define NO_BF ++# endif ++# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA) ++# define NO_CAMELLIA ++# endif ++# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG) ++# define NO_CAPIENG ++# endif ++# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST) ++# define NO_CAST ++# endif ++# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS) ++# define NO_CMS ++# endif ++# if defined(OPENSSL_NO_DEPRECATED) && !defined(NO_DEPRECATED) ++# define NO_DEPRECATED ++# endif ++# if defined(OPENSSL_NO_DGRAM) && !defined(NO_DGRAM) ++# define NO_DGRAM ++# endif ++# if defined(OPENSSL_NO_DSA) && !defined(NO_DSA) ++# define NO_DSA ++# endif ++# if defined(OPENSSL_NO_DYNAMIC_ENGINE) && !defined(NO_DYNAMIC_ENGINE) ++# define NO_DYNAMIC_ENGINE ++# endif ++# if defined(OPENSSL_NO_EC) && !defined(NO_EC) ++# define NO_EC ++# endif ++# if defined(OPENSSL_NO_EC_NISTP_64_GCC_128) && !defined(NO_EC_NISTP_64_GCC_128) ++# define NO_EC_NISTP_64_GCC_128 ++# endif ++# if defined(OPENSSL_NO_ECDH) && !defined(NO_ECDH) ++# define NO_ECDH ++# endif ++# if defined(OPENSSL_NO_ECDSA) && !defined(NO_ECDSA) ++# define NO_ECDSA ++# endif ++# if defined(OPENSSL_NO_ENGINE) && !defined(NO_ENGINE) ++# define NO_ENGINE ++# endif ++# if defined(OPENSSL_NO_ENGINES) && !defined(NO_ENGINES) ++# define NO_ENGINES ++# endif ++# if defined(OPENSSL_NO_FILENAMES) && !defined(NO_FILENAMES) ++# define NO_FILENAMES ++# endif ++# if defined(OPENSSL_NO_FP_API) && !defined(NO_FP_API) ++# define NO_FP_API ++# endif ++# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP) ++# define NO_GMP ++# endif ++# if defined(OPENSSL_NO_GOST) && !defined(NO_GOST) ++# define NO_GOST ++# endif ++# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA) ++# define NO_IDEA ++# endif ++# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE) ++# define NO_JPAKE ++# endif ++# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) ++# define NO_KRB5 ++# endif ++# if defined(OPENSSL_NO_LIBUNBOUND) && !defined(NO_LIBUNBOUND) ++# define NO_LIBUNBOUND ++# endif ++# if defined(OPENSSL_NO_LOCKING) && !defined(NO_LOCKING) ++# define NO_LOCKING ++# endif ++# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2) ++# define NO_MD2 ++# endif ++# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2) ++# define NO_MDC2 ++# endif ++# if defined(OPENSSL_NO_POSIX_IO) && !defined(NO_POSIX_IO) ++# define NO_POSIX_IO ++# endif ++# if defined(OPENSSL_NO_RC2) && !defined(NO_RC2) ++# define NO_RC2 ++# endif ++# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5) ++# define NO_RC5 ++# endif ++# if defined(OPENSSL_NO_RCS) && !defined(NO_RCS) ++# define NO_RCS ++# endif ++# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779) ++# define NO_RFC3779 ++# endif ++# if defined(OPENSSL_NO_RIPEMD) && !defined(NO_RIPEMD) ++# define NO_RIPEMD ++# endif ++# if defined(OPENSSL_NO_SCRYPT) && !defined(NO_SCRYPT) ++# define NO_SCRYPT ++# endif ++# if defined(OPENSSL_NO_SCT) && !defined(NO_SCT) ++# define NO_SCT ++# endif ++# if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) ++# define NO_SCTP ++# endif ++# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED) ++# define NO_SEED ++# endif ++# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0) ++# define NO_SHA0 ++# endif ++# if defined(OPENSSL_NO_SOCK) && !defined(NO_SOCK) ++# define NO_SOCK ++# endif ++# if defined(OPENSSL_NO_SRP) && !defined(NO_SRP) ++# define NO_SRP ++# endif ++# if defined(OPENSSL_NO_SSL_TRACE) && !defined(NO_SSL_TRACE) ++# define NO_SSL_TRACE ++# endif ++# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) ++# define NO_SSL2 ++# endif ++# if defined(OPENSSL_NO_SSL3) && !defined(NO_SSL3) ++# define NO_SSL3 ++# endif ++# if defined(OPENSSL_NO_STDIO) && !defined(NO_STDIO) ++# define NO_STDIO ++# endif ++# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) ++# define NO_STORE ++# endif ++# if defined(OPENSSL_NO_TS) && !defined(NO_TS) ++# define NO_TS ++# endif ++# if defined(OPENSSL_NO_UI) && !defined(NO_UI) ++# define NO_UI ++# endif ++# if defined(OPENSSL_NO_UNIT_TEST) && !defined(NO_UNIT_TEST) ++# define NO_UNIT_TEST ++# endif ++# if defined(OPENSSL_NO_WEAK_SSL_CIPHERS) && !defined(NO_WEAK_SSL_CIPHERS) ++# define NO_WEAK_SSL_CIPHERS ++# endif ++# if defined(OPENSSL_NO_WHIRLPOOL) && !defined(NO_WHIRLPOOL) ++# define NO_WHIRLPOOL ++# endif ++#endif ++ ++/* crypto/opensslconf.h.in */ ++ ++#ifndef OPENSSL_FILE ++#ifdef OPENSSL_NO_FILENAMES ++#define OPENSSL_FILE "" ++#define OPENSSL_LINE 0 ++#else ++#define OPENSSL_FILE __FILE__ ++#define OPENSSL_LINE __LINE__ ++#endif ++#endif ++ ++/* Generate 80386 code? */ ++#undef I386_ONLY ++ ++#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ ++#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) ++#define ENGINESDIR "/usr/local/ssl/lib/engines" ++#define OPENSSLDIR "/usr/local/ssl" ++#endif ++#endif ++ ++#undef OPENSSL_UNISTD ++#define OPENSSL_UNISTD ++ ++#undef OPENSSL_EXPORT_VAR_AS_FUNCTION ++ ++#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) ++#define IDEA_INT unsigned int ++#endif ++ ++#if defined(HEADER_MD2_H) && !defined(MD2_INT) ++#define MD2_INT unsigned int ++#endif ++ ++#if defined(HEADER_RC2_H) && !defined(RC2_INT) ++/* I need to put in a mod for the alpha - eay */ ++#define RC2_INT unsigned int ++#endif ++ ++#if defined(HEADER_RC4_H) ++#if !defined(RC4_INT) ++/* using int types make the structure larger but make the code faster ++ * on most boxes I have tested - up to %20 faster. */ ++/* ++ * I don't know what does "most" mean, but declaring "int" is a must on: ++ * - Intel P6 because partial register stalls are very expensive; ++ * - elder Alpha because it lacks byte load/store instructions; ++ */ ++#define RC4_INT unsigned int ++#endif ++#if !defined(RC4_CHUNK) ++/* ++ * This enables code handling data aligned at natural CPU word ++ * boundary. See crypto/rc4/rc4_enc.c for further details. ++ */ ++#undef RC4_CHUNK ++#endif ++#endif ++ ++#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) ++/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a ++ * %20 speed up (longs are 8 bytes, int's are 4). */ ++#ifndef DES_LONG ++#define DES_LONG unsigned long ++#endif ++#endif ++ ++#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) && !defined(OPENSSL_SYSNAME_UEFI) ++#define CONFIG_HEADER_BN_H ++#undef BN_LLONG ++ ++/* Should we define BN_DIV2W here? */ ++ ++/* Only one for the following should be defined */ ++#undef SIXTY_FOUR_BIT_LONG ++#undef SIXTY_FOUR_BIT ++#define THIRTY_TWO_BIT ++#endif ++ ++#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) ++#define CONFIG_HEADER_RC4_LOCL_H ++/* if this is defined data[i] is used instead of *data, this is a %20 ++ * speedup on x86 */ ++#undef RC4_INDEX ++#endif ++ ++#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) ++#define CONFIG_HEADER_BF_LOCL_H ++#undef BF_PTR ++#endif /* HEADER_BF_LOCL_H */ ++ ++#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) ++#define CONFIG_HEADER_DES_LOCL_H ++#ifndef DES_DEFAULT_OPTIONS ++/* the following is tweaked from a config script, that is why it is a ++ * protected undef/define */ ++#ifndef DES_PTR ++#undef DES_PTR ++#endif ++ ++/* This helps C compiler generate the correct code for multiple functional ++ * units. It reduces register dependancies at the expense of 2 more ++ * registers */ ++#ifndef DES_RISC1 ++#undef DES_RISC1 ++#endif ++ ++#ifndef DES_RISC2 ++#undef DES_RISC2 ++#endif ++ ++#if defined(DES_RISC1) && defined(DES_RISC2) ++#error YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! ++#endif ++ ++/* Unroll the inner loop, this sometimes helps, sometimes hinders. ++ * Very mucy CPU dependant */ ++#ifndef DES_UNROLL ++#undef DES_UNROLL ++#endif ++ ++/* These default values were supplied by ++ * Peter Gutman ++ * They are only used if nothing else has been defined */ ++#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) ++/* Special defines which change the way the code is built depending on the ++ CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find ++ even newer MIPS CPU's, but at the moment one size fits all for ++ optimization options. Older Sparc's work better with only UNROLL, but ++ there's no way to tell at compile time what it is you're running on */ ++ ++#if defined( __sun ) || defined ( sun ) /* Newer Sparc's */ ++# define DES_PTR ++# define DES_RISC1 ++# define DES_UNROLL ++#elif defined( __ultrix ) /* Older MIPS */ ++# define DES_PTR ++# define DES_RISC2 ++# define DES_UNROLL ++#elif defined( __osf1__ ) /* Alpha */ ++# define DES_PTR ++# define DES_RISC2 ++#elif defined ( _AIX ) /* RS6000 */ ++ /* Unknown */ ++#elif defined( __hpux ) /* HP-PA */ ++ /* Unknown */ ++#elif defined( __aux ) /* 68K */ ++ /* Unknown */ ++#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ ++# define DES_UNROLL ++#elif defined( __sgi ) /* Newer MIPS */ ++# define DES_PTR ++# define DES_RISC2 ++# define DES_UNROLL ++#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ ++# define DES_PTR ++# define DES_RISC1 ++# define DES_UNROLL ++#endif /* Systems-specific speed defines */ ++#endif ++ ++#endif /* DES_DEFAULT_OPTIONS */ ++#endif /* HEADER_DES_LOCL_H */ ++#ifdef __cplusplus ++} ++#endif +diff --git a/Cryptlib/Include/openssl/opensslv.h b/Cryptlib/Include/openssl/opensslv.h +index 9d6708f..645dd07 100644 +--- a/Cryptlib/Include/openssl/opensslv.h ++++ b/Cryptlib/Include/openssl/opensslv.h +@@ -1,12 +1,3 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + #ifndef HEADER_OPENSSLV_H + # define HEADER_OPENSSLV_H + +@@ -39,12 +30,13 @@ extern "C" { + * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for + * major minor fix final patch/beta) + */ +-# define OPENSSL_VERSION_NUMBER 0x1010005fL ++# define OPENSSL_VERSION_NUMBER 0x100020bfL + # ifdef OPENSSL_FIPS +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0e-fips 16 Feb 2017" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k-fips 26 Jan 2017" + # else +-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0e 16 Feb 2017" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2k 26 Jan 2017" + # endif ++# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + + /*- + * The macros below are to be used for shared library (.so, .dll, ...) +@@ -57,7 +49,7 @@ extern "C" { + * + * libcrypto.so.0.9 + * +- * Some unixen also make a softlink with the major version number only: ++ * Some unixen also make a softlink with the major verson number only: + * + * libcrypto.so.0 + * +@@ -96,7 +88,7 @@ extern "C" { + * should only keep the versions that are binary compatible with the current. + */ + # define SHLIB_VERSION_HISTORY "" +-# define SHLIB_VERSION_NUMBER "1.1" ++# define SHLIB_VERSION_NUMBER "1.0.0" + + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/ossl_typ.h b/Cryptlib/Include/openssl/ossl_typ.h +index 129a67f..364d262 100644 +--- a/Cryptlib/Include/openssl/ossl_typ.h ++++ b/Cryptlib/Include/openssl/ossl_typ.h +@@ -1,17 +1,60 @@ +-/* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_OPENSSL_TYPES_H + # define HEADER_OPENSSL_TYPES_H + +-#include +- + #ifdef __cplusplus + extern "C" { + #endif +@@ -61,13 +104,12 @@ typedef struct asn1_object_st ASN1_OBJECT; + + typedef struct ASN1_ITEM_st ASN1_ITEM; + typedef struct asn1_pctx_st ASN1_PCTX; +-typedef struct asn1_sctx_st ASN1_SCTX; + +-# ifdef _WIN32 ++# ifdef OPENSSL_SYS_WIN32 + # undef X509_NAME + # undef X509_EXTENSIONS ++# undef X509_CERT_PAIR + # undef PKCS7_ISSUER_AND_SERIAL +-# undef PKCS7_SIGNER_INFO + # undef OCSP_REQUEST + # undef OCSP_RESPONSE + # endif +@@ -75,8 +117,6 @@ typedef struct asn1_sctx_st ASN1_SCTX; + # ifdef BIGNUM + # undef BIGNUM + # endif +-struct dane_st; +-typedef struct bio_st BIO; + typedef struct bignum_st BIGNUM; + typedef struct bignum_ctx BN_CTX; + typedef struct bn_blinding_st BN_BLINDING; +@@ -88,8 +128,8 @@ typedef struct buf_mem_st BUF_MEM; + + typedef struct evp_cipher_st EVP_CIPHER; + typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +-typedef struct evp_md_st EVP_MD; +-typedef struct evp_md_ctx_st EVP_MD_CTX; ++typedef struct env_md_st EVP_MD; ++typedef struct env_md_ctx_st EVP_MD_CTX; + typedef struct evp_pkey_st EVP_PKEY; + + typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; +@@ -97,10 +137,6 @@ typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + typedef struct evp_pkey_method_st EVP_PKEY_METHOD; + typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +-typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; +- +-typedef struct hmac_ctx_st HMAC_CTX; +- + typedef struct dh_st DH; + typedef struct dh_method DH_METHOD; + +@@ -110,12 +146,11 @@ typedef struct dsa_method DSA_METHOD; + typedef struct rsa_st RSA; + typedef struct rsa_meth_st RSA_METHOD; + +-typedef struct ec_key_st EC_KEY; +-typedef struct ec_key_method_st EC_KEY_METHOD; +- + typedef struct rand_meth_st RAND_METHOD; + +-typedef struct ssl_dane_st SSL_DANE; ++typedef struct ecdh_method ECDH_METHOD; ++typedef struct ecdsa_method ECDSA_METHOD; ++ + typedef struct x509_st X509; + typedef struct X509_algor_st X509_ALGOR; + typedef struct X509_crl_st X509_CRL; +@@ -126,25 +161,23 @@ typedef struct X509_pubkey_st X509_PUBKEY; + typedef struct x509_store_st X509_STORE; + typedef struct x509_store_ctx_st X509_STORE_CTX; + +-typedef struct x509_object_st X509_OBJECT; +-typedef struct x509_lookup_st X509_LOOKUP; +-typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +-typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; +- + typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + + typedef struct v3_ext_ctx X509V3_CTX; + typedef struct conf_st CONF; +-typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS; ++ ++typedef struct store_st STORE; ++typedef struct store_method_st STORE_METHOD; + + typedef struct ui_st UI; + typedef struct ui_method_st UI_METHOD; + ++typedef struct st_ERR_FNS ERR_FNS; ++ + typedef struct engine_st ENGINE; + typedef struct ssl_st SSL; + typedef struct ssl_ctx_st SSL_CTX; + +-typedef struct comp_ctx_st COMP_CTX; + typedef struct comp_method_st COMP_METHOD; + + typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +@@ -157,33 +190,23 @@ typedef struct DIST_POINT_st DIST_POINT; + typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; + typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + ++ /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ ++# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ ++# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ ++ + typedef struct crypto_ex_data_st CRYPTO_EX_DATA; ++/* Callback types for crypto.h */ ++typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); ++typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, ++ int idx, long argl, void *argp); ++typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, ++ void *from_d, int idx, long argl, void *argp); + + typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; + typedef struct ocsp_response_st OCSP_RESPONSE; + typedef struct ocsp_responder_id_st OCSP_RESPID; + +-typedef struct sct_st SCT; +-typedef struct sct_ctx_st SCT_CTX; +-typedef struct ctlog_st CTLOG; +-typedef struct ctlog_store_st CTLOG_STORE; +-typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; +- +-#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ +- defined(INTMAX_MAX) && defined(UINTMAX_MAX) +-typedef intmax_t ossl_intmax_t; +-typedef uintmax_t ossl_uintmax_t; +-#else +-/* +- * Not long long, because the C-library can only be expected to provide +- * strtoll(), strtoull() at the same time as intmax_t and strtoimax(), +- * strtoumax(). Since we use these for parsing arguments, we need the +- * conversion functions, not just the sizes. +- */ +-typedef long ossl_intmax_t; +-typedef unsigned long ossl_uintmax_t; +-#endif +- + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/Include/openssl/pem.h b/Cryptlib/Include/openssl/pem.h +index 2375d63..d271ec8 100644 +--- a/Cryptlib/Include/openssl/pem.h ++++ b/Cryptlib/Include/openssl/pem.h +@@ -1,18 +1,71 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_PEM_H + # define HEADER_PEM_H + + # include +-# include +-# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# ifndef OPENSSL_NO_STACK ++# include ++# endif + # include + # include + # include +@@ -23,8 +76,44 @@ extern "C" { + + # define PEM_BUFSIZE 1024 + ++# define PEM_OBJ_UNDEF 0 ++# define PEM_OBJ_X509 1 ++# define PEM_OBJ_X509_REQ 2 ++# define PEM_OBJ_CRL 3 ++# define PEM_OBJ_SSL_SESSION 4 ++# define PEM_OBJ_PRIV_KEY 10 ++# define PEM_OBJ_PRIV_RSA 11 ++# define PEM_OBJ_PRIV_DSA 12 ++# define PEM_OBJ_PRIV_DH 13 ++# define PEM_OBJ_PUB_RSA 14 ++# define PEM_OBJ_PUB_DSA 15 ++# define PEM_OBJ_PUB_DH 16 ++# define PEM_OBJ_DHPARAMS 17 ++# define PEM_OBJ_DSAPARAMS 18 ++# define PEM_OBJ_PRIV_RSA_PUBLIC 19 ++# define PEM_OBJ_PRIV_ECDSA 20 ++# define PEM_OBJ_PUB_ECDSA 21 ++# define PEM_OBJ_ECPARAMETERS 22 ++ ++# define PEM_ERROR 30 ++# define PEM_DEK_DES_CBC 40 ++# define PEM_DEK_IDEA_CBC 45 ++# define PEM_DEK_DES_EDE 50 ++# define PEM_DEK_DES_ECB 60 ++# define PEM_DEK_RSA 70 ++# define PEM_DEK_RSA_MD2 80 ++# define PEM_DEK_RSA_MD5 90 ++ ++# define PEM_MD_MD2 NID_md2 ++# define PEM_MD_MD5 NID_md5 ++# define PEM_MD_SHA NID_sha ++# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption ++# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption ++# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption ++ + # define PEM_STRING_X509_OLD "X509 CERTIFICATE" + # define PEM_STRING_X509 "CERTIFICATE" ++# define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" + # define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" + # define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" + # define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +@@ -49,6 +138,17 @@ extern "C" { + # define PEM_STRING_PARAMETERS "PARAMETERS" + # define PEM_STRING_CMS "CMS" + ++ /* ++ * Note that this structure is initialised by PEM_SealInit and cleaned up ++ * by PEM_SealFinal (at least for now) ++ */ ++typedef struct PEM_Encode_Seal_st { ++ EVP_ENCODE_CTX encode; ++ EVP_MD_CTX md; ++ EVP_CIPHER_CTX cipher; ++} PEM_ENCODE_SEAL_CTX; ++ ++/* enc_type is one off */ + # define PEM_TYPE_ENCRYPTED 10 + # define PEM_TYPE_MIC_ONLY 20 + # define PEM_TYPE_MIC_CLEAR 30 +@@ -82,7 +182,6 @@ typedef struct pem_ctx_st { + + int num_recipient; + PEM_USER **recipient; +- + /*- + XXX(ben): don#t think this is used! + STACK *x509_chain; / * certificate chain */ +@@ -110,7 +209,7 @@ typedef struct pem_ctx_st { + * IMPLEMENT_PEM_rw_cb(...) + */ + +-# ifdef OPENSSL_NO_STDIO ++# ifdef OPENSSL_NO_FP_API + + # define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ + # define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ +@@ -221,7 +320,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + + /* These are the same except they are for the declarations */ + +-# if defined(OPENSSL_NO_STDIO) ++# if defined(OPENSSL_NO_FP_API) + + # define DECLARE_PEM_read_fp(name, type) /**/ + # define DECLARE_PEM_write_fp(name, type) /**/ +@@ -244,6 +343,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + + # endif + ++# ifndef OPENSSL_NO_BIO + # define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +@@ -257,6 +357,13 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + ++# else ++ ++# define DECLARE_PEM_read_bio(name, type) /**/ ++# define DECLARE_PEM_write_bio(name, type) /**/ ++# define DECLARE_PEM_write_bio_const(name, type) /**/ ++# define DECLARE_PEM_write_cb_bio(name, type) /**/ ++# endif + # define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) +@@ -278,12 +385,19 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + # define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) ++# if 1 ++/* "userdata": new with OpenSSL 0.9.4 */ + typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); ++# else ++/* OpenSSL 0.9.3, 0.9.3a */ ++typedef int pem_password_cb (char *buf, int size, int rwflag); ++# endif + + int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); + int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + ++# ifndef OPENSSL_NO_BIO + int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); + int PEM_write_bio(BIO *bp, const char *name, const char *hdr, +@@ -302,8 +416,9 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cd, void *u); ++# endif + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); + int PEM_write(FILE *fp, const char *name, const char *hdr, +@@ -317,8 +432,16 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); + #endif + +-int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +-int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); ++int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, ++ EVP_MD *md_type, unsigned char **ek, int *ekl, ++ unsigned char *iv, EVP_PKEY **pubk, int npubk); ++void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, ++ unsigned char *in, int inl); ++int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, ++ unsigned char *out, int *outl, EVP_PKEY *priv); ++ ++void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); ++void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); + int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +@@ -330,6 +453,7 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); + + DECLARE_PEM_rw(X509, X509) + DECLARE_PEM_rw(X509_AUX, X509) ++DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) + DECLARE_PEM_rw(X509_REQ, X509_REQ) + DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) + DECLARE_PEM_rw(X509_CRL, X509_CRL) +@@ -359,11 +483,6 @@ DECLARE_PEM_write_const(DHxparams, DH) + DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) + DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +-int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, +- const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u); +- + int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +@@ -378,7 +497,7 @@ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +-# ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +@@ -395,22 +514,21 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, + void *u); +-# endif ++#endif ++ + EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); + int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + +-# ifndef OPENSSL_NO_DSA + EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); + EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); + EVP_PKEY *b2i_PrivateKey_bio(BIO *in); + EVP_PKEY *b2i_PublicKey_bio(BIO *in); + int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); + int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +-# ifndef OPENSSL_NO_RC4 ++# ifndef OPENSSL_NO_RC4 + EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); + int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u); +-# endif + # endif + + /* BEGIN ERROR CODES */ +@@ -419,7 +537,7 @@ int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, + * made after this point may be overwritten when the script is next run. + */ + +-int ERR_load_PEM_strings(void); ++void ERR_load_PEM_strings(void); + + /* Error codes for the PEM functions. */ + +@@ -447,7 +565,9 @@ int ERR_load_PEM_strings(void); + # define PEM_F_PEM_ASN1_WRITE_BIO 105 + # define PEM_F_PEM_DEF_CALLBACK 100 + # define PEM_F_PEM_DO_HEADER 106 ++# define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 + # define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 ++# define PEM_F_PEM_PK8PKEY 119 + # define PEM_F_PEM_READ 108 + # define PEM_F_PEM_READ_BIO 109 + # define PEM_F_PEM_READ_BIO_DHPARAMS 141 +@@ -455,6 +575,8 @@ int ERR_load_PEM_strings(void); + # define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 + # define PEM_F_PEM_READ_DHPARAMS 142 + # define PEM_F_PEM_READ_PRIVATEKEY 124 ++# define PEM_F_PEM_SEALFINAL 110 ++# define PEM_F_PEM_SEALINIT 111 + # define PEM_F_PEM_SIGNFINAL 112 + # define PEM_F_PEM_WRITE 113 + # define PEM_F_PEM_WRITE_BIO 114 +@@ -480,17 +602,16 @@ int ERR_load_PEM_strings(void); + # define PEM_R_INCONSISTENT_HEADER 121 + # define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 + # define PEM_R_KEYBLOB_TOO_SHORT 123 +-# define PEM_R_MISSING_DEK_IV 129 + # define PEM_R_NOT_DEK_INFO 105 + # define PEM_R_NOT_ENCRYPTED 106 + # define PEM_R_NOT_PROC_TYPE 107 + # define PEM_R_NO_START_LINE 108 + # define PEM_R_PROBLEMS_GETTING_PASSWORD 109 ++# define PEM_R_PUBLIC_KEY_NO_RSA 110 + # define PEM_R_PVK_DATA_TOO_SHORT 124 + # define PEM_R_PVK_TOO_SHORT 125 + # define PEM_R_READ_KEY 111 + # define PEM_R_SHORT_HEADER 112 +-# define PEM_R_UNEXPECTED_DEK_IV 130 + # define PEM_R_UNSUPPORTED_CIPHER 113 + # define PEM_R_UNSUPPORTED_ENCRYPTION 114 + # define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 +diff --git a/Cryptlib/Include/openssl/pem2.h b/Cryptlib/Include/openssl/pem2.h +index cfe73f1..84897d5 100644 +--- a/Cryptlib/Include/openssl/pem2.h ++++ b/Cryptlib/Include/openssl/pem2.h +@@ -1,10 +1,60 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * This header only exists to break a circular dependency between pem and err ++ * Ben 30 Jan 1999. + */ + + #ifdef __cplusplus +@@ -12,7 +62,7 @@ extern "C" { + #endif + + #ifndef HEADER_PEM_H +-int ERR_load_PEM_strings(void); ++void ERR_load_PEM_strings(void); + #endif + + #ifdef __cplusplus +diff --git a/Cryptlib/Include/openssl/pkcs12.h b/Cryptlib/Include/openssl/pkcs12.h +index deaded9..21f1f62 100644 +--- a/Cryptlib/Include/openssl/pkcs12.h ++++ b/Cryptlib/Include/openssl/pkcs12.h +@@ -1,10 +1,60 @@ ++/* pkcs12.h */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_PKCS12_H +@@ -30,92 +80,114 @@ extern "C" { + + # define PKCS12_SALT_LEN 8 + +-/* It's not clear if these are actually needed... */ +-# define PKCS12_key_gen PKCS12_key_gen_utf8 +-# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 ++/* Uncomment out next line for unicode password and names, otherwise ASCII */ ++ ++/* ++ * #define PBE_UNICODE ++ */ ++ ++# ifdef PBE_UNICODE ++# define PKCS12_key_gen PKCS12_key_gen_uni ++# define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni ++# else ++# define PKCS12_key_gen PKCS12_key_gen_asc ++# define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc ++# endif + + /* MS key usage constants */ + + # define KEY_EX 0x10 + # define KEY_SIG 0x80 + +-typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; ++typedef struct { ++ X509_SIG *dinfo; ++ ASN1_OCTET_STRING *salt; ++ ASN1_INTEGER *iter; /* defaults to 1 */ ++} PKCS12_MAC_DATA; ++ ++typedef struct { ++ ASN1_INTEGER *version; ++ PKCS12_MAC_DATA *mac; ++ PKCS7 *authsafes; ++} PKCS12; ++ ++typedef struct { ++ ASN1_OBJECT *type; ++ union { ++ struct pkcs12_bag_st *bag; /* secret, crl and certbag */ ++ struct pkcs8_priv_key_info_st *keybag; /* keybag */ ++ X509_SIG *shkeybag; /* shrouded key bag */ ++ STACK_OF(PKCS12_SAFEBAG) *safes; ++ ASN1_TYPE *other; ++ } value; ++ STACK_OF(X509_ATTRIBUTE) *attrib; ++} PKCS12_SAFEBAG; ++ ++DECLARE_STACK_OF(PKCS12_SAFEBAG) ++DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) ++DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) ++ ++typedef struct pkcs12_bag_st { ++ ASN1_OBJECT *type; ++ union { ++ ASN1_OCTET_STRING *x509cert; ++ ASN1_OCTET_STRING *x509crl; ++ ASN1_OCTET_STRING *octet; ++ ASN1_IA5STRING *sdsicert; ++ ASN1_TYPE *other; /* Secret or other bag */ ++ } value; ++} PKCS12_BAGS; + +-typedef struct PKCS12_st PKCS12; ++# define PKCS12_ERROR 0 ++# define PKCS12_OK 1 + +-typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; ++/* Compatibility macros */ + +-DEFINE_STACK_OF(PKCS12_SAFEBAG) ++# define M_PKCS12_x5092certbag PKCS12_x5092certbag ++# define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag + +-typedef struct pkcs12_bag_st PKCS12_BAGS; ++# define M_PKCS12_certbag2x509 PKCS12_certbag2x509 ++# define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl + +-# define PKCS12_ERROR 0 +-# define PKCS12_OK 1 ++# define M_PKCS12_unpack_p7data PKCS12_unpack_p7data ++# define M_PKCS12_pack_authsafes PKCS12_pack_authsafes ++# define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes ++# define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata + +-/* Compatibility macros */ ++# define M_PKCS12_decrypt_skey PKCS12_decrypt_skey ++# define M_PKCS8_decrypt PKCS8_decrypt + +-#if OPENSSL_API_COMPAT < 0x10100000L ++# define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) ++# define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) ++# define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type + +-# define M_PKCS12_bag_type PKCS12_bag_type +-# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +-# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type ++# define PKCS12_get_attr(bag, attr_nid) \ ++ PKCS12_get_attr_gen(bag->attrib, attr_nid) + +-# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +-# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl +-# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +-# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid +-# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +-# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +-# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +-# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt ++# define PKCS8_get_attr(p8, attr_nid) \ ++ PKCS12_get_attr_gen(p8->attributes, attr_nid) + +-#endif ++# define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) + +-DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)) +- +-ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +-int PKCS12_mac_present(const PKCS12 *p12); +-void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, +- const X509_ALGOR **pmacalg, +- const ASN1_OCTET_STRING **psalt, +- const ASN1_INTEGER **piter, +- const PKCS12 *p12); +- +-const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, +- int attr_nid); +-const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); +-int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +-int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); +- +-X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +-X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); +-const STACK_OF(PKCS12_SAFEBAG) * +-PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +-const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +-const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); +- +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, +- const char *pass, +- int passlen, +- unsigned char *salt, +- int saltlen, int iter, +- PKCS8_PRIV_KEY_INFO *p8inf); ++PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); ++PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); ++X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); ++X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); + + PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); +-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, ++PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); ++PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, + int passlen); +-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, ++PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, + const char *pass, int passlen); + X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +-X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, +- PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); ++PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, ++ int passlen, unsigned char *salt, ++ int saltlen, int iter, ++ PKCS8_PRIV_KEY_INFO *p8); + PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); + STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); + PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, +@@ -125,32 +197,26 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); + + int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); +-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); ++STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); + + int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); + int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); +-int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, +- int namelen); + int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, + int namelen); + int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen); + int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +-ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, +- int attr_nid); ++ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); + char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +-const STACK_OF(X509_ATTRIBUTE) * +-PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +-unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, +- const char *pass, int passlen, +- const unsigned char *in, int inlen, ++unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, ++ int passlen, unsigned char *in, int inlen, + unsigned char **data, int *datalen, + int en_de); +-void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, ++void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, +- const ASN1_OCTET_STRING *oct, int zbuf); ++ ASN1_OCTET_STRING *oct, int zbuf); + ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, + const char *pass, int passlen, +@@ -162,9 +228,6 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type); +-int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, +- int saltlen, int id, int iter, int n, +- unsigned char *out, const EVP_MD *md_type); + int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md_type, int en_de); +@@ -178,10 +241,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, + int saltlen, const EVP_MD *md_type); + unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +-char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); +-unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, +- unsigned char **uni, int *unilen); +-char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); ++char *OPENSSL_uni2asc(unsigned char *uni, int unilen); + + DECLARE_ASN1_FUNCTIONS(PKCS12) + DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +@@ -194,26 +254,22 @@ DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + void PKCS12_PBE_add(void); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +-PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, +- X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, +- int iter, int mac_iter, int keytype); ++PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, ++ STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, ++ int mac_iter, int keytype); + + PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); + PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, +- int key_nid, const char *pass); ++ int key_nid, char *pass); + int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, +- int safe_nid, int iter, const char *pass); ++ int safe_nid, int iter, char *pass); + PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + + int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +-# ifndef OPENSSL_NO_STDIO + int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +-# endif + PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +-# ifndef OPENSSL_NO_STDIO + PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +-# endif + int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + + /* BEGIN ERROR CODES */ +@@ -221,12 +277,17 @@ int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_PKCS12_strings(void); ++void ERR_load_PKCS12_strings(void); + + /* Error codes for the PKCS12 functions. */ + + /* Function codes. */ ++# define PKCS12_F_PARSE_BAG 129 ++# define PKCS12_F_PARSE_BAGS 103 ++# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 ++# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 ++# define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 ++# define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 + # define PKCS12_F_PKCS12_CREATE 105 + # define PKCS12_F_PKCS12_GEN_MAC 107 + # define PKCS12_F_PKCS12_INIT 109 +@@ -235,23 +296,21 @@ int ERR_load_PKCS12_strings(void); + # define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 + # define PKCS12_F_PKCS12_KEY_GEN_ASC 110 + # define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +-# define PKCS12_F_PKCS12_KEY_GEN_UTF8 116 ++# define PKCS12_F_PKCS12_MAKE_KEYBAG 112 ++# define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 + # define PKCS12_F_PKCS12_NEWPASS 128 + # define PKCS12_F_PKCS12_PACK_P7DATA 114 + # define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 + # define PKCS12_F_PKCS12_PARSE 118 + # define PKCS12_F_PKCS12_PBE_CRYPT 119 + # define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +-# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF 112 +-# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8 113 +-# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT 133 + # define PKCS12_F_PKCS12_SETUP_MAC 122 + # define PKCS12_F_PKCS12_SET_MAC 123 + # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 + # define PKCS12_F_PKCS12_UNPACK_P7DATA 131 + # define PKCS12_F_PKCS12_VERIFY_MAC 126 ++# define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 + # define PKCS12_F_PKCS8_ENCRYPT 125 +-# define PKCS12_F_PKCS8_SET0_PBE 132 + + /* Reason codes. */ + # define PKCS12_R_CANT_PACK_STRUCTURE 100 +@@ -268,6 +327,7 @@ int ERR_load_PKCS12_strings(void); + # define PKCS12_R_MAC_GENERATION_ERROR 109 + # define PKCS12_R_MAC_SETUP_ERROR 110 + # define PKCS12_R_MAC_STRING_SET_ERROR 111 ++# define PKCS12_R_MAC_VERIFY_ERROR 112 + # define PKCS12_R_MAC_VERIFY_FAILURE 113 + # define PKCS12_R_PARSE_ERROR 114 + # define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +@@ -276,7 +336,7 @@ int ERR_load_PKCS12_strings(void); + # define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 + # define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/pkcs7.h b/Cryptlib/Include/openssl/pkcs7.h +index 691f722..b51b386 100644 +--- a/Cryptlib/Include/openssl/pkcs7.h ++++ b/Cryptlib/Include/openssl/pkcs7.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pkcs7/pkcs7.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_PKCS7_H +@@ -21,6 +70,12 @@ + extern "C" { + #endif + ++# ifdef OPENSSL_SYS_WIN32 ++/* Under Win32 thes are defined in wincrypt.h */ ++# undef PKCS7_ISSUER_AND_SERIAL ++# undef PKCS7_SIGNER_INFO ++# endif ++ + /*- + Encryption_ID DES-CBC + Digest_ID MD5 +@@ -45,7 +100,8 @@ typedef struct pkcs7_signer_info_st { + EVP_PKEY *pkey; + } PKCS7_SIGNER_INFO; + +-DEFINE_STACK_OF(PKCS7_SIGNER_INFO) ++DECLARE_STACK_OF(PKCS7_SIGNER_INFO) ++DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) + + typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ +@@ -55,7 +111,8 @@ typedef struct pkcs7_recip_info_st { + X509 *cert; /* get the pub-key from this */ + } PKCS7_RECIP_INFO; + +-DEFINE_STACK_OF(PKCS7_RECIP_INFO) ++DECLARE_STACK_OF(PKCS7_RECIP_INFO) ++DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) + + typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ +@@ -142,7 +199,9 @@ typedef struct pkcs7_st { + } d; + } PKCS7; + +-DEFINE_STACK_OF(PKCS7) ++DECLARE_STACK_OF(PKCS7) ++DECLARE_ASN1_SET_OF(PKCS7) ++DECLARE_PKCS12_STACK_OF(PKCS7) + + # define PKCS7_OP_SET_DETACHED_SIGNATURE 1 + # define PKCS7_OP_GET_DETACHED_SIGNATURE 2 +@@ -183,7 +242,6 @@ DEFINE_STACK_OF(PKCS7) + # define PKCS7_NOCRL 0x2000 + # define PKCS7_PARTIAL 0x4000 + # define PKCS7_REUSE_DIGEST 0x8000 +-# define PKCS7_NO_DUAL_CONTENT 0x10000 + + /* Flags: for compatibility with older code */ + +@@ -197,15 +255,12 @@ DEFINE_STACK_OF(PKCS7) + # define SMIME_BINARY PKCS7_BINARY + # define SMIME_NOATTR PKCS7_NOATTR + +-/* CRLF ASCII canonicalisation */ +-# define SMIME_ASCIICRLF 0x80000 +- + DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) + + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, + unsigned int *len); +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); + int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); + # endif +@@ -317,13 +372,15 @@ BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_PKCS7_strings(void); ++void ERR_load_PKCS7_strings(void); + + /* Error codes for the PKCS7 functions. */ + + /* Function codes. */ ++# define PKCS7_F_B64_READ_PKCS7 120 ++# define PKCS7_F_B64_WRITE_PKCS7 121 + # define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 ++# define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 + # define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 + # define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 + # define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +@@ -337,6 +394,7 @@ int ERR_load_PKCS7_strings(void); + # define PKCS7_F_PKCS7_DATADECODE 112 + # define PKCS7_F_PKCS7_DATAFINAL 128 + # define PKCS7_F_PKCS7_DATAINIT 105 ++# define PKCS7_F_PKCS7_DATASIGN 106 + # define PKCS7_F_PKCS7_DATAVERIFY 107 + # define PKCS7_F_PKCS7_DECRYPT 114 + # define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +@@ -357,6 +415,8 @@ int ERR_load_PKCS7_strings(void); + # define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 + # define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 + # define PKCS7_F_PKCS7_VERIFY 117 ++# define PKCS7_F_SMIME_READ_PKCS7 122 ++# define PKCS7_F_SMIME_TEXT 123 + + /* Reason codes. */ + # define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +@@ -364,29 +424,46 @@ int ERR_load_PKCS7_strings(void); + # define PKCS7_R_CIPHER_NOT_INITIALIZED 116 + # define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 + # define PKCS7_R_CTRL_ERROR 152 ++# define PKCS7_R_DECODE_ERROR 130 ++# define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 + # define PKCS7_R_DECRYPT_ERROR 119 + # define PKCS7_R_DIGEST_FAILURE 101 + # define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 + # define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 + # define PKCS7_R_ERROR_ADDING_RECIPIENT 120 + # define PKCS7_R_ERROR_SETTING_CIPHER 121 ++# define PKCS7_R_INVALID_MIME_TYPE 131 + # define PKCS7_R_INVALID_NULL_POINTER 143 + # define PKCS7_R_INVALID_SIGNED_DATA_TYPE 155 ++# define PKCS7_R_MIME_NO_CONTENT_TYPE 132 ++# define PKCS7_R_MIME_PARSE_ERROR 133 ++# define PKCS7_R_MIME_SIG_PARSE_ERROR 134 ++# define PKCS7_R_MISSING_CERIPEND_INFO 103 + # define PKCS7_R_NO_CONTENT 122 ++# define PKCS7_R_NO_CONTENT_TYPE 135 + # define PKCS7_R_NO_DEFAULT_DIGEST 151 + # define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 ++# define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 ++# define PKCS7_R_NO_MULTIPART_BOUNDARY 137 + # define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 ++# define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 + # define PKCS7_R_NO_SIGNATURES_ON_DATA 123 + # define PKCS7_R_NO_SIGNERS 142 ++# define PKCS7_R_NO_SIG_CONTENT_TYPE 138 + # define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 + # define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 + # define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 ++# define PKCS7_R_PKCS7_DATAFINAL 126 ++# define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 + # define PKCS7_R_PKCS7_DATASIGN 145 ++# define PKCS7_R_PKCS7_PARSE_ERROR 139 ++# define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 + # define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 + # define PKCS7_R_SIGNATURE_FAILURE 105 + # define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 + # define PKCS7_R_SIGNING_CTRL_FAILURE 147 + # define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 ++# define PKCS7_R_SIG_INVALID_MIME_TYPE 141 + # define PKCS7_R_SMIME_TEXT_ERROR 129 + # define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 + # define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +@@ -398,7 +475,7 @@ int ERR_load_PKCS7_strings(void); + # define PKCS7_R_WRONG_CONTENT_TYPE 113 + # define PKCS7_R_WRONG_PKCS7_TYPE 114 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/pqueue.h b/Cryptlib/Include/openssl/pqueue.h +new file mode 100644 +index 0000000..d40d9c7 +--- /dev/null ++++ b/Cryptlib/Include/openssl/pqueue.h +@@ -0,0 +1,99 @@ ++/* crypto/pqueue/pqueue.h */ ++/* ++ * DTLS implementation written by Nagendra Modadugu ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_PQUEUE_H ++# define HEADER_PQUEUE_H ++ ++# include ++# include ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++typedef struct _pqueue *pqueue; ++ ++typedef struct _pitem { ++ unsigned char priority[8]; /* 64-bit value in big-endian encoding */ ++ void *data; ++ struct _pitem *next; ++} pitem; ++ ++typedef struct _pitem *piterator; ++ ++pitem *pitem_new(unsigned char *prio64be, void *data); ++void pitem_free(pitem *item); ++ ++pqueue pqueue_new(void); ++void pqueue_free(pqueue pq); ++ ++pitem *pqueue_insert(pqueue pq, pitem *item); ++pitem *pqueue_peek(pqueue pq); ++pitem *pqueue_pop(pqueue pq); ++pitem *pqueue_find(pqueue pq, unsigned char *prio64be); ++pitem *pqueue_iterator(pqueue pq); ++pitem *pqueue_next(piterator *iter); ++ ++void pqueue_print(pqueue pq); ++int pqueue_size(pqueue pq); ++ ++#ifdef __cplusplus ++} ++#endif ++#endif /* ! HEADER_PQUEUE_H */ +diff --git a/Cryptlib/Include/openssl/rand.h b/Cryptlib/Include/openssl/rand.h +index d521ae1..2553afd 100644 +--- a/Cryptlib/Include/openssl/rand.h ++++ b/Cryptlib/Include/openssl/rand.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rand/rand.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_RAND_H +@@ -14,18 +63,26 @@ + # include + # include + ++# if defined(OPENSSL_SYS_WINDOWS) ++# include ++# endif ++ + #ifdef __cplusplus + extern "C" { + #endif + ++# if defined(OPENSSL_FIPS) ++# define FIPS_RAND_SIZE_T size_t ++# endif ++ + /* Already defined in ossl_typ.h */ + /* typedef struct rand_meth_st RAND_METHOD; */ + + struct rand_meth_st { +- int (*seed) (const void *buf, int num); ++ void (*seed) (const void *buf, int num); + int (*bytes) (unsigned char *buf, int num); + void (*cleanup) (void); +- int (*add) (const void *buf, int num, double entropy); ++ void (*add) (const void *buf, int num, double entropy); + int (*pseudorand) (unsigned char *buf, int num); + int (*status) (void); + }; +@@ -39,51 +96,55 @@ const RAND_METHOD *RAND_get_rand_method(void); + # ifndef OPENSSL_NO_ENGINE + int RAND_set_rand_engine(ENGINE *engine); + # endif +-RAND_METHOD *RAND_OpenSSL(void); +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define RAND_cleanup() while(0) continue +-#endif ++RAND_METHOD *RAND_SSLeay(void); ++void RAND_cleanup(void); + int RAND_bytes(unsigned char *buf, int num); +-DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) ++int RAND_pseudo_bytes(unsigned char *buf, int num); + void RAND_seed(const void *buf, int num); +-#if defined(__ANDROID__) && defined(__NDK_FPABI__) +-__NDK_FPABI__ /* __attribute__((pcs("aapcs"))) on ARM */ +-#endif + void RAND_add(const void *buf, int num, double entropy); + int RAND_load_file(const char *file, long max_bytes); + int RAND_write_file(const char *file); + const char *RAND_file_name(char *file, size_t num); + int RAND_status(void); +-# ifndef OPENSSL_NO_EGD + int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); + int RAND_egd(const char *path); + int RAND_egd_bytes(const char *path, int bytes); +-# endif + int RAND_poll(void); + +-#if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H)) +-/* application has to include in order to use these */ +-DEPRECATEDIN_1_1_0(void RAND_screen(void)) +-DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM)) +-#endif ++# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ++ ++void RAND_screen(void); ++int RAND_event(UINT, WPARAM, LPARAM); ++ ++# endif ++ ++# ifdef OPENSSL_FIPS ++void RAND_set_fips_drbg_type(int type, int flags); ++int RAND_init_fips(void); ++# endif + + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_RAND_strings(void); ++void ERR_load_RAND_strings(void); + + /* Error codes for the RAND functions. */ + + /* Function codes. */ +-# define RAND_F_RAND_BYTES 100 ++# define RAND_F_RAND_GET_RAND_METHOD 101 ++# define RAND_F_RAND_INIT_FIPS 102 ++# define RAND_F_SSLEAY_RAND_BYTES 100 + + /* Reason codes. */ ++# define RAND_R_DUAL_EC_DRBG_DISABLED 104 ++# define RAND_R_ERROR_INITIALISING_DRBG 102 ++# define RAND_R_ERROR_INSTANTIATING_DRBG 103 ++# define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 + # define RAND_R_PRNG_NOT_SEEDED 100 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/rc2.h b/Cryptlib/Include/openssl/rc2.h +index 585f9e4..29d02d7 100644 +--- a/Cryptlib/Include/openssl/rc2.h ++++ b/Cryptlib/Include/openssl/rc2.h +@@ -1,34 +1,87 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rc2/rc2.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_RC2_H + # define HEADER_RC2_H + +-# include +- +-# ifndef OPENSSL_NO_RC2 +-# ifdef __cplusplus +-extern "C" { ++# include /* OPENSSL_NO_RC2, RC2_INT */ ++# ifdef OPENSSL_NO_RC2 ++# error RC2 is disabled. + # endif + +-typedef unsigned int RC2_INT; +- + # define RC2_ENCRYPT 1 + # define RC2_DECRYPT 0 + + # define RC2_BLOCK 8 + # define RC2_KEY_LENGTH 16 + ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + typedef struct rc2_key_st { + RC2_INT data[64]; + } RC2_KEY; + ++# ifdef OPENSSL_FIPS ++void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, ++ int bits); ++# endif + void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); + void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, + RC2_KEY *key, int enc); +@@ -43,9 +96,8 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/rc4.h b/Cryptlib/Include/openssl/rc4.h +index 86803b3..39162b1 100644 +--- a/Cryptlib/Include/openssl/rc4.h ++++ b/Cryptlib/Include/openssl/rc4.h +@@ -1,19 +1,71 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rc4/rc4.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_RC4_H + # define HEADER_RC4_H + +-# include ++# include /* OPENSSL_NO_RC4, RC4_INT */ ++# ifdef OPENSSL_NO_RC4 ++# error RC4 is disabled. ++# endif + +-# ifndef OPENSSL_NO_RC4 + # include ++ + #ifdef __cplusplus + extern "C" { + #endif +@@ -25,12 +77,12 @@ typedef struct rc4_key_st { + + const char *RC4_options(void); + void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); ++void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); + void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/rc5.h b/Cryptlib/Include/openssl/rc5.h +deleted file mode 100644 +index 793f88e..0000000 +--- a/Cryptlib/Include/openssl/rc5.h ++++ /dev/null +@@ -1,63 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_RC5_H +-# define HEADER_RC5_H +- +-# include +- +-# ifndef OPENSSL_NO_RC5 +-# ifdef __cplusplus +-extern "C" { +-# endif +- +-# define RC5_ENCRYPT 1 +-# define RC5_DECRYPT 0 +- +-# define RC5_32_INT unsigned int +- +-# define RC5_32_BLOCK 8 +-# define RC5_32_KEY_LENGTH 16/* This is a default, max is 255 */ +- +-/* +- * This are the only values supported. Tweak the code if you want more The +- * most supported modes will be RC5-32/12/16 RC5-32/16/8 +- */ +-# define RC5_8_ROUNDS 8 +-# define RC5_12_ROUNDS 12 +-# define RC5_16_ROUNDS 16 +- +-typedef struct rc5_key_st { +- /* Number of rounds */ +- int rounds; +- RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)]; +-} RC5_32_KEY; +- +-void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, +- int rounds); +-void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out, +- RC5_32_KEY *key, int enc); +-void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key); +-void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key); +-void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC5_32_KEY *ks, unsigned char *iv, +- int enc); +-void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC5_32_KEY *schedule, +- unsigned char *ivec, int *num, int enc); +-void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, +- long length, RC5_32_KEY *schedule, +- unsigned char *ivec, int *num); +- +-# ifdef __cplusplus +-} +-# endif +-# endif +- +-#endif +diff --git a/Cryptlib/Include/openssl/ripemd.h b/Cryptlib/Include/openssl/ripemd.h +index c42026a..b88ef25 100644 +--- a/Cryptlib/Include/openssl/ripemd.h ++++ b/Cryptlib/Include/openssl/ripemd.h +@@ -1,25 +1,83 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/ripemd/ripemd.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_RIPEMD_H + # define HEADER_RIPEMD_H + +-# include +- +-#ifndef OPENSSL_NO_RMD160 + # include + # include +-# ifdef __cplusplus ++ ++#ifdef __cplusplus + extern "C" { ++#endif ++ ++# ifdef OPENSSL_NO_RIPEMD ++# error RIPEMD is disabled. + # endif + +-# define RIPEMD160_LONG unsigned int ++# if defined(__LP32__) ++# define RIPEMD160_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define RIPEMD160_LONG unsigned long ++# define RIPEMD160_LONG_LOG2 3 ++# else ++# define RIPEMD160_LONG unsigned int ++# endif + + # define RIPEMD160_CBLOCK 64 + # define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +@@ -32,16 +90,16 @@ typedef struct RIPEMD160state_st { + unsigned int num; + } RIPEMD160_CTX; + ++# ifdef OPENSSL_FIPS ++int private_RIPEMD160_Init(RIPEMD160_CTX *c); ++# endif + int RIPEMD160_Init(RIPEMD160_CTX *c); + int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); + int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); + unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); + void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); +- +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif +- ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/rsa.h b/Cryptlib/Include/openssl/rsa.h +index d97d6e0..d2ee374 100644 +--- a/Cryptlib/Include/openssl/rsa.h ++++ b/Cryptlib/Include/openssl/rsa.h +@@ -1,37 +1,173 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_RSA_H + # define HEADER_RSA_H + +-# include +- +-# ifndef OPENSSL_NO_RSA + # include +-# include ++ ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + # include + # include +-# if OPENSSL_API_COMPAT < 0x10100000L ++# ifndef OPENSSL_NO_DEPRECATED + # include + # endif +-# ifdef __cplusplus +-extern "C" { ++ ++# ifdef OPENSSL_NO_RSA ++# error RSA is disabled. + # endif + +-/* The types RSA and RSA_METHOD are defined in ossl_typ.h */ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* Declared already in ossl_typ.h */ ++/* typedef struct rsa_st RSA; */ ++/* typedef struct rsa_meth_st RSA_METHOD; */ ++ ++struct rsa_meth_st { ++ const char *name; ++ int (*rsa_pub_enc) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ int (*rsa_pub_dec) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ int (*rsa_priv_enc) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ int (*rsa_priv_dec) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++ /* Can be null */ ++ int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); ++ /* Can be null */ ++ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ /* called at new */ ++ int (*init) (RSA *rsa); ++ /* called at free */ ++ int (*finish) (RSA *rsa); ++ /* RSA_METHOD_FLAG_* things */ ++ int flags; ++ /* may be needed! */ ++ char *app_data; ++ /* ++ * New sign and verify functions: some libraries don't allow arbitrary ++ * data to be signed/verified: this allows them to be used. Note: for ++ * this to work the RSA_public_decrypt() and RSA_private_encrypt() should ++ * *NOT* be used RSA_sign(), RSA_verify() should be used instead. Note: ++ * for backwards compatibility this functionality is only enabled if the ++ * RSA_FLAG_SIGN_VER option is set in 'flags'. ++ */ ++ int (*rsa_sign) (int type, ++ const unsigned char *m, unsigned int m_length, ++ unsigned char *sigret, unsigned int *siglen, ++ const RSA *rsa); ++ int (*rsa_verify) (int dtype, const unsigned char *m, ++ unsigned int m_length, const unsigned char *sigbuf, ++ unsigned int siglen, const RSA *rsa); ++ /* ++ * If this callback is NULL, the builtin software RSA key-gen will be ++ * used. This is for behavioural compatibility whilst the code gets ++ * rewired, but one day it would be nice to assume there are no such ++ * things as "builtin software" implementations. ++ */ ++ int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); ++}; ++ ++struct rsa_st { ++ /* ++ * The first parameter is used to pickup errors where this is passed ++ * instead of aEVP_PKEY, it is set to 0 ++ */ ++ int pad; ++ long version; ++ const RSA_METHOD *meth; ++ /* functional reference if 'meth' is ENGINE-provided */ ++ ENGINE *engine; ++ BIGNUM *n; ++ BIGNUM *e; ++ BIGNUM *d; ++ BIGNUM *p; ++ BIGNUM *q; ++ BIGNUM *dmp1; ++ BIGNUM *dmq1; ++ BIGNUM *iqmp; ++ /* be careful using this if the RSA structure is shared */ ++ CRYPTO_EX_DATA ex_data; ++ int references; ++ int flags; ++ /* Used to cache montgomery values */ ++ BN_MONT_CTX *_method_mod_n; ++ BN_MONT_CTX *_method_mod_p; ++ BN_MONT_CTX *_method_mod_q; ++ /* ++ * all BIGNUM values are actually in the following data, if it is not ++ * NULL ++ */ ++ char *bignum_data; ++ BN_BLINDING *blinding; ++ BN_BLINDING *mt_blinding; ++}; + + # ifndef OPENSSL_RSA_MAX_MODULUS_BITS + # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 + # endif + +-# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 +- + # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS + # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 + # endif +@@ -59,6 +195,12 @@ extern "C" { + */ + # define RSA_FLAG_EXT_PKEY 0x0020 + ++/* ++ * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify ++ * functions. ++ */ ++# define RSA_FLAG_SIGN_VER 0x0040 ++ + /* + * new with 0.9.6j and 0.9.7b; the built-in + * RSA implementation now uses blinding by +@@ -66,13 +208,19 @@ extern "C" { + * but other engines might not need it + */ + # define RSA_FLAG_NO_BLINDING 0x0080 +-# if OPENSSL_API_COMPAT < 0x10100000L + /* +- * Does nothing. Previously this switched off constant time behaviour. ++ * new with 0.9.8f; the built-in RSA ++ * implementation now uses constant time ++ * operations by default in private key operations, ++ * e.g., constant time modular exponentiation, ++ * modular inverse without leaking branches, ++ * division without leaking branches. This ++ * flag disables these constant time ++ * operations and results in faster RSA ++ * private key operations. + */ +-# define RSA_FLAG_NO_CONSTTIME 0x0000 +-# endif +-# if OPENSSL_API_COMPAT < 0x00908000L ++# define RSA_FLAG_NO_CONSTTIME 0x0100 ++# ifdef OPENSSL_USE_DEPRECATED + /* deprecated name for the flag*/ + /* + * new with 0.9.7h; the built-in RSA +@@ -171,41 +319,18 @@ extern "C" { + + RSA *RSA_new(void); + RSA *RSA_new_method(ENGINE *engine); +-int RSA_bits(const RSA *rsa); + int RSA_size(const RSA *rsa); +-int RSA_security_bits(const RSA *rsa); +- +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +-int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +-void RSA_get0_key(const RSA *r, +- const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +-void RSA_get0_crt_params(const RSA *r, +- const BIGNUM **dmp1, const BIGNUM **dmq1, +- const BIGNUM **iqmp); +-void RSA_clear_flags(RSA *r, int flags); +-int RSA_test_flags(const RSA *r, int flags); +-void RSA_set_flags(RSA *r, int flags); +-ENGINE *RSA_get0_engine(const RSA *r); + + /* Deprecated version */ +-DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void +- (*callback) (int, int, void *), +- void *cb_arg)) ++# ifndef OPENSSL_NO_DEPRECATED ++RSA *RSA_generate_key(int bits, unsigned long e, void ++ (*callback) (int, int, void *), void *cb_arg); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ + + /* New version */ + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + +-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, +- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, +- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, +- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); +-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, +- BN_GENCB *cb); +- + int RSA_check_key(const RSA *); +-int RSA_check_key_ex(const RSA *, BN_GENCB *cb); + /* next 4 return -1 on error */ + int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +@@ -226,8 +351,11 @@ const RSA_METHOD *RSA_get_default_method(void); + const RSA_METHOD *RSA_get_method(const RSA *rsa); + int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +-/* these are the actual RSA functions */ +-const RSA_METHOD *RSA_PKCS1_OpenSSL(void); ++/* This function needs the memory locking malloc callbacks to be installed */ ++int RSA_memory_lock(RSA *r); ++ ++/* these are the actual SSLeay RSA functions */ ++const RSA_METHOD *RSA_PKCS1_SSLeay(void); + + const RSA_METHOD *RSA_null_method(void); + +@@ -251,11 +379,29 @@ typedef struct rsa_oaep_params_st { + + DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int RSA_print_fp(FILE *fp, const RSA *r, int offset); + # endif + ++# ifndef OPENSSL_NO_BIO + int RSA_print(BIO *bp, const RSA *r, int offset); ++# endif ++ ++# ifndef OPENSSL_NO_RC4 ++int i2d_RSA_NET(const RSA *a, unsigned char **pp, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey); ++RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey); ++ ++int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)); ++RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)); ++# endif + + /* + * The following 2 functions sign and verify a X509_SIG ASN1 object inside +@@ -339,8 +485,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +-#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) ++int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int RSA_set_ex_data(RSA *r, int idx, void *arg); + void *RSA_get_ex_data(const RSA *r, int idx); + +@@ -369,154 +515,79 @@ RSA *RSAPrivateKey_dup(RSA *rsa); + */ + # define RSA_FLAG_CHECKED 0x0800 + +-RSA_METHOD *RSA_meth_new(const char *name, int flags); +-void RSA_meth_free(RSA_METHOD *meth); +-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +-const char *RSA_meth_get0_name(const RSA_METHOD *meth); +-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +-int RSA_meth_get_flags(RSA_METHOD *meth); +-int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +-void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +-int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +-int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-int RSA_meth_set_pub_enc(RSA_METHOD *rsa, +- int (*pub_enc) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)); +-int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-int RSA_meth_set_pub_dec(RSA_METHOD *rsa, +- int (*pub_dec) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)); +-int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-int RSA_meth_set_priv_enc(RSA_METHOD *rsa, +- int (*priv_enc) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)); +-int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-int RSA_meth_set_priv_dec(RSA_METHOD *rsa, +- int (*priv_dec) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)); +-int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) +- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); +-int RSA_meth_set_mod_exp(RSA_METHOD *rsa, +- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx)); +-int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) +- (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +-int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, +- int (*bn_mod_exp) (BIGNUM *r, +- const BIGNUM *a, +- const BIGNUM *p, +- const BIGNUM *m, +- BN_CTX *ctx, +- BN_MONT_CTX *m_ctx)); +-int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); +-int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); +-int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); +-int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); +-int (*RSA_meth_get_sign(const RSA_METHOD *meth)) +- (int type, +- const unsigned char *m, unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, +- const RSA *rsa); +-int RSA_meth_set_sign(RSA_METHOD *rsa, +- int (*sign) (int type, const unsigned char *m, +- unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, +- const RSA *rsa)); +-int (*RSA_meth_get_verify(const RSA_METHOD *meth)) +- (int dtype, const unsigned char *m, +- unsigned int m_length, const unsigned char *sigbuf, +- unsigned int siglen, const RSA *rsa); +-int RSA_meth_set_verify(RSA_METHOD *rsa, +- int (*verify) (int dtype, const unsigned char *m, +- unsigned int m_length, +- const unsigned char *sigbuf, +- unsigned int siglen, const RSA *rsa)); +-int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) +- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +-int RSA_meth_set_keygen(RSA_METHOD *rsa, +- int (*keygen) (RSA *rsa, int bits, BIGNUM *e, +- BN_GENCB *cb)); +- + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_RSA_strings(void); ++void ERR_load_RSA_strings(void); + + /* Error codes for the RSA functions. */ + + /* Function codes. */ + # define RSA_F_CHECK_PADDING_MD 140 +-# define RSA_F_ENCODE_PKCS1 146 ++# define RSA_F_DO_RSA_PRINT 146 + # define RSA_F_INT_RSA_VERIFY 145 ++# define RSA_F_MEMORY_LOCK 100 + # define RSA_F_OLD_RSA_PRIV_DECODE 147 + # define RSA_F_PKEY_RSA_CTRL 143 + # define RSA_F_PKEY_RSA_CTRL_STR 144 + # define RSA_F_PKEY_RSA_SIGN 142 +-# define RSA_F_PKEY_RSA_VERIFY 149 ++# define RSA_F_PKEY_RSA_VERIFY 154 + # define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +-# define RSA_F_RSA_ALGOR_TO_MD 156 ++# define RSA_F_RSA_ALGOR_TO_MD 157 + # define RSA_F_RSA_BUILTIN_KEYGEN 129 + # define RSA_F_RSA_CHECK_KEY 123 +-# define RSA_F_RSA_CHECK_KEY_EX 160 +-# define RSA_F_RSA_CMS_DECRYPT 159 +-# define RSA_F_RSA_ITEM_VERIFY 148 +-# define RSA_F_RSA_METH_DUP 161 +-# define RSA_F_RSA_METH_NEW 162 +-# define RSA_F_RSA_METH_SET1_NAME 163 +-# define RSA_F_RSA_MGF1_TO_MD 157 ++# define RSA_F_RSA_CMS_DECRYPT 158 ++# define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 ++# define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 ++# define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 ++# define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 ++# define RSA_F_RSA_GENERATE_KEY 105 ++# define RSA_F_RSA_GENERATE_KEY_EX 155 ++# define RSA_F_RSA_ITEM_VERIFY 156 ++# define RSA_F_RSA_MEMORY_LOCK 130 ++# define RSA_F_RSA_MGF1_TO_MD 159 + # define RSA_F_RSA_NEW_METHOD 106 + # define RSA_F_RSA_NULL 124 ++# define RSA_F_RSA_NULL_MOD_EXP 131 + # define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 + # define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 + # define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 + # define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +-# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT 101 +-# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 102 +-# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT 103 +-# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT 104 + # define RSA_F_RSA_PADDING_ADD_NONE 107 + # define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +-# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 154 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1 160 + # define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +-# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 152 ++# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 + # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 + # define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 + # define RSA_F_RSA_PADDING_ADD_SSLV23 110 + # define RSA_F_RSA_PADDING_ADD_X931 127 + # define RSA_F_RSA_PADDING_CHECK_NONE 111 + # define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +-# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 153 ++# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1 161 + # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 + # define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 + # define RSA_F_RSA_PADDING_CHECK_SSLV23 114 + # define RSA_F_RSA_PADDING_CHECK_X931 128 + # define RSA_F_RSA_PRINT 115 + # define RSA_F_RSA_PRINT_FP 116 ++# define RSA_F_RSA_PRIVATE_DECRYPT 150 ++# define RSA_F_RSA_PRIVATE_ENCRYPT 151 ++# define RSA_F_RSA_PRIV_DECODE 137 + # define RSA_F_RSA_PRIV_ENCODE 138 +-# define RSA_F_RSA_PSS_TO_CTX 155 ++# define RSA_F_RSA_PSS_TO_CTX 162 ++# define RSA_F_RSA_PUBLIC_DECRYPT 152 ++# define RSA_F_RSA_PUBLIC_ENCRYPT 153 + # define RSA_F_RSA_PUB_DECODE 139 + # define RSA_F_RSA_SETUP_BLINDING 136 + # define RSA_F_RSA_SIGN 117 + # define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 + # define RSA_F_RSA_VERIFY 119 + # define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +-# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 126 ++# define RSA_F_RSA_VERIFY_PKCS1_PSS 126 ++# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 + + /* Reason codes. */ + # define RSA_R_ALGORITHM_MISMATCH 100 +@@ -532,20 +603,21 @@ int ERR_load_RSA_strings(void); + # define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 + # define RSA_R_DATA_TOO_SMALL 111 + # define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +-# define RSA_R_DIGEST_DOES_NOT_MATCH 158 ++# define RSA_R_DIGEST_DOES_NOT_MATCH 166 + # define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 + # define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 + # define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 + # define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 + # define RSA_R_FIRST_OCTET_INVALID 133 + # define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +-# define RSA_R_INVALID_DIGEST 157 ++# define RSA_R_INVALID_DIGEST 160 + # define RSA_R_INVALID_DIGEST_LENGTH 143 + # define RSA_R_INVALID_HEADER 137 +-# define RSA_R_INVALID_LABEL 160 ++# define RSA_R_INVALID_KEYBITS 145 ++# define RSA_R_INVALID_LABEL 161 + # define RSA_R_INVALID_MESSAGE_LENGTH 131 + # define RSA_R_INVALID_MGF1_MD 156 +-# define RSA_R_INVALID_OAEP_PARAMETERS 161 ++# define RSA_R_INVALID_OAEP_PARAMETERS 162 + # define RSA_R_INVALID_PADDING 138 + # define RSA_R_INVALID_PADDING_MODE 141 + # define RSA_R_INVALID_PSS_PARAMETERS 149 +@@ -557,10 +629,12 @@ int ERR_load_RSA_strings(void); + # define RSA_R_KEY_SIZE_TOO_SMALL 120 + # define RSA_R_LAST_OCTET_INVALID 134 + # define RSA_R_MODULUS_TOO_LARGE 105 ++# define RSA_R_NON_FIPS_RSA_METHOD 157 + # define RSA_R_NO_PUBLIC_EXPONENT 140 + # define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 + # define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 + # define RSA_R_OAEP_DECODING_ERROR 121 ++# define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 + # define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 + # define RSA_R_PADDING_CHECK_FAILED 114 + # define RSA_R_PKCS_DECODING_ERROR 159 +@@ -572,19 +646,19 @@ int ERR_load_RSA_strings(void); + # define RSA_R_SSLV3_ROLLBACK_ATTACK 115 + # define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 + # define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +-# define RSA_R_UNKNOWN_DIGEST 166 ++# define RSA_R_UNKNOWN_DIGEST 163 + # define RSA_R_UNKNOWN_MASK_DIGEST 151 + # define RSA_R_UNKNOWN_PADDING_TYPE 118 +-# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +-# define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 ++# define RSA_R_UNKNOWN_PSS_DIGEST 152 ++# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 164 ++# define RSA_R_UNSUPPORTED_LABEL_SOURCE 165 + # define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 + # define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 + # define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 + # define RSA_R_VALUE_MISSING 147 + # define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/safestack.h b/Cryptlib/Include/openssl/safestack.h +index 9fe733c..1d4f87e 100644 +--- a/Cryptlib/Include/openssl/safestack.h ++++ b/Cryptlib/Include/openssl/safestack.h +@@ -1,128 +1,106 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_SAFESTACK_H + # define HEADER_SAFESTACK_H + + # include +-# include + + #ifdef __cplusplus + extern "C" { + #endif + ++# ifndef CHECKED_PTR_OF ++# define CHECKED_PTR_OF(type, p) \ ++ ((void*) (1 ? p : (type*)0)) ++# endif ++ ++/* ++ * In C++ we get problems because an explicit cast is needed from (void *) we ++ * use CHECKED_STACK_OF to ensure the correct type is passed in the macros ++ * below. ++ */ ++ ++# define CHECKED_STACK_OF(type, p) \ ++ ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) ++ ++# define CHECKED_SK_COPY_FUNC(type, p) \ ++ ((void *(*)(void *)) ((1 ? p : (type *(*)(const type *))0))) ++ ++# define CHECKED_SK_FREE_FUNC(type, p) \ ++ ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) ++ ++# define CHECKED_SK_CMP_FUNC(type, p) \ ++ ((int (*)(const void *, const void *)) \ ++ ((1 ? p : (int (*)(const type * const *, const type * const *))0))) ++ + # define STACK_OF(type) struct stack_st_##type ++# define PREDECLARE_STACK_OF(type) STACK_OF(type); + +-# define SKM_DEFINE_STACK_OF(t1, t2, t3) \ +- STACK_OF(t1); \ +- typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \ +- typedef void (*sk_##t1##_freefunc)(t3 *a); \ +- typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \ +- static ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \ +- { \ +- return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \ +- { \ +- return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \ +- } \ +- static ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \ +- { \ +- return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \ +- } \ +- static ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \ +- { \ +- return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \ +- } \ +- static ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \ +- { \ +- OPENSSL_sk_free((OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \ ++# define DECLARE_STACK_OF(type) \ ++STACK_OF(type) \ + { \ +- OPENSSL_sk_zero((OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \ ++ _STACK stack; \ ++ }; ++# define DECLARE_SPECIAL_STACK_OF(type, type2) \ ++STACK_OF(type) \ + { \ +- return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \ +- } \ +- static ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \ +- { \ +- return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \ +- (const void *)ptr); \ +- } \ +- static ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \ +- { \ +- return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \ +- } \ +- static ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \ +- { \ +- return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \ +- } \ +- static ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \ +- { \ +- return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \ +- { \ +- return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \ +- { \ +- OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \ +- } \ +- static ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \ +- { \ +- return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \ +- } \ +- static ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \ +- { \ +- return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \ +- } \ +- static ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \ +- { \ +- return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \ +- } \ +- static ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \ +- { \ +- return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \ +- } \ +- static ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \ +- { \ +- OPENSSL_sk_sort((OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \ +- { \ +- return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \ +- { \ +- return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \ +- } \ +- static ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \ +- sk_##t1##_copyfunc copyfunc, \ +- sk_##t1##_freefunc freefunc) \ +- { \ +- return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \ +- (OPENSSL_sk_copyfunc)copyfunc, \ +- (OPENSSL_sk_freefunc)freefunc); \ +- } \ +- static ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \ +- { \ +- return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \ +- } ++ _STACK stack; \ ++ }; + +-# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2) +-# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t) +-# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \ +- SKM_DEFINE_STACK_OF(t1, const t2, t2) +-# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t) ++/* nada (obsolete in new safestack approach)*/ ++# define IMPLEMENT_STACK_OF(type) + + /*- + * Strings are special: normally an lhash entry will point to a single +@@ -139,26 +117,2556 @@ extern "C" { + * string at all. + */ + typedef char *OPENSSL_STRING; ++ + typedef const char *OPENSSL_CSTRING; + +-/*- ++/* + * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned + * above, instead of a single char each entry is a NUL-terminated array of + * chars. So, we have to implement STRING specially for STACK_OF. This is + * dealt with in the autogenerated macros below. + */ +-DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) +-DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char) ++ ++DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + + /* + * Similarly, we sometimes use a block of characters, NOT nul-terminated. + * These should also be distinguished from "normal" stacks. + */ + typedef void *OPENSSL_BLOCK; +-DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) ++DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + +-# ifdef __cplusplus ++/* ++ * SKM_sk_... stack macros are internal to safestack.h: never use them ++ * directly, use sk__... instead ++ */ ++# define SKM_sk_new(type, cmp) \ ++ ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) ++# define SKM_sk_new_null(type) \ ++ ((STACK_OF(type) *)sk_new_null()) ++# define SKM_sk_free(type, st) \ ++ sk_free(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_num(type, st) \ ++ sk_num(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_value(type, st,i) \ ++ ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) ++# define SKM_sk_set(type, st,i,val) \ ++ sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) ++# define SKM_sk_zero(type, st) \ ++ sk_zero(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_push(type, st, val) \ ++ sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_unshift(type, st, val) \ ++ sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_find(type, st, val) \ ++ sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) ++# define SKM_sk_find_ex(type, st, val) \ ++ sk_find_ex(CHECKED_STACK_OF(type, st), \ ++ CHECKED_PTR_OF(type, val)) ++# define SKM_sk_delete(type, st, i) \ ++ (type *)sk_delete(CHECKED_STACK_OF(type, st), i) ++# define SKM_sk_delete_ptr(type, st, ptr) \ ++ (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) ++# define SKM_sk_insert(type, st,val, i) \ ++ sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) ++# define SKM_sk_set_cmp_func(type, st, cmp) \ ++ ((int (*)(const type * const *,const type * const *)) \ ++ sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) ++# define SKM_sk_dup(type, st) \ ++ (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_pop_free(type, st, free_func) \ ++ sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) ++# define SKM_sk_deep_copy(type, st, copy_func, free_func) \ ++ (STACK_OF(type) *)sk_deep_copy(CHECKED_STACK_OF(type, st), CHECKED_SK_COPY_FUNC(type, copy_func), CHECKED_SK_FREE_FUNC(type, free_func)) ++# define SKM_sk_shift(type, st) \ ++ (type *)sk_shift(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_pop(type, st) \ ++ (type *)sk_pop(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_sort(type, st) \ ++ sk_sort(CHECKED_STACK_OF(type, st)) ++# define SKM_sk_is_sorted(type, st) \ ++ sk_is_sorted(CHECKED_STACK_OF(type, st)) ++# define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ (STACK_OF(type) *)d2i_ASN1_SET( \ ++ (STACK_OF(OPENSSL_BLOCK) **)CHECKED_PTR_OF(STACK_OF(type)*, st), \ ++ pp, length, \ ++ CHECKED_D2I_OF(type, d2i_func), \ ++ CHECKED_SK_FREE_FUNC(type, free_func), \ ++ ex_tag, ex_class) ++# define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ i2d_ASN1_SET((STACK_OF(OPENSSL_BLOCK) *)CHECKED_STACK_OF(type, st), pp, \ ++ CHECKED_I2D_OF(type, i2d_func), \ ++ ex_tag, ex_class, is_set) ++# define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ ++ ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \ ++ CHECKED_I2D_OF(type, i2d_func), buf, len) ++# define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ ++ (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func)) ++# define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++ (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \ ++ CHECKED_D2I_OF(type, d2i_func), \ ++ CHECKED_SK_FREE_FUNC(type, free_func), \ ++ pass, passlen, oct, seq) ++/* ++ * This block of defines is updated by util/mkstack.pl, please do not touch! ++ */ ++# define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) ++# define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) ++# define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) ++# define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) ++# define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) ++# define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) ++# define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) ++# define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) ++# define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) ++# define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) ++# define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) ++# define sk_ACCESS_DESCRIPTION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ACCESS_DESCRIPTION, (st), (copy_func), (free_func)) ++# define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) ++# define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) ++# define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) ++# define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) ++# define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) ++# define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) ++# define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) ++# define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) ++# define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) ++# define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) ++# define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) ++# define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) ++# define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) ++# define sk_ASIdOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASIdOrRange, (st), (copy_func), (free_func)) ++# define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) ++# define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) ++# define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) ++# define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) ++# define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) ++# define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) ++# define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) ++# define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) ++# define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) ++# define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) ++# define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) ++# define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) ++# define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) ++# define sk_ASN1_GENERALSTRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_GENERALSTRING, (st), (copy_func), (free_func)) ++# define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) ++# define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) ++# define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) ++# define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) ++# define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) ++# define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) ++# define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) ++# define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) ++# define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) ++# define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) ++# define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) ++# define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) ++# define sk_ASN1_INTEGER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_INTEGER, (st), (copy_func), (free_func)) ++# define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) ++# define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) ++# define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) ++# define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) ++# define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) ++# define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) ++# define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) ++# define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) ++# define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) ++# define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) ++# define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) ++# define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) ++# define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) ++# define sk_ASN1_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_OBJECT, (st), (copy_func), (free_func)) ++# define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) ++# define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) ++# define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) ++# define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) ++# define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) ++# define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) ++# define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) ++# define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) ++# define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) ++# define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) ++# define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) ++# define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) ++# define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) ++# define sk_ASN1_STRING_TABLE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_STRING_TABLE, (st), (copy_func), (free_func)) ++# define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) ++# define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) ++# define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) ++# define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) ++# define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) ++# define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) ++# define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) ++# define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) ++# define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) ++# define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) ++# define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) ++# define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) ++# define sk_ASN1_TYPE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_TYPE, (st), (copy_func), (free_func)) ++# define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) ++# define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) ++# define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) ++# define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) ++# define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) ++# define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) ++# define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) ++# define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) ++# define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) ++# define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) ++# define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) ++# define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) ++# define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) ++# define sk_ASN1_UTF8STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_UTF8STRING, (st), (copy_func), (free_func)) ++# define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) ++# define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) ++# define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) ++# define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) ++# define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) ++# define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) ++# define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) ++# define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) ++# define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) ++# define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) ++# define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) ++# define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) ++# define sk_ASN1_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ASN1_VALUE, (st), (copy_func), (free_func)) ++# define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) ++# define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) ++# define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) ++# define sk_BIO_new_null() SKM_sk_new_null(BIO) ++# define sk_BIO_free(st) SKM_sk_free(BIO, (st)) ++# define sk_BIO_num(st) SKM_sk_num(BIO, (st)) ++# define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) ++# define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) ++# define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) ++# define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) ++# define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) ++# define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) ++# define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) ++# define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) ++# define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) ++# define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) ++# define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) ++# define sk_BIO_dup(st) SKM_sk_dup(BIO, st) ++# define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) ++# define sk_BIO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BIO, (st), (copy_func), (free_func)) ++# define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) ++# define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) ++# define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) ++# define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) ++# define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) ++# define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) ++# define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) ++# define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) ++# define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) ++# define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) ++# define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) ++# define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) ++# define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) ++# define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) ++# define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) ++# define sk_BY_DIR_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_ENTRY, (st), (copy_func), (free_func)) ++# define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) ++# define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) ++# define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) ++# define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) ++# define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) ++# define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) ++# define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) ++# define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) ++# define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) ++# define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) ++# define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) ++# define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) ++# define sk_BY_DIR_HASH_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(BY_DIR_HASH, (st), (copy_func), (free_func)) ++# define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) ++# define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) ++# define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) ++# define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) ++# define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) ++# define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) ++# define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val)) ++# define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) ++# define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) ++# define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) ++# define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) ++# define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) ++# define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) ++# define sk_CMS_CertificateChoices_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_CertificateChoices, (st), (copy_func), (free_func)) ++# define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) ++# define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) ++# define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) ++# define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) ++# define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i)) ++# define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val)) ++# define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientEncryptedKey, (st), (val)) ++# define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) ++# define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) ++# define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) ++# define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp)) ++# define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st) ++# define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func)) ++# define sk_CMS_RecipientEncryptedKey_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientEncryptedKey, (st), (copy_func), (free_func)) ++# define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) ++# define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) ++# define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) ++# define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) ++# define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) ++# define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val)) ++# define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) ++# define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) ++# define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) ++# define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) ++# define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) ++# define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) ++# define sk_CMS_RecipientInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RecipientInfo, (st), (copy_func), (free_func)) ++# define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) ++# define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) ++# define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) ++# define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) ++# define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) ++# define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) ++# define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val)) ++# define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) ++# define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) ++# define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) ++# define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) ++# define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) ++# define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) ++# define sk_CMS_RevocationInfoChoice_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_RevocationInfoChoice, (st), (copy_func), (free_func)) ++# define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) ++# define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) ++# define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) ++# define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) ++# define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) ++# define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val)) ++# define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) ++# define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) ++# define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) ++# define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) ++# define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) ++# define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) ++# define sk_CMS_SignerInfo_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CMS_SignerInfo, (st), (copy_func), (free_func)) ++# define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) ++# define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) ++# define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) ++# define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) ++# define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) ++# define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) ++# define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) ++# define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) ++# define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) ++# define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) ++# define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) ++# define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) ++# define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) ++# define sk_CONF_IMODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_IMODULE, (st), (copy_func), (free_func)) ++# define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) ++# define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) ++# define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) ++# define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) ++# define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) ++# define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) ++# define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) ++# define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) ++# define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) ++# define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) ++# define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) ++# define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) ++# define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) ++# define sk_CONF_MODULE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_MODULE, (st), (copy_func), (free_func)) ++# define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) ++# define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) ++# define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) ++# define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) ++# define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) ++# define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) ++# define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) ++# define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) ++# define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) ++# define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) ++# define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) ++# define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) ++# define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) ++# define sk_CONF_VALUE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CONF_VALUE, (st), (copy_func), (free_func)) ++# define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) ++# define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) ++# define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) ++# define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) ++# define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) ++# define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) ++# define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) ++# define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) ++# define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) ++# define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) ++# define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) ++# define sk_CRYPTO_EX_DATA_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_EX_DATA_FUNCS, (st), (copy_func), (free_func)) ++# define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) ++# define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) ++# define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) ++# define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) ++# define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) ++# define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) ++# define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) ++# define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) ++# define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) ++# define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) ++# define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) ++# define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) ++# define sk_CRYPTO_dynlock_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(CRYPTO_dynlock, (st), (copy_func), (free_func)) ++# define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) ++# define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) ++# define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) ++# define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) ++# define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) ++# define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) ++# define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) ++# define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) ++# define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) ++# define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) ++# define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) ++# define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) ++# define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) ++# define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) ++# define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) ++# define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) ++# define sk_DIST_POINT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(DIST_POINT, (st), (copy_func), (free_func)) ++# define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) ++# define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) ++# define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) ++# define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) ++# define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) ++# define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) ++# define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) ++# define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) ++# define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) ++# define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) ++# define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) ++# define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) ++# define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) ++# define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) ++# define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) ++# define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) ++# define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) ++# define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) ++# define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) ++# define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) ++# define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) ++# define sk_ENGINE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE, (st), (copy_func), (free_func)) ++# define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) ++# define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) ++# define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) ++# define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) ++# define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) ++# define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) ++# define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) ++# define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) ++# define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) ++# define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) ++# define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) ++# define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) ++# define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) ++# define sk_ENGINE_CLEANUP_ITEM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ENGINE_CLEANUP_ITEM, (st), (copy_func), (free_func)) ++# define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) ++# define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) ++# define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) ++# define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) ++# define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) ++# define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) ++# define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) ++# define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) ++# define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) ++# define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) ++# define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) ++# define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) ++# define sk_ESS_CERT_ID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(ESS_CERT_ID, (st), (copy_func), (free_func)) ++# define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) ++# define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) ++# define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) ++# define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) ++# define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) ++# define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) ++# define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) ++# define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) ++# define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) ++# define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) ++# define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) ++# define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) ++# define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) ++# define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) ++# define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) ++# define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) ++# define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) ++# define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) ++# define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) ++# define sk_EVP_MD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_MD, (st), (copy_func), (free_func)) ++# define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) ++# define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) ++# define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) ++# define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) ++# define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) ++# define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) ++# define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) ++# define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) ++# define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) ++# define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) ++# define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) ++# define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) ++# define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) ++# define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) ++# define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) ++# define sk_EVP_PBE_CTL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PBE_CTL, (st), (copy_func), (free_func)) ++# define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) ++# define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) ++# define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) ++# define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) ++# define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) ++# define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) ++# define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) ++# define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) ++# define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) ++# define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) ++# define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) ++# define sk_EVP_PKEY_ASN1_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_ASN1_METHOD, (st), (copy_func), (free_func)) ++# define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) ++# define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) ++# define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) ++# define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) ++# define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) ++# define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) ++# define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) ++# define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) ++# define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) ++# define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) ++# define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) ++# define sk_EVP_PKEY_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(EVP_PKEY_METHOD, (st), (copy_func), (free_func)) ++# define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) ++# define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) ++# define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) ++# define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) ++# define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) ++# define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) ++# define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) ++# define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) ++# define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) ++# define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) ++# define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) ++# define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) ++# define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) ++# define sk_GENERAL_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAME, (st), (copy_func), (free_func)) ++# define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) ++# define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) ++# define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) ++# define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) ++# define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) ++# define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) ++# define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) ++# define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) ++# define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) ++# define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) ++# define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) ++# define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) ++# define sk_GENERAL_NAMES_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_NAMES, (st), (copy_func), (free_func)) ++# define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) ++# define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) ++# define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) ++# define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) ++# define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) ++# define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) ++# define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) ++# define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) ++# define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) ++# define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) ++# define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) ++# define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) ++# define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) ++# define sk_GENERAL_SUBTREE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(GENERAL_SUBTREE, (st), (copy_func), (free_func)) ++# define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) ++# define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) ++# define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) ++# define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) ++# define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) ++# define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) ++# define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) ++# define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) ++# define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) ++# define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) ++# define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) ++# define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) ++# define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) ++# define sk_IPAddressFamily_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressFamily, (st), (copy_func), (free_func)) ++# define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) ++# define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) ++# define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) ++# define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) ++# define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) ++# define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) ++# define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) ++# define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) ++# define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) ++# define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) ++# define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) ++# define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) ++# define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) ++# define sk_IPAddressOrRange_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(IPAddressOrRange, (st), (copy_func), (free_func)) ++# define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) ++# define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) ++# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) ++# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) ++# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) ++# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) ++# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) ++# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) ++# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) ++# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) ++# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) ++# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) ++# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) ++# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func)) ++# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) ++# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) ++# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) ++# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) ++# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) ++# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) ++# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) ++# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) ++# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) ++# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) ++# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) ++# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) ++# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) ++# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func)) ++# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) ++# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) ++# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) ++# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) ++# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) ++# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) ++# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) ++# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) ++# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) ++# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) ++# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) ++# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) ++# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func)) ++# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) ++# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) ++# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) ++# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) ++# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) ++# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) ++# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) ++# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) ++# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) ++# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) ++# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) ++# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) ++# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func)) ++# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) ++# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) ++# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) ++# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) ++# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) ++# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) ++# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) ++# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) ++# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) ++# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) ++# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) ++# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) ++# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func)) ++# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) ++# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) ++# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) ++# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) ++# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) ++# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) ++# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) ++# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) ++# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) ++# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) ++# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) ++# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) ++# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func)) ++# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) ++# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) ++# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) ++# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) ++# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) ++# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) ++# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) ++# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) ++# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) ++# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) ++# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) ++# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) ++# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) ++# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func)) ++# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) ++# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) ++# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) ++# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) ++# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) ++# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) ++# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) ++# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) ++# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) ++# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) ++# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) ++# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) ++# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func)) ++# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) ++# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) ++# define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) ++# define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) ++# define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) ++# define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) ++# define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) ++# define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) ++# define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) ++# define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) ++# define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) ++# define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) ++# define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) ++# define sk_MEM_OBJECT_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MEM_OBJECT_DATA, (st), (copy_func), (free_func)) ++# define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) ++# define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) ++# define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) ++# define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) ++# define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) ++# define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) ++# define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) ++# define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) ++# define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) ++# define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) ++# define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) ++# define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) ++# define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) ++# define sk_MIME_HEADER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_HEADER, (st), (copy_func), (free_func)) ++# define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) ++# define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) ++# define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) ++# define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) ++# define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) ++# define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) ++# define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) ++# define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) ++# define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) ++# define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) ++# define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) ++# define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) ++# define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) ++# define sk_MIME_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(MIME_PARAM, (st), (copy_func), (free_func)) ++# define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) ++# define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) ++# define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) ++# define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) ++# define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) ++# define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) ++# define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) ++# define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) ++# define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) ++# define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) ++# define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) ++# define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) ++# define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) ++# define sk_NAME_FUNCS_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(NAME_FUNCS, (st), (copy_func), (free_func)) ++# define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) ++# define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) ++# define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) ++# define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) ++# define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) ++# define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) ++# define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) ++# define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) ++# define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) ++# define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) ++# define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) ++# define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) ++# define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) ++# define sk_OCSP_CERTID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_CERTID, (st), (copy_func), (free_func)) ++# define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) ++# define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) ++# define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) ++# define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) ++# define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) ++# define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) ++# define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) ++# define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) ++# define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) ++# define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) ++# define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) ++# define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) ++# define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) ++# define sk_OCSP_ONEREQ_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_ONEREQ, (st), (copy_func), (free_func)) ++# define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) ++# define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) ++# define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) ++# define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) ++# define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) ++# define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) ++# define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) ++# define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) ++# define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) ++# define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) ++# define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) ++# define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) ++# define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) ++# define sk_OCSP_RESPID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_RESPID, (st), (copy_func), (free_func)) ++# define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) ++# define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) ++# define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) ++# define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) ++# define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) ++# define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) ++# define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) ++# define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) ++# define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) ++# define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) ++# define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) ++# define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) ++# define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) ++# define sk_OCSP_SINGLERESP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(OCSP_SINGLERESP, (st), (copy_func), (free_func)) ++# define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) ++# define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) ++# define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) ++# define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) ++# define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) ++# define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) ++# define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) ++# define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) ++# define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) ++# define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) ++# define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) ++# define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) ++# define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) ++# define sk_PKCS12_SAFEBAG_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS12_SAFEBAG, (st), (copy_func), (free_func)) ++# define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) ++# define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) ++# define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) ++# define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) ++# define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) ++# define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) ++# define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) ++# define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) ++# define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) ++# define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) ++# define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) ++# define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) ++# define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) ++# define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) ++# define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) ++# define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) ++# define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) ++# define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) ++# define sk_PKCS7_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7, (st), (copy_func), (free_func)) ++# define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) ++# define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) ++# define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) ++# define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) ++# define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) ++# define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) ++# define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) ++# define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) ++# define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) ++# define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) ++# define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) ++# define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) ++# define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) ++# define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) ++# define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) ++# define sk_PKCS7_RECIP_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_RECIP_INFO, (st), (copy_func), (free_func)) ++# define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) ++# define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) ++# define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) ++# define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) ++# define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) ++# define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) ++# define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) ++# define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) ++# define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) ++# define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) ++# define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) ++# define sk_PKCS7_SIGNER_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(PKCS7_SIGNER_INFO, (st), (copy_func), (free_func)) ++# define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) ++# define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) ++# define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) ++# define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) ++# define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) ++# define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) ++# define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) ++# define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) ++# define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) ++# define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) ++# define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) ++# define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) ++# define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) ++# define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) ++# define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) ++# define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) ++# define sk_POLICYINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYINFO, (st), (copy_func), (free_func)) ++# define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) ++# define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) ++# define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) ++# define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) ++# define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) ++# define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) ++# define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) ++# define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) ++# define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) ++# define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) ++# define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) ++# define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) ++# define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) ++# define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) ++# define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) ++# define sk_POLICYQUALINFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICYQUALINFO, (st), (copy_func), (free_func)) ++# define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) ++# define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) ++# define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) ++# define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) ++# define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) ++# define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) ++# define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) ++# define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) ++# define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) ++# define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) ++# define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) ++# define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) ++# define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) ++# define sk_POLICY_MAPPING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(POLICY_MAPPING, (st), (copy_func), (free_func)) ++# define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) ++# define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) ++# define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) ++# define sk_SCT_new_null() SKM_sk_new_null(SCT) ++# define sk_SCT_free(st) SKM_sk_free(SCT, (st)) ++# define sk_SCT_num(st) SKM_sk_num(SCT, (st)) ++# define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) ++# define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) ++# define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) ++# define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) ++# define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) ++# define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) ++# define sk_SCT_find_ex(st, val) SKM_sk_find_ex(SCT, (st), (val)) ++# define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) ++# define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) ++# define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) ++# define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) ++# define sk_SCT_dup(st) SKM_sk_dup(SCT, st) ++# define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) ++# define sk_SCT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SCT, (st), (copy_func), (free_func)) ++# define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) ++# define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) ++# define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) ++# define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) ++# define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp)) ++# define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN) ++# define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st)) ++# define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st)) ++# define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i)) ++# define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val)) ++# define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st)) ++# define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val)) ++# define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val)) ++# define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val)) ++# define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val)) ++# define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i)) ++# define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr)) ++# define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i)) ++# define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp)) ++# define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st) ++# define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func)) ++# define sk_SRP_gN_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN, (st), (copy_func), (free_func)) ++# define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st)) ++# define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st)) ++# define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st)) ++# define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st)) ++# define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp)) ++# define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache) ++# define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i)) ++# define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val)) ++# define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val)) ++# define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i)) ++# define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr)) ++# define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i)) ++# define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp)) ++# define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st) ++# define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func)) ++# define sk_SRP_gN_cache_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_gN_cache, (st), (copy_func), (free_func)) ++# define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st)) ++# define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st)) ++# define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp)) ++# define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd) ++# define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i)) ++# define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val)) ++# define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val)) ++# define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i)) ++# define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr)) ++# define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i)) ++# define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp)) ++# define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st) ++# define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func)) ++# define sk_SRP_user_pwd_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRP_user_pwd, (st), (copy_func), (free_func)) ++# define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st)) ++# define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) ++# define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) ++# define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) ++# define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) ++# define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) ++# define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) ++# define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) ++# define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) ++# define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) ++# define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) ++# define sk_SRTP_PROTECTION_PROFILE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SRTP_PROTECTION_PROFILE, (st), (copy_func), (free_func)) ++# define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) ++# define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) ++# define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) ++# define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) ++# define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) ++# define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) ++# define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) ++# define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) ++# define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) ++# define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) ++# define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) ++# define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) ++# define sk_SSL_CIPHER_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_CIPHER, (st), (copy_func), (free_func)) ++# define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) ++# define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) ++# define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) ++# define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) ++# define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) ++# define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) ++# define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) ++# define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) ++# define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) ++# define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) ++# define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) ++# define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) ++# define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) ++# define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) ++# define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) ++# define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) ++# define sk_SSL_COMP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SSL_COMP, (st), (copy_func), (free_func)) ++# define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) ++# define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) ++# define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) ++# define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) ++# define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) ++# define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) ++# define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) ++# define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) ++# define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) ++# define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) ++# define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) ++# define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) ++# define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) ++# define sk_STACK_OF_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STACK_OF_X509_NAME_ENTRY, (st), (copy_func), (free_func)) ++# define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) ++# define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) ++# define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) ++# define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) ++# define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) ++# define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) ++# define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) ++# define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) ++# define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) ++# define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) ++# define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) ++# define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) ++# define sk_STORE_ATTR_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_ATTR_INFO, (st), (copy_func), (free_func)) ++# define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) ++# define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) ++# define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) ++# define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) ++# define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) ++# define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) ++# define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) ++# define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) ++# define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) ++# define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) ++# define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) ++# define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) ++# define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) ++# define sk_STORE_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(STORE_OBJECT, (st), (copy_func), (free_func)) ++# define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) ++# define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) ++# define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) ++# define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) ++# define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) ++# define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) ++# define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) ++# define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) ++# define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) ++# define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) ++# define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) ++# define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) ++# define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) ++# define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) ++# define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) ++# define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) ++# define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) ++# define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) ++# define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) ++# define sk_SXNETID_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(SXNETID, (st), (copy_func), (free_func)) ++# define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) ++# define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) ++# define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) ++# define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) ++# define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) ++# define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) ++# define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) ++# define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) ++# define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) ++# define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) ++# define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) ++# define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) ++# define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) ++# define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) ++# define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) ++# define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) ++# define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) ++# define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) ++# define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) ++# define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) ++# define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) ++# define sk_UI_STRING_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(UI_STRING, (st), (copy_func), (free_func)) ++# define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) ++# define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) ++# define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) ++# define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) ++# define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) ++# define sk_X509_new_null() SKM_sk_new_null(X509) ++# define sk_X509_free(st) SKM_sk_free(X509, (st)) ++# define sk_X509_num(st) SKM_sk_num(X509, (st)) ++# define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) ++# define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) ++# define sk_X509_zero(st) SKM_sk_zero(X509, (st)) ++# define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) ++# define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) ++# define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) ++# define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) ++# define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) ++# define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) ++# define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) ++# define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) ++# define sk_X509_dup(st) SKM_sk_dup(X509, st) ++# define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) ++# define sk_X509_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509, (st), (copy_func), (free_func)) ++# define sk_X509_shift(st) SKM_sk_shift(X509, (st)) ++# define sk_X509_pop(st) SKM_sk_pop(X509, (st)) ++# define sk_X509_sort(st) SKM_sk_sort(X509, (st)) ++# define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) ++# define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) ++# define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) ++# define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) ++# define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) ++# define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) ++# define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) ++# define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) ++# define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) ++# define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) ++# define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) ++# define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) ++# define sk_X509V3_EXT_METHOD_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509V3_EXT_METHOD, (st), (copy_func), (free_func)) ++# define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) ++# define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) ++# define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) ++# define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) ++# define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) ++# define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) ++# define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) ++# define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) ++# define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) ++# define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) ++# define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) ++# define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) ++# define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) ++# define sk_X509_ALGOR_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ALGOR, (st), (copy_func), (free_func)) ++# define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) ++# define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) ++# define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) ++# define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) ++# define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) ++# define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) ++# define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) ++# define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) ++# define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) ++# define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) ++# define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) ++# define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) ++# define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) ++# define sk_X509_ATTRIBUTE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_ATTRIBUTE, (st), (copy_func), (free_func)) ++# define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) ++# define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) ++# define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) ++# define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) ++# define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) ++# define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) ++# define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) ++# define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) ++# define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) ++# define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) ++# define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) ++# define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) ++# define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) ++# define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) ++# define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) ++# define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) ++# define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) ++# define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) ++# define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) ++# define sk_X509_CRL_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_CRL, (st), (copy_func), (free_func)) ++# define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) ++# define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) ++# define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) ++# define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) ++# define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) ++# define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) ++# define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) ++# define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) ++# define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) ++# define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) ++# define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) ++# define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) ++# define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) ++# define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) ++# define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) ++# define sk_X509_EXTENSION_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_EXTENSION, (st), (copy_func), (free_func)) ++# define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) ++# define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) ++# define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) ++# define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) ++# define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) ++# define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) ++# define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) ++# define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) ++# define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) ++# define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) ++# define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) ++# define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) ++# define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) ++# define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) ++# define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) ++# define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) ++# define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) ++# define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) ++# define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) ++# define sk_X509_INFO_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_INFO, (st), (copy_func), (free_func)) ++# define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) ++# define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) ++# define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) ++# define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) ++# define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) ++# define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) ++# define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) ++# define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) ++# define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) ++# define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) ++# define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) ++# define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) ++# define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) ++# define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) ++# define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) ++# define sk_X509_LOOKUP_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_LOOKUP, (st), (copy_func), (free_func)) ++# define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) ++# define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) ++# define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) ++# define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) ++# define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) ++# define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) ++# define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) ++# define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) ++# define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) ++# define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) ++# define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) ++# define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) ++# define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) ++# define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) ++# define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) ++# define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) ++# define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) ++# define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) ++# define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) ++# define sk_X509_NAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME, (st), (copy_func), (free_func)) ++# define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) ++# define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) ++# define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) ++# define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) ++# define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) ++# define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) ++# define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) ++# define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) ++# define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) ++# define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) ++# define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) ++# define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) ++# define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) ++# define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) ++# define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) ++# define sk_X509_NAME_ENTRY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_NAME_ENTRY, (st), (copy_func), (free_func)) ++# define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) ++# define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) ++# define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) ++# define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) ++# define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) ++# define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) ++# define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) ++# define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) ++# define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) ++# define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) ++# define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) ++# define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) ++# define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) ++# define sk_X509_OBJECT_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_OBJECT, (st), (copy_func), (free_func)) ++# define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) ++# define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) ++# define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) ++# define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) ++# define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) ++# define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) ++# define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) ++# define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) ++# define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) ++# define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) ++# define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) ++# define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) ++# define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) ++# define sk_X509_POLICY_DATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_DATA, (st), (copy_func), (free_func)) ++# define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) ++# define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) ++# define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) ++# define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) ++# define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) ++# define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) ++# define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) ++# define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) ++# define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) ++# define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) ++# define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) ++# define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) ++# define sk_X509_POLICY_NODE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_POLICY_NODE, (st), (copy_func), (free_func)) ++# define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) ++# define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) ++# define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) ++# define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) ++# define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) ++# define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) ++# define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) ++# define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) ++# define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) ++# define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) ++# define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) ++# define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) ++# define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) ++# define sk_X509_PURPOSE_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_PURPOSE, (st), (copy_func), (free_func)) ++# define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) ++# define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) ++# define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) ++# define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) ++# define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) ++# define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) ++# define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) ++# define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) ++# define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) ++# define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) ++# define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) ++# define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) ++# define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) ++# define sk_X509_REVOKED_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_REVOKED, (st), (copy_func), (free_func)) ++# define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) ++# define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) ++# define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) ++# define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) ++# define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) ++# define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) ++# define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) ++# define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) ++# define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) ++# define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) ++# define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) ++# define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) ++# define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) ++# define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) ++# define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) ++# define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) ++# define sk_X509_TRUST_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_TRUST, (st), (copy_func), (free_func)) ++# define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) ++# define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) ++# define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) ++# define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) ++# define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) ++# define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) ++# define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) ++# define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) ++# define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) ++# define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) ++# define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) ++# define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) ++# define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) ++# define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) ++# define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) ++# define sk_X509_VERIFY_PARAM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(X509_VERIFY_PARAM, (st), (copy_func), (free_func)) ++# define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) ++# define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) ++# define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) ++# define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) ++# define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) ++# define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) ++# define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) ++# define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) ++# define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) ++# define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) ++# define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) ++# define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) ++# define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) ++# define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) ++# define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) ++# define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) ++# define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) ++# define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) ++# define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) ++# define sk_nid_triple_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(nid_triple, (st), (copy_func), (free_func)) ++# define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) ++# define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) ++# define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) ++# define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) ++# define sk_void_new(cmp) SKM_sk_new(void, (cmp)) ++# define sk_void_new_null() SKM_sk_new_null(void) ++# define sk_void_free(st) SKM_sk_free(void, (st)) ++# define sk_void_num(st) SKM_sk_num(void, (st)) ++# define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) ++# define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) ++# define sk_void_zero(st) SKM_sk_zero(void, (st)) ++# define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) ++# define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) ++# define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) ++# define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) ++# define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) ++# define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) ++# define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) ++# define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) ++# define sk_void_dup(st) SKM_sk_dup(void, st) ++# define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) ++# define sk_void_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(void, (st), (copy_func), (free_func)) ++# define sk_void_shift(st) SKM_sk_shift(void, (st)) ++# define sk_void_pop(st) SKM_sk_pop(void, (st)) ++# define sk_void_sort(st) SKM_sk_sort(void, (st)) ++# define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) ++# define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) ++# define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) ++# define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) ++# define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) ++# define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC(char, free_func)) ++# define sk_OPENSSL_STRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_STRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_COPY_FUNC(char, copy_func), CHECKED_SK_FREE_FUNC(char, free_func))) ++# define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) ++# define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) ++# define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) ++# define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) ++# define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) ++# define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ ++ ((int (*)(const char * const *,const char * const *)) \ ++ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) ++# define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) ++# define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) ++# define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) ++# define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) ++# define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) ++# define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) ++# define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) ++# define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC(void, free_func)) ++# define sk_OPENSSL_BLOCK_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_BLOCK) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_COPY_FUNC(void, copy_func), CHECKED_SK_FREE_FUNC(void, free_func))) ++# define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) ++# define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) ++# define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) ++# define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) ++# define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) ++# define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ ++ ((int (*)(const void * const *,const void * const *)) \ ++ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) ++# define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) ++# define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) ++# define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) ++# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) ++# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) ++# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) ++# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) ++# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) ++# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) ++# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) ++# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) ++# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) ++# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) ++# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) ++# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) ++# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ ++ ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ ++ sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) ++# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) ++# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) ++# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) ++# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) ++# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) ++# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) ++# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ ++ SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) ++# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ ++ SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) ++# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ ++ SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) ++# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ ++ SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) ++# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++ SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) ++# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ ++ SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) ++# define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) ++# define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) ++# define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) ++# define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) ++# define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) ++# define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) ++# define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) ++# define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) ++# define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) ++# define lh_ADDED_OBJ_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) ++# define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) ++# define lh_ADDED_OBJ_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ADDED_OBJ,lh,out) ++# define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) ++# define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) ++# define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) ++# define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) ++# define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) ++# define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) ++# define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) ++# define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) ++# define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) ++# define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) ++# define lh_APP_INFO_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(APP_INFO,lh,out) ++# define lh_APP_INFO_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) ++# define lh_APP_INFO_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(APP_INFO,lh,out) ++# define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) ++# define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) ++# define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) ++# define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) ++# define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) ++# define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) ++# define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) ++# define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) ++# define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) ++# define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) ++# define lh_CONF_VALUE_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(CONF_VALUE,lh,out) ++# define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) ++# define lh_CONF_VALUE_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(CONF_VALUE,lh,out) ++# define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) ++# define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) ++# define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) ++# define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) ++# define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) ++# define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) ++# define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) ++# define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) ++# define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) ++# define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) ++# define lh_ENGINE_PILE_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) ++# define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) ++# define lh_ENGINE_PILE_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ENGINE_PILE,lh,out) ++# define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) ++# define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) ++# define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) ++# define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) ++# define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) ++# define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) ++# define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) ++# define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) ++# define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) ++# define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) ++# define lh_ERR_STATE_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ERR_STATE,lh,out) ++# define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) ++# define lh_ERR_STATE_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ERR_STATE,lh,out) ++# define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) ++# define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) ++# define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) ++# define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) ++# define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) ++# define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) ++# define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) ++# define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) ++# define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) ++# define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) ++# define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) ++# define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) ++# define lh_ERR_STRING_DATA_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) ++# define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) ++# define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) ++# define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) ++# define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) ++# define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) ++# define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) ++# define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) ++# define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) ++# define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) ++# define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) ++# define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) ++# define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) ++# define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) ++# define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) ++# define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) ++# define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) ++# define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) ++# define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) ++# define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) ++# define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) ++# define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) ++# define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) ++# define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) ++# define lh_FUNCTION_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(FUNCTION,lh,out) ++# define lh_FUNCTION_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) ++# define lh_FUNCTION_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(FUNCTION,lh,out) ++# define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) ++# define lh_MEM_new() LHM_lh_new(MEM,mem) ++# define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) ++# define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) ++# define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) ++# define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) ++# define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) ++# define lh_MEM_error(lh) LHM_lh_error(MEM,lh) ++# define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) ++# define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) ++# define lh_MEM_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(MEM,lh,out) ++# define lh_MEM_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(MEM,lh,out) ++# define lh_MEM_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(MEM,lh,out) ++# define lh_MEM_free(lh) LHM_lh_free(MEM,lh) ++# define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) ++# define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) ++# define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) ++# define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) ++# define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) ++# define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) ++# define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) ++# define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) ++# define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) ++# define lh_OBJ_NAME_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(OBJ_NAME,lh,out) ++# define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) ++# define lh_OBJ_NAME_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(OBJ_NAME,lh,out) ++# define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) ++# define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) ++# define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) ++# define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) ++# define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) ++# define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) ++# define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) ++# define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) ++# define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) ++# define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) ++# define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) ++# define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) ++# define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) ++# define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) ++# define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) ++# define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) ++# define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) ++# define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) ++# define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) ++# define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) ++# define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) ++# define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) ++# define lh_OPENSSL_STRING_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(OPENSSL_STRING,lh,out) ++# define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) ++# define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) ++# define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) ++# define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) ++# define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) ++# define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) ++# define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ ++ LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) ++# define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) ++# define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) ++# define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) ++# define lh_SSL_SESSION_node_stats_bio(lh,out) \ ++ LHM_lh_node_stats_bio(SSL_SESSION,lh,out) ++# define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ ++ LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) ++# define lh_SSL_SESSION_stats_bio(lh,out) \ ++ LHM_lh_stats_bio(SSL_SESSION,lh,out) ++# define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) ++#ifdef __cplusplus + } +-# endif + #endif ++#endif /* !defined HEADER_SAFESTACK_H */ +diff --git a/Cryptlib/Include/openssl/seed.h b/Cryptlib/Include/openssl/seed.h +index bb97131..8cbf0d9 100644 +--- a/Cryptlib/Include/openssl/seed.h ++++ b/Cryptlib/Include/openssl/seed.h +@@ -1,12 +1,3 @@ +-/* +- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + /* + * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved. + * +@@ -30,20 +21,72 @@ + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. ++ * ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * + */ + + #ifndef HEADER_SEED_H + # define HEADER_SEED_H + + # include +- +-# ifndef OPENSSL_NO_SEED + # include + # include + +-#ifdef __cplusplus +-extern "C" { +-#endif ++# ifdef OPENSSL_NO_SEED ++# error SEED is disabled. ++# endif + + /* look whether we need 'long' to get 32 bits */ + # ifdef AES_LONG +@@ -59,6 +102,11 @@ extern "C" { + # define SEED_BLOCK_SIZE 16 + # define SEED_KEY_LENGTH 16 + ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ + typedef struct seed_key_st { + # ifdef SEED_LONG + unsigned long data[32]; +@@ -67,6 +115,10 @@ typedef struct seed_key_st { + # endif + } SEED_KEY_SCHEDULE; + ++# ifdef OPENSSL_FIPS ++void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], ++ SEED_KEY_SCHEDULE *ks); ++# endif + void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], + SEED_KEY_SCHEDULE *ks); + +@@ -90,9 +142,8 @@ void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const SEED_KEY_SCHEDULE *ks, + unsigned char ivec[SEED_BLOCK_SIZE], int *num); + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif +- + #endif ++ ++#endif /* HEADER_SEED_H */ +diff --git a/Cryptlib/Include/openssl/sha.h b/Cryptlib/Include/openssl/sha.h +index 6a1eb0d..e5169e4 100644 +--- a/Cryptlib/Include/openssl/sha.h ++++ b/Cryptlib/Include/openssl/sha.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/sha/sha.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_SHA_H +@@ -17,12 +66,29 @@ + extern "C" { + #endif + ++# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) ++# error SHA is disabled. ++# endif ++ ++# if defined(OPENSSL_FIPS) ++# define FIPS_SHA_SIZE_T size_t ++# endif ++ + /*- + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- * ! SHA_LONG has to be at least 32 bits wide. ! ++ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! ++ * ! SHA_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ +-# define SHA_LONG unsigned int ++ ++# if defined(__LP32__) ++# define SHA_LONG unsigned long ++# elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) ++# define SHA_LONG unsigned long ++# define SHA_LONG_LOG2 3 ++# else ++# define SHA_LONG unsigned int ++# endif + + # define SHA_LBLOCK 16 + # define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a +@@ -38,15 +104,32 @@ typedef struct SHAstate_st { + unsigned int num; + } SHA_CTX; + ++# ifndef OPENSSL_NO_SHA0 ++# ifdef OPENSSL_FIPS ++int private_SHA_Init(SHA_CTX *c); ++# endif ++int SHA_Init(SHA_CTX *c); ++int SHA_Update(SHA_CTX *c, const void *data, size_t len); ++int SHA_Final(unsigned char *md, SHA_CTX *c); ++unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); ++void SHA_Transform(SHA_CTX *c, const unsigned char *data); ++# endif ++# ifndef OPENSSL_NO_SHA1 ++# ifdef OPENSSL_FIPS ++int private_SHA1_Init(SHA_CTX *c); ++# endif + int SHA1_Init(SHA_CTX *c); + int SHA1_Update(SHA_CTX *c, const void *data, size_t len); + int SHA1_Final(unsigned char *md, SHA_CTX *c); + unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); + void SHA1_Transform(SHA_CTX *c, const unsigned char *data); ++# endif + + # define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a + * contiguous array of 32 bit wide + * big-endian values. */ ++# define SHA224_DIGEST_LENGTH 28 ++# define SHA256_DIGEST_LENGTH 32 + + typedef struct SHA256state_st { + SHA_LONG h[8]; +@@ -55,6 +138,11 @@ typedef struct SHA256state_st { + unsigned int num, md_len; + } SHA256_CTX; + ++# ifndef OPENSSL_NO_SHA256 ++# ifdef OPENSSL_FIPS ++int private_SHA224_Init(SHA256_CTX *c); ++int private_SHA256_Init(SHA256_CTX *c); ++# endif + int SHA224_Init(SHA256_CTX *c); + int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA224_Final(unsigned char *md, SHA256_CTX *c); +@@ -64,12 +152,12 @@ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); + int SHA256_Final(unsigned char *md, SHA256_CTX *c); + unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); + void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); ++# endif + +-# define SHA224_DIGEST_LENGTH 28 +-# define SHA256_DIGEST_LENGTH 32 + # define SHA384_DIGEST_LENGTH 48 + # define SHA512_DIGEST_LENGTH 64 + ++# ifndef OPENSSL_NO_SHA512 + /* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c +@@ -80,17 +168,17 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); + * contiguous array of 64 bit + * wide big-endian values. + */ +-# define SHA512_CBLOCK (SHA_LBLOCK*8) +-# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +-# define SHA_LONG64 unsigned __int64 +-# define U64(C) C##UI64 +-# elif defined(__arch64__) +-# define SHA_LONG64 unsigned long +-# define U64(C) C##UL +-# else +-# define SHA_LONG64 unsigned long long +-# define U64(C) C##ULL +-# endif ++# define SHA512_CBLOCK (SHA_LBLOCK*8) ++# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) ++# define SHA_LONG64 unsigned __int64 ++# define U64(C) C##UI64 ++# elif defined(__arch64__) ++# define SHA_LONG64 unsigned long ++# define U64(C) C##UL ++# else ++# define SHA_LONG64 unsigned long long ++# define U64(C) C##ULL ++# endif + + typedef struct SHA512state_st { + SHA_LONG64 h[8]; +@@ -101,7 +189,13 @@ typedef struct SHA512state_st { + } u; + unsigned int num, md_len; + } SHA512_CTX; ++# endif + ++# ifndef OPENSSL_NO_SHA512 ++# ifdef OPENSSL_FIPS ++int private_SHA384_Init(SHA512_CTX *c); ++int private_SHA512_Init(SHA512_CTX *c); ++# endif + int SHA384_Init(SHA512_CTX *c); + int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA384_Final(unsigned char *md, SHA512_CTX *c); +@@ -111,6 +205,7 @@ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); + int SHA512_Final(unsigned char *md, SHA512_CTX *c); + unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); + void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); ++# endif + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/srp.h b/Cryptlib/Include/openssl/srp.h +index f2b6ec7..4ed4bfe 100644 +--- a/Cryptlib/Include/openssl/srp.h ++++ b/Cryptlib/Include/openssl/srp.h +@@ -1,27 +1,77 @@ ++/* crypto/srp/srp.h */ + /* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Christophe Renou (christophe.renou@edelweb.fr) with the ++ * precious help of Peter Sylvester (peter.sylvester@edelweb.fr) for the ++ * EdelKey project and contributed to the OpenSSL project 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ ++#ifndef __SRP_H__ ++# define __SRP_H__ + +-#ifndef HEADER_SRP_H +-# define HEADER_SRP_H +- +-#include ++# ifndef OPENSSL_NO_SRP + +-#ifndef OPENSSL_NO_SRP +-# include +-# include +-# include +-# include +-# include ++# include ++# include + +-# ifdef __cplusplus ++#ifdef __cplusplus + extern "C" { +-# endif ++#endif ++ ++# include ++# include ++# include + + typedef struct SRP_gN_cache_st { + char *b64_bn; +@@ -29,7 +79,7 @@ typedef struct SRP_gN_cache_st { + } SRP_gN_cache; + + +-DEFINE_STACK_OF(SRP_gN_cache) ++DECLARE_STACK_OF(SRP_gN_cache) + + typedef struct SRP_user_pwd_st { + /* Owned by us. */ +@@ -43,89 +93,89 @@ typedef struct SRP_user_pwd_st { + char *info; + } SRP_user_pwd; + +-void SRP_user_pwd_free(SRP_user_pwd *user_pwd); ++DECLARE_STACK_OF(SRP_user_pwd) + +-DEFINE_STACK_OF(SRP_user_pwd) ++void SRP_user_pwd_free(SRP_user_pwd *user_pwd); + + typedef struct SRP_VBASE_st { + STACK_OF(SRP_user_pwd) *users_pwd; + STACK_OF(SRP_gN_cache) *gN_cache; + /* to simulate a user */ + char *seed_key; +- const BIGNUM *default_g; +- const BIGNUM *default_N; ++ BIGNUM *default_g; ++ BIGNUM *default_N; + } SRP_VBASE; + + /* +- * Internal structure storing N and g pair ++ * Structure interne pour retenir les couples N et g + */ + typedef struct SRP_gN_st { + char *id; +- const BIGNUM *g; +- const BIGNUM *N; ++ BIGNUM *g; ++ BIGNUM *N; + } SRP_gN; + +-DEFINE_STACK_OF(SRP_gN) ++DECLARE_STACK_OF(SRP_gN) + + SRP_VBASE *SRP_VBASE_new(char *seed_key); +-void SRP_VBASE_free(SRP_VBASE *vb); ++int SRP_VBASE_free(SRP_VBASE *vb); ++#ifndef OPENSSL_NO_STDIO + int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file); ++#endif + + /* This method ignores the configured seed and fails for an unknown user. */ +-DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)) ++SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username); + /* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/ + SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username); + + char *SRP_create_verifier(const char *user, const char *pass, char **salt, + char **verifier, const char *N, const char *g); + int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, +- BIGNUM **verifier, const BIGNUM *N, +- const BIGNUM *g); +- +-# define SRP_NO_ERROR 0 +-# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +-# define SRP_ERR_VBASE_BN_LIB 2 +-# define SRP_ERR_OPEN_FILE 3 +-# define SRP_ERR_MEMORY 4 +- +-# define DB_srptype 0 +-# define DB_srpverifier 1 +-# define DB_srpsalt 2 +-# define DB_srpid 3 +-# define DB_srpgN 4 +-# define DB_srpinfo 5 +-# undef DB_NUMBER +-# define DB_NUMBER 6 +- +-# define DB_SRP_INDEX 'I' +-# define DB_SRP_VALID 'V' +-# define DB_SRP_REVOKED 'R' +-# define DB_SRP_MODIF 'v' ++ BIGNUM **verifier, BIGNUM *N, BIGNUM *g); ++ ++# define SRP_NO_ERROR 0 ++# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 ++# define SRP_ERR_VBASE_BN_LIB 2 ++# define SRP_ERR_OPEN_FILE 3 ++# define SRP_ERR_MEMORY 4 ++ ++# define DB_srptype 0 ++# define DB_srpverifier 1 ++# define DB_srpsalt 2 ++# define DB_srpid 3 ++# define DB_srpgN 4 ++# define DB_srpinfo 5 ++# undef DB_NUMBER ++# define DB_NUMBER 6 ++ ++# define DB_SRP_INDEX 'I' ++# define DB_SRP_VALID 'V' ++# define DB_SRP_REVOKED 'R' ++# define DB_SRP_MODIF 'v' + + /* see srp.c */ +-char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N); ++char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); + SRP_gN *SRP_get_default_gN(const char *id); + + /* server side .... */ +-BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u, +- const BIGNUM *b, const BIGNUM *N); +-BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g, +- const BIGNUM *v); +-int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N); +-BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N); ++BIGNUM *SRP_Calc_server_key(BIGNUM *A, BIGNUM *v, BIGNUM *u, BIGNUM *b, ++ BIGNUM *N); ++BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v); ++int SRP_Verify_A_mod_N(BIGNUM *A, BIGNUM *N); ++BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N); + + /* client side .... */ +-BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass); +-BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g); +-BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g, +- const BIGNUM *x, const BIGNUM *a, const BIGNUM *u); +-int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N); ++BIGNUM *SRP_Calc_x(BIGNUM *s, const char *user, const char *pass); ++BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g); ++BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, ++ BIGNUM *a, BIGNUM *u); ++int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); + +-# define SRP_MINIMAL_N 1024 ++# define SRP_MINIMAL_N 1024 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + ++# endif + #endif +diff --git a/Cryptlib/Include/openssl/srtp.h b/Cryptlib/Include/openssl/srtp.h +index 5ddfa46..2279c32 100644 +--- a/Cryptlib/Include/openssl/srtp.h ++++ b/Cryptlib/Include/openssl/srtp.h +@@ -1,12 +1,113 @@ +-/* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ssl/srtp.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* + * DTLS code by Eric Rescorla + * +@@ -29,17 +130,13 @@ extern "C" { + # define SRTP_NULL_SHA1_80 0x0005 + # define SRTP_NULL_SHA1_32 0x0006 + +-/* AEAD SRTP protection profiles from RFC 7714 */ +-# define SRTP_AEAD_AES_128_GCM 0x0007 +-# define SRTP_AEAD_AES_256_GCM 0x0008 +- + # ifndef OPENSSL_NO_SRTP + +-__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +-__owur int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); ++int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); ++int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); + +-__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +-__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); ++STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); ++SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + + # endif + +diff --git a/Cryptlib/Include/openssl/ssl.h b/Cryptlib/Include/openssl/ssl.h +index 8d75d53..90aeb0c 100644 +--- a/Cryptlib/Include/openssl/ssl.h ++++ b/Cryptlib/Include/openssl/ssl.h +@@ -1,12 +1,113 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ssl/ssl.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by +@@ -43,34 +144,78 @@ + # define HEADER_SSL_H + + # include +-# include +-# include +-# include +-# if OPENSSL_API_COMPAT < 0x10100000L +-# include ++ ++# ifndef OPENSSL_NO_COMP ++# include ++# endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif ++# ifndef OPENSSL_NO_DEPRECATED ++# ifndef OPENSSL_NO_X509 ++# include ++# endif + # include + # include + # include + # endif + # include + # include +-# include + ++# include + # include + # include +-# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* OpenSSL version number for ASN.1 encoding of the session information */ ++/* SSLeay version number for ASN.1 encoding of the session information */ + /*- + * Version 0 - initial version + * Version 1 - added the optional peer certificate + */ + # define SSL_SESSION_ASN1_VERSION 0x0001 + ++/* text strings for the ciphers */ ++# define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 ++# define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 ++# define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 ++# define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 ++# define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 ++# define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 ++# define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 ++# define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA ++# define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 ++# define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA ++ ++/* ++ * VRS Additional Kerberos5 entries ++ */ ++# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA ++# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA ++# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA ++# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA ++# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 ++# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 ++# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 ++# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 ++ ++# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA ++# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA ++# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA ++# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 ++# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 ++# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 ++ ++# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA ++# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 ++# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA ++# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 ++# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA ++# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 ++# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 ++ + # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 + # define SSL_MAX_SID_CTX_LENGTH 32 + +@@ -78,18 +223,20 @@ extern "C" { + # define SSL_MAX_KEY_ARG_LENGTH 8 + # define SSL_MAX_MASTER_KEY_LENGTH 48 + +-/* The maximum number of encrypt/decrypt pipelines we can support */ +-# define SSL_MAX_PIPELINES 32 +- +-/* text strings for the ciphers */ +- + /* These are used to specify which ciphers to use and not to use */ + ++# define SSL_TXT_EXP40 "EXPORT40" ++# define SSL_TXT_EXP56 "EXPORT56" + # define SSL_TXT_LOW "LOW" + # define SSL_TXT_MEDIUM "MEDIUM" + # define SSL_TXT_HIGH "HIGH" + # define SSL_TXT_FIPS "FIPS" + ++# define SSL_TXT_kFZA "kFZA"/* unused! */ ++# define SSL_TXT_aFZA "aFZA"/* unused! */ ++# define SSL_TXT_eFZA "eFZA"/* unused! */ ++# define SSL_TXT_FZA "FZA"/* unused! */ ++ + # define SSL_TXT_aNULL "aNULL" + # define SSL_TXT_eNULL "eNULL" + # define SSL_TXT_NULL "NULL" +@@ -98,17 +245,15 @@ extern "C" { + # define SSL_TXT_kDHr "kDHr" + # define SSL_TXT_kDHd "kDHd" + # define SSL_TXT_kDH "kDH" +-# define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ +-# define SSL_TXT_kDHE "kDHE" ++# define SSL_TXT_kEDH "kEDH" ++# define SSL_TXT_kDHE "kDHE"/* alias for kEDH */ ++# define SSL_TXT_kKRB5 "kKRB5" + # define SSL_TXT_kECDHr "kECDHr" + # define SSL_TXT_kECDHe "kECDHe" + # define SSL_TXT_kECDH "kECDH" +-# define SSL_TXT_kEECDH "kEECDH"/* alias for kECDHE */ +-# define SSL_TXT_kECDHE "kECDHE" ++# define SSL_TXT_kEECDH "kEECDH" ++# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */ + # define SSL_TXT_kPSK "kPSK" +-# define SSL_TXT_kRSAPSK "kRSAPSK" +-# define SSL_TXT_kECDHEPSK "kECDHEPSK" +-# define SSL_TXT_kDHEPSK "kDHEPSK" + # define SSL_TXT_kGOST "kGOST" + # define SSL_TXT_kSRP "kSRP" + +@@ -116,25 +261,26 @@ extern "C" { + # define SSL_TXT_aDSS "aDSS" + # define SSL_TXT_aDH "aDH" + # define SSL_TXT_aECDH "aECDH" ++# define SSL_TXT_aKRB5 "aKRB5" + # define SSL_TXT_aECDSA "aECDSA" + # define SSL_TXT_aPSK "aPSK" +-# define SSL_TXT_aGOST94 "aGOST94" +-# define SSL_TXT_aGOST01 "aGOST01" +-# define SSL_TXT_aGOST12 "aGOST12" +-# define SSL_TXT_aGOST "aGOST" ++# define SSL_TXT_aGOST94 "aGOST94" ++# define SSL_TXT_aGOST01 "aGOST01" ++# define SSL_TXT_aGOST "aGOST" + # define SSL_TXT_aSRP "aSRP" + + # define SSL_TXT_DSS "DSS" + # define SSL_TXT_DH "DH" +-# define SSL_TXT_DHE "DHE"/* same as "kDHE:-ADH" */ +-# define SSL_TXT_EDH "EDH"/* alias for DHE */ ++# define SSL_TXT_EDH "EDH"/* same as "kEDH:-ADH" */ ++# define SSL_TXT_DHE "DHE"/* alias for EDH */ + # define SSL_TXT_ADH "ADH" + # define SSL_TXT_RSA "RSA" + # define SSL_TXT_ECDH "ECDH" +-# define SSL_TXT_EECDH "EECDH"/* alias for ECDHE" */ +-# define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ ++# define SSL_TXT_EECDH "EECDH"/* same as "kEECDH:-AECDH" */ ++# define SSL_TXT_ECDHE "ECDHE"/* alias for ECDHE" */ + # define SSL_TXT_AECDH "AECDH" + # define SSL_TXT_ECDSA "ECDSA" ++# define SSL_TXT_KRB5 "KRB5" + # define SSL_TXT_PSK "PSK" + # define SSL_TXT_SRP "SRP" + +@@ -148,29 +294,27 @@ extern "C" { + # define SSL_TXT_AES256 "AES256" + # define SSL_TXT_AES "AES" + # define SSL_TXT_AES_GCM "AESGCM" +-# define SSL_TXT_AES_CCM "AESCCM" +-# define SSL_TXT_AES_CCM_8 "AESCCM8" + # define SSL_TXT_CAMELLIA128 "CAMELLIA128" + # define SSL_TXT_CAMELLIA256 "CAMELLIA256" + # define SSL_TXT_CAMELLIA "CAMELLIA" +-# define SSL_TXT_CHACHA20 "CHACHA20" +-# define SSL_TXT_GOST "GOST89" + + # define SSL_TXT_MD5 "MD5" + # define SSL_TXT_SHA1 "SHA1" + # define SSL_TXT_SHA "SHA"/* same as "SHA1" */ + # define SSL_TXT_GOST94 "GOST94" +-# define SSL_TXT_GOST89MAC "GOST89MAC" +-# define SSL_TXT_GOST12 "GOST12" +-# define SSL_TXT_GOST89MAC12 "GOST89MAC12" ++# define SSL_TXT_GOST89MAC "GOST89MAC" + # define SSL_TXT_SHA256 "SHA256" + # define SSL_TXT_SHA384 "SHA384" + ++# define SSL_TXT_SSLV2 "SSLv2" + # define SSL_TXT_SSLV3 "SSLv3" + # define SSL_TXT_TLSV1 "TLSv1" + # define SSL_TXT_TLSV1_1 "TLSv1.1" + # define SSL_TXT_TLSV1_2 "TLSv1.2" + ++# define SSL_TXT_EXP "EXP" ++# define SSL_TXT_EXPORT "EXPORT" ++ + # define SSL_TXT_ALL "ALL" + + /*- +@@ -194,7 +338,7 @@ extern "C" { + * The following cipher list is used by default. It also is substituted when + * an application-defined cipher list string starts with 'DEFAULT'. + */ +-# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL" ++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2" + /* + * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is +@@ -214,6 +358,10 @@ extern "C" { + extern "C" { + #endif + ++# if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) ++# define OPENSSL_NO_SSL2 ++# endif ++ + # define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 + # define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +@@ -228,10 +376,8 @@ typedef struct ssl_cipher_st SSL_CIPHER; + typedef struct ssl_session_st SSL_SESSION; + typedef struct tls_sigalgs_st TLS_SIGALGS; + typedef struct ssl_conf_ctx_st SSL_CONF_CTX; +-typedef struct ssl_comp_st SSL_COMP; + +-STACK_OF(SSL_CIPHER); +-STACK_OF(SSL_COMP); ++DECLARE_STACK_OF(SSL_CIPHER) + + /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ + typedef struct srtp_protection_profile_st { +@@ -239,7 +385,7 @@ typedef struct srtp_protection_profile_st { + unsigned long id; + } SRTP_PROTECTION_PROFILE; + +-DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE) ++DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) + + typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, + const unsigned char *data, +@@ -247,7 +393,9 @@ typedef int (*tls_session_ticket_ext_cb_fn) (SSL *s, + typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, + int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, +- const SSL_CIPHER **cipher, void *arg); ++ SSL_CIPHER **cipher, void *arg); ++ ++# ifndef OPENSSL_NO_TLSEXT + + /* Typedefs for handling custom extensions */ + +@@ -262,30 +410,187 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, + const unsigned char *in, + size_t inlen, int *al, void *parse_arg); + +-/* Typedef for verification callback */ +-typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); ++# endif ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++/* used to hold info on the particular ciphers used */ ++struct ssl_cipher_st { ++ int valid; ++ const char *name; /* text name */ ++ unsigned long id; /* id, 4 bytes, first is version */ ++ /* ++ * changed in 0.9.9: these four used to be portions of a single value ++ * 'algorithms' ++ */ ++ unsigned long algorithm_mkey; /* key exchange algorithm */ ++ unsigned long algorithm_auth; /* server authentication */ ++ unsigned long algorithm_enc; /* symmetric encryption */ ++ unsigned long algorithm_mac; /* symmetric authentication */ ++ unsigned long algorithm_ssl; /* (major) protocol version */ ++ unsigned long algo_strength; /* strength and export flags */ ++ unsigned long algorithm2; /* Extra flags */ ++ int strength_bits; /* Number of bits really used */ ++ int alg_bits; /* Number of bits for algorithm */ ++}; ++ ++/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ ++struct ssl_method_st { ++ int version; ++ int (*ssl_new) (SSL *s); ++ void (*ssl_clear) (SSL *s); ++ void (*ssl_free) (SSL *s); ++ int (*ssl_accept) (SSL *s); ++ int (*ssl_connect) (SSL *s); ++ int (*ssl_read) (SSL *s, void *buf, int len); ++ int (*ssl_peek) (SSL *s, void *buf, int len); ++ int (*ssl_write) (SSL *s, const void *buf, int len); ++ int (*ssl_shutdown) (SSL *s); ++ int (*ssl_renegotiate) (SSL *s); ++ int (*ssl_renegotiate_check) (SSL *s); ++ long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long ++ max, int *ok); ++ int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, ++ int peek); ++ int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); ++ int (*ssl_dispatch_alert) (SSL *s); ++ long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); ++ long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); ++ const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); ++ int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); ++ int (*ssl_pending) (const SSL *s); ++ int (*num_ciphers) (void); ++ const SSL_CIPHER *(*get_cipher) (unsigned ncipher); ++ const struct ssl_method_st *(*get_ssl_method) (int version); ++ long (*get_timeout) (void); ++ struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ ++ int (*ssl_version) (void); ++ long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); ++ long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); ++}; ++ ++/*- ++ * Lets make this into an ASN.1 type structure as follows ++ * SSL_SESSION_ID ::= SEQUENCE { ++ * version INTEGER, -- structure version number ++ * SSLversion INTEGER, -- SSL version number ++ * Cipher OCTET STRING, -- the 3 byte cipher ID ++ * Session_ID OCTET STRING, -- the Session ID ++ * Master_key OCTET STRING, -- the master key ++ * KRB5_principal OCTET STRING -- optional Kerberos principal ++ * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument ++ * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time ++ * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds ++ * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate ++ * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context ++ * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' ++ * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension ++ * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint ++ * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity ++ * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket ++ * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) ++ * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method ++ * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username ++ * } ++ * Look in ssl/ssl_asn1.c for more details ++ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). ++ */ ++struct ssl_session_st { ++ int ssl_version; /* what ssl version session info is being ++ * kept in here? */ ++ /* only really used in SSLv2 */ ++ unsigned int key_arg_length; ++ unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH]; ++ int master_key_length; ++ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; ++ /* session_id - valid? */ ++ unsigned int session_id_length; ++ unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; ++ /* ++ * this is used to determine whether the session is being reused in the ++ * appropriate context. It is up to the application to set this, via ++ * SSL_new ++ */ ++ unsigned int sid_ctx_length; ++ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; ++# ifndef OPENSSL_NO_KRB5 ++ unsigned int krb5_client_princ_len; ++ unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; ++# endif /* OPENSSL_NO_KRB5 */ ++# ifndef OPENSSL_NO_PSK ++ char *psk_identity_hint; ++ char *psk_identity; ++# endif ++ /* ++ * Used to indicate that session resumption is not allowed. Applications ++ * can also set this bit for a new session via not_resumable_session_cb ++ * to disable session caching and tickets. ++ */ ++ int not_resumable; ++ /* The cert is the certificate used to establish this connection */ ++ struct sess_cert_st /* SESS_CERT */ *sess_cert; ++ /* ++ * This is the cert for the other end. On clients, it will be the same as ++ * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is ++ * not retained in the external representation of sessions, see ++ * ssl_asn1.c). ++ */ ++ X509 *peer; ++ /* ++ * when app_verify_callback accepts a session where the peer's ++ * certificate is not ok, we must remember the error for session reuse: ++ */ ++ long verify_result; /* only for servers */ ++ int references; ++ long timeout; ++ long time; ++ unsigned int compress_meth; /* Need to lookup the method */ ++ const SSL_CIPHER *cipher; ++ unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used ++ * to load the 'cipher' structure */ ++ STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ ++ CRYPTO_EX_DATA ex_data; /* application specific data */ ++ /* ++ * These are used to make removal of session-ids more efficient and to ++ * implement a maximum cache size. ++ */ ++ struct ssl_session_st *prev, *next; ++# ifndef OPENSSL_NO_TLSEXT ++ char *tlsext_hostname; ++# ifndef OPENSSL_NO_EC ++ size_t tlsext_ecpointformatlist_length; ++ unsigned char *tlsext_ecpointformatlist; /* peer's list */ ++ size_t tlsext_ellipticcurvelist_length; ++ unsigned char *tlsext_ellipticcurvelist; /* peer's list */ ++# endif /* OPENSSL_NO_EC */ ++ /* RFC4507 info */ ++ unsigned char *tlsext_tick; /* Session ticket */ ++ size_t tlsext_ticklen; /* Session ticket length */ ++ long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ ++# endif ++# ifndef OPENSSL_NO_SRP ++ char *srp_username; ++# endif ++}; ++ ++# endif + ++# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L ++# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L + /* Allow initial connection to servers that don't support RI */ +-# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004U +-/* Removed from OpenSSL 0.9.8q and 1.0.0c */ +-/* Dead forever, see CVE-2010-4180. */ +-# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0U +-# define SSL_OP_TLSEXT_PADDING 0x00000010U +-# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0U +-# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040U +-/* Ancient SSLeay version, retained for compatibility */ +-# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +-# define SSL_OP_TLS_D5_BUG 0x0U +-/* Removed from OpenSSL 1.1.0 */ +-# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0U ++# define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L ++# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L ++# define SSL_OP_TLSEXT_PADDING 0x00000010L ++# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L ++# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L ++# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L ++# define SSL_OP_TLS_D5_BUG 0x00000100L ++# define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L + + /* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */ + # define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 + /* Refers to ancient SSLREF and SSLv2, retained for compatibility */ + # define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +-/* Related to removed SSLv2 */ +-# define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +-# define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 + + /* + * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in +@@ -295,107 +600,110 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + * SSL_OP_ALL. + */ + /* added in 0.9.6e */ +-# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800U ++# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L + + /* + * SSL_OP_ALL: various bug workarounds that should be rather harmless. This + * used to be 0x000FFFFFL before 0.9.7. + */ +-# define SSL_OP_ALL 0x80000BFFU ++# define SSL_OP_ALL 0x80000BFFL + + /* DTLS options */ +-# define SSL_OP_NO_QUERY_MTU 0x00001000U ++# define SSL_OP_NO_QUERY_MTU 0x00001000L + /* Turn on Cookie Exchange (on relevant for servers) */ +-# define SSL_OP_COOKIE_EXCHANGE 0x00002000U ++# define SSL_OP_COOKIE_EXCHANGE 0x00002000L + /* Don't use RFC4507 ticket extension */ +-# define SSL_OP_NO_TICKET 0x00004000U +-# ifndef OPENSSL_NO_DTLS1_METHOD +-/* Use Cisco's "speshul" version of DTLS_BAD_VER +- * (only with deprecated DTLSv1_client_method()) */ +-# define SSL_OP_CISCO_ANYCONNECT 0x00008000U +-# endif ++# define SSL_OP_NO_TICKET 0x00004000L ++/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */ ++# define SSL_OP_CISCO_ANYCONNECT 0x00008000L + + /* As server, disallow session resumption on renegotiation */ +-# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000U ++# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L + /* Don't use compression even if supported */ +-# define SSL_OP_NO_COMPRESSION 0x00020000U ++# define SSL_OP_NO_COMPRESSION 0x00020000L + /* Permit unsafe legacy renegotiation */ +-# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000U +-/* Does nothing: retained for compatibility */ +-# define SSL_OP_SINGLE_ECDH_USE 0x0 +-/* Does nothing: retained for compatibility */ +-# define SSL_OP_SINGLE_DH_USE 0x0 ++# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L ++/* If set, always create a new key when using tmp_ecdh parameters */ ++# define SSL_OP_SINGLE_ECDH_USE 0x00080000L + /* Does nothing: retained for compatibility */ ++# define SSL_OP_SINGLE_DH_USE 0x00100000L ++/* Does nothing: retained for compatibiity */ + # define SSL_OP_EPHEMERAL_RSA 0x0 + /* + * Set on servers to choose the cipher according to the server's preferences + */ +-# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000U ++# define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L + /* + * If set, a server will allow a client to issue a SSLv3.0 version number as + * latest version supported in the premaster secret, even when TLSv1.0 + * (version 3.1) was announced in the client hello. Normally this is + * forbidden to prevent version rollback attacks. + */ +-# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U ++# define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L + +-# define SSL_OP_NO_SSLv2 0x00000000U +-# define SSL_OP_NO_SSLv3 0x02000000U +-# define SSL_OP_NO_TLSv1 0x04000000U +-# define SSL_OP_NO_TLSv1_2 0x08000000U +-# define SSL_OP_NO_TLSv1_1 0x10000000U ++# define SSL_OP_NO_SSLv2 0x01000000L ++# define SSL_OP_NO_SSLv3 0x02000000L ++# define SSL_OP_NO_TLSv1 0x04000000L ++# define SSL_OP_NO_TLSv1_2 0x08000000L ++# define SSL_OP_NO_TLSv1_1 0x10000000L + +-# define SSL_OP_NO_DTLSv1 0x04000000U +-# define SSL_OP_NO_DTLSv1_2 0x08000000U ++# define SSL_OP_NO_DTLSv1 0x04000000L ++# define SSL_OP_NO_DTLSv1_2 0x08000000L + +-# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\ ++# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|\ + SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2) +-# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2) + +- +-/* Removed from previous versions */ ++/* ++ * These next two were never actually used for anything since SSLeay zap so ++ * we have some more flags. ++ */ ++/* ++ * The next flag deliberately changes the ciphertest, this is a check for the ++ * PKCS#1 attack ++ */ + # define SSL_OP_PKCS1_CHECK_1 0x0 + # define SSL_OP_PKCS1_CHECK_2 0x0 +-# define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +-# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0U ++ ++# define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L ++# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L + /* + * Make server add server-hello extension from early version of cryptopro + * draft, when GOST ciphersuite is negotiated. Required for interoperability + * with CryptoPro CSP 3.x + */ +-# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000U ++# define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x80000000L + + /* + * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): + */ +-# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001U ++# define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L + /* + * Make it possible to retry SSL_write() with changed buffer location (buffer + * contents must stay the same!); this is not the default to avoid the + * misconception that non-blocking SSL_write() behaves like non-blocking + * write(): + */ +-# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U ++# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L + /* + * Never bother the application with retries if the transport is blocking: + */ +-# define SSL_MODE_AUTO_RETRY 0x00000004U ++# define SSL_MODE_AUTO_RETRY 0x00000004L + /* Don't attempt to automatically build certificate chain */ +-# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U ++# define SSL_MODE_NO_AUTO_CHAIN 0x00000008L + /* + * Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) "Released" buffers are put onto a free-list in the context or + * just freed (depending on the context's setting for freelist_max_len). + */ +-# define SSL_MODE_RELEASE_BUFFERS 0x00000010U ++# define SSL_MODE_RELEASE_BUFFERS 0x00000010L + /* + * Send the current time in the Random fields of the ClientHello and + * ServerHello records for compatibility with hypothetical implementations + * that require it. + */ +-# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U +-# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U ++# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L ++# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L + /* + * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications + * that reconnect with a downgraded protocol version; see +@@ -404,18 +712,14 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + * fallback retries, following the guidance in + * draft-ietf-tls-downgrade-scsv-00. + */ +-# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U +-/* +- * Support Asynchronous operation +- */ +-# define SSL_MODE_ASYNC 0x00000100U ++# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080L + + /* Cert related flags */ + /* + * Many implementations ignore some aspects of the TLS standards such as +- * enforcing certificate chain algorithms. When this is set we enforce them. ++ * enforcing certifcate chain algorithms. When this is set we enforce them. + */ +-# define SSL_CERT_FLAG_TLS_STRICT 0x00000001U ++# define SSL_CERT_FLAG_TLS_STRICT 0x00000001L + + /* Suite B modes, takes same values as certificate verify flags */ + # define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY 0x10000 +@@ -467,25 +771,29 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); + # define SSL_CONF_FLAG_SERVER 0x8 + # define SSL_CONF_FLAG_SHOW_ERRORS 0x10 + # define SSL_CONF_FLAG_CERTIFICATE 0x20 +-# define SSL_CONF_FLAG_REQUIRE_PRIVATE 0x40 + /* Configuration value types */ + # define SSL_CONF_TYPE_UNKNOWN 0x0 + # define SSL_CONF_TYPE_STRING 0x1 + # define SSL_CONF_TYPE_FILE 0x2 + # define SSL_CONF_TYPE_DIR 0x3 +-# define SSL_CONF_TYPE_NONE 0x4 + + /* + * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they + * cannot be used to clear bits. + */ + +-unsigned long SSL_CTX_get_options(const SSL_CTX *ctx); +-unsigned long SSL_get_options(const SSL* s); +-unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op); +-unsigned long SSL_clear_options(SSL *s, unsigned long op); +-unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op); +-unsigned long SSL_set_options(SSL *s, unsigned long op); ++# define SSL_CTX_set_options(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) ++# define SSL_CTX_clear_options(ctx,op) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) ++# define SSL_CTX_get_options(ctx) \ ++ SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) ++# define SSL_set_options(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) ++# define SSL_clear_options(ssl,op) \ ++ SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) ++# define SSL_get_options(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + + # define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +@@ -511,7 +819,7 @@ unsigned long SSL_set_options(SSL *s, unsigned long op); + + # ifndef OPENSSL_NO_HEARTBEATS + # define SSL_heartbeat(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL) ++ SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL) + # endif + + # define SSL_CTX_set_cert_flags(ctx,op) \ +@@ -534,23 +842,48 @@ void SSL_set_msg_callback(SSL *ssl, + # define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + # define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) + +-# define SSL_get_extms_support(s) \ +- SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL) +- + # ifndef OPENSSL_NO_SRP + ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++typedef struct srp_ctx_st { ++ /* param for all the callbacks */ ++ void *SRP_cb_arg; ++ /* set client Hello login callback */ ++ int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); ++ /* set SRP N/g param callback for verification */ ++ int (*SRP_verify_param_callback) (SSL *, void *); ++ /* set SRP client passwd callback */ ++ char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); ++ char *login; ++ BIGNUM *N, *g, *s, *B, *A; ++ BIGNUM *a, *b, *v; ++ char *info; ++ int strength; ++ unsigned long srp_Mask; ++} SRP_CTX; ++ ++# endif ++ + /* see tls_srp.c */ +-__owur int SSL_SRP_CTX_init(SSL *s); +-__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); ++int SSL_SRP_CTX_init(SSL *s); ++int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); + int SSL_SRP_CTX_free(SSL *ctx); + int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx); +-__owur int SSL_srp_server_param_with_username(SSL *s, int *ad); +-__owur int SRP_Calc_A_param(SSL *s); ++int SSL_srp_server_param_with_username(SSL *s, int *ad); ++int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key); ++int SRP_Calc_A_param(SSL *s); ++int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); + + # endif + +-/* 100k max cert list */ +-# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 ++# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) ++# define SSL_MAX_CERT_LIST_DEFAULT 1024*30 ++ /* 30k max cert list :-) */ ++# else ++# define SSL_MAX_CERT_LIST_DEFAULT 1024*100 ++ /* 100k max cert list :-) */ ++# endif + + # define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +@@ -562,13 +895,296 @@ __owur int SRP_Calc_A_param(SSL *s); + * otherwise the SSL handshake will fail with an error - callbacks can do + * this using the 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in +- * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32 +- * bytes. The callback can alter this length to be less if desired. It is +- * also an error for the callback to set the size to zero. ++ * is set at the maximum size the session ID can be. In SSLv2 this is 16 ++ * bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback can alter this ++ * length to be less if desired, but under SSLv2 session IDs are supposed to ++ * be fixed at 16 bytes so the id will be padded after the callback returns ++ * in this case. It is also an error for the callback to set the size to ++ * zero. + */ + typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, + unsigned int *id_len); + ++typedef struct ssl_comp_st SSL_COMP; ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++struct ssl_comp_st { ++ int id; ++ const char *name; ++# ifndef OPENSSL_NO_COMP ++ COMP_METHOD *method; ++# else ++ char *method; ++# endif ++}; ++ ++DECLARE_STACK_OF(SSL_COMP) ++DECLARE_LHASH_OF(SSL_SESSION); ++ ++struct ssl_ctx_st { ++ const SSL_METHOD *method; ++ STACK_OF(SSL_CIPHER) *cipher_list; ++ /* same as above but sorted for lookup */ ++ STACK_OF(SSL_CIPHER) *cipher_list_by_id; ++ struct x509_store_st /* X509_STORE */ *cert_store; ++ LHASH_OF(SSL_SESSION) *sessions; ++ /* ++ * Most session-ids that will be cached, default is ++ * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. ++ */ ++ unsigned long session_cache_size; ++ struct ssl_session_st *session_cache_head; ++ struct ssl_session_st *session_cache_tail; ++ /* ++ * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, ++ * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which ++ * means only SSL_accept which cache SSL_SESSIONS. ++ */ ++ int session_cache_mode; ++ /* ++ * If timeout is not 0, it is the default timeout value set when ++ * SSL_new() is called. This has been put in to make life easier to set ++ * things up ++ */ ++ long session_timeout; ++ /* ++ * If this callback is not null, it will be called each time a session id ++ * is added to the cache. If this function returns 1, it means that the ++ * callback will do a SSL_SESSION_free() when it has finished using it. ++ * Otherwise, on 0, it means the callback has finished with it. If ++ * remove_session_cb is not null, it will be called when a session-id is ++ * removed from the cache. After the call, OpenSSL will ++ * SSL_SESSION_free() it. ++ */ ++ int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); ++ void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); ++ SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, ++ unsigned char *data, int len, int *copy); ++ struct { ++ int sess_connect; /* SSL new conn - started */ ++ int sess_connect_renegotiate; /* SSL reneg - requested */ ++ int sess_connect_good; /* SSL new conne/reneg - finished */ ++ int sess_accept; /* SSL new accept - started */ ++ int sess_accept_renegotiate; /* SSL reneg - requested */ ++ int sess_accept_good; /* SSL accept/reneg - finished */ ++ int sess_miss; /* session lookup misses */ ++ int sess_timeout; /* reuse attempt on timeouted session */ ++ int sess_cache_full; /* session removed due to full cache */ ++ int sess_hit; /* session reuse actually done */ ++ int sess_cb_hit; /* session-id that was not in the cache was ++ * passed back via the callback. This ++ * indicates that the application is ++ * supplying session-id's from other ++ * processes - spooky :-) */ ++ } stats; ++ ++ int references; ++ ++ /* if defined, these override the X509_verify_cert() calls */ ++ int (*app_verify_callback) (X509_STORE_CTX *, void *); ++ void *app_verify_arg; ++ /* ++ * before OpenSSL 0.9.7, 'app_verify_arg' was ignored ++ * ('app_verify_callback' was called with just one argument) ++ */ ++ ++ /* Default password callback. */ ++ pem_password_cb *default_passwd_callback; ++ ++ /* Default password callback user data. */ ++ void *default_passwd_callback_userdata; ++ ++ /* get client cert callback */ ++ int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); ++ ++ /* cookie generate callback */ ++ int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, ++ unsigned int *cookie_len); ++ ++ /* verify cookie callback */ ++ int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, ++ unsigned int cookie_len); ++ ++ CRYPTO_EX_DATA ex_data; ++ ++ const EVP_MD *rsa_md5; /* For SSLv2 - name is 'ssl2-md5' */ ++ const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ ++ const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ ++ ++ STACK_OF(X509) *extra_certs; ++ STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ ++ ++ /* Default values used when no per-SSL value is defined follow */ ++ ++ /* used if SSL's info_callback is NULL */ ++ void (*info_callback) (const SSL *ssl, int type, int val); ++ ++ /* what we put in client cert requests */ ++ STACK_OF(X509_NAME) *client_CA; ++ ++ /* ++ * Default values to use in SSL structures follow (these are copied by ++ * SSL_new) ++ */ ++ ++ unsigned long options; ++ unsigned long mode; ++ long max_cert_list; ++ ++ struct cert_st /* CERT */ *cert; ++ int read_ahead; ++ ++ /* callback that allows applications to peek at protocol messages */ ++ void (*msg_callback) (int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, void *arg); ++ void *msg_callback_arg; ++ ++ int verify_mode; ++ unsigned int sid_ctx_length; ++ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; ++ /* called 'verify_callback' in the SSL */ ++ int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); ++ ++ /* Default generate session ID callback. */ ++ GEN_SESSION_CB generate_session_id; ++ ++ X509_VERIFY_PARAM *param; ++ ++# if 0 ++ int purpose; /* Purpose setting */ ++ int trust; /* Trust setting */ ++# endif ++ ++ int quiet_shutdown; ++ ++ /* ++ * Maximum amount of data to send in one fragment. actual record size can ++ * be more than this due to padding and MAC overheads. ++ */ ++ unsigned int max_send_fragment; ++ ++# ifndef OPENSSL_NO_ENGINE ++ /* ++ * Engine to pass requests for client certs to ++ */ ++ ENGINE *client_cert_engine; ++# endif ++ ++# ifndef OPENSSL_NO_TLSEXT ++ /* TLS extensions servername callback */ ++ int (*tlsext_servername_callback) (SSL *, int *, void *); ++ void *tlsext_servername_arg; ++ /* RFC 4507 session ticket keys */ ++ unsigned char tlsext_tick_key_name[16]; ++ unsigned char tlsext_tick_hmac_key[16]; ++ unsigned char tlsext_tick_aes_key[16]; ++ /* Callback to support customisation of ticket key setting */ ++ int (*tlsext_ticket_key_cb) (SSL *ssl, ++ unsigned char *name, unsigned char *iv, ++ EVP_CIPHER_CTX *ectx, ++ HMAC_CTX *hctx, int enc); ++ ++ /* certificate status request info */ ++ /* Callback for status request */ ++ int (*tlsext_status_cb) (SSL *ssl, void *arg); ++ void *tlsext_status_arg; ++ ++ /* draft-rescorla-tls-opaque-prf-input-00.txt information */ ++ int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, ++ size_t len, void *arg); ++ void *tlsext_opaque_prf_input_callback_arg; ++# endif ++ ++# ifndef OPENSSL_NO_PSK ++ char *psk_identity_hint; ++ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, ++ char *identity, ++ unsigned int max_identity_len, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++# endif ++ ++# ifndef OPENSSL_NO_BUF_FREELISTS ++# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 ++ unsigned int freelist_max_len; ++ struct ssl3_buf_freelist_st *wbuf_freelist; ++ struct ssl3_buf_freelist_st *rbuf_freelist; ++# endif ++# ifndef OPENSSL_NO_SRP ++ SRP_CTX srp_ctx; /* ctx for SRP authentication */ ++# endif ++ ++# ifndef OPENSSL_NO_TLSEXT ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* Next protocol negotiation information */ ++ /* (for experimental NPN extension). */ ++ ++ /* ++ * For a server, this contains a callback function by which the set of ++ * advertised protocols can be provided. ++ */ ++ int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, ++ unsigned int *len, void *arg); ++ void *next_protos_advertised_cb_arg; ++ /* ++ * For a client, this contains a callback function that selects the next ++ * protocol from the list provided by the server. ++ */ ++ int (*next_proto_select_cb) (SSL *s, unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, void *arg); ++ void *next_proto_select_cb_arg; ++# endif ++ /* SRTP profiles we are willing to do from RFC 5764 */ ++ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; ++ ++ /* ++ * ALPN information (we are in the process of transitioning from NPN to ++ * ALPN.) ++ */ ++ ++ /*- ++ * For a server, this contains a callback function that allows the ++ * server to select the protocol for the connection. ++ * out: on successful return, this must point to the raw protocol ++ * name (without the length prefix). ++ * outlen: on successful return, this contains the length of |*out|. ++ * in: points to the client's list of supported protocols in ++ * wire-format. ++ * inlen: the length of |in|. ++ */ ++ int (*alpn_select_cb) (SSL *s, ++ const unsigned char **out, ++ unsigned char *outlen, ++ const unsigned char *in, ++ unsigned int inlen, void *arg); ++ void *alpn_select_cb_arg; ++ ++ /* ++ * For a client, this contains the list of supported protocols in wire ++ * format. ++ */ ++ unsigned char *alpn_client_proto_list; ++ unsigned alpn_client_proto_list_len; ++ ++# ifndef OPENSSL_NO_EC ++ /* EC extension values inherited by SSL structure */ ++ size_t tlsext_ecpointformatlist_length; ++ unsigned char *tlsext_ecpointformatlist; ++ size_t tlsext_ellipticcurvelist_length; ++ unsigned char *tlsext_ellipticcurvelist; ++# endif /* OPENSSL_NO_EC */ ++# endif ++}; ++ ++# endif ++ + # define SSL_SESS_CACHE_OFF 0x0000 + # define SSL_SESS_CACHE_CLIENT 0x0001 + # define SSL_SESS_CACHE_SERVER 0x0002 +@@ -621,11 +1237,11 @@ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx, + void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb) (struct ssl_st + *ssl, +- const unsigned char ++ unsigned char + *data, int len, + int *copy)); + SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl, +- const unsigned char *data, ++ unsigned char *Data, + int len, int *copy); + void SSL_CTX_set_info_callback(SSL_CTX *ctx, + void (*cb) (const SSL *ssl, int type, +@@ -638,7 +1254,7 @@ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509, + EVP_PKEY **pkey); + # ifndef OPENSSL_NO_ENGINE +-__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); ++int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e); + # endif + void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb) (SSL *ssl, +@@ -648,7 +1264,7 @@ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + *cookie_len)); + void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb) (SSL *ssl, +- const unsigned char ++ unsigned char + *cookie, + unsigned int + cookie_len)); +@@ -670,19 +1286,21 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned *len); + # endif + +-__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, ++# ifndef OPENSSL_NO_TLSEXT ++int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, + const unsigned char *client, + unsigned int client_len); ++# endif + + # define OPENSSL_NPN_UNSUPPORTED 0 + # define OPENSSL_NPN_NEGOTIATED 1 + # define OPENSSL_NPN_NO_OVERLAP 2 + +-__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, +- unsigned int protos_len); +-__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, +- unsigned int protos_len); ++int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, ++ unsigned protos_len); ++int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, ++ unsigned protos_len); + void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + int (*cb) (SSL *ssl, + const unsigned char **out, +@@ -691,7 +1309,7 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + unsigned int inlen, + void *arg), void *arg); + void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, +- unsigned int *len); ++ unsigned *len); + + # ifndef OPENSSL_NO_PSK + /* +@@ -758,51 +1376,319 @@ void SSL_set_psk_server_callback(SSL *ssl, + unsigned + int + max_psk_len)); +-__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); +-__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); ++int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint); ++int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint); + const char *SSL_get_psk_identity_hint(const SSL *s); + const char *SSL_get_psk_identity(const SSL *s); + # endif + ++# ifndef OPENSSL_NO_TLSEXT + /* Register callbacks to handle custom TLS Extensions for client or server. */ + +-__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, +- unsigned int ext_type); +- +-__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, ++int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +-__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, ++int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, + custom_ext_add_cb add_cb, + custom_ext_free_cb free_cb, + void *add_arg, + custom_ext_parse_cb parse_cb, + void *parse_arg); + +-__owur int SSL_extension_supported(unsigned int ext_type); ++int SSL_extension_supported(unsigned int ext_type); ++ ++# endif + +-# define SSL_NOTHING 1 +-# define SSL_WRITING 2 +-# define SSL_READING 3 +-# define SSL_X509_LOOKUP 4 +-# define SSL_ASYNC_PAUSED 5 +-# define SSL_ASYNC_NO_JOBS 6 ++# define SSL_NOTHING 1 ++# define SSL_WRITING 2 ++# define SSL_READING 3 ++# define SSL_X509_LOOKUP 4 + + /* These will only be used when doing non-blocking IO */ + # define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) + # define SSL_want_read(s) (SSL_want(s) == SSL_READING) + # define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) + # define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) +-# define SSL_want_async(s) (SSL_want(s) == SSL_ASYNC_PAUSED) +-# define SSL_want_async_job(s) (SSL_want(s) == SSL_ASYNC_NO_JOBS) + + # define SSL_MAC_FLAG_READ_MAC_STREAM 1 + # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++struct ssl_st { ++ /* ++ * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, ++ * DTLS1_VERSION) ++ */ ++ int version; ++ /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ ++ int type; ++ /* SSLv3 */ ++ const SSL_METHOD *method; ++ /* ++ * There are 2 BIO's even though they are normally both the same. This ++ * is so data can be read and written to different handlers ++ */ ++# ifndef OPENSSL_NO_BIO ++ /* used by SSL_read */ ++ BIO *rbio; ++ /* used by SSL_write */ ++ BIO *wbio; ++ /* used during session-id reuse to concatenate messages */ ++ BIO *bbio; ++# else ++ /* used by SSL_read */ ++ char *rbio; ++ /* used by SSL_write */ ++ char *wbio; ++ char *bbio; ++# endif ++ /* ++ * This holds a variable that indicates what we were doing when a 0 or -1 ++ * is returned. This is needed for non-blocking IO so we know what ++ * request needs re-doing when in SSL_accept or SSL_connect ++ */ ++ int rwstate; ++ /* true when we are actually in SSL_accept() or SSL_connect() */ ++ int in_handshake; ++ int (*handshake_func) (SSL *); ++ /* ++ * Imagine that here's a boolean member "init" that is switched as soon ++ * as SSL_set_{accept/connect}_state is called for the first time, so ++ * that "state" and "handshake_func" are properly initialized. But as ++ * handshake_func is == 0 until then, we use this test instead of an ++ * "init" member. ++ */ ++ /* are we the server side? - mostly used by SSL_clear */ ++ int server; ++ /* ++ * Generate a new session or reuse an old one. ++ * NB: For servers, the 'new' session may actually be a previously ++ * cached session or even the previous session unless ++ * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set ++ */ ++ int new_session; ++ /* don't send shutdown packets */ ++ int quiet_shutdown; ++ /* we have shut things down, 0x01 sent, 0x02 for received */ ++ int shutdown; ++ /* where we are */ ++ int state; ++ /* where we are when reading */ ++ int rstate; ++ BUF_MEM *init_buf; /* buffer used during init */ ++ void *init_msg; /* pointer to handshake message body, set by ++ * ssl3_get_message() */ ++ int init_num; /* amount read/written */ ++ int init_off; /* amount read/written */ ++ /* used internally to point at a raw packet */ ++ unsigned char *packet; ++ unsigned int packet_length; ++ struct ssl2_state_st *s2; /* SSLv2 variables */ ++ struct ssl3_state_st *s3; /* SSLv3 variables */ ++ struct dtls1_state_st *d1; /* DTLSv1 variables */ ++ int read_ahead; /* Read as many input bytes as possible (for ++ * non-blocking reads) */ ++ /* callback that allows applications to peek at protocol messages */ ++ void (*msg_callback) (int write_p, int version, int content_type, ++ const void *buf, size_t len, SSL *ssl, void *arg); ++ void *msg_callback_arg; ++ int hit; /* reusing a previous session */ ++ X509_VERIFY_PARAM *param; ++# if 0 ++ int purpose; /* Purpose setting */ ++ int trust; /* Trust setting */ ++# endif ++ /* crypto */ ++ STACK_OF(SSL_CIPHER) *cipher_list; ++ STACK_OF(SSL_CIPHER) *cipher_list_by_id; ++ /* ++ * These are the ones being used, the ones in SSL_SESSION are the ones to ++ * be 'copied' into these ones ++ */ ++ int mac_flags; ++ EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ ++ EVP_MD_CTX *read_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP ++ COMP_CTX *expand; /* uncompress */ ++# else ++ char *expand; ++# endif ++ EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ ++ EVP_MD_CTX *write_hash; /* used for mac generation */ ++# ifndef OPENSSL_NO_COMP ++ COMP_CTX *compress; /* compression */ ++# else ++ char *compress; ++# endif ++ /* session info */ ++ /* client cert? */ ++ /* This is used to hold the server certificate used */ ++ struct cert_st /* CERT */ *cert; ++ /* ++ * the session_id_context is used to ensure sessions are only reused in ++ * the appropriate context ++ */ ++ unsigned int sid_ctx_length; ++ unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; ++ /* This can also be in the session once a session is established */ ++ SSL_SESSION *session; ++ /* Default generate session ID callback. */ ++ GEN_SESSION_CB generate_session_id; ++ /* Used in SSL2 and SSL3 */ ++ /* ++ * 0 don't care about verify failure. ++ * 1 fail if verify fails ++ */ ++ int verify_mode; ++ /* fail if callback returns 0 */ ++ int (*verify_callback) (int ok, X509_STORE_CTX *ctx); ++ /* optional informational callback */ ++ void (*info_callback) (const SSL *ssl, int type, int val); ++ /* error bytes to be written */ ++ int error; ++ /* actual code */ ++ int error_code; ++# ifndef OPENSSL_NO_KRB5 ++ /* Kerberos 5 context */ ++ KSSL_CTX *kssl_ctx; ++# endif /* OPENSSL_NO_KRB5 */ ++# ifndef OPENSSL_NO_PSK ++ unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, ++ char *identity, ++ unsigned int max_identity_len, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++ unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, ++ unsigned char *psk, ++ unsigned int max_psk_len); ++# endif ++ SSL_CTX *ctx; ++ /* ++ * set this flag to 1 and a sleep(1) is put into all SSL_read() and ++ * SSL_write() calls, good for nbio debuging :-) ++ */ ++ int debug; ++ /* extra application data */ ++ long verify_result; ++ CRYPTO_EX_DATA ex_data; ++ /* for server side, keep the list of CA_dn we can use */ ++ STACK_OF(X509_NAME) *client_CA; ++ int references; ++ /* protocol behaviour */ ++ unsigned long options; ++ /* API behaviour */ ++ unsigned long mode; ++ long max_cert_list; ++ int first_packet; ++ /* what was passed, used for SSLv3/TLS rollback check */ ++ int client_version; ++ unsigned int max_send_fragment; ++# ifndef OPENSSL_NO_TLSEXT ++ /* TLS extension debug callback */ ++ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, ++ unsigned char *data, int len, void *arg); ++ void *tlsext_debug_arg; ++ char *tlsext_hostname; ++ /*- ++ * no further mod of servername ++ * 0 : call the servername extension callback. ++ * 1 : prepare 2, allow last ack just after in server callback. ++ * 2 : don't call servername callback, no ack in server hello ++ */ ++ int servername_done; ++ /* certificate status request info */ ++ /* Status type or -1 if no status type */ ++ int tlsext_status_type; ++ /* Expect OCSP CertificateStatus message */ ++ int tlsext_status_expected; ++ /* OCSP status request only */ ++ STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; ++ X509_EXTENSIONS *tlsext_ocsp_exts; ++ /* OCSP response received or to be sent */ ++ unsigned char *tlsext_ocsp_resp; ++ int tlsext_ocsp_resplen; ++ /* RFC4507 session ticket expected to be received or sent */ ++ int tlsext_ticket_expected; ++# ifndef OPENSSL_NO_EC ++ size_t tlsext_ecpointformatlist_length; ++ /* our list */ ++ unsigned char *tlsext_ecpointformatlist; ++ size_t tlsext_ellipticcurvelist_length; ++ /* our list */ ++ unsigned char *tlsext_ellipticcurvelist; ++# endif /* OPENSSL_NO_EC */ ++ /* ++ * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for ++ * handshakes ++ */ ++ void *tlsext_opaque_prf_input; ++ size_t tlsext_opaque_prf_input_len; ++ /* TLS Session Ticket extension override */ ++ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; ++ /* TLS Session Ticket extension callback */ ++ tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; ++ void *tls_session_ticket_ext_cb_arg; ++ /* TLS pre-shared secret session resumption */ ++ tls_session_secret_cb_fn tls_session_secret_cb; ++ void *tls_session_secret_cb_arg; ++ SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* ++ * Next protocol negotiation. For the client, this is the protocol that ++ * we sent in NextProtocol and is set when handling ServerHello ++ * extensions. For a server, this is the client's selected_protocol from ++ * NextProtocol and is set when handling the NextProtocol message, before ++ * the Finished message. ++ */ ++ unsigned char *next_proto_negotiated; ++ unsigned char next_proto_negotiated_len; ++# endif ++# define session_ctx initial_ctx ++ /* What we'll do */ ++ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; ++ /* What's been chosen */ ++ SRTP_PROTECTION_PROFILE *srtp_profile; ++ /*- ++ * Is use of the Heartbeat extension negotiated? ++ * 0: disabled ++ * 1: enabled ++ * 2: enabled, but not allowed to send Requests ++ */ ++ unsigned int tlsext_heartbeat; ++ /* Indicates if a HeartbeatRequest is in flight */ ++ unsigned int tlsext_hb_pending; ++ /* HeartbeatRequest sequence number */ ++ unsigned int tlsext_hb_seq; ++# else ++# define session_ctx ctx ++# endif /* OPENSSL_NO_TLSEXT */ ++ /*- ++ * 1 if we are renegotiating. ++ * 2 if we are a server and are inside a handshake ++ * (i.e. not just sending a HelloRequest) ++ */ ++ int renegotiate; ++# ifndef OPENSSL_NO_SRP ++ /* ctx for SRP authentication */ ++ SRP_CTX srp_ctx; ++# endif ++# ifndef OPENSSL_NO_TLSEXT ++ /* ++ * For a client, this contains the list of supported protocols in wire ++ * format. ++ */ ++ unsigned char *alpn_client_proto_list; ++ unsigned alpn_client_proto_list_len; ++# endif /* OPENSSL_NO_TLSEXT */ ++}; ++ ++# endif ++ + #ifdef __cplusplus + } + #endif +@@ -811,19 +1697,13 @@ __owur int SSL_extension_supported(unsigned int ext_type); + # include + # include /* This is mostly sslv3 with a few tweaks */ + # include /* Datagram TLS */ ++# include + # include /* Support for the use_srtp extension */ + + #ifdef __cplusplus + extern "C" { + #endif + +-/* +- * These need to be after the above set of includes due to a compiler bug +- * in VisualStudio 2015 +- */ +-DEFINE_STACK_OF_CONST(SSL_CIPHER) +-DEFINE_STACK_OF(SSL_COMP) +- + /* compatibility */ + # define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) + # define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +@@ -831,73 +1711,23 @@ DEFINE_STACK_OF(SSL_COMP) + # define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) + # define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) + # define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) +-DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug)) +- + + /* +- * The valid handshake states (one for each type message sent and one for each +- * type of message received). There are also two "special" states: +- * TLS = TLS or DTLS state +- * DTLS = DTLS specific state +- * CR/SR = Client Read/Server Read +- * CW/SW = Client Write/Server Write +- * +- * The "special" states are: +- * TLS_ST_BEFORE = No handshake has been initiated yet +- * TLS_ST_OK = A handshake has been successfully completed +- */ +-typedef enum { +- TLS_ST_BEFORE, +- TLS_ST_OK, +- DTLS_ST_CR_HELLO_VERIFY_REQUEST, +- TLS_ST_CR_SRVR_HELLO, +- TLS_ST_CR_CERT, +- TLS_ST_CR_CERT_STATUS, +- TLS_ST_CR_KEY_EXCH, +- TLS_ST_CR_CERT_REQ, +- TLS_ST_CR_SRVR_DONE, +- TLS_ST_CR_SESSION_TICKET, +- TLS_ST_CR_CHANGE, +- TLS_ST_CR_FINISHED, +- TLS_ST_CW_CLNT_HELLO, +- TLS_ST_CW_CERT, +- TLS_ST_CW_KEY_EXCH, +- TLS_ST_CW_CERT_VRFY, +- TLS_ST_CW_CHANGE, +- TLS_ST_CW_NEXT_PROTO, +- TLS_ST_CW_FINISHED, +- TLS_ST_SW_HELLO_REQ, +- TLS_ST_SR_CLNT_HELLO, +- DTLS_ST_SW_HELLO_VERIFY_REQUEST, +- TLS_ST_SW_SRVR_HELLO, +- TLS_ST_SW_CERT, +- TLS_ST_SW_KEY_EXCH, +- TLS_ST_SW_CERT_REQ, +- TLS_ST_SW_SRVR_DONE, +- TLS_ST_SR_CERT, +- TLS_ST_SR_KEY_EXCH, +- TLS_ST_SR_CERT_VRFY, +- TLS_ST_SR_NEXT_PROTO, +- TLS_ST_SR_CHANGE, +- TLS_ST_SR_FINISHED, +- TLS_ST_SW_SESSION_TICKET, +- TLS_ST_SW_CERT_STATUS, +- TLS_ST_SW_CHANGE, +- TLS_ST_SW_FINISHED +-} OSSL_HANDSHAKE_STATE; +- +-/* +- * Most of the following state values are no longer used and are defined to be +- * the closest equivalent value in the current state machine code. Not all +- * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT +- * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP, +- * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT. ++ * The following are the possible values for ssl->state are are used to ++ * indicate where we are up to in the SSL connection establishment. The ++ * macros that follow are about the only things you should need to use and ++ * even then, only when using non-blocking IO. It can also be useful to work ++ * out where you were when the connection failed + */ + + # define SSL_ST_CONNECT 0x1000 + # define SSL_ST_ACCEPT 0x2000 +- + # define SSL_ST_MASK 0x0FFF ++# define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) ++# define SSL_ST_BEFORE 0x4000 ++# define SSL_ST_OK 0x03 ++# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) ++# define SSL_ST_ERR 0x05 + + # define SSL_CB_LOOP 0x01 + # define SSL_CB_EXIT 0x02 +@@ -914,15 +1744,16 @@ typedef enum { + # define SSL_CB_HANDSHAKE_DONE 0x20 + + /* Is the SSL_connection established? */ +-# define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) +-# define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) +-int SSL_in_init(SSL *s); +-int SSL_in_before(SSL *s); +-int SSL_is_init_finished(SSL *s); ++# define SSL_get_state(a) SSL_state(a) ++# define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK) ++# define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT) ++# define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE) ++# define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT) ++# define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT) + + /* +- * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you +- * should not need these ++ * The following 2 states are kept in ssl->rstate when reads fail, you should ++ * not need these + */ + # define SSL_ST_READ_HEADER 0xF0 + # define SSL_ST_READ_BODY 0xF1 +@@ -947,10 +1778,16 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + # define SSL_VERIFY_CLIENT_ONCE 0x04 + + # define OpenSSL_add_ssl_algorithms() SSL_library_init() +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define SSLeay_add_ssl_algorithms() SSL_library_init() ++# define SSLeay_add_ssl_algorithms() SSL_library_init() ++ ++/* this is for backward compatibility */ ++# if 0 /* NEW_SSLEAY */ ++# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) ++# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) ++# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) ++# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) ++# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) + # endif +- + /* More backward compatibility */ + # define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +@@ -1018,7 +1855,6 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + # define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY + /* fatal */ + # define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK +-# define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL + # define SSL_ERROR_NONE 0 + # define SSL_ERROR_SSL 1 + # define SSL_ERROR_WANT_READ 2 +@@ -1029,11 +1865,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + # define SSL_ERROR_ZERO_RETURN 6 + # define SSL_ERROR_WANT_CONNECT 7 + # define SSL_ERROR_WANT_ACCEPT 8 +-# define SSL_ERROR_WANT_ASYNC 9 +-# define SSL_ERROR_WANT_ASYNC_JOB 10 ++# define SSL_CTRL_NEED_TMP_RSA 1 ++# define SSL_CTRL_SET_TMP_RSA 2 + # define SSL_CTRL_SET_TMP_DH 3 + # define SSL_CTRL_SET_TMP_ECDH 4 ++# define SSL_CTRL_SET_TMP_RSA_CB 5 + # define SSL_CTRL_SET_TMP_DH_CB 6 ++# define SSL_CTRL_SET_TMP_ECDH_CB 7 ++# define SSL_CTRL_GET_SESSION_REUSED 8 + # define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 + # define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 + # define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +@@ -1057,6 +1896,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + # define SSL_CTRL_SESS_MISSES 29 + # define SSL_CTRL_SESS_TIMEOUTS 30 + # define SSL_CTRL_SESS_CACHE_FULL 31 ++# define SSL_CTRL_OPTIONS 32 + # define SSL_CTRL_MODE 33 + # define SSL_CTRL_GET_READ_AHEAD 40 + # define SSL_CTRL_SET_READ_AHEAD 41 +@@ -1068,43 +1908,46 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + # define SSL_CTRL_SET_MAX_CERT_LIST 51 + # define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 + /* see tls1.h for macros based on these */ +-# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +-# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +-# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +-# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +-# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +-# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +-# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +-/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +-# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +-# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +-# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +-# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +-# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +-# define SSL_CTRL_SET_SRP_ARG 78 +-# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +-# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +-# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +-# ifndef OPENSSL_NO_HEARTBEATS +-# define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT 85 +-# define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING 86 +-# define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS 87 +-# endif ++# ifndef OPENSSL_NO_TLSEXT ++# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 ++# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 ++# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 ++# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 ++# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 ++# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 ++# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 ++# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 ++# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 ++# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 ++# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 ++# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 ++# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 ++# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 ++# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 ++# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 ++# define SSL_CTRL_SET_SRP_ARG 78 ++# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 ++# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 ++# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 ++# ifndef OPENSSL_NO_HEARTBEATS ++# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 ++# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 ++# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 ++# endif ++# endif /* OPENSSL_NO_TLSEXT */ + # define DTLS_CTRL_GET_TIMEOUT 73 + # define DTLS_CTRL_HANDLE_TIMEOUT 74 ++# define DTLS_CTRL_LISTEN 75 + # define SSL_CTRL_GET_RI_SUPPORT 76 ++# define SSL_CTRL_CLEAR_OPTIONS 77 + # define SSL_CTRL_CLEAR_MODE 78 +-# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB 79 + # define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 + # define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 + # define SSL_CTRL_CHAIN 88 +@@ -1113,6 +1956,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + # define SSL_CTRL_SET_CURVES 91 + # define SSL_CTRL_SET_CURVES_LIST 92 + # define SSL_CTRL_GET_SHARED_CURVE 93 ++# define SSL_CTRL_SET_ECDH_AUTO 94 + # define SSL_CTRL_SET_SIGALGS 97 + # define SSL_CTRL_SET_SIGALGS_LIST 98 + # define SSL_CTRL_CERT_FLAGS 99 +@@ -1131,17 +1975,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + # define SSL_CTRL_GET_CHAIN_CERTS 115 + # define SSL_CTRL_SELECT_CURRENT_CERT 116 + # define SSL_CTRL_SET_CURRENT_CERT 117 +-# define SSL_CTRL_SET_DH_AUTO 118 ++# define SSL_CTRL_CHECK_PROTO_VERSION 119 + # define DTLS_CTRL_SET_LINK_MTU 120 + # define DTLS_CTRL_GET_LINK_MIN_MTU 121 +-# define SSL_CTRL_GET_EXTMS_SUPPORT 122 +-# define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +-# define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +-# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT 125 +-# define SSL_CTRL_SET_MAX_PIPELINES 126 +-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +-# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 + # define SSL_CERT_SET_FIRST 1 + # define SSL_CERT_SET_NEXT 2 + # define SSL_CERT_SET_SERVER 3 +@@ -1149,20 +1985,28 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) + # define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) ++# define DTLSv1_listen(ssl, peer) \ ++ SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) ++# define SSL_session_reused(ssl) \ ++ SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) + # define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) + # define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) + # define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) ++# define SSL_CTX_need_tmp_RSA(ctx) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) ++# define SSL_CTX_set_tmp_rsa(ctx,rsa) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) + # define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + # define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +-# define SSL_CTX_set_dh_auto(ctx, onoff) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +-# define SSL_set_dh_auto(s, onoff) \ +- SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) ++# define SSL_need_tmp_RSA(ssl) \ ++ SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) ++# define SSL_set_tmp_rsa(ssl,rsa) \ ++ SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) + # define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) + # define SSL_set_tmp_ecdh(ssl,ecdh) \ +@@ -1239,6 +2083,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + SSL_ctrl(ctx,SSL_CTRL_SET_CURVES_LIST,0,(char *)s) + # define SSL_get_shared_curve(s, n) \ + SSL_ctrl(s,SSL_CTRL_GET_SHARED_CURVE,n,NULL) ++# define SSL_CTX_set_ecdh_auto(ctx, onoff) \ ++ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) ++# define SSL_set_ecdh_auto(s, onoff) \ ++ SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) + # define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)slist) + # define SSL_CTX_set1_sigalgs_list(ctx, s) \ +@@ -1266,187 +2114,153 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) + # define SSL_get_server_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) + # define SSL_get0_raw_cipherlist(s, plst) \ +- SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) ++ SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,(char *)plst) + # define SSL_get0_ec_point_formats(s, plst) \ +- SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) +-#define SSL_CTX_set_min_proto_version(ctx, version) \ +- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +-#define SSL_CTX_set_max_proto_version(ctx, version) \ +- SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +-#define SSL_set_min_proto_version(s, version) \ +- SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL) +-#define SSL_set_max_proto_version(s, version) \ +- SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL) +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-/* Provide some compatibility macros for removed functionality. */ +-# define SSL_CTX_need_tmp_RSA(ctx) 0 +-# define SSL_CTX_set_tmp_rsa(ctx,rsa) 1 +-# define SSL_need_tmp_RSA(ssl) 0 +-# define SSL_set_tmp_rsa(ssl,rsa) 1 +-# define SSL_CTX_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +-# define SSL_set_ecdh_auto(dummy, onoff) ((onoff) != 0) +-/* +- * We "pretend" to call the callback to avoid warnings about unused static +- * functions. +- */ +-# define SSL_CTX_set_tmp_rsa_callback(ctx, cb) while(0) (cb)(NULL, 0, 0) +-# define SSL_set_tmp_rsa_callback(ssl, cb) while(0) (cb)(NULL, 0, 0) +-#endif +- +-__owur const BIO_METHOD *BIO_f_ssl(void); +-__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +-__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +-__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +-__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from); ++ SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,(char *)plst) ++# ifndef OPENSSL_NO_BIO ++BIO_METHOD *BIO_f_ssl(void); ++BIO *BIO_new_ssl(SSL_CTX *ctx, int client); ++BIO *BIO_new_ssl_connect(SSL_CTX *ctx); ++BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); ++int BIO_ssl_copy_session_id(BIO *to, BIO *from); + void BIO_ssl_shutdown(BIO *ssl_bio); + +-__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +-__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +-int SSL_CTX_up_ref(SSL_CTX *ctx); ++# endif ++ ++int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); ++SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); + void SSL_CTX_free(SSL_CTX *); +-__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +-__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx); +-__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); ++long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); ++long SSL_CTX_get_timeout(const SSL_CTX *ctx); ++X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); + void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +-__owur int SSL_want(const SSL *s); +-__owur int SSL_clear(SSL *s); ++int SSL_want(const SSL *s); ++int SSL_clear(SSL *s); + + void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +-__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +-__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +-__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c); +-__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); +-__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +-__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +-__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +-__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c); +- +-__owur int SSL_get_fd(const SSL *s); +-__owur int SSL_get_rfd(const SSL *s); +-__owur int SSL_get_wfd(const SSL *s); +-__owur const char *SSL_get_cipher_list(const SSL *s, int n); +-__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +-__owur int SSL_get_read_ahead(const SSL *s); +-__owur int SSL_pending(const SSL *s); +-__owur int SSL_has_pending(const SSL *s); ++const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); ++int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); ++char *SSL_CIPHER_get_version(const SSL_CIPHER *c); ++const char *SSL_CIPHER_get_name(const SSL_CIPHER *c); ++unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); ++ ++int SSL_get_fd(const SSL *s); ++int SSL_get_rfd(const SSL *s); ++int SSL_get_wfd(const SSL *s); ++const char *SSL_get_cipher_list(const SSL *s, int n); ++char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len); ++int SSL_get_read_ahead(const SSL *s); ++int SSL_pending(const SSL *s); + # ifndef OPENSSL_NO_SOCK +-__owur int SSL_set_fd(SSL *s, int fd); +-__owur int SSL_set_rfd(SSL *s, int fd); +-__owur int SSL_set_wfd(SSL *s, int fd); ++int SSL_set_fd(SSL *s, int fd); ++int SSL_set_rfd(SSL *s, int fd); ++int SSL_set_wfd(SSL *s, int fd); + # endif +-void SSL_set0_rbio(SSL *s, BIO *rbio); +-void SSL_set0_wbio(SSL *s, BIO *wbio); ++# ifndef OPENSSL_NO_BIO + void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +-__owur BIO *SSL_get_rbio(const SSL *s); +-__owur BIO *SSL_get_wbio(const SSL *s); +-__owur int SSL_set_cipher_list(SSL *s, const char *str); ++BIO *SSL_get_rbio(const SSL *s); ++BIO *SSL_get_wbio(const SSL *s); ++# endif ++int SSL_set_cipher_list(SSL *s, const char *str); + void SSL_set_read_ahead(SSL *s, int yes); +-__owur int SSL_get_verify_mode(const SSL *s); +-__owur int SSL_get_verify_depth(const SSL *s); +-__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s); +-void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback); ++int SSL_get_verify_mode(const SSL *s); ++int SSL_get_verify_depth(const SSL *s); ++int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *); ++void SSL_set_verify(SSL *s, int mode, ++ int (*callback) (int ok, X509_STORE_CTX *ctx)); + void SSL_set_verify_depth(SSL *s, int depth); + void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg); + # ifndef OPENSSL_NO_RSA +-__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +-__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); ++int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); + # endif +-__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +-__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, ++int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); ++int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); ++int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, + long len); +-__owur int SSL_use_certificate(SSL *ssl, X509 *x); +-__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); ++int SSL_use_certificate(SSL *ssl, X509 *x); ++int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); + ++# ifndef OPENSSL_NO_TLSEXT + /* Set serverinfo data for the current active cert. */ +-__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, ++int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, + size_t serverinfo_length); +-__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); +- +-#ifndef OPENSSL_NO_RSA +-__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +-#endif ++# ifndef OPENSSL_NO_STDIO ++int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); ++# endif /* NO_STDIO */ + +-__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +-__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type); ++# endif + +-#ifndef OPENSSL_NO_RSA +-__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +-#endif +-__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +-__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); ++# ifndef OPENSSL_NO_STDIO ++int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); ++int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); ++int SSL_use_certificate_file(SSL *ssl, const char *file, int type); ++int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); ++int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); ++int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); + /* PEM type */ +-__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +-__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +-__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +-__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, ++int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); ++STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); ++int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); ++# ifndef OPENSSL_SYS_VMS ++/* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ ++# ifndef OPENSSL_SYS_MACINTOSH_CLASSIC + int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); ++# endif ++# endif + +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define SSL_load_error_strings() \ +- OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \ +- | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL) +-#endif ++# endif + +-__owur const char *SSL_state_string(const SSL *s); +-__owur const char *SSL_rstate_string(const SSL *s); +-__owur const char *SSL_state_string_long(const SSL *s); +-__owur const char *SSL_rstate_string_long(const SSL *s); +-__owur long SSL_SESSION_get_time(const SSL_SESSION *s); +-__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t); +-__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s); +-__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +-__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +-__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s); +-__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s); +-__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s); +-__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +-void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick, +- size_t *len); +-__owur int SSL_copy_session_id(SSL *to, const SSL *from); +-__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +-__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, ++void SSL_load_error_strings(void); ++const char *SSL_state_string(const SSL *s); ++const char *SSL_rstate_string(const SSL *s); ++const char *SSL_state_string_long(const SSL *s); ++const char *SSL_rstate_string_long(const SSL *s); ++long SSL_SESSION_get_time(const SSL_SESSION *s); ++long SSL_SESSION_set_time(SSL_SESSION *s, long t); ++long SSL_SESSION_get_timeout(const SSL_SESSION *s); ++long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); ++void SSL_copy_session_id(SSL *to, const SSL *from); ++X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); ++int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); +-__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, +- unsigned int sid_len); + +-__owur SSL_SESSION *SSL_SESSION_new(void); ++SSL_SESSION *SSL_SESSION_new(void); + const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, + unsigned int *len); +-const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s, +- unsigned int *len); +-__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); +-# ifndef OPENSSL_NO_STDIO ++unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); ++# ifndef OPENSSL_NO_FP_API + int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); + # endif ++# ifndef OPENSSL_NO_BIO + int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +-int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); +-int SSL_SESSION_up_ref(SSL_SESSION *ses); ++# endif + void SSL_SESSION_free(SSL_SESSION *ses); +-__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +-__owur int SSL_set_session(SSL *to, SSL_SESSION *session); +-__owur int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); ++int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); ++int SSL_set_session(SSL *to, SSL_SESSION *session); ++int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); + int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); +-__owur int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +-__owur int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); +-__owur int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, ++int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); ++int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); ++int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, + unsigned int id_len); + SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + + # ifdef HEADER_X509_H +-__owur X509 *SSL_get_peer_certificate(const SSL *s); ++X509 *SSL_get_peer_certificate(const SSL *s); + # endif + +-__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); ++STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +-__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +-__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +-__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx); +-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback); ++int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); ++int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); ++int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, ++ X509_STORE_CTX *); ++void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, ++ int (*callback) (int, X509_STORE_CTX *)); + void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + int (*cb) (X509_STORE_CTX *, void *), +@@ -1454,76 +2268,40 @@ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, + void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), + void *arg); + # ifndef OPENSSL_NO_RSA +-__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +-__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, +- long len); ++int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); + # endif +-__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +-__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, ++int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, ++ long len); ++int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); ++int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, + const unsigned char *d, long len); +-__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +-__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, ++int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); ++int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, + const unsigned char *d); + + void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); + void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +-pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +-void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +-void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb); +-void SSL_set_default_passwd_cb_userdata(SSL *s, void *u); +-pem_password_cb *SSL_get_default_passwd_cb(SSL *s); +-void *SSL_get_default_passwd_cb_userdata(SSL *s); + +-__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx); +-__owur int SSL_check_private_key(const SSL *ctx); ++int SSL_CTX_check_private_key(const SSL_CTX *ctx); ++int SSL_check_private_key(const SSL *ctx); + +-__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, ++int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + + SSL *SSL_new(SSL_CTX *ctx); +-int SSL_up_ref(SSL *s); +-int SSL_is_dtls(const SSL *s); +-__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, ++int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, + unsigned int sid_ctx_len); + +-__owur int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); +-__owur int SSL_set_purpose(SSL *s, int purpose); +-__owur int SSL_CTX_set_trust(SSL_CTX *s, int trust); +-__owur int SSL_set_trust(SSL *s, int trust); +- +-__owur int SSL_set1_host(SSL *s, const char *hostname); +-__owur int SSL_add1_host(SSL *s, const char *hostname); +-__owur const char *SSL_get0_peername(SSL *s); +-void SSL_set_hostflags(SSL *s, unsigned int flags); +- +-__owur int SSL_CTX_dane_enable(SSL_CTX *ctx); +-__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, +- uint8_t mtype, uint8_t ord); +-__owur int SSL_dane_enable(SSL *s, const char *basedomain); +-__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector, +- uint8_t mtype, unsigned char *data, size_t dlen); +-__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki); +-__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector, +- uint8_t *mtype, unsigned const char **data, +- size_t *dlen); +-/* +- * Bridge opacity barrier between libcrypt and libssl, also needed to support +- * offline testing in test/danetest.c +- */ +-SSL_DANE *SSL_get0_dane(SSL *ssl); +-/* +- * DANE flags +- */ +-unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags); +-unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags); +-unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags); +-unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags); ++int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); ++int SSL_set_purpose(SSL *s, int purpose); ++int SSL_CTX_set_trust(SSL_CTX *s, int trust); ++int SSL_set_trust(SSL *s, int trust); + +-__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +-__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); ++int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); ++int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +-__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +-__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); ++X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); ++X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); + + # ifndef OPENSSL_NO_SRP + int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name); +@@ -1542,187 +2320,161 @@ int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, + int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, + const char *grp); + +-__owur BIGNUM *SSL_get_srp_g(SSL *s); +-__owur BIGNUM *SSL_get_srp_N(SSL *s); ++BIGNUM *SSL_get_srp_g(SSL *s); ++BIGNUM *SSL_get_srp_N(SSL *s); + +-__owur char *SSL_get_srp_username(SSL *s); +-__owur char *SSL_get_srp_userinfo(SSL *s); ++char *SSL_get_srp_username(SSL *s); ++char *SSL_get_srp_userinfo(SSL *s); + # endif + + void SSL_certs_clear(SSL *s); + void SSL_free(SSL *ssl); +-# ifdef OSSL_ASYNC_FD +-/* +- * Windows application developer has to include windows.h to use these. +- */ +-__owur int SSL_waiting_for_async(SSL *s); +-__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds); +-__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, +- size_t *numaddfds, OSSL_ASYNC_FD *delfd, +- size_t *numdelfds); +-# endif +-__owur int SSL_accept(SSL *ssl); +-__owur int SSL_connect(SSL *ssl); +-__owur int SSL_read(SSL *ssl, void *buf, int num); +-__owur int SSL_peek(SSL *ssl, void *buf, int num); +-__owur int SSL_write(SSL *ssl, const void *buf, int num); ++int SSL_accept(SSL *ssl); ++int SSL_connect(SSL *ssl); ++int SSL_read(SSL *ssl, void *buf, int num); ++int SSL_peek(SSL *ssl, void *buf, int num); ++int SSL_write(SSL *ssl, const void *buf, int num); + long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); + long SSL_callback_ctrl(SSL *, int, void (*)(void)); + long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); + long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +-__owur int SSL_get_error(const SSL *s, int ret_code); +-__owur const char *SSL_get_version(const SSL *s); ++int SSL_get_error(const SSL *s, int ret_code); ++const char *SSL_get_version(const SSL *s); + + /* This sets the 'default' SSL version that SSL_new() will create */ +-__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); ++int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); ++ ++# ifndef OPENSSL_NO_SSL2_METHOD ++const SSL_METHOD *SSLv2_method(void); /* SSLv2 */ ++const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */ ++const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */ ++# endif + + # ifndef OPENSSL_NO_SSL3_METHOD +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void)) /* SSLv3 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void)) /* SSLv3 */ ++const SSL_METHOD *SSLv3_method(void); /* SSLv3 */ ++const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ ++const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ + # endif + +-#define SSLv23_method TLS_method +-#define SSLv23_server_method TLS_server_method +-#define SSLv23_client_method TLS_client_method ++const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS ++ * version */ ++const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available ++ * SSL/TLS version */ ++const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available ++ * SSL/TLS version */ + +-/* Negotiate highest available SSL/TLS version */ +-__owur const SSL_METHOD *TLS_method(void); +-__owur const SSL_METHOD *TLS_server_method(void); +-__owur const SSL_METHOD *TLS_client_method(void); ++const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ ++const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ ++const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ + +-# ifndef OPENSSL_NO_TLS1_METHOD +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void)) /* TLSv1.0 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void)) /* TLSv1.0 */ +-# endif +- +-# ifndef OPENSSL_NO_TLS1_1_METHOD +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void)) /* TLSv1.1 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void)) /* TLSv1.1 */ +-# endif ++const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ ++const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ ++const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ + +-# ifndef OPENSSL_NO_TLS1_2_METHOD +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void)) /* TLSv1.2 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void)) /* TLSv1.2 */ +-# endif ++const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ ++const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ ++const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ + +-# ifndef OPENSSL_NO_DTLS1_METHOD +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void)) /* DTLSv1.0 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void)) /* DTLSv1.0 */ +-# endif ++const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ ++const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ ++const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ + +-# ifndef OPENSSL_NO_DTLS1_2_METHOD +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void)) /* DTLSv1.2 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void)) /* DTLSv1.2 */ +-DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void)) /* DTLSv1.2 */ +-#endif ++const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ ++const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ ++const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ + +-__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ +-__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ +-__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ ++const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */ ++const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ ++const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ + +-__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +-__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +-__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +-__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); ++STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); + +-__owur int SSL_do_handshake(SSL *s); ++int SSL_do_handshake(SSL *s); + int SSL_renegotiate(SSL *s); +-__owur int SSL_renegotiate_abbreviated(SSL *s); +-__owur int SSL_renegotiate_pending(SSL *s); ++int SSL_renegotiate_abbreviated(SSL *s); ++int SSL_renegotiate_pending(SSL *s); + int SSL_shutdown(SSL *s); + +-__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); +-__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s); +-__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +-__owur const char *SSL_alert_type_string_long(int value); +-__owur const char *SSL_alert_type_string(int value); +-__owur const char *SSL_alert_desc_string_long(int value); +-__owur const char *SSL_alert_desc_string(int value); ++const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx); ++const SSL_METHOD *SSL_get_ssl_method(SSL *s); ++int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); ++const char *SSL_alert_type_string_long(int value); ++const char *SSL_alert_type_string(int value); ++const char *SSL_alert_desc_string_long(int value); ++const char *SSL_alert_desc_string(int value); + + void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); + void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +-__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +-__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +-__owur int SSL_add_client_CA(SSL *ssl, X509 *x); +-__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); ++STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); ++STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); ++int SSL_add_client_CA(SSL *ssl, X509 *x); ++int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + + void SSL_set_connect_state(SSL *s); + void SSL_set_accept_state(SSL *s); + +-__owur long SSL_get_default_timeout(const SSL *s); ++long SSL_get_default_timeout(const SSL *s); + +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define SSL_library_init() OPENSSL_init_ssl(0, NULL) +-#endif ++int SSL_library_init(void); + +-__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +-__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); ++char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); ++STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); + +-__owur SSL *SSL_dup(SSL *ssl); ++SSL *SSL_dup(SSL *ssl); + +-__owur X509 *SSL_get_certificate(const SSL *ssl); ++X509 *SSL_get_certificate(const SSL *ssl); + /* + * EVP_PKEY + */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +-__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +-__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); ++X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); ++EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); + + void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +-__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); ++int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); + void SSL_set_quiet_shutdown(SSL *ssl, int mode); +-__owur int SSL_get_quiet_shutdown(const SSL *ssl); ++int SSL_get_quiet_shutdown(const SSL *ssl); + void SSL_set_shutdown(SSL *ssl, int mode); +-__owur int SSL_get_shutdown(const SSL *ssl); +-__owur int SSL_version(const SSL *ssl); +-__owur int SSL_client_version(const SSL *s); +-__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +-__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx); +-__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx); +-__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, ++int SSL_get_shutdown(const SSL *ssl); ++int SSL_version(const SSL *ssl); ++int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); ++int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); + # define SSL_get0_session SSL_get_session/* just peek at pointer */ +-__owur SSL_SESSION *SSL_get_session(const SSL *ssl); +-__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +-__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); ++SSL_SESSION *SSL_get_session(const SSL *ssl); ++SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ ++SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); + SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx); + void SSL_set_info_callback(SSL *ssl, + void (*cb) (const SSL *ssl, int type, int val)); + void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type, + int val); +-__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl); ++int SSL_state(const SSL *ssl); ++void SSL_set_state(SSL *ssl, int state); + + void SSL_set_verify_result(SSL *ssl, long v); +-__owur long SSL_get_verify_result(const SSL *ssl); +-__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); +- +-__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, +- size_t outlen); +-__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, +- size_t outlen); +-__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl, +- unsigned char *out, size_t outlen); +- +-#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef) +-__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); ++long SSL_get_verify_result(const SSL *ssl); ++ ++int SSL_set_ex_data(SSL *ssl, int idx, void *data); + void *SSL_get_ex_data(const SSL *ssl, int idx); +-#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef) +-__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); ++int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); ++ ++int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); + void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +-#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef) +-__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); ++int SSL_SESSION_get_ex_new_index(long argl, void *argp, ++ CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++ ++int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); + void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); ++int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); + +-__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); ++int SSL_get_ex_data_X509_STORE_CTX_idx(void); + + # define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +@@ -1752,20 +2504,18 @@ __owur int SSL_get_ex_data_X509_STORE_CTX_idx(void); + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) + # define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +-# define SSL_CTX_set_split_send_fragment(ctx,m) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +-# define SSL_set_split_send_fragment(ssl,m) \ +- SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL) +-# define SSL_CTX_set_max_pipelines(ctx,m) \ +- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +-# define SSL_set_max_pipelines(ssl,m) \ +- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL) +- +-void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len); +-void SSL_set_default_read_buffer_len(SSL *s, size_t len); + ++ /* NB: the keylength is only applicable when is_export is true */ ++# ifndef OPENSSL_NO_RSA ++void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, ++ RSA *(*cb) (SSL *ssl, int is_export, ++ int keylength)); ++ ++void SSL_set_tmp_rsa_callback(SSL *ssl, ++ RSA *(*cb) (SSL *ssl, int is_export, ++ int keylength)); ++# endif + # ifndef OPENSSL_NO_DH +-/* NB: the |keylength| is only applicable when is_export is true */ + void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); +@@ -1773,336 +2523,192 @@ void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh) (SSL *ssl, int is_export, + int keylength)); + # endif ++# ifndef OPENSSL_NO_ECDH ++void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, ++ EC_KEY *(*ecdh) (SSL *ssl, int is_export, ++ int keylength)); ++void SSL_set_tmp_ecdh_callback(SSL *ssl, ++ EC_KEY *(*ecdh) (SSL *ssl, int is_export, ++ int keylength)); ++# endif + +-__owur const COMP_METHOD *SSL_get_current_compression(SSL *s); +-__owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); +-__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); +-__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp); +-__owur int SSL_COMP_get_id(const SSL_COMP *comp); ++const COMP_METHOD *SSL_get_current_compression(SSL *s); ++const COMP_METHOD *SSL_get_current_expansion(SSL *s); ++const char *SSL_COMP_get_name(const COMP_METHOD *comp); + STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); +-__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) ++STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths); +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define SSL_COMP_free_compression_methods() while(0) continue +-#endif +-__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); ++void SSL_COMP_free_compression_methods(void); ++int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + + const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +-int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +-int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); + + /* TLS extensions functions */ +-__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); ++int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +-__owur int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, ++int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, + void *arg); + + /* Pre-shared secret session resumption functions */ +-__owur int SSL_set_session_secret_cb(SSL *s, ++int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn tls_session_secret_cb, + void *arg); + +-void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, +- int (*cb) (SSL *ssl, +- int +- is_forward_secure)); +- +-void SSL_set_not_resumable_session_callback(SSL *ssl, +- int (*cb) (SSL *ssl, +- int +- is_forward_secure)); +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define SSL_cache_hit(s) SSL_session_reused(s) +-# endif +- +-__owur int SSL_session_reused(SSL *s); +-__owur int SSL_is_server(SSL *s); ++void SSL_set_debug(SSL *s, int debug); ++int SSL_cache_hit(SSL *s); ++int SSL_is_server(SSL *s); + +-__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void); ++SSL_CONF_CTX *SSL_CONF_CTX_new(void); + int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx); + void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx); + unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags); +-__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); +-__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); ++unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags); ++int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre); + + void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl); + void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx); + +-__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); +-__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); +-__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); +- +-void SSL_add_ssl_module(void); +-int SSL_config(SSL *s, const char *name); +-int SSL_CTX_config(SSL_CTX *ctx, const char *name); ++int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value); ++int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv); ++int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd); + + # ifndef OPENSSL_NO_SSL_TRACE + void SSL_trace(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); +-__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); ++const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c); + # endif + +-# ifndef OPENSSL_NO_SOCK +-int DTLSv1_listen(SSL *s, BIO_ADDR *client); +-# endif +- +-# ifndef OPENSSL_NO_CT +- +-/* +- * A callback for verifying that the received SCTs are sufficient. +- * Expected to return 1 if they are sufficient, otherwise 0. +- * May return a negative integer if an error occurs. +- * A connection should be aborted if the SCTs are deemed insufficient. +- */ +-typedef int(*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx, +- const STACK_OF(SCT) *scts, void *arg); +- +-/* +- * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate +- * the received SCTs. +- * If the callback returns a non-positive result, the connection is terminated. +- * Call this function before beginning a handshake. +- * If a NULL |callback| is provided, SCT validation is disabled. +- * |arg| is arbitrary userdata that will be passed to the callback whenever it +- * is invoked. Ownership of |arg| remains with the caller. +- * +- * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response +- * will be requested. +- */ +-int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback, +- void *arg); +-int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx, +- ssl_ct_validation_cb callback, +- void *arg); +-#define SSL_disable_ct(s) \ +- ((void) SSL_set_validation_callback((s), NULL, NULL)) +-#define SSL_CTX_disable_ct(ctx) \ +- ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL)) +- +-/* +- * The validation type enumerates the available behaviours of the built-in SSL +- * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct(). +- * The underlying callback is a static function in libssl. +- */ +-enum { +- SSL_CT_VALIDATION_PERMISSIVE = 0, +- SSL_CT_VALIDATION_STRICT +-}; +- +-/* +- * Enable CT by setting up a callback that implements one of the built-in +- * validation variants. The SSL_CT_VALIDATION_PERMISSIVE variant always +- * continues the handshake, the application can make appropriate decisions at +- * handshake completion. The SSL_CT_VALIDATION_STRICT variant requires at +- * least one valid SCT, or else handshake termination will be requested. The +- * handshake may continue anyway if SSL_VERIFY_NONE is in effect. +- */ +-int SSL_enable_ct(SSL *s, int validation_mode); +-int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode); +- +-/* +- * Report whether a non-NULL callback is enabled. +- */ +-int SSL_ct_is_enabled(const SSL *s); +-int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx); +- +-/* Gets the SCTs received from a connection */ +-const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s); +- +-/* +- * Loads the CT log list from the default location. +- * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, +- * the log information loaded from this file will be appended to the +- * CTLOG_STORE. +- * Returns 1 on success, 0 otherwise. +- */ +-int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx); +- +-/* +- * Loads the CT log list from the specified file path. +- * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store, +- * the log information loaded from this file will be appended to the +- * CTLOG_STORE. +- * Returns 1 on success, 0 otherwise. +- */ +-int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path); +- +-/* +- * Sets the CT log list used by all SSL connections created from this SSL_CTX. +- * Ownership of the CTLOG_STORE is transferred to the SSL_CTX. +- */ +-void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs); +- +-/* +- * Gets the CT log list used by all SSL connections created from this SSL_CTX. +- * This will be NULL unless one of the following functions has been called: +- * - SSL_CTX_set_default_ctlog_list_file +- * - SSL_CTX_set_ctlog_list_file +- * - SSL_CTX_set_ctlog_store +- */ +-const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx); +- +-# endif /* OPENSSL_NO_CT */ +- +-/* What the "other" parameter contains in security callback */ +-/* Mask for type */ +-# define SSL_SECOP_OTHER_TYPE 0xffff0000 +-# define SSL_SECOP_OTHER_NONE 0 +-# define SSL_SECOP_OTHER_CIPHER (1 << 16) +-# define SSL_SECOP_OTHER_CURVE (2 << 16) +-# define SSL_SECOP_OTHER_DH (3 << 16) +-# define SSL_SECOP_OTHER_PKEY (4 << 16) +-# define SSL_SECOP_OTHER_SIGALG (5 << 16) +-# define SSL_SECOP_OTHER_CERT (6 << 16) +- +-/* Indicated operation refers to peer key or certificate */ +-# define SSL_SECOP_PEER 0x1000 +- +-/* Values for "op" parameter in security callback */ +- +-/* Called to filter ciphers */ +-/* Ciphers client supports */ +-# define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +-/* Cipher shared by client/server */ +-# define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +-/* Sanity check of cipher server selects */ +-# define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +-/* Curves supported by client */ +-# define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +-/* Curves shared by client/server */ +-# define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +-/* Sanity check of curve server selects */ +-# define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +-/* Temporary DH key */ +-# define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_PKEY) +-/* SSL/TLS version */ +-# define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +-/* Session tickets */ +-# define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +-/* Supported signature algorithms sent to peer */ +-# define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +-/* Shared signature algorithm */ +-# define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +-/* Sanity check signature algorithm allowed */ +-# define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +-/* Used to get mask of supported public key signature algorithms */ +-# define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +-/* Use to see if compression is allowed */ +-# define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +-/* EE key in certificate */ +-# define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +-/* CA key in certificate */ +-# define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +-/* CA digest algorithm in certificate */ +-# define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +-/* Peer EE key in certificate */ +-# define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +-/* Peer CA key in certificate */ +-# define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +-/* Peer CA digest algorithm in certificate */ +-# define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) +- +-void SSL_set_security_level(SSL *s, int level); +-__owur int SSL_get_security_level(const SSL *s); +-void SSL_set_security_callback(SSL *s, +- int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, +- int bits, int nid, void *other, +- void *ex)); +-int (*SSL_get_security_callback(const SSL *s)) (const SSL *s, const SSL_CTX *ctx, int op, +- int bits, int nid, +- void *other, void *ex); +-void SSL_set0_security_ex_data(SSL *s, void *ex); +-__owur void *SSL_get0_security_ex_data(const SSL *s); +- +-void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +-__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx); +-void SSL_CTX_set_security_callback(SSL_CTX *ctx, +- int (*cb) (const SSL *s, const SSL_CTX *ctx, int op, +- int bits, int nid, void *other, +- void *ex)); +-int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s, +- const SSL_CTX *ctx, +- int op, int bits, +- int nid, +- void *other, +- void *ex); +-void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex); +-__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx); +- +-/* OPENSSL_INIT flag 0x010000 reserved for internal use */ +-#define OPENSSL_INIT_NO_LOAD_SSL_STRINGS 0x00100000L +-#define OPENSSL_INIT_LOAD_SSL_STRINGS 0x00200000L +- +-#define OPENSSL_INIT_SSL_DEFAULT \ +- (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS) +- +-int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); +- + # ifndef OPENSSL_NO_UNIT_TEST +-__owur const struct openssl_ssl_test_functions *SSL_test_functions(void); ++const struct openssl_ssl_test_functions *SSL_test_functions(void); + # endif + +-extern const char SSL_version_str[]; +- + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_SSL_strings(void); ++void ERR_load_SSL_strings(void); + + /* Error codes for the SSL functions. */ + + /* Function codes. */ + # define SSL_F_CHECK_SUITEB_CIPHER_LIST 331 +-# define SSL_F_CT_MOVE_SCTS 345 +-# define SSL_F_CT_STRICT 349 ++# define SSL_F_CLIENT_CERTIFICATE 100 ++# define SSL_F_CLIENT_FINISHED 167 ++# define SSL_F_CLIENT_HELLO 101 ++# define SSL_F_CLIENT_MASTER_KEY 102 + # define SSL_F_D2I_SSL_SESSION 103 +-# define SSL_F_DANE_CTX_ENABLE 347 +-# define SSL_F_DANE_MTYPE_SET 393 +-# define SSL_F_DANE_TLSA_ADD 394 + # define SSL_F_DO_DTLS1_WRITE 245 + # define SSL_F_DO_SSL3_WRITE 104 ++# define SSL_F_DTLS1_ACCEPT 246 ++# define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 + # define SSL_F_DTLS1_BUFFER_RECORD 247 +-# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 318 ++# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 ++# define SSL_F_DTLS1_CLIENT_HELLO 248 ++# define SSL_F_DTLS1_CONNECT 249 ++# define SSL_F_DTLS1_ENC 250 ++# define SSL_F_DTLS1_GET_HELLO_VERIFY 251 ++# define SSL_F_DTLS1_GET_MESSAGE 252 ++# define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 ++# define SSL_F_DTLS1_GET_RECORD 254 ++# define SSL_F_DTLS1_HANDLE_TIMEOUT 297 + # define SSL_F_DTLS1_HEARTBEAT 305 ++# define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 + # define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 + # define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS 424 ++# define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 + # define SSL_F_DTLS1_PROCESS_RECORD 257 + # define SSL_F_DTLS1_READ_BYTES 258 +-# define SSL_F_DTLS1_READ_FAILED 339 +-# define SSL_F_DTLS1_RETRANSMIT_MESSAGE 390 ++# define SSL_F_DTLS1_READ_FAILED 259 ++# define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 ++# define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 ++# define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 ++# define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 ++# define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 ++# define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 ++# define SSL_F_DTLS1_SEND_SERVER_HELLO 266 ++# define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 + # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +-# define SSL_F_DTLSV1_LISTEN 350 +-# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC 371 +-# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 +-# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 +-# define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +-# define SSL_F_OPENSSL_INIT_SSL 342 +-# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION 417 +-# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION 418 +-# define SSL_F_READ_STATE_MACHINE 352 ++# define SSL_F_GET_CLIENT_FINISHED 105 ++# define SSL_F_GET_CLIENT_HELLO 106 ++# define SSL_F_GET_CLIENT_MASTER_KEY 107 ++# define SSL_F_GET_SERVER_FINISHED 108 ++# define SSL_F_GET_SERVER_HELLO 109 ++# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 ++# define SSL_F_GET_SERVER_VERIFY 110 ++# define SSL_F_I2D_SSL_SESSION 111 ++# define SSL_F_READ_N 112 ++# define SSL_F_REQUEST_CERTIFICATE 113 ++# define SSL_F_SERVER_FINISH 239 ++# define SSL_F_SERVER_HELLO 114 ++# define SSL_F_SERVER_VERIFY 240 ++# define SSL_F_SSL23_ACCEPT 115 ++# define SSL_F_SSL23_CLIENT_HELLO 116 ++# define SSL_F_SSL23_CONNECT 117 ++# define SSL_F_SSL23_GET_CLIENT_HELLO 118 ++# define SSL_F_SSL23_GET_SERVER_HELLO 119 ++# define SSL_F_SSL23_PEEK 237 ++# define SSL_F_SSL23_READ 120 ++# define SSL_F_SSL23_WRITE 121 ++# define SSL_F_SSL2_ACCEPT 122 ++# define SSL_F_SSL2_CONNECT 123 ++# define SSL_F_SSL2_ENC_INIT 124 ++# define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 ++# define SSL_F_SSL2_PEEK 234 ++# define SSL_F_SSL2_READ 125 ++# define SSL_F_SSL2_READ_INTERNAL 236 ++# define SSL_F_SSL2_SET_CERTIFICATE 126 ++# define SSL_F_SSL2_WRITE 127 ++# define SSL_F_SSL3_ACCEPT 128 ++# define SSL_F_SSL3_ADD_CERT_TO_BUF 296 ++# define SSL_F_SSL3_CALLBACK_CTRL 233 + # define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 + # define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 ++# define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 ++# define SSL_F_SSL3_CHECK_FINISHED 339 ++# define SSL_F_SSL3_CLIENT_HELLO 131 ++# define SSL_F_SSL3_CONNECT 132 + # define SSL_F_SSL3_CTRL 213 + # define SSL_F_SSL3_CTX_CTRL 133 + # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 + # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +-# define SSL_F_SSL3_FINAL_FINISH_MAC 285 ++# define SSL_F_SSL3_ENC 134 + # define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 + # define SSL_F_SSL3_GENERATE_MASTER_SECRET 388 ++# define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 ++# define SSL_F_SSL3_GET_CERT_STATUS 289 ++# define SSL_F_SSL3_GET_CERT_VERIFY 136 ++# define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 ++# define SSL_F_SSL3_GET_CLIENT_HELLO 138 ++# define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 ++# define SSL_F_SSL3_GET_FINISHED 140 ++# define SSL_F_SSL3_GET_KEY_EXCHANGE 141 ++# define SSL_F_SSL3_GET_MESSAGE 142 ++# define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 ++# define SSL_F_SSL3_GET_NEXT_PROTO 306 + # define SSL_F_SSL3_GET_RECORD 143 +-# define SSL_F_SSL3_INIT_FINISHED_MAC 397 ++# define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 ++# define SSL_F_SSL3_GET_SERVER_DONE 145 ++# define SSL_F_SSL3_GET_SERVER_HELLO 146 ++# define SSL_F_SSL3_HANDSHAKE_MAC 285 ++# define SSL_F_SSL3_NEW_SESSION_TICKET 287 + # define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 ++# define SSL_F_SSL3_PEEK 235 + # define SSL_F_SSL3_READ_BYTES 148 + # define SSL_F_SSL3_READ_N 149 ++# define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 ++# define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 ++# define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 ++# define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 ++# define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 ++# define SSL_F_SSL3_SEND_SERVER_HELLO 242 ++# define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 + # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 + # define SSL_F_SSL3_SETUP_READ_BUFFER 156 + # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 + # define SSL_F_SSL3_WRITE_BYTES 158 + # define SSL_F_SSL3_WRITE_PENDING 159 +-# define SSL_F_SSL_ADD_CERT_CHAIN 316 ++# define SSL_F_SSL_ADD_CERT_CHAIN 318 + # define SSL_F_SSL_ADD_CERT_TO_BUF 319 + # define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 + # define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +@@ -2115,10 +2721,10 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL_BAD_METHOD 160 + # define SSL_F_SSL_BUILD_CERT_CHAIN 332 + # define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +-# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT 346 + # define SSL_F_SSL_CERT_DUP 221 ++# define SSL_F_SSL_CERT_INST 222 ++# define SSL_F_SSL_CERT_INSTANTIATE 214 + # define SSL_F_SSL_CERT_NEW 162 +-# define SSL_F_SSL_CERT_SET0_CHAIN 340 + # define SSL_F_SSL_CHECK_PRIVATE_KEY 163 + # define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 + # define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +@@ -2130,17 +2736,17 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL_CREATE_CIPHER_LIST 166 + # define SSL_F_SSL_CTRL 232 + # define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +-# define SSL_F_SSL_CTX_ENABLE_CT 398 + # define SSL_F_SSL_CTX_MAKE_PROFILES 309 + # define SSL_F_SSL_CTX_NEW 169 +-# define SSL_F_SSL_CTX_SET_ALPN_PROTOS 343 + # define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 + # define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +-# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK 396 ++# define SSL_F_SSL_CTX_SET_PURPOSE 226 + # define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 + # define SSL_F_SSL_CTX_SET_SSL_VERSION 170 ++# define SSL_F_SSL_CTX_SET_TRUST 229 + # define SSL_F_SSL_CTX_USE_CERTIFICATE 171 + # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 ++# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 + # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 + # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 + # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +@@ -2151,19 +2757,15 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 + # define SSL_F_SSL_CTX_USE_SERVERINFO 336 + # define SSL_F_SSL_CTX_USE_SERVERINFO_FILE 337 +-# define SSL_F_SSL_DANE_DUP 403 +-# define SSL_F_SSL_DANE_ENABLE 395 +-# define SSL_F_SSL_DO_CONFIG 391 + # define SSL_F_SSL_DO_HANDSHAKE 180 +-# define SSL_F_SSL_DUP_CA_LIST 408 +-# define SSL_F_SSL_ENABLE_CT 402 + # define SSL_F_SSL_GET_NEW_SESSION 181 + # define SSL_F_SSL_GET_PREV_SESSION 217 + # define SSL_F_SSL_GET_SERVER_CERT_INDEX 322 ++# define SSL_F_SSL_GET_SERVER_SEND_CERT 182 ++# define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 + # define SSL_F_SSL_GET_SIGN_PKEY 183 + # define SSL_F_SSL_INIT_WBIO_BUFFER 184 + # define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +-# define SSL_F_SSL_MODULE_INIT 392 + # define SSL_F_SSL_NEW 186 + # define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 + # define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +@@ -2172,28 +2774,32 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 + # define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 + # define SSL_F_SSL_PEEK 270 ++# define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 ++# define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 + # define SSL_F_SSL_READ 223 ++# define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 ++# define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 + # define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT 320 + # define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT 321 + # define SSL_F_SSL_SESSION_DUP 348 + # define SSL_F_SSL_SESSION_NEW 189 + # define SSL_F_SSL_SESSION_PRINT_FP 190 +-# define SSL_F_SSL_SESSION_SET1_ID 423 + # define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +-# define SSL_F_SSL_SET_ALPN_PROTOS 344 ++# define SSL_F_SSL_SESS_CERT_NEW 225 + # define SSL_F_SSL_SET_CERT 191 + # define SSL_F_SSL_SET_CIPHER_LIST 271 +-# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK 399 + # define SSL_F_SSL_SET_FD 192 + # define SSL_F_SSL_SET_PKEY 193 ++# define SSL_F_SSL_SET_PURPOSE 227 + # define SSL_F_SSL_SET_RFD 194 + # define SSL_F_SSL_SET_SESSION 195 + # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 + # define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 ++# define SSL_F_SSL_SET_TRUST 228 + # define SSL_F_SSL_SET_WFD 196 + # define SSL_F_SSL_SHUTDOWN 224 + # define SSL_F_SSL_SRP_CTX_INIT 313 +-# define SSL_F_SSL_START_ASYNC_JOB 389 ++# define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 + # define SSL_F_SSL_UNDEFINED_FUNCTION 197 + # define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 + # define SSL_F_SSL_USE_CERTIFICATE 198 +@@ -2206,228 +2812,243 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL_USE_RSAPRIVATEKEY 204 + # define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 + # define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +-# define SSL_F_SSL_VALIDATE_CT 400 + # define SSL_F_SSL_VERIFY_CERT_CHAIN 207 + # define SSL_F_SSL_WRITE 208 +-# define SSL_F_STATE_MACHINE 353 + # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 ++# define SSL_F_TLS1_CERT_VERIFY_MAC 286 + # define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +-# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS 341 +-# define SSL_F_TLS1_ENC 401 ++# define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 ++# define SSL_F_TLS1_ENC 210 + # define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 + # define SSL_F_TLS1_GET_CURVELIST 338 ++# define SSL_F_TLS1_HEARTBEAT 315 ++# define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 ++# define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 + # define SSL_F_TLS1_PRF 284 + # define SSL_F_TLS1_SETUP_KEY_BLOCK 211 + # define SSL_F_TLS1_SET_SERVER_SIGALGS 335 +-# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK 354 +-# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST 372 +-# define SSL_F_TLS_CONSTRUCT_CKE_DHE 404 +-# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE 405 +-# define SSL_F_TLS_CONSTRUCT_CKE_GOST 406 +-# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE 407 +-# define SSL_F_TLS_CONSTRUCT_CKE_RSA 409 +-# define SSL_F_TLS_CONSTRUCT_CKE_SRP 410 +-# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE 355 +-# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO 356 +-# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE 357 +-# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY 358 +-# define SSL_F_TLS_CONSTRUCT_FINISHED 359 +-# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST 373 +-# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET 428 +-# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE 374 +-# define SSL_F_TLS_CONSTRUCT_SERVER_DONE 375 +-# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO 376 +-# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE 377 +-# define SSL_F_TLS_GET_MESSAGE_BODY 351 +-# define SSL_F_TLS_GET_MESSAGE_HEADER 387 +-# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO 378 +-# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE 384 +-# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE 360 +-# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST 361 +-# define SSL_F_TLS_PROCESS_CERT_STATUS 362 +-# define SSL_F_TLS_PROCESS_CERT_VERIFY 379 +-# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC 363 +-# define SSL_F_TLS_PROCESS_CKE_DHE 411 +-# define SSL_F_TLS_PROCESS_CKE_ECDHE 412 +-# define SSL_F_TLS_PROCESS_CKE_GOST 413 +-# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE 414 +-# define SSL_F_TLS_PROCESS_CKE_RSA 415 +-# define SSL_F_TLS_PROCESS_CKE_SRP 416 +-# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE 380 +-# define SSL_F_TLS_PROCESS_CLIENT_HELLO 381 +-# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE 382 +-# define SSL_F_TLS_PROCESS_FINISHED 364 +-# define SSL_F_TLS_PROCESS_KEY_EXCHANGE 365 +-# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET 366 +-# define SSL_F_TLS_PROCESS_NEXT_PROTO 383 +-# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE 367 +-# define SSL_F_TLS_PROCESS_SERVER_DONE 368 +-# define SSL_F_TLS_PROCESS_SERVER_HELLO 369 +-# define SSL_F_TLS_PROCESS_SKE_DHE 419 +-# define SSL_F_TLS_PROCESS_SKE_ECDHE 420 +-# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE 421 +-# define SSL_F_TLS_PROCESS_SKE_SRP 422 +-# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 ++# define SSL_F_WRITE_PENDING 212 + + /* Reason codes. */ + # define SSL_R_APP_DATA_IN_HANDSHAKE 100 + # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +-# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE 143 +-# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE 158 ++# define SSL_R_BAD_ALERT_RECORD 101 ++# define SSL_R_BAD_AUTHENTICATION_TYPE 102 + # define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 ++# define SSL_R_BAD_CHECKSUM 104 + # define SSL_R_BAD_DATA 390 + # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 + # define SSL_R_BAD_DECOMPRESSION 107 +-# define SSL_R_BAD_DH_VALUE 102 ++# define SSL_R_BAD_DH_G_LENGTH 108 ++# define SSL_R_BAD_DH_G_VALUE 375 ++# define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 ++# define SSL_R_BAD_DH_PUB_KEY_VALUE 393 ++# define SSL_R_BAD_DH_P_LENGTH 110 ++# define SSL_R_BAD_DH_P_VALUE 395 + # define SSL_R_BAD_DIGEST_LENGTH 111 ++# define SSL_R_BAD_DSA_SIGNATURE 112 + # define SSL_R_BAD_ECC_CERT 304 ++# define SSL_R_BAD_ECDSA_SIGNATURE 305 + # define SSL_R_BAD_ECPOINT 306 + # define SSL_R_BAD_HANDSHAKE_LENGTH 332 + # define SSL_R_BAD_HELLO_REQUEST 105 + # define SSL_R_BAD_LENGTH 271 ++# define SSL_R_BAD_MAC_DECODE 113 ++# define SSL_R_BAD_MAC_LENGTH 333 ++# define SSL_R_BAD_MESSAGE_TYPE 114 + # define SSL_R_BAD_PACKET_LENGTH 115 + # define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 ++# define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 ++# define SSL_R_BAD_RESPONSE_ARGUMENT 117 ++# define SSL_R_BAD_RSA_DECRYPT 118 + # define SSL_R_BAD_RSA_ENCRYPT 119 ++# define SSL_R_BAD_RSA_E_LENGTH 120 ++# define SSL_R_BAD_RSA_MODULUS_LENGTH 121 ++# define SSL_R_BAD_RSA_SIGNATURE 122 + # define SSL_R_BAD_SIGNATURE 123 + # define SSL_R_BAD_SRP_A_LENGTH 347 ++# define SSL_R_BAD_SRP_B_LENGTH 348 ++# define SSL_R_BAD_SRP_G_LENGTH 349 ++# define SSL_R_BAD_SRP_N_LENGTH 350 + # define SSL_R_BAD_SRP_PARAMETERS 371 ++# define SSL_R_BAD_SRP_S_LENGTH 351 + # define SSL_R_BAD_SRTP_MKI_VALUE 352 + # define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 + # define SSL_R_BAD_SSL_FILETYPE 124 ++# define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 ++# define SSL_R_BAD_STATE 126 + # define SSL_R_BAD_VALUE 384 + # define SSL_R_BAD_WRITE_RETRY 127 + # define SSL_R_BIO_NOT_SET 128 + # define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 + # define SSL_R_BN_LIB 130 + # define SSL_R_CA_DN_LENGTH_MISMATCH 131 +-# define SSL_R_CA_KEY_TOO_SMALL 397 +-# define SSL_R_CA_MD_TOO_WEAK 398 ++# define SSL_R_CA_DN_TOO_LONG 132 + # define SSL_R_CCS_RECEIVED_EARLY 133 + # define SSL_R_CERTIFICATE_VERIFY_FAILED 134 + # define SSL_R_CERT_CB_ERROR 377 + # define SSL_R_CERT_LENGTH_MISMATCH 135 ++# define SSL_R_CHALLENGE_IS_DIFFERENT 136 + # define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 + # define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 ++# define SSL_R_CIPHER_TABLE_SRC_ERROR 139 + # define SSL_R_CLIENTHELLO_TLSEXT 226 + # define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 + # define SSL_R_COMPRESSION_DISABLED 343 + # define SSL_R_COMPRESSION_FAILURE 141 + # define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 + # define SSL_R_COMPRESSION_LIBRARY_ERROR 142 ++# define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 + # define SSL_R_CONNECTION_TYPE_NOT_SET 144 +-# define SSL_R_CONTEXT_NOT_DANE_ENABLED 167 +-# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE 400 + # define SSL_R_COOKIE_MISMATCH 308 +-# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED 206 +-# define SSL_R_DANE_ALREADY_ENABLED 172 +-# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL 173 +-# define SSL_R_DANE_NOT_ENABLED 175 +-# define SSL_R_DANE_TLSA_BAD_CERTIFICATE 180 +-# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE 184 +-# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH 189 +-# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH 192 +-# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE 200 +-# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY 201 +-# define SSL_R_DANE_TLSA_BAD_SELECTOR 202 +-# define SSL_R_DANE_TLSA_NULL_DATA 203 + # define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 + # define SSL_R_DATA_LENGTH_TOO_LONG 146 + # define SSL_R_DECRYPTION_FAILED 147 + # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +-# define SSL_R_DH_KEY_TOO_SMALL 394 ++# define SSL_R_DH_KEY_TOO_SMALL 372 + # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 + # define SSL_R_DIGEST_CHECK_FAILED 149 + # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 + # define SSL_R_DUPLICATE_COMPRESSION_ID 309 ++# define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 + # define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 ++# define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 ++# define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 + # define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 +-# define SSL_R_EE_KEY_TOO_SMALL 399 ++# define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 + # define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 + # define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 ++# define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 + # define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +-# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN 204 + # define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 + # define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +-# define SSL_R_FAILED_TO_INIT_ASYNC 405 +-# define SSL_R_FRAGMENTED_CLIENT_HELLO 401 + # define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 ++# define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 ++# define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 + # define SSL_R_HTTPS_PROXY_REQUEST 155 + # define SSL_R_HTTP_REQUEST 156 ++# define SSL_R_ILLEGAL_PADDING 283 + # define SSL_R_ILLEGAL_SUITEB_DIGEST 380 + # define SSL_R_INAPPROPRIATE_FALLBACK 373 + # define SSL_R_INCONSISTENT_COMPRESSION 340 +-# define SSL_R_INCONSISTENT_EXTMS 104 ++# define SSL_R_INVALID_CHALLENGE_LENGTH 158 + # define SSL_R_INVALID_COMMAND 280 + # define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +-# define SSL_R_INVALID_CONFIGURATION_NAME 113 +-# define SSL_R_INVALID_CT_VALIDATION_TYPE 212 + # define SSL_R_INVALID_NULL_CMD_NAME 385 +-# define SSL_R_INVALID_SEQUENCE_NUMBER 402 ++# define SSL_R_INVALID_PURPOSE 278 + # define SSL_R_INVALID_SERVERINFO_DATA 388 + # define SSL_R_INVALID_SRP_USERNAME 357 + # define SSL_R_INVALID_STATUS_RESPONSE 328 + # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 ++# define SSL_R_INVALID_TRUST 279 ++# define SSL_R_KEY_ARG_TOO_LONG 284 ++# define SSL_R_KRB5 285 ++# define SSL_R_KRB5_C_CC_PRINC 286 ++# define SSL_R_KRB5_C_GET_CRED 287 ++# define SSL_R_KRB5_C_INIT 288 ++# define SSL_R_KRB5_C_MK_REQ 289 ++# define SSL_R_KRB5_S_BAD_TICKET 290 ++# define SSL_R_KRB5_S_INIT 291 ++# define SSL_R_KRB5_S_RD_REQ 292 ++# define SSL_R_KRB5_S_TKT_EXPIRED 293 ++# define SSL_R_KRB5_S_TKT_NYV 294 ++# define SSL_R_KRB5_S_TKT_SKEW 295 + # define SSL_R_LENGTH_MISMATCH 159 +-# define SSL_R_LENGTH_TOO_LONG 404 + # define SSL_R_LENGTH_TOO_SHORT 160 + # define SSL_R_LIBRARY_BUG 274 + # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 ++# define SSL_R_MESSAGE_TOO_LONG 296 ++# define SSL_R_MISSING_DH_DSA_CERT 162 ++# define SSL_R_MISSING_DH_KEY 163 ++# define SSL_R_MISSING_DH_RSA_CERT 164 + # define SSL_R_MISSING_DSA_SIGNING_CERT 165 ++# define SSL_R_MISSING_ECDH_CERT 382 + # define SSL_R_MISSING_ECDSA_SIGNING_CERT 381 ++# define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 ++# define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 + # define SSL_R_MISSING_RSA_CERTIFICATE 168 + # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 + # define SSL_R_MISSING_RSA_SIGNING_CERT 170 + # define SSL_R_MISSING_SRP_PARAM 358 + # define SSL_R_MISSING_TMP_DH_KEY 171 + # define SSL_R_MISSING_TMP_ECDH_KEY 311 ++# define SSL_R_MISSING_TMP_RSA_KEY 172 ++# define SSL_R_MISSING_TMP_RSA_PKEY 173 ++# define SSL_R_MISSING_VERIFY_MESSAGE 174 ++# define SSL_R_MULTIPLE_SGC_RESTARTS 346 ++# define SSL_R_NON_SSLV2_INITIAL_PACKET 175 + # define SSL_R_NO_CERTIFICATES_RETURNED 176 + # define SSL_R_NO_CERTIFICATE_ASSIGNED 177 ++# define SSL_R_NO_CERTIFICATE_RETURNED 178 + # define SSL_R_NO_CERTIFICATE_SET 179 ++# define SSL_R_NO_CERTIFICATE_SPECIFIED 180 + # define SSL_R_NO_CIPHERS_AVAILABLE 181 ++# define SSL_R_NO_CIPHERS_PASSED 182 + # define SSL_R_NO_CIPHERS_SPECIFIED 183 ++# define SSL_R_NO_CIPHER_LIST 184 + # define SSL_R_NO_CIPHER_MATCH 185 + # define SSL_R_NO_CLIENT_CERT_METHOD 331 ++# define SSL_R_NO_CLIENT_CERT_RECEIVED 186 + # define SSL_R_NO_COMPRESSION_SPECIFIED 187 + # define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER 330 + # define SSL_R_NO_METHOD_SPECIFIED 188 + # define SSL_R_NO_PEM_EXTENSIONS 389 ++# define SSL_R_NO_PRIVATEKEY 189 + # define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 + # define SSL_R_NO_PROTOCOLS_AVAILABLE 191 ++# define SSL_R_NO_PUBLICKEY 192 + # define SSL_R_NO_RENEGOTIATION 339 + # define SSL_R_NO_REQUIRED_DIGEST 324 + # define SSL_R_NO_SHARED_CIPHER 193 +-# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 ++# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 + # define SSL_R_NO_SRTP_PROFILES 359 +-# define SSL_R_NO_VALID_SCTS 216 +-# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 ++# define SSL_R_NO_VERIFY_CALLBACK 194 + # define SSL_R_NULL_SSL_CTX 195 + # define SSL_R_NULL_SSL_METHOD_PASSED 196 + # define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 + # define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 ++# define SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE 387 ++# define SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE 379 ++# define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 ++# define SSL_R_OPAQUE_PRF_INPUT_TOO_LONG 327 + # define SSL_R_PACKET_LENGTH_TOO_LONG 198 + # define SSL_R_PARSE_TLSEXT 227 + # define SSL_R_PATH_TOO_LONG 270 + # define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 ++# define SSL_R_PEER_ERROR 200 ++# define SSL_R_PEER_ERROR_CERTIFICATE 201 ++# define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 ++# define SSL_R_PEER_ERROR_NO_CIPHER 203 ++# define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 + # define SSL_R_PEM_NAME_BAD_PREFIX 391 + # define SSL_R_PEM_NAME_TOO_SHORT 392 +-# define SSL_R_PIPELINE_FAILURE 406 ++# define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 ++# define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 + # define SSL_R_PROTOCOL_IS_SHUTDOWN 207 + # define SSL_R_PSK_IDENTITY_NOT_FOUND 223 + # define SSL_R_PSK_NO_CLIENT_CB 224 + # define SSL_R_PSK_NO_SERVER_CB 225 ++# define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 ++# define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 ++# define SSL_R_PUBLIC_KEY_NOT_RSA 210 + # define SSL_R_READ_BIO_NOT_SET 211 + # define SSL_R_READ_TIMEOUT_EXPIRED 312 ++# define SSL_R_READ_WRONG_PACKET_TYPE 212 + # define SSL_R_RECORD_LENGTH_MISMATCH 213 ++# define SSL_R_RECORD_TOO_LARGE 214 + # define SSL_R_RECORD_TOO_SMALL 298 + # define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 + # define SSL_R_RENEGOTIATION_ENCODING_ERR 336 + # define SSL_R_RENEGOTIATION_MISMATCH 337 + # define SSL_R_REQUIRED_CIPHER_MISSING 215 +-# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING 342 ++# define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 ++# define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 ++# define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 ++# define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 + # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +-# define SSL_R_SCT_VERIFICATION_FAILED 208 + # define SSL_R_SERVERHELLO_TLSEXT 275 + # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 ++# define SSL_R_SHORT_READ 219 + # define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 + # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 + # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +@@ -2435,9 +3056,13 @@ int ERR_load_SSL_strings(void); + # define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 + # define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 + # define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 ++# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 ++# define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 ++# define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 + # define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 + # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 + # define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 ++# define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 + # define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 + # define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 + # define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +@@ -2449,20 +3074,14 @@ int ERR_load_SSL_strings(void); + # define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 + # define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 + # define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +-# define SSL_R_SSL_COMMAND_SECTION_EMPTY 117 +-# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125 + # define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 + # define SSL_R_SSL_HANDSHAKE_FAILURE 229 + # define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +-# define SSL_R_SSL_NEGATIVE_LENGTH 372 +-# define SSL_R_SSL_SECTION_EMPTY 126 +-# define SSL_R_SSL_SECTION_NOT_FOUND 136 + # define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 + # define SSL_R_SSL_SESSION_ID_CONFLICT 302 +-# define SSL_R_SSL_SESSION_ID_TOO_LONG 408 + # define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 + # define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +-# define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 ++# define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 + # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 + # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 + # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +@@ -2481,13 +3100,23 @@ int ERR_load_SSL_strings(void); + # define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 + # define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 + # define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 ++# define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 + # define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 + # define SSL_R_TLS_HEARTBEAT_PENDING 366 + # define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 + # define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 ++# define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 ++# define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 + # define SSL_R_TOO_MANY_WARN_ALERTS 409 ++# define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 ++# define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 ++# define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 ++# define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 ++# define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 + # define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 + # define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 ++# define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 ++# define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 + # define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 + # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 + # define SSL_R_UNEXPECTED_MESSAGE 244 +@@ -2498,25 +3127,28 @@ int ERR_load_SSL_strings(void); + # define SSL_R_UNKNOWN_CIPHER_RETURNED 248 + # define SSL_R_UNKNOWN_CIPHER_TYPE 249 + # define SSL_R_UNKNOWN_CMD_NAME 386 +-# define SSL_R_UNKNOWN_COMMAND 139 + # define SSL_R_UNKNOWN_DIGEST 368 + # define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 + # define SSL_R_UNKNOWN_PKEY_TYPE 251 + # define SSL_R_UNKNOWN_PROTOCOL 252 ++# define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 + # define SSL_R_UNKNOWN_SSL_VERSION 254 + # define SSL_R_UNKNOWN_STATE 255 + # define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 ++# define SSL_R_UNSUPPORTED_CIPHER 256 + # define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 ++# define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 + # define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 + # define SSL_R_UNSUPPORTED_PROTOCOL 258 + # define SSL_R_UNSUPPORTED_SSL_VERSION 259 + # define SSL_R_UNSUPPORTED_STATUS_TYPE 329 + # define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +-# define SSL_R_VERSION_TOO_HIGH 166 +-# define SSL_R_VERSION_TOO_LOW 396 ++# define SSL_R_WRITE_BIO_NOT_SET 260 + # define SSL_R_WRONG_CERTIFICATE_TYPE 383 + # define SSL_R_WRONG_CIPHER_RETURNED 261 + # define SSL_R_WRONG_CURVE 378 ++# define SSL_R_WRONG_MESSAGE_TYPE 262 ++# define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 + # define SSL_R_WRONG_SIGNATURE_LENGTH 264 + # define SSL_R_WRONG_SIGNATURE_SIZE 265 + # define SSL_R_WRONG_SIGNATURE_TYPE 370 +@@ -2525,7 +3157,7 @@ int ERR_load_SSL_strings(void); + # define SSL_R_X509_LIB 268 + # define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/ssl2.h b/Cryptlib/Include/openssl/ssl2.h +index 5321bd2..03c7dd8 100644 +--- a/Cryptlib/Include/openssl/ssl2.h ++++ b/Cryptlib/Include/openssl/ssl2.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ssl/ssl2.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_SSL2_H +@@ -14,9 +63,201 @@ + extern "C" { + #endif + ++/* Protocol Version Codes */ + # define SSL2_VERSION 0x0002 ++# define SSL2_VERSION_MAJOR 0x00 ++# define SSL2_VERSION_MINOR 0x02 ++/* #define SSL2_CLIENT_VERSION 0x0002 */ ++/* #define SSL2_SERVER_VERSION 0x0002 */ + ++/* Protocol Message Codes */ ++# define SSL2_MT_ERROR 0 + # define SSL2_MT_CLIENT_HELLO 1 ++# define SSL2_MT_CLIENT_MASTER_KEY 2 ++# define SSL2_MT_CLIENT_FINISHED 3 ++# define SSL2_MT_SERVER_HELLO 4 ++# define SSL2_MT_SERVER_VERIFY 5 ++# define SSL2_MT_SERVER_FINISHED 6 ++# define SSL2_MT_REQUEST_CERTIFICATE 7 ++# define SSL2_MT_CLIENT_CERTIFICATE 8 ++ ++/* Error Message Codes */ ++# define SSL2_PE_UNDEFINED_ERROR 0x0000 ++# define SSL2_PE_NO_CIPHER 0x0001 ++# define SSL2_PE_NO_CERTIFICATE 0x0002 ++# define SSL2_PE_BAD_CERTIFICATE 0x0004 ++# define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006 ++ ++/* Cipher Kind Values */ ++# define SSL2_CK_NULL_WITH_MD5 0x02000000/* v3 */ ++# define SSL2_CK_RC4_128_WITH_MD5 0x02010080 ++# define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080 ++# define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080 ++# define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080 ++# define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080 ++# define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040 ++# define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140/* v3 */ ++# define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0 ++# define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0/* v3 */ ++# define SSL2_CK_RC4_64_WITH_MD5 0x02080080/* MS hack */ ++ ++# define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800/* SSLeay */ ++# define SSL2_CK_NULL 0x02ff0810/* SSLeay */ ++ ++# define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1" ++# define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5" ++# define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5" ++# define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5" ++# define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5" ++# define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5" ++# define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5" ++# define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5" ++# define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA" ++# define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5" ++# define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA" ++# define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5" ++ ++# define SSL2_TXT_NULL "NULL" ++ ++/* Flags for the SSL_CIPHER.algorithm2 field */ ++# define SSL2_CF_5_BYTE_ENC 0x01 ++# define SSL2_CF_8_BYTE_ENC 0x02 ++ ++/* Certificate Type Codes */ ++# define SSL2_CT_X509_CERTIFICATE 0x01 ++ ++/* Authentication Type Code */ ++# define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01 ++ ++# define SSL2_MAX_SSL_SESSION_ID_LENGTH 32 ++ ++/* Upper/Lower Bounds */ ++# define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 ++# ifdef OPENSSL_SYS_MPE ++# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u ++# else ++# define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u ++ /* 2^15-1 */ ++# endif ++# define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383/* 2^14-1 */ ++ ++# define SSL2_CHALLENGE_LENGTH 16 ++/* ++ * #define SSL2_CHALLENGE_LENGTH 32 ++ */ ++# define SSL2_MIN_CHALLENGE_LENGTH 16 ++# define SSL2_MAX_CHALLENGE_LENGTH 32 ++# define SSL2_CONNECTION_ID_LENGTH 16 ++# define SSL2_MAX_CONNECTION_ID_LENGTH 16 ++# define SSL2_SSL_SESSION_ID_LENGTH 16 ++# define SSL2_MAX_CERT_CHALLENGE_LENGTH 32 ++# define SSL2_MIN_CERT_CHALLENGE_LENGTH 16 ++# define SSL2_MAX_KEY_MATERIAL_LENGTH 24 ++ ++# ifndef HEADER_SSL_LOCL_H ++# define CERT char ++# endif ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++typedef struct ssl2_state_st { ++ int three_byte_header; ++ int clear_text; /* clear text */ ++ int escape; /* not used in SSLv2 */ ++ int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */ ++ /* ++ * non-blocking io info, used to make sure the same args were passwd ++ */ ++ unsigned int wnum; /* number of bytes sent so far */ ++ int wpend_tot; ++ const unsigned char *wpend_buf; ++ int wpend_off; /* offset to data to write */ ++ int wpend_len; /* number of bytes passwd to write */ ++ int wpend_ret; /* number of bytes to return to caller */ ++ /* buffer raw data */ ++ int rbuf_left; ++ int rbuf_offs; ++ unsigned char *rbuf; ++ unsigned char *wbuf; ++ unsigned char *write_ptr; /* used to point to the start due to 2/3 byte ++ * header. */ ++ unsigned int padding; ++ unsigned int rlength; /* passed to ssl2_enc */ ++ int ract_data_length; /* Set when things are encrypted. */ ++ unsigned int wlength; /* passed to ssl2_enc */ ++ int wact_data_length; /* Set when things are decrypted. */ ++ unsigned char *ract_data; ++ unsigned char *wact_data; ++ unsigned char *mac_data; ++ unsigned char *read_key; ++ unsigned char *write_key; ++ /* Stuff specifically to do with this SSL session */ ++ unsigned int challenge_length; ++ unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH]; ++ unsigned int conn_id_length; ++ unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH]; ++ unsigned int key_material_length; ++ unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH * 2]; ++ unsigned long read_sequence; ++ unsigned long write_sequence; ++ struct { ++ unsigned int conn_id_length; ++ unsigned int cert_type; ++ unsigned int cert_length; ++ unsigned int csl; ++ unsigned int clear; ++ unsigned int enc; ++ unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; ++ unsigned int cipher_spec_length; ++ unsigned int session_id_length; ++ unsigned int clen; ++ unsigned int rlen; ++ } tmp; ++} SSL2_STATE; ++ ++# endif ++ ++/* SSLv2 */ ++/* client */ ++# define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT) ++# define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT) ++# define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT) ++# define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT) ++# define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT) ++/* server */ ++# define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT) ++# define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT) ++# define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT) ++# define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT) ++# define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT) + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/ssl23.h b/Cryptlib/Include/openssl/ssl23.h +new file mode 100644 +index 0000000..9de4685 +--- /dev/null ++++ b/Cryptlib/Include/openssl/ssl23.h +@@ -0,0 +1,84 @@ ++/* ssl/ssl23.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#ifndef HEADER_SSL23_H ++# define HEADER_SSL23_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ * client ++ */ ++/* write to server */ ++# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) ++# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) ++/* read from server */ ++# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) ++# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) ++ ++/* server */ ++/* read from client */ ++# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) ++# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/ssl3.h b/Cryptlib/Include/openssl/ssl3.h +index 4ca434e..e681d50 100644 +--- a/Cryptlib/Include/openssl/ssl3.h ++++ b/Cryptlib/Include/openssl/ssl3.h +@@ -1,12 +1,113 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ssl/ssl3.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by +@@ -16,7 +117,9 @@ + #ifndef HEADER_SSL3_H + # define HEADER_SSL3_H + +-# include ++# ifndef OPENSSL_NO_COMP ++# include ++# endif + # include + # include + # include +@@ -55,18 +158,18 @@ extern "C" { + # define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F + # define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +-# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA 0x03000011 +-# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA SSL3_CK_DHE_DSS_DES_40_CBC_SHA +-# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA 0x03000012 +-# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA SSL3_CK_DHE_DSS_DES_64_CBC_SHA +-# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA 0x03000013 +-# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA SSL3_CK_DHE_DSS_DES_192_CBC3_SHA +-# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA 0x03000014 +-# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA SSL3_CK_DHE_RSA_DES_40_CBC_SHA +-# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA 0x03000015 +-# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA SSL3_CK_DHE_RSA_DES_64_CBC_SHA +-# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA 0x03000016 +-# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA SSL3_CK_DHE_RSA_DES_192_CBC3_SHA ++# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 ++# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA SSL3_CK_EDH_DSS_DES_40_CBC_SHA ++# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 ++# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA SSL3_CK_EDH_DSS_DES_64_CBC_SHA ++# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 ++# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA SSL3_CK_EDH_DSS_DES_192_CBC3_SHA ++# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 ++# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA SSL3_CK_EDH_RSA_DES_40_CBC_SHA ++# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 ++# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA SSL3_CK_EDH_RSA_DES_64_CBC_SHA ++# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 ++# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA SSL3_CK_EDH_RSA_DES_192_CBC3_SHA + + # define SSL3_CK_ADH_RC4_40_MD5 0x03000017 + # define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +@@ -74,6 +177,37 @@ extern "C" { + # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A + # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + ++# if 0 ++# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C ++# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D ++# if 0 /* Because it clashes with KRB5, is never ++ * used any more, and is safe to remove ++ * according to David Hopwood ++ * of the ++ * ietf-tls list */ ++# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E ++# endif ++# endif ++ ++/* ++ * VRS Additional Kerberos5 entries ++ */ ++# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E ++# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F ++# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 ++# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 ++# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 ++# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 ++# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 ++# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 ++ ++# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 ++# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 ++# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 ++# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 ++# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A ++# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B ++ + # define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" + # define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" + # define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +@@ -117,6 +251,28 @@ extern "C" { + # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" + # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + ++# if 0 ++# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" ++# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" ++# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" ++# endif ++ ++# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" ++# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" ++# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" ++# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" ++# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" ++# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" ++# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" ++# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" ++ ++# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" ++# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" ++# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" ++# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" ++# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" ++# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" ++ + # define SSL3_SSL_SESSION_ID_LENGTH 32 + # define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +@@ -204,7 +360,7 @@ extern "C" { + # define SSL3_RT_ALERT 21 + # define SSL3_RT_HANDSHAKE 22 + # define SSL3_RT_APPLICATION_DATA 23 +-# define DTLS1_RT_HEARTBEAT 24 ++# define TLS1_RT_HEARTBEAT 24 + + /* Pseudo content types to indicate additional parameters */ + # define TLS1_RT_CRYPTO 0x1000 +@@ -242,6 +398,55 @@ extern "C" { + # define TLS1_HB_REQUEST 1 + # define TLS1_HB_RESPONSE 2 + ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++typedef struct ssl3_record_st { ++ /* type of record */ ++ /* ++ * r ++ */ int type; ++ /* How many bytes available */ ++ /* ++ * rw ++ */ unsigned int length; ++ /* read/write offset into 'buf' */ ++ /* ++ * r ++ */ unsigned int off; ++ /* pointer to the record data */ ++ /* ++ * rw ++ */ unsigned char *data; ++ /* where the decode bytes are */ ++ /* ++ * rw ++ */ unsigned char *input; ++ /* only used with decompression - malloc()ed */ ++ /* ++ * r ++ */ unsigned char *comp; ++ /* epoch number, needed by DTLS1 */ ++ /* ++ * r ++ */ unsigned long epoch; ++ /* sequence number, needed by DTLS1 */ ++ /* ++ * r ++ */ unsigned char seq_num[8]; ++} SSL3_RECORD; ++ ++typedef struct ssl3_buffer_st { ++ /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ ++ unsigned char *buf; ++ /* buffer size */ ++ size_t len; ++ /* where to 'copy from' */ ++ int offset; ++ /* how many bytes left */ ++ int left; ++} SSL3_BUFFER; ++ ++# endif + + # define SSL3_CT_RSA_SIGN 1 + # define SSL3_CT_DSS_SIGN 2 +@@ -257,20 +462,282 @@ extern "C" { + # define SSL3_CT_NUMBER 9 + + # define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +- +-/* Removed from OpenSSL 1.1.0 */ +-# define TLS1_FLAGS_TLS_PADDING_BUG 0x0 +- ++# define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 ++# define SSL3_FLAGS_POP_BUFFER 0x0004 ++# define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 + # define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 ++# define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 ++/* ++ * Set when the handshake is ready to process peer's ChangeCipherSpec message. ++ * Cleared after the message has been processed. ++ */ ++# define SSL3_FLAGS_CCS_OK 0x0080 ++ ++/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */ ++# define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 ++ ++# ifndef OPENSSL_NO_SSL_INTERN ++ ++typedef struct ssl3_state_st { ++ long flags; ++ int delay_buf_pop_ret; ++ unsigned char read_sequence[8]; ++ int read_mac_secret_size; ++ unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; ++ unsigned char write_sequence[8]; ++ int write_mac_secret_size; ++ unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; ++ unsigned char server_random[SSL3_RANDOM_SIZE]; ++ unsigned char client_random[SSL3_RANDOM_SIZE]; ++ /* flags for countermeasure against known-IV weakness */ ++ int need_empty_fragments; ++ int empty_fragment_done; ++ /* The value of 'extra' when the buffers were initialized */ ++ int init_extra; ++ SSL3_BUFFER rbuf; /* read IO goes into here */ ++ SSL3_BUFFER wbuf; /* write IO goes into here */ ++ SSL3_RECORD rrec; /* each decoded record goes in here */ ++ SSL3_RECORD wrec; /* goes out from here */ ++ /* ++ * storage for Alert/Handshake protocol data received but not yet ++ * processed by ssl3_read_bytes: ++ */ ++ unsigned char alert_fragment[2]; ++ unsigned int alert_fragment_len; ++ unsigned char handshake_fragment[4]; ++ unsigned int handshake_fragment_len; ++ /* partial write - check the numbers match */ ++ unsigned int wnum; /* number of bytes sent so far */ ++ int wpend_tot; /* number bytes written */ ++ int wpend_type; ++ int wpend_ret; /* number of bytes submitted */ ++ const unsigned char *wpend_buf; ++ /* used during startup, digest all incoming/outgoing packets */ ++ BIO *handshake_buffer; ++ /* ++ * When set of handshake digests is determined, buffer is hashed and ++ * freed and MD_CTX-es for all required digests are stored in this array ++ */ ++ EVP_MD_CTX **handshake_dgst; ++ /* ++ * Set whenever an expected ChangeCipherSpec message is processed. ++ * Unset when the peer's Finished message is received. ++ * Unexpected ChangeCipherSpec messages trigger a fatal alert. ++ */ ++ int change_cipher_spec; ++ int warn_alert; ++ int fatal_alert; ++ /* ++ * we allow one fatal and one warning alert to be outstanding, send close ++ * alert via the warning alert ++ */ ++ int alert_dispatch; ++ unsigned char send_alert[2]; ++ /* ++ * This flag is set when we should renegotiate ASAP, basically when there ++ * is no more data in the read or write buffers ++ */ ++ int renegotiate; ++ int total_renegotiations; ++ int num_renegotiations; ++ int in_read_app_data; ++ /* ++ * Opaque PRF input as used for the current handshake. These fields are ++ * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they ++ * are merely present to improve binary compatibility) ++ */ ++ void *client_opaque_prf_input; ++ size_t client_opaque_prf_input_len; ++ void *server_opaque_prf_input; ++ size_t server_opaque_prf_input_len; ++ struct { ++ /* actually only needs to be 16+20 */ ++ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; ++ /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ ++ unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; ++ int finish_md_len; ++ unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; ++ int peer_finish_md_len; ++ unsigned long message_size; ++ int message_type; ++ /* used to hold the new cipher we are going to use */ ++ const SSL_CIPHER *new_cipher; ++# ifndef OPENSSL_NO_DH ++ DH *dh; ++# endif ++# ifndef OPENSSL_NO_ECDH ++ EC_KEY *ecdh; /* holds short lived ECDH key */ ++# endif ++ /* used when SSL_ST_FLUSH_DATA is entered */ ++ int next_state; ++ int reuse_message; ++ /* used for certificate requests */ ++ int cert_req; ++ int ctype_num; ++ char ctype[SSL3_CT_NUMBER]; ++ STACK_OF(X509_NAME) *ca_names; ++ int use_rsa_tmp; ++ int key_block_length; ++ unsigned char *key_block; ++ const EVP_CIPHER *new_sym_enc; ++ const EVP_MD *new_hash; ++ int new_mac_pkey_type; ++ int new_mac_secret_size; ++# ifndef OPENSSL_NO_COMP ++ const SSL_COMP *new_compression; ++# else ++ char *new_compression; ++# endif ++ int cert_request; ++ } tmp; ++ ++ /* Connection binding to prevent renegotiation attacks */ ++ unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; ++ unsigned char previous_client_finished_len; ++ unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; ++ unsigned char previous_server_finished_len; ++ int send_connection_binding; /* TODOEKR */ ++ ++# ifndef OPENSSL_NO_NEXTPROTONEG ++ /* ++ * Set if we saw the Next Protocol Negotiation extension from our peer. ++ */ ++ int next_proto_neg_seen; ++# endif + +-/* Set if we encrypt then mac instead of usual mac then encrypt */ +-# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ 0x0100 +-# define TLS1_FLAGS_ENCRYPT_THEN_MAC TLS1_FLAGS_ENCRYPT_THEN_MAC_READ ++# ifndef OPENSSL_NO_TLSEXT ++# ifndef OPENSSL_NO_EC ++ /* ++ * This is set to true if we believe that this is a version of Safari ++ * running on OS X 10.6 or newer. We wish to know this because Safari on ++ * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. ++ */ ++ char is_probably_safari; ++# endif /* !OPENSSL_NO_EC */ ++ ++ /* ++ * ALPN information (we are in the process of transitioning from NPN to ++ * ALPN.) ++ */ ++ ++ /* ++ * In a server these point to the selected ALPN protocol after the ++ * ClientHello has been processed. In a client these contain the protocol ++ * that the server selected once the ServerHello has been processed. ++ */ ++ unsigned char *alpn_selected; ++ unsigned alpn_selected_len; ++# endif /* OPENSSL_NO_TLSEXT */ ++} SSL3_STATE; + +-/* Set if extended master secret extension received from peer */ +-# define TLS1_FLAGS_RECEIVED_EXTMS 0x0200 ++# endif + +-# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE 0x0400 ++/* SSLv3 */ ++/* ++ * client ++ */ ++/* extra state */ ++# define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) ++# ifndef OPENSSL_NO_SCTP ++# define DTLS1_SCTP_ST_CW_WRITE_SOCK (0x310|SSL_ST_CONNECT) ++# define DTLS1_SCTP_ST_CR_READ_SOCK (0x320|SSL_ST_CONNECT) ++# endif ++/* write to server */ ++# define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) ++/* read from server */ ++# define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) ++# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) ++# define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) ++# define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) ++# define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) ++/* write to server */ ++# define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) ++# define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) ++# define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) ++# define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) ++# ifndef OPENSSL_NO_NEXTPROTONEG ++# define SSL3_ST_CW_NEXT_PROTO_A (0x200|SSL_ST_CONNECT) ++# define SSL3_ST_CW_NEXT_PROTO_B (0x201|SSL_ST_CONNECT) ++# endif ++# define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) ++# define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) ++/* read from server */ ++# define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) ++# define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) ++# define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) ++ ++/* server */ ++/* extra state */ ++# define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) ++# ifndef OPENSSL_NO_SCTP ++# define DTLS1_SCTP_ST_SW_WRITE_SOCK (0x310|SSL_ST_ACCEPT) ++# define DTLS1_SCTP_ST_SR_READ_SOCK (0x320|SSL_ST_ACCEPT) ++# endif ++/* read from client */ ++/* Do not change the number values, they do matter */ ++# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CLNT_HELLO_D (0x115|SSL_ST_ACCEPT) ++/* write to client */ ++# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) ++# define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) ++/* read from client */ ++# define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) ++# ifndef OPENSSL_NO_NEXTPROTONEG ++# define SSL3_ST_SR_NEXT_PROTO_A (0x210|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_NEXT_PROTO_B (0x211|SSL_ST_ACCEPT) ++# endif ++# define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) ++# define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) ++/* write to client */ ++# define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) ++# define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) + + # define SSL3_MT_HELLO_REQUEST 0 + # define SSL3_MT_CLIENT_HELLO 1 +@@ -289,9 +756,6 @@ extern "C" { + # endif + # define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +-/* Dummy message type for handling CCS like a normal handshake message */ +-# define SSL3_MT_CHANGE_CIPHER_SPEC 0x0101 +- + # define SSL3_MT_CCS 1 + + /* These are used when changing over to a new cipher */ +diff --git a/Cryptlib/Include/openssl/stack.h b/Cryptlib/Include/openssl/stack.h +index 23ad3b8..eb07216 100644 +--- a/Cryptlib/Include/openssl/stack.h ++++ b/Cryptlib/Include/openssl/stack.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/stack/stack.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_STACK_H +@@ -14,62 +63,42 @@ + extern "C" { + #endif + +-typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */ +- +-typedef int (*OPENSSL_sk_compfunc)(const void *, const void *); +-typedef void (*OPENSSL_sk_freefunc)(void *); +-typedef void *(*OPENSSL_sk_copyfunc)(const void *); ++typedef struct stack_st { ++ int num; ++ char **data; ++ int sorted; ++ int num_alloc; ++ int (*comp) (const void *, const void *); ++} _STACK; /* Use STACK_OF(...) instead */ + +-int OPENSSL_sk_num(const OPENSSL_STACK *); +-void *OPENSSL_sk_value(const OPENSSL_STACK *, int); ++# define M_sk_num(sk) ((sk) ? (sk)->num:-1) ++# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) + +-void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data); ++int sk_num(const _STACK *); ++void *sk_value(const _STACK *, int); + +-OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp); +-OPENSSL_STACK *OPENSSL_sk_new_null(void); +-void OPENSSL_sk_free(OPENSSL_STACK *); +-void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *)); +-OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *, OPENSSL_sk_copyfunc c, OPENSSL_sk_freefunc f); +-int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where); +-void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc); +-void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p); +-int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data); +-int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data); +-int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data); +-int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data); +-void *OPENSSL_sk_shift(OPENSSL_STACK *st); +-void *OPENSSL_sk_pop(OPENSSL_STACK *st); +-void OPENSSL_sk_zero(OPENSSL_STACK *st); +-OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc cmp); +-OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st); +-void OPENSSL_sk_sort(OPENSSL_STACK *st); +-int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st); ++void *sk_set(_STACK *, int, void *); + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define _STACK OPENSSL_STACK +-# define sk_num OPENSSL_sk_num +-# define sk_value OPENSSL_sk_value +-# define sk_set OPENSSL_sk_set +-# define sk_new OPENSSL_sk_new +-# define sk_new_null OPENSSL_sk_new_null +-# define sk_free OPENSSL_sk_free +-# define sk_pop_free OPENSSL_sk_pop_free +-# define sk_deep_copy OPENSSL_sk_deep_copy +-# define sk_insert OPENSSL_sk_insert +-# define sk_delete OPENSSL_sk_delete +-# define sk_delete_ptr OPENSSL_sk_delete_ptr +-# define sk_find OPENSSL_sk_find +-# define sk_find_ex OPENSSL_sk_find_ex +-# define sk_push OPENSSL_sk_push +-# define sk_unshift OPENSSL_sk_unshift +-# define sk_shift OPENSSL_sk_shift +-# define sk_pop OPENSSL_sk_pop +-# define sk_zero OPENSSL_sk_zero +-# define sk_set_cmp_func OPENSSL_sk_set_cmp_func +-# define sk_dup OPENSSL_sk_dup +-# define sk_sort OPENSSL_sk_sort +-# define sk_is_sorted OPENSSL_sk_is_sorted +-# endif ++_STACK *sk_new(int (*cmp) (const void *, const void *)); ++_STACK *sk_new_null(void); ++void sk_free(_STACK *); ++void sk_pop_free(_STACK *st, void (*func) (void *)); ++_STACK *sk_deep_copy(_STACK *, void *(*)(void *), void (*)(void *)); ++int sk_insert(_STACK *sk, void *data, int where); ++void *sk_delete(_STACK *st, int loc); ++void *sk_delete_ptr(_STACK *st, void *p); ++int sk_find(_STACK *st, void *data); ++int sk_find_ex(_STACK *st, void *data); ++int sk_push(_STACK *st, void *data); ++int sk_unshift(_STACK *st, void *data); ++void *sk_shift(_STACK *st); ++void *sk_pop(_STACK *st); ++void sk_zero(_STACK *st); ++int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) ++ (const void *, const void *); ++_STACK *sk_dup(_STACK *st); ++void sk_sort(_STACK *st); ++int sk_is_sorted(const _STACK *st); + + #ifdef __cplusplus + } +diff --git a/Cryptlib/Include/openssl/symhacks.h b/Cryptlib/Include/openssl/symhacks.h +index caf1f1a..239fa4f 100644 +--- a/Cryptlib/Include/openssl/symhacks.h ++++ b/Cryptlib/Include/openssl/symhacks.h +@@ -1,10 +1,55 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_SYMHACKS_H +@@ -12,8 +57,427 @@ + + # include + ++/* ++ * Hacks to solve the problem with linkers incapable of handling very long ++ * symbol names. In the case of VMS, the limit is 31 characters on VMS for ++ * VAX. ++ */ ++/* ++ * Note that this affects util/libeay.num and util/ssleay.num... you may ++ * change those manually, but that's not recommended, as those files are ++ * controlled centrally and updated on Unix, and the central definition may ++ * disagree with yours, which in turn may come with shareable library ++ * incompatibilities. ++ */ ++# ifdef OPENSSL_SYS_VMS ++ ++/* Hack a long name in crypto/ex_data.c */ ++# undef CRYPTO_get_ex_data_implementation ++# define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl ++# undef CRYPTO_set_ex_data_implementation ++# define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl ++ ++/* Hack a long name in crypto/asn1/a_mbstr.c */ ++# undef ASN1_STRING_set_default_mask_asc ++# define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc ++ ++# if 0 /* No longer needed, since safestack macro ++ * magic does the job */ ++/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ ++# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO ++# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF ++# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO ++# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF ++# endif ++ ++# if 0 /* No longer needed, since safestack macro ++ * magic does the job */ ++/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ ++# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO ++# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF ++# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO ++# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF ++# endif ++ ++# if 0 /* No longer needed, since safestack macro ++ * magic does the job */ ++/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ ++# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION ++# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC ++# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION ++# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC ++# endif ++ ++/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ ++# undef PEM_read_NETSCAPE_CERT_SEQUENCE ++# define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ ++# undef PEM_write_NETSCAPE_CERT_SEQUENCE ++# define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ ++# undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE ++# define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ ++# undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE ++# define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ ++# undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE ++# define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ ++ ++/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ ++# undef PEM_read_PKCS8_PRIV_KEY_INFO ++# define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO ++# undef PEM_write_PKCS8_PRIV_KEY_INFO ++# define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO ++# undef PEM_read_bio_PKCS8_PRIV_KEY_INFO ++# define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO ++# undef PEM_write_bio_PKCS8_PRIV_KEY_INFO ++# define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO ++# undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO ++# define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO ++ ++/* Hack other PEM names */ ++# undef PEM_write_bio_PKCS8PrivateKey_nid ++# define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid ++ ++/* Hack some long X509 names */ ++# undef X509_REVOKED_get_ext_by_critical ++# define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic ++# undef X509_policy_tree_get0_user_policies ++# define X509_policy_tree_get0_user_policies X509_pcy_tree_get0_usr_policies ++# undef X509_policy_node_get0_qualifiers ++# define X509_policy_node_get0_qualifiers X509_pcy_node_get0_qualifiers ++# undef X509_STORE_CTX_get_explicit_policy ++# define X509_STORE_CTX_get_explicit_policy X509_STORE_CTX_get_expl_policy ++# undef X509_STORE_CTX_get0_current_issuer ++# define X509_STORE_CTX_get0_current_issuer X509_STORE_CTX_get0_cur_issuer ++ ++/* Hack some long CRYPTO names */ ++# undef CRYPTO_set_dynlock_destroy_callback ++# define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb ++# undef CRYPTO_set_dynlock_create_callback ++# define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb ++# undef CRYPTO_set_dynlock_lock_callback ++# define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb ++# undef CRYPTO_get_dynlock_lock_callback ++# define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb ++# undef CRYPTO_get_dynlock_destroy_callback ++# define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb ++# undef CRYPTO_get_dynlock_create_callback ++# define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb ++# undef CRYPTO_set_locked_mem_ex_functions ++# define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs ++# undef CRYPTO_get_locked_mem_ex_functions ++# define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs ++ ++/* Hack some long SSL/TLS names */ ++# undef SSL_CTX_set_default_verify_paths ++# define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths ++# undef SSL_get_ex_data_X509_STORE_CTX_idx ++# define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx ++# undef SSL_add_file_cert_subjects_to_stack ++# define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk ++# undef SSL_add_dir_cert_subjects_to_stack ++# define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk ++# undef SSL_CTX_use_certificate_chain_file ++# define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file ++# undef SSL_CTX_set_cert_verify_callback ++# define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb ++# undef SSL_CTX_set_default_passwd_cb_userdata ++# define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud ++# undef SSL_COMP_get_compression_methods ++# define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods ++# undef SSL_COMP_set0_compression_methods ++# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compress_methods ++# undef SSL_COMP_free_compression_methods ++# define SSL_COMP_free_compression_methods SSL_COMP_free_compress_methods ++# undef ssl_add_clienthello_renegotiate_ext ++# define ssl_add_clienthello_renegotiate_ext ssl_add_clienthello_reneg_ext ++# undef ssl_add_serverhello_renegotiate_ext ++# define ssl_add_serverhello_renegotiate_ext ssl_add_serverhello_reneg_ext ++# undef ssl_parse_clienthello_renegotiate_ext ++# define ssl_parse_clienthello_renegotiate_ext ssl_parse_clienthello_reneg_ext ++# undef ssl_parse_serverhello_renegotiate_ext ++# define ssl_parse_serverhello_renegotiate_ext ssl_parse_serverhello_reneg_ext ++# undef SSL_srp_server_param_with_username ++# define SSL_srp_server_param_with_username SSL_srp_server_param_with_un ++# undef SSL_CTX_set_srp_client_pwd_callback ++# define SSL_CTX_set_srp_client_pwd_callback SSL_CTX_set_srp_client_pwd_cb ++# undef SSL_CTX_set_srp_verify_param_callback ++# define SSL_CTX_set_srp_verify_param_callback SSL_CTX_set_srp_vfy_param_cb ++# undef SSL_CTX_set_srp_username_callback ++# define SSL_CTX_set_srp_username_callback SSL_CTX_set_srp_un_cb ++# undef ssl_add_clienthello_use_srtp_ext ++# define ssl_add_clienthello_use_srtp_ext ssl_add_clihello_use_srtp_ext ++# undef ssl_add_serverhello_use_srtp_ext ++# define ssl_add_serverhello_use_srtp_ext ssl_add_serhello_use_srtp_ext ++# undef ssl_parse_clienthello_use_srtp_ext ++# define ssl_parse_clienthello_use_srtp_ext ssl_parse_clihello_use_srtp_ext ++# undef ssl_parse_serverhello_use_srtp_ext ++# define ssl_parse_serverhello_use_srtp_ext ssl_parse_serhello_use_srtp_ext ++# undef SSL_CTX_set_next_protos_advertised_cb ++# define SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_protos_adv_cb ++# undef SSL_CTX_set_next_proto_select_cb ++# define SSL_CTX_set_next_proto_select_cb SSL_CTX_set_next_proto_sel_cb ++ ++# undef tls1_send_server_supplemental_data ++# define tls1_send_server_supplemental_data tls1_send_server_suppl_data ++# undef tls1_send_client_supplemental_data ++# define tls1_send_client_supplemental_data tls1_send_client_suppl_data ++# undef tls1_get_server_supplemental_data ++# define tls1_get_server_supplemental_data tls1_get_server_suppl_data ++# undef tls1_get_client_supplemental_data ++# define tls1_get_client_supplemental_data tls1_get_client_suppl_data ++ ++# undef ssl3_cbc_record_digest_supported ++# define ssl3_cbc_record_digest_supported ssl3_cbc_record_digest_support ++# undef ssl_check_clienthello_tlsext_late ++# define ssl_check_clienthello_tlsext_late ssl_check_clihello_tlsext_late ++# undef ssl_check_clienthello_tlsext_early ++# define ssl_check_clienthello_tlsext_early ssl_check_clihello_tlsext_early ++ ++/* Hack some RSA long names */ ++# undef RSA_padding_check_PKCS1_OAEP_mgf1 ++# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_pad_check_PKCS1_OAEP_mgf1 ++ ++/* Hack some ENGINE long names */ ++# undef ENGINE_get_default_BN_mod_exp_crt ++# define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt ++# undef ENGINE_set_default_BN_mod_exp_crt ++# define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt ++# undef ENGINE_set_load_privkey_function ++# define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn ++# undef ENGINE_get_load_privkey_function ++# define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn ++# undef ENGINE_unregister_pkey_asn1_meths ++# define ENGINE_unregister_pkey_asn1_meths ENGINE_unreg_pkey_asn1_meths ++# undef ENGINE_register_all_pkey_asn1_meths ++# define ENGINE_register_all_pkey_asn1_meths ENGINE_reg_all_pkey_asn1_meths ++# undef ENGINE_set_default_pkey_asn1_meths ++# define ENGINE_set_default_pkey_asn1_meths ENGINE_set_def_pkey_asn1_meths ++# undef ENGINE_get_pkey_asn1_meth_engine ++# define ENGINE_get_pkey_asn1_meth_engine ENGINE_get_pkey_asn1_meth_eng ++# undef ENGINE_set_load_ssl_client_cert_function ++# define ENGINE_set_load_ssl_client_cert_function \ ++ ENGINE_set_ld_ssl_clnt_cert_fn ++# undef ENGINE_get_ssl_client_cert_function ++# define ENGINE_get_ssl_client_cert_function ENGINE_get_ssl_client_cert_fn ++ ++/* Hack some long OCSP names */ ++# undef OCSP_REQUEST_get_ext_by_critical ++# define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit ++# undef OCSP_BASICRESP_get_ext_by_critical ++# define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit ++# undef OCSP_SINGLERESP_get_ext_by_critical ++# define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit ++ ++/* Hack some long DES names */ ++# undef _ossl_old_des_ede3_cfb64_encrypt ++# define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt ++# undef _ossl_old_des_ede3_ofb64_encrypt ++# define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt ++ ++/* Hack some long EVP names */ ++# undef OPENSSL_add_all_algorithms_noconf ++# define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf ++# undef OPENSSL_add_all_algorithms_conf ++# define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf ++# undef EVP_PKEY_meth_set_verify_recover ++# define EVP_PKEY_meth_set_verify_recover EVP_PKEY_meth_set_vrfy_recover ++ ++/* Hack some long EC names */ ++# undef EC_GROUP_set_point_conversion_form ++# define EC_GROUP_set_point_conversion_form EC_GROUP_set_point_conv_form ++# undef EC_GROUP_get_point_conversion_form ++# define EC_GROUP_get_point_conversion_form EC_GROUP_get_point_conv_form ++# undef EC_GROUP_clear_free_all_extra_data ++# define EC_GROUP_clear_free_all_extra_data EC_GROUP_clr_free_all_xtra_data ++# undef EC_KEY_set_public_key_affine_coordinates ++# define EC_KEY_set_public_key_affine_coordinates \ ++ EC_KEY_set_pub_key_aff_coords ++# undef EC_POINT_set_Jprojective_coordinates_GFp ++# define EC_POINT_set_Jprojective_coordinates_GFp \ ++ EC_POINT_set_Jproj_coords_GFp ++# undef EC_POINT_get_Jprojective_coordinates_GFp ++# define EC_POINT_get_Jprojective_coordinates_GFp \ ++ EC_POINT_get_Jproj_coords_GFp ++# undef EC_POINT_set_affine_coordinates_GFp ++# define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp ++# undef EC_POINT_get_affine_coordinates_GFp ++# define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp ++# undef EC_POINT_set_compressed_coordinates_GFp ++# define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp ++# undef EC_POINT_set_affine_coordinates_GF2m ++# define EC_POINT_set_affine_coordinates_GF2m EC_POINT_set_affine_coords_GF2m ++# undef EC_POINT_get_affine_coordinates_GF2m ++# define EC_POINT_get_affine_coordinates_GF2m EC_POINT_get_affine_coords_GF2m ++# undef EC_POINT_set_compressed_coordinates_GF2m ++# define EC_POINT_set_compressed_coordinates_GF2m \ ++ EC_POINT_set_compr_coords_GF2m ++# undef ec_GF2m_simple_group_clear_finish ++# define ec_GF2m_simple_group_clear_finish ec_GF2m_simple_grp_clr_finish ++# undef ec_GF2m_simple_group_check_discriminant ++# define ec_GF2m_simple_group_check_discriminant ec_GF2m_simple_grp_chk_discrim ++# undef ec_GF2m_simple_point_clear_finish ++# define ec_GF2m_simple_point_clear_finish ec_GF2m_simple_pt_clr_finish ++# undef ec_GF2m_simple_point_set_to_infinity ++# define ec_GF2m_simple_point_set_to_infinity ec_GF2m_simple_pt_set_to_inf ++# undef ec_GF2m_simple_points_make_affine ++# define ec_GF2m_simple_points_make_affine ec_GF2m_simple_pts_make_affine ++# undef ec_GF2m_simple_point_set_affine_coordinates ++# define ec_GF2m_simple_point_set_affine_coordinates \ ++ ec_GF2m_smp_pt_set_af_coords ++# undef ec_GF2m_simple_point_get_affine_coordinates ++# define ec_GF2m_simple_point_get_affine_coordinates \ ++ ec_GF2m_smp_pt_get_af_coords ++# undef ec_GF2m_simple_set_compressed_coordinates ++# define ec_GF2m_simple_set_compressed_coordinates \ ++ ec_GF2m_smp_set_compr_coords ++# undef ec_GFp_simple_group_set_curve_GFp ++# define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp ++# undef ec_GFp_simple_group_get_curve_GFp ++# define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp ++# undef ec_GFp_simple_group_clear_finish ++# define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish ++# undef ec_GFp_simple_group_set_generator ++# define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator ++# undef ec_GFp_simple_group_get0_generator ++# define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator ++# undef ec_GFp_simple_group_get_cofactor ++# define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor ++# undef ec_GFp_simple_point_clear_finish ++# define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish ++# undef ec_GFp_simple_point_set_to_infinity ++# define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf ++# undef ec_GFp_simple_points_make_affine ++# define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine ++# undef ec_GFp_simple_set_Jprojective_coordinates_GFp ++# define ec_GFp_simple_set_Jprojective_coordinates_GFp \ ++ ec_GFp_smp_set_Jproj_coords_GFp ++# undef ec_GFp_simple_get_Jprojective_coordinates_GFp ++# define ec_GFp_simple_get_Jprojective_coordinates_GFp \ ++ ec_GFp_smp_get_Jproj_coords_GFp ++# undef ec_GFp_simple_point_set_affine_coordinates_GFp ++# define ec_GFp_simple_point_set_affine_coordinates_GFp \ ++ ec_GFp_smp_pt_set_af_coords_GFp ++# undef ec_GFp_simple_point_get_affine_coordinates_GFp ++# define ec_GFp_simple_point_get_affine_coordinates_GFp \ ++ ec_GFp_smp_pt_get_af_coords_GFp ++# undef ec_GFp_simple_set_compressed_coordinates_GFp ++# define ec_GFp_simple_set_compressed_coordinates_GFp \ ++ ec_GFp_smp_set_compr_coords_GFp ++# undef ec_GFp_simple_point_set_affine_coordinates ++# define ec_GFp_simple_point_set_affine_coordinates \ ++ ec_GFp_smp_pt_set_af_coords ++# undef ec_GFp_simple_point_get_affine_coordinates ++# define ec_GFp_simple_point_get_affine_coordinates \ ++ ec_GFp_smp_pt_get_af_coords ++# undef ec_GFp_simple_set_compressed_coordinates ++# define ec_GFp_simple_set_compressed_coordinates \ ++ ec_GFp_smp_set_compr_coords ++# undef ec_GFp_simple_group_check_discriminant ++# define ec_GFp_simple_group_check_discriminant ec_GFp_simple_grp_chk_discrim ++ ++/* Hack som long STORE names */ ++# undef STORE_method_set_initialise_function ++# define STORE_method_set_initialise_function STORE_meth_set_initialise_fn ++# undef STORE_method_set_cleanup_function ++# define STORE_method_set_cleanup_function STORE_meth_set_cleanup_fn ++# undef STORE_method_set_generate_function ++# define STORE_method_set_generate_function STORE_meth_set_generate_fn ++# undef STORE_method_set_modify_function ++# define STORE_method_set_modify_function STORE_meth_set_modify_fn ++# undef STORE_method_set_revoke_function ++# define STORE_method_set_revoke_function STORE_meth_set_revoke_fn ++# undef STORE_method_set_delete_function ++# define STORE_method_set_delete_function STORE_meth_set_delete_fn ++# undef STORE_method_set_list_start_function ++# define STORE_method_set_list_start_function STORE_meth_set_list_start_fn ++# undef STORE_method_set_list_next_function ++# define STORE_method_set_list_next_function STORE_meth_set_list_next_fn ++# undef STORE_method_set_list_end_function ++# define STORE_method_set_list_end_function STORE_meth_set_list_end_fn ++# undef STORE_method_set_update_store_function ++# define STORE_method_set_update_store_function STORE_meth_set_update_store_fn ++# undef STORE_method_set_lock_store_function ++# define STORE_method_set_lock_store_function STORE_meth_set_lock_store_fn ++# undef STORE_method_set_unlock_store_function ++# define STORE_method_set_unlock_store_function STORE_meth_set_unlock_store_fn ++# undef STORE_method_get_initialise_function ++# define STORE_method_get_initialise_function STORE_meth_get_initialise_fn ++# undef STORE_method_get_cleanup_function ++# define STORE_method_get_cleanup_function STORE_meth_get_cleanup_fn ++# undef STORE_method_get_generate_function ++# define STORE_method_get_generate_function STORE_meth_get_generate_fn ++# undef STORE_method_get_modify_function ++# define STORE_method_get_modify_function STORE_meth_get_modify_fn ++# undef STORE_method_get_revoke_function ++# define STORE_method_get_revoke_function STORE_meth_get_revoke_fn ++# undef STORE_method_get_delete_function ++# define STORE_method_get_delete_function STORE_meth_get_delete_fn ++# undef STORE_method_get_list_start_function ++# define STORE_method_get_list_start_function STORE_meth_get_list_start_fn ++# undef STORE_method_get_list_next_function ++# define STORE_method_get_list_next_function STORE_meth_get_list_next_fn ++# undef STORE_method_get_list_end_function ++# define STORE_method_get_list_end_function STORE_meth_get_list_end_fn ++# undef STORE_method_get_update_store_function ++# define STORE_method_get_update_store_function STORE_meth_get_update_store_fn ++# undef STORE_method_get_lock_store_function ++# define STORE_method_get_lock_store_function STORE_meth_get_lock_store_fn ++# undef STORE_method_get_unlock_store_function ++# define STORE_method_get_unlock_store_function STORE_meth_get_unlock_store_fn ++ ++/* Hack some long TS names */ ++# undef TS_RESP_CTX_set_status_info_cond ++# define TS_RESP_CTX_set_status_info_cond TS_RESP_CTX_set_stat_info_cond ++# undef TS_RESP_CTX_set_clock_precision_digits ++# define TS_RESP_CTX_set_clock_precision_digits TS_RESP_CTX_set_clk_prec_digits ++# undef TS_CONF_set_clock_precision_digits ++# define TS_CONF_set_clock_precision_digits TS_CONF_set_clk_prec_digits ++ ++/* Hack some long CMS names */ ++# undef CMS_RecipientInfo_ktri_get0_algs ++# define CMS_RecipientInfo_ktri_get0_algs CMS_RecipInfo_ktri_get0_algs ++# undef CMS_RecipientInfo_ktri_get0_signer_id ++# define CMS_RecipientInfo_ktri_get0_signer_id CMS_RecipInfo_ktri_get0_sigr_id ++# undef CMS_OtherRevocationInfoFormat_it ++# define CMS_OtherRevocationInfoFormat_it CMS_OtherRevocInfoFormat_it ++# undef CMS_KeyAgreeRecipientIdentifier_it ++# define CMS_KeyAgreeRecipientIdentifier_it CMS_KeyAgreeRecipIdentifier_it ++# undef CMS_OriginatorIdentifierOrKey_it ++# define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it ++# undef cms_SignerIdentifier_get0_signer_id ++# define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id ++# undef CMS_RecipientInfo_kari_get0_orig_id ++# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id ++# undef CMS_RecipientInfo_kari_get0_reks ++# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks ++# undef CMS_RecipientEncryptedKey_cert_cmp ++# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp ++# undef CMS_RecipientInfo_kari_set0_pkey ++# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey ++# undef CMS_RecipientEncryptedKey_get0_id ++# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id ++# undef CMS_RecipientInfo_kari_orig_id_cmp ++# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp ++ ++/* Hack some long DTLS1 names */ ++# undef dtls1_retransmit_buffered_messages ++# define dtls1_retransmit_buffered_messages dtls1_retransmit_buffered_msgs ++ ++/* Hack some long SRP names */ ++# undef SRP_generate_server_master_secret ++# define SRP_generate_server_master_secret SRP_gen_server_master_secret ++# undef SRP_generate_client_master_secret ++# define SRP_generate_client_master_secret SRP_gen_client_master_secret ++ ++/* Hack some long UI names */ ++# undef UI_method_get_prompt_constructor ++# define UI_method_get_prompt_constructor UI_method_get_prompt_constructr ++# undef UI_method_set_prompt_constructor ++# define UI_method_set_prompt_constructor UI_method_set_prompt_constructr ++ ++# endif /* defined OPENSSL_SYS_VMS */ ++ + /* Case insensitive linking causes problems.... */ +-# if defined(OPENSSL_SYS_VMS) ++# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) + # undef ERR_load_CRYPTO_strings + # define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings + # undef OCSP_crlID_new +diff --git a/Cryptlib/Include/openssl/tls1.h b/Cryptlib/Include/openssl/tls1.h +index 23e382c..7e237d0 100644 +--- a/Cryptlib/Include/openssl/tls1.h ++++ b/Cryptlib/Include/openssl/tls1.h +@@ -1,12 +1,113 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ssl/tls1.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +@@ -51,25 +152,18 @@ + # define HEADER_TLS1_H + + # include +-# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* Default security level if not overridden at config time */ +-# ifndef OPENSSL_TLS_SECURITY_LEVEL +-# define OPENSSL_TLS_SECURITY_LEVEL 1 +-# endif ++# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 + + # define TLS1_VERSION 0x0301 + # define TLS1_1_VERSION 0x0302 + # define TLS1_2_VERSION 0x0303 + # define TLS_MAX_VERSION TLS1_2_VERSION + +-/* Special value for method supporting multiple versions */ +-# define TLS_ANY_VERSION 0x10000 +- + # define TLS1_VERSION_MAJOR 0x03 + # define TLS1_VERSION_MINOR 0x01 + +@@ -80,10 +174,10 @@ extern "C" { + # define TLS1_2_VERSION_MINOR 0x03 + + # define TLS1_get_version(s) \ +- ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0) ++ ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0) + + # define TLS1_get_client_version(s) \ +- ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0) ++ ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0) + + # define TLS1_AD_DECRYPTION_FAILED 21 + # define TLS1_AD_RECORD_OVERFLOW 22 +@@ -105,7 +199,6 @@ extern "C" { + # define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 + # define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 + # define TLS1_AD_UNKNOWN_PSK_IDENTITY 115/* fatal */ +-# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */ + + /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ + # define TLSEXT_TYPE_server_name 0 +@@ -141,27 +234,25 @@ extern "C" { + /* ExtensionType value from RFC7301 */ + # define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +-/* +- * Extension type for Certificate Transparency +- * https://tools.ietf.org/html/rfc6962#section-3.3.1 +- */ +-# define TLSEXT_TYPE_signed_certificate_timestamp 18 +- + /* + * ExtensionType value for TLS padding extension. + * http://tools.ietf.org/html/draft-agl-tls-padding + */ + # define TLSEXT_TYPE_padding 21 + +-/* ExtensionType value from RFC7366 */ +-# define TLSEXT_TYPE_encrypt_then_mac 22 +- +-/* ExtensionType value from RFC7627 */ +-# define TLSEXT_TYPE_extended_master_secret 23 +- + /* ExtensionType value from RFC4507 */ + # define TLSEXT_TYPE_session_ticket 35 + ++/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ ++# if 0 ++/* ++ * will have to be provided externally for now , ++ * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 ++ * using whatever extension number you'd like to try ++ */ ++# define TLSEXT_TYPE_opaque_prf_input ?? ++# endif ++ + /* Temporary extension type */ + # define TLSEXT_TYPE_renegotiate 0xff01 + +@@ -187,12 +278,9 @@ extern "C" { + # define TLSEXT_signature_rsa 1 + # define TLSEXT_signature_dsa 2 + # define TLSEXT_signature_ecdsa 3 +-# define TLSEXT_signature_gostr34102001 237 +-# define TLSEXT_signature_gostr34102012_256 238 +-# define TLSEXT_signature_gostr34102012_512 239 + + /* Total number of different signature algorithms */ +-# define TLSEXT_signature_num 7 ++# define TLSEXT_signature_num 4 + + # define TLSEXT_hash_none 0 + # define TLSEXT_hash_md5 1 +@@ -201,13 +289,10 @@ extern "C" { + # define TLSEXT_hash_sha256 4 + # define TLSEXT_hash_sha384 5 + # define TLSEXT_hash_sha512 6 +-# define TLSEXT_hash_gostr3411 237 +-# define TLSEXT_hash_gostr34112012_256 238 +-# define TLSEXT_hash_gostr34112012_512 239 + + /* Total number of different digest algorithms */ + +-# define TLSEXT_hash_num 10 ++# define TLSEXT_hash_num 7 + + /* Flag set for unrecognised algorithms */ + # define TLSEXT_nid_unknown 0x1000000 +@@ -217,10 +302,12 @@ extern "C" { + # define TLSEXT_curve_P_256 23 + # define TLSEXT_curve_P_384 24 + +-# define TLSEXT_MAXLEN_host_name 255 ++# ifndef OPENSSL_NO_TLSEXT ++ ++# define TLSEXT_MAXLEN_host_name 255 + +-__owur const char *SSL_get_servername(const SSL *s, const int type); +-__owur int SSL_get_servername_type(const SSL *s); ++const char *SSL_get_servername(const SSL *s, const int type); ++int SSL_get_servername_type(const SSL *s); + /* + * SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and +@@ -228,7 +315,7 @@ __owur int SSL_get_servername_type(const SSL *s); + * flag controls whether a context is included.) It returns 1 on success and + * zero otherwise. + */ +-__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, ++int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, + const unsigned char *p, size_t plen, + int use_context); +@@ -241,102 +328,79 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, + int *psign, int *phash, int *psignandhash, + unsigned char *rsig, unsigned char *rhash); + +-__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); ++int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); + +-# define SSL_set_tlsext_host_name(s,name) \ ++# define SSL_set_tlsext_host_name(s,name) \ + SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + +-# define SSL_set_tlsext_debug_callback(ssl, cb) \ ++# define SSL_set_tlsext_debug_callback(ssl, cb) \ + SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + +-# define SSL_set_tlsext_debug_arg(ssl, arg) \ ++# define SSL_set_tlsext_debug_arg(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + +-# define SSL_get_tlsext_status_type(ssl) \ +-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0, NULL) +- +-# define SSL_set_tlsext_status_type(ssl, type) \ ++# define SSL_set_tlsext_status_type(ssl, type) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +-# define SSL_get_tlsext_status_exts(ssl, arg) \ ++# define SSL_get_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +-# define SSL_set_tlsext_status_exts(ssl, arg) \ ++# define SSL_set_tlsext_status_exts(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +-# define SSL_get_tlsext_status_ids(ssl, arg) \ ++# define SSL_get_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +-# define SSL_set_tlsext_status_ids(ssl, arg) \ ++# define SSL_set_tlsext_status_ids(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +-# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ ++# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ + SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +-# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ ++# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + +-# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ ++# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ + SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + +-# define SSL_TLSEXT_ERR_OK 0 +-# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +-# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +-# define SSL_TLSEXT_ERR_NOACK 3 ++# define SSL_TLSEXT_ERR_OK 0 ++# define SSL_TLSEXT_ERR_ALERT_WARNING 1 ++# define SSL_TLSEXT_ERR_ALERT_FATAL 2 ++# define SSL_TLSEXT_ERR_NOACK 3 + +-# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ ++# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + +-# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ ++# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) +-# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ ++# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + +-# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ +-SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) +-# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ ++# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +-# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ +-SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg +-# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ ++# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ + SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) + +-#define SSL_CTX_set_tlsext_status_type(ssl, type) \ +- SSL_CTX_ctrl(ssl, SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE, type, NULL) +- +-#define SSL_CTX_get_tlsext_status_type(ssl) \ +- SSL_CTX_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) ++# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ ++SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) ++# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ ++SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) ++# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ ++SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) + +-# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ ++# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ + SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + +-# ifndef OPENSSL_NO_HEARTBEATS +-# define SSL_DTLSEXT_HB_ENABLED 0x01 +-# define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS 0x02 +-# define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS 0x04 +-# define SSL_get_dtlsext_heartbeat_pending(ssl) \ +- SSL_ctrl((ssl),SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL) +-# define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \ +- SSL_ctrl((ssl),SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) +- +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \ +- SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT +-# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \ +- SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING +-# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \ +- SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS +-# define SSL_TLSEXT_HB_ENABLED \ +- SSL_DTLSEXT_HB_ENABLED +-# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \ +- SSL_DTLSEXT_HB_DONT_SEND_REQUESTS +-# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \ +- SSL_DTLSEXT_HB_DONT_RECV_REQUESTS ++# ifndef OPENSSL_NO_HEARTBEATS ++# define SSL_TLSEXT_HB_ENABLED 0x01 ++# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 ++# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 ++ + # define SSL_get_tlsext_heartbeat_pending(ssl) \ +- SSL_get_dtlsext_heartbeat_pending(ssl) ++ SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) + # define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ +- SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) ++ SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) + # endif + # endif + +@@ -346,43 +410,22 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C + # define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D + +-# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA 0x0300008E +-# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008F +-# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA 0x03000090 +-# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA 0x03000091 +- +-# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092 +-# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093 +-# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094 +-# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095 +- +-/* PSK ciphersuites from 5487 */ +-# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8 +-# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9 +-# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256 0x030000AA +-# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384 0x030000AB +-# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC +-# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD +- +-# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE +-# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF +-# define TLS1_CK_PSK_WITH_NULL_SHA256 0x030000B0 +-# define TLS1_CK_PSK_WITH_NULL_SHA384 0x030000B1 +- +-# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256 0x030000B2 +-# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384 0x030000B3 +-# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256 0x030000B4 +-# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384 0x030000B5 +- +-# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6 +-# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7 +-# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256 0x030000B8 +-# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384 0x030000B9 +- +-/* NULL PSK ciphersuites from RFC4785 */ +-# define TLS1_CK_PSK_WITH_NULL_SHA 0x0300002C +-# define TLS1_CK_DHE_PSK_WITH_NULL_SHA 0x0300002D +-# define TLS1_CK_RSA_PSK_WITH_NULL_SHA 0x0300002E ++/* ++ * Additional TLS ciphersuites from expired Internet Draft ++ * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if ++ * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We ++ * actually treat them like SSL 3.0 ciphers, which we probably shouldn't. ++ * Note that the first two are actually not in the IDs. ++ */ ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in ++ * ID */ ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in ++ * ID */ ++# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 ++# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 ++# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 ++# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 ++# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 + + /* AES ciphersuites from RFC3268 */ + # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +@@ -454,46 +497,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 + # define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +-/* CCM ciphersuites from RFC6655 */ +-# define TLS1_CK_RSA_WITH_AES_128_CCM 0x0300C09C +-# define TLS1_CK_RSA_WITH_AES_256_CCM 0x0300C09D +-# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM 0x0300C09E +-# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM 0x0300C09F +-# define TLS1_CK_RSA_WITH_AES_128_CCM_8 0x0300C0A0 +-# define TLS1_CK_RSA_WITH_AES_256_CCM_8 0x0300C0A1 +-# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8 0x0300C0A2 +-# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8 0x0300C0A3 +-# define TLS1_CK_PSK_WITH_AES_128_CCM 0x0300C0A4 +-# define TLS1_CK_PSK_WITH_AES_256_CCM 0x0300C0A5 +-# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM 0x0300C0A6 +-# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM 0x0300C0A7 +-# define TLS1_CK_PSK_WITH_AES_128_CCM_8 0x0300C0A8 +-# define TLS1_CK_PSK_WITH_AES_256_CCM_8 0x0300C0A9 +-# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8 0x0300C0AA +-# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8 0x0300C0AB +- +-/* CCM ciphersuites from RFC7251 */ +-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM 0x0300C0AC +-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM 0x0300C0AD +-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8 0x0300C0AE +-# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8 0x0300C0AF +- +-/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +-# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +-# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +-# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +-# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +-# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +-# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF +- +-# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +-# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +-# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +-# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +-# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +-# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 +- +-/* ECC ciphersuites from RFC4492 */ ++/* ++ * ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in ++ * draft 13 ++ */ + # define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 + # define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 + # define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +@@ -556,61 +563,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 + # define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +-/* ECDHE PSK ciphersuites from RFC5489 */ +-# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA 0x0300C033 +-# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA 0x0300C034 +-# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA 0x0300C035 +-# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA 0x0300C036 +- +-# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0x0300C037 +-# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0x0300C038 +- +-/* NULL PSK ciphersuites from RFC4785 */ +- +-# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA 0x0300C039 +-# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256 0x0300C03A +-# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384 0x0300C03B +- +-/* Camellia-CBC ciphersuites from RFC6367 */ +-# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072 +-# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073 +-# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C074 +-# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C075 +-# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C076 +-# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C077 +-# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C078 +-# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C079 +- +-# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C094 +-# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C095 +-# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C096 +-# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C097 +-# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C098 +-# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C099 +-# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0x0300C09A +-# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0x0300C09B +- +-/* draft-ietf-tls-chacha20-poly1305-03 */ +-# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCA8 +-# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 0x0300CCA9 +-# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305 0x0300CCAA +-# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305 0x0300CCAB +-# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAC +-# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305 0x0300CCAD +-# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305 0x0300CCAE +- + /* +- * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE +- * ciphers names with "EDH" instead of "DHE". Going forward, we should be +- * using DHE everywhere, though we may indefinitely maintain aliases for +- * users or configurations that used "EDH" ++ * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave ++ * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we ++ * should be using DHE + * everywhere, though we may indefinitely maintain ++ * aliases for users + * or configurations that used "EDH" + + */ ++# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" ++# define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" ++# define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" ++# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" ++# define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" ++# define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" + # define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +-# define TLS1_TXT_PSK_WITH_NULL_SHA "PSK-NULL-SHA" +-# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA "DHE-PSK-NULL-SHA" +-# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA "RSA-PSK-NULL-SHA" +- + /* AES ciphersuites from RFC3268 */ + # define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" + # define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +@@ -663,38 +629,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" + # define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +-# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA "DHE-PSK-RC4-SHA" +-# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA "DHE-PSK-3DES-EDE-CBC-SHA" +-# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA "DHE-PSK-AES128-CBC-SHA" +-# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA "DHE-PSK-AES256-CBC-SHA" +-# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA" +-# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA" +-# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA" +-# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA" +- +-/* PSK ciphersuites from RFC 5487 */ +-# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +-# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +-# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256 "DHE-PSK-AES128-GCM-SHA256" +-# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384 "DHE-PSK-AES256-GCM-SHA384" +-# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256" +-# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384" +- +-# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256" +-# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384" +-# define TLS1_TXT_PSK_WITH_NULL_SHA256 "PSK-NULL-SHA256" +-# define TLS1_TXT_PSK_WITH_NULL_SHA384 "PSK-NULL-SHA384" +- +-# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256 "DHE-PSK-AES128-CBC-SHA256" +-# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384 "DHE-PSK-AES256-CBC-SHA384" +-# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256 "DHE-PSK-NULL-SHA256" +-# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384 "DHE-PSK-NULL-SHA384" +- +-# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256" +-# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384" +-# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256 "RSA-PSK-NULL-SHA256" +-# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384 "RSA-PSK-NULL-SHA384" +- + /* SRP ciphersuite from RFC 5054 */ + # define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" + # define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +@@ -721,30 +655,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" + # define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +-/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +-# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +-# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +-# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +-# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +-# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +-# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" +- +-# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +-# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +-# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +-# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +-# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +-# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" +- +-# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256 "PSK-CAMELLIA128-SHA256" +-# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384 "PSK-CAMELLIA256-SHA384" +-# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "DHE-PSK-CAMELLIA128-SHA256" +-# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "DHE-PSK-CAMELLIA256-SHA384" +-# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 "RSA-PSK-CAMELLIA128-SHA256" +-# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 "RSA-PSK-CAMELLIA256-SHA384" +-# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-PSK-CAMELLIA128-SHA256" +-# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-PSK-CAMELLIA256-SHA384" +- + /* SEED ciphersuites from RFC4162 */ + # define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" + # define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +@@ -782,35 +692,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" + # define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +-/* CCM ciphersuites from RFC6655 */ +- +-# define TLS1_TXT_RSA_WITH_AES_128_CCM "AES128-CCM" +-# define TLS1_TXT_RSA_WITH_AES_256_CCM "AES256-CCM" +-# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM "DHE-RSA-AES128-CCM" +-# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM "DHE-RSA-AES256-CCM" +- +-# define TLS1_TXT_RSA_WITH_AES_128_CCM_8 "AES128-CCM8" +-# define TLS1_TXT_RSA_WITH_AES_256_CCM_8 "AES256-CCM8" +-# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8 "DHE-RSA-AES128-CCM8" +-# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8 "DHE-RSA-AES256-CCM8" +- +-# define TLS1_TXT_PSK_WITH_AES_128_CCM "PSK-AES128-CCM" +-# define TLS1_TXT_PSK_WITH_AES_256_CCM "PSK-AES256-CCM" +-# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM "DHE-PSK-AES128-CCM" +-# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM "DHE-PSK-AES256-CCM" +- +-# define TLS1_TXT_PSK_WITH_AES_128_CCM_8 "PSK-AES128-CCM8" +-# define TLS1_TXT_PSK_WITH_AES_256_CCM_8 "PSK-AES256-CCM8" +-# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8 "DHE-PSK-AES128-CCM8" +-# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8 "DHE-PSK-AES256-CCM8" +- +-/* CCM ciphersuites from RFC7251 */ +- +-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM "ECDHE-ECDSA-AES128-CCM" +-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM "ECDHE-ECDSA-AES256-CCM" +-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8 "ECDHE-ECDSA-AES128-CCM8" +-# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8 "ECDHE-ECDSA-AES256-CCM8" +- + /* ECDH HMAC based ciphersuites from RFC5289 */ + + # define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +@@ -832,42 +713,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" + # define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +-/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */ +-# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256" +-# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384" +- +-/* ECDHE PSK ciphersuites from RFC 5489 */ +-# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA "ECDHE-PSK-RC4-SHA" +-# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA "ECDHE-PSK-3DES-EDE-CBC-SHA" +-# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA "ECDHE-PSK-AES128-CBC-SHA" +-# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA "ECDHE-PSK-AES256-CBC-SHA" +- +-# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256 "ECDHE-PSK-AES128-CBC-SHA256" +-# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384 "ECDHE-PSK-AES256-CBC-SHA384" +- +-# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA "ECDHE-PSK-NULL-SHA" +-# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256 "ECDHE-PSK-NULL-SHA256" +-# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384 "ECDHE-PSK-NULL-SHA384" +- +-/* Camellia-CBC ciphersuites from RFC6367 */ +-# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256" +-# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384" +-# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-ECDSA-CAMELLIA128-SHA256" +-# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-ECDSA-CAMELLIA256-SHA384" +-# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-RSA-CAMELLIA128-SHA256" +-# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-RSA-CAMELLIA256-SHA384" +-# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDH-RSA-CAMELLIA128-SHA256" +-# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDH-RSA-CAMELLIA256-SHA384" +- +-/* draft-ietf-tls-chacha20-poly1305-03 */ +-# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +-# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +-# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" +-# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305 "PSK-CHACHA20-POLY1305" +-# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305 "ECDHE-PSK-CHACHA20-POLY1305" +-# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305 "DHE-PSK-CHACHA20-POLY1305" +-# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305 "RSA-PSK-CHACHA20-POLY1305" +- + # define TLS_CT_RSA_SIGN 1 + # define TLS_CT_DSS_SIGN 2 + # define TLS_CT_RSA_FIXED_DH 3 +@@ -875,10 +720,8 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS_CT_ECDSA_SIGN 64 + # define TLS_CT_RSA_FIXED_ECDH 65 + # define TLS_CT_ECDSA_FIXED_ECDH 66 ++# define TLS_CT_GOST94_SIGN 21 + # define TLS_CT_GOST01_SIGN 22 +-# define TLS_CT_GOST12_SIGN 238 +-# define TLS_CT_GOST12_512_SIGN 239 +- + /* + * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see + * comment there) +@@ -887,11 +730,13 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + + # define TLS1_FINISH_MAC_LENGTH 12 + +-# define TLS_MD_MAX_CONST_SIZE 22 ++# define TLS_MD_MAX_CONST_SIZE 20 + # define TLS_MD_CLIENT_FINISH_CONST "client finished" + # define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 + # define TLS_MD_SERVER_FINISH_CONST "server finished" + # define TLS_MD_SERVER_FINISH_CONST_SIZE 15 ++# define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" ++# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 + # define TLS_MD_KEY_EXPANSION_CONST "key expansion" + # define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 + # define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +@@ -902,8 +747,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + # define TLS_MD_IV_BLOCK_CONST_SIZE 8 + # define TLS_MD_MASTER_SECRET_CONST "master secret" + # define TLS_MD_MASTER_SECRET_CONST_SIZE 13 +-# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "extended master secret" +-# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE 22 + + # ifdef CHARSET_EBCDIC + # undef TLS_MD_CLIENT_FINISH_CONST +@@ -953,11 +796,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + * master secret + */ + # define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" +-# undef TLS_MD_EXTENDED_MASTER_SECRET_CONST +-/* +- * extended master secret +- */ +-# define TLS_MD_EXTENDED_MASTER_SECRET_CONST "\x65\x78\x74\x65\x63\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" + # endif + + /* TLS Session Ticket extension struct */ +diff --git a/Cryptlib/Include/openssl/ts.h b/Cryptlib/Include/openssl/ts.h +index a565982..5205bc5 100644 +--- a/Cryptlib/Include/openssl/ts.h ++++ b/Cryptlib/Include/openssl/ts.h +@@ -1,41 +1,197 @@ ++/* crypto/ts/ts.h */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project ++ * 2002, 2003, 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_TS_H + # define HEADER_TS_H + + # include +- +-# ifndef OPENSSL_NO_TS + # include +-# include +-# include +-# include ++# ifndef OPENSSL_NO_BUFFER ++# include ++# endif ++# ifndef OPENSSL_NO_EVP ++# include ++# endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + # include + # include + # include +-# include +-# include +-# include +-# ifdef __cplusplus ++ ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++ ++#ifdef __cplusplus + extern "C" { ++#endif ++ ++# ifdef WIN32 ++/* Under Win32 this is defined in wincrypt.h */ ++# undef X509_NAME + # endif + + # include + # include + +-typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +-typedef struct TS_req_st TS_REQ; +-typedef struct TS_accuracy_st TS_ACCURACY; +-typedef struct TS_tst_info_st TS_TST_INFO; ++/*- ++MessageImprint ::= SEQUENCE { ++ hashAlgorithm AlgorithmIdentifier, ++ hashedMessage OCTET STRING } ++*/ ++ ++typedef struct TS_msg_imprint_st { ++ X509_ALGOR *hash_algo; ++ ASN1_OCTET_STRING *hashed_msg; ++} TS_MSG_IMPRINT; ++ ++/*- ++TimeStampReq ::= SEQUENCE { ++ version INTEGER { v1(1) }, ++ messageImprint MessageImprint, ++ --a hash algorithm OID and the hash value of the data to be ++ --time-stamped ++ reqPolicy TSAPolicyId OPTIONAL, ++ nonce INTEGER OPTIONAL, ++ certReq BOOLEAN DEFAULT FALSE, ++ extensions [0] IMPLICIT Extensions OPTIONAL } ++*/ ++ ++typedef struct TS_req_st { ++ ASN1_INTEGER *version; ++ TS_MSG_IMPRINT *msg_imprint; ++ ASN1_OBJECT *policy_id; /* OPTIONAL */ ++ ASN1_INTEGER *nonce; /* OPTIONAL */ ++ ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ ++ STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ ++} TS_REQ; ++ ++/*- ++Accuracy ::= SEQUENCE { ++ seconds INTEGER OPTIONAL, ++ millis [0] INTEGER (1..999) OPTIONAL, ++ micros [1] INTEGER (1..999) OPTIONAL } ++*/ ++ ++typedef struct TS_accuracy_st { ++ ASN1_INTEGER *seconds; ++ ASN1_INTEGER *millis; ++ ASN1_INTEGER *micros; ++} TS_ACCURACY; ++ ++/*- ++TSTInfo ::= SEQUENCE { ++ version INTEGER { v1(1) }, ++ policy TSAPolicyId, ++ messageImprint MessageImprint, ++ -- MUST have the same value as the similar field in ++ -- TimeStampReq ++ serialNumber INTEGER, ++ -- Time-Stamping users MUST be ready to accommodate integers ++ -- up to 160 bits. ++ genTime GeneralizedTime, ++ accuracy Accuracy OPTIONAL, ++ ordering BOOLEAN DEFAULT FALSE, ++ nonce INTEGER OPTIONAL, ++ -- MUST be present if the similar field was present ++ -- in TimeStampReq. In that case it MUST have the same value. ++ tsa [0] GeneralName OPTIONAL, ++ extensions [1] IMPLICIT Extensions OPTIONAL } ++*/ ++ ++typedef struct TS_tst_info_st { ++ ASN1_INTEGER *version; ++ ASN1_OBJECT *policy_id; ++ TS_MSG_IMPRINT *msg_imprint; ++ ASN1_INTEGER *serial; ++ ASN1_GENERALIZEDTIME *time; ++ TS_ACCURACY *accuracy; ++ ASN1_BOOLEAN ordering; ++ ASN1_INTEGER *nonce; ++ GENERAL_NAME *tsa; ++ STACK_OF(X509_EXTENSION) *extensions; ++} TS_TST_INFO; ++ ++/*- ++PKIStatusInfo ::= SEQUENCE { ++ status PKIStatus, ++ statusString PKIFreeText OPTIONAL, ++ failInfo PKIFailureInfo OPTIONAL } ++ ++From RFC 1510 - section 3.1.1: ++PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String ++ -- text encoded as UTF-8 String (note: each UTF8String SHOULD ++ -- include an RFC 1766 language tag to indicate the language ++ -- of the contained text) ++*/ ++ ++/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ + +-/* Possible values for status. */ + # define TS_STATUS_GRANTED 0 + # define TS_STATUS_GRANTED_WITH_MODS 1 + # define TS_STATUS_REJECTION 2 +@@ -43,7 +199,10 @@ typedef struct TS_tst_info_st TS_TST_INFO; + # define TS_STATUS_REVOCATION_WARNING 4 + # define TS_STATUS_REVOCATION_NOTIFICATION 5 + +-/* Possible values for failure_info. */ ++/* ++ * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c ++ */ ++ + # define TS_INFO_BAD_ALG 0 + # define TS_INFO_BAD_REQUEST 2 + # define TS_INFO_BAD_DATA_FORMAT 5 +@@ -53,15 +212,67 @@ typedef struct TS_tst_info_st TS_TST_INFO; + # define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 + # define TS_INFO_SYSTEM_FAILURE 25 + ++typedef struct TS_status_info_st { ++ ASN1_INTEGER *status; ++ STACK_OF(ASN1_UTF8STRING) *text; ++ ASN1_BIT_STRING *failure_info; ++} TS_STATUS_INFO; ++ ++DECLARE_STACK_OF(ASN1_UTF8STRING) ++DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) ++ ++/*- ++TimeStampResp ::= SEQUENCE { ++ status PKIStatusInfo, ++ timeStampToken TimeStampToken OPTIONAL } ++*/ ++ ++typedef struct TS_resp_st { ++ TS_STATUS_INFO *status_info; ++ PKCS7 *token; ++ TS_TST_INFO *tst_info; ++} TS_RESP; ++ ++/* The structure below would belong to the ESS component. */ ++ ++/*- ++IssuerSerial ::= SEQUENCE { ++ issuer GeneralNames, ++ serialNumber CertificateSerialNumber ++ } ++*/ ++ ++typedef struct ESS_issuer_serial { ++ STACK_OF(GENERAL_NAME) *issuer; ++ ASN1_INTEGER *serial; ++} ESS_ISSUER_SERIAL; + +-typedef struct TS_status_info_st TS_STATUS_INFO; +-typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +-typedef struct ESS_cert_id ESS_CERT_ID; +-typedef struct ESS_signing_cert ESS_SIGNING_CERT; ++/*- ++ESSCertID ::= SEQUENCE { ++ certHash Hash, ++ issuerSerial IssuerSerial OPTIONAL ++} ++*/ + +-DEFINE_STACK_OF(ESS_CERT_ID) ++typedef struct ESS_cert_id { ++ ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ ++ ESS_ISSUER_SERIAL *issuer_serial; ++} ESS_CERT_ID; + +-typedef struct TS_resp_st TS_RESP; ++DECLARE_STACK_OF(ESS_CERT_ID) ++DECLARE_ASN1_SET_OF(ESS_CERT_ID) ++ ++/*- ++SigningCertificate ::= SEQUENCE { ++ certs SEQUENCE OF ESSCertID, ++ policies SEQUENCE OF PolicyInformation OPTIONAL ++} ++*/ ++ ++typedef struct ESS_signing_cert { ++ STACK_OF(ESS_CERT_ID) *cert_ids; ++ STACK_OF(POLICYINFO) *policy_info; ++} ESS_SIGNING_CERT; + + TS_REQ *TS_REQ_new(void); + void TS_REQ_free(TS_REQ *a); +@@ -70,7 +281,7 @@ TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + + TS_REQ *TS_REQ_dup(TS_REQ *a); + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); + int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); + #endif +@@ -85,7 +296,7 @@ TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + + TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); + int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); + #endif +@@ -99,7 +310,7 @@ TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); + TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); + TS_RESP *TS_RESP_dup(TS_RESP *a); + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); + int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); + #endif +@@ -120,7 +331,7 @@ TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); + TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); + int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); + #endif +@@ -156,18 +367,11 @@ ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); + ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + ++void ERR_load_TS_strings(void); ++ + int TS_REQ_set_version(TS_REQ *a, long version); + long TS_REQ_get_version(const TS_REQ *a); + +-int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i); +-const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a); +- +-const STACK_OF(ASN1_UTF8STRING) * +-TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a); +- +-const ASN1_BIT_STRING * +-TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a); +- + int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); + TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +@@ -177,7 +381,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); + ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +-int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); ++int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); + ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + + int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +@@ -190,7 +394,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); + void TS_REQ_ext_free(TS_REQ *a); + int TS_REQ_get_ext_count(TS_REQ *a); + int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +-int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); ++int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); + int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); + X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); + X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +@@ -251,8 +455,7 @@ STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); + void TS_TST_INFO_ext_free(TS_TST_INFO *a); + int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); + int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +-int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, +- int lastpos); ++int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); + int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); + X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); + X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +@@ -300,9 +503,34 @@ typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec, + typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *, + void *); + +-typedef struct TS_resp_ctx TS_RESP_CTX; +- +-DEFINE_STACK_OF_CONST(EVP_MD) ++typedef struct TS_resp_ctx { ++ X509 *signer_cert; ++ EVP_PKEY *signer_key; ++ STACK_OF(X509) *certs; /* Certs to include in signed data. */ ++ STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ ++ ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ ++ STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ ++ ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ ++ ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ ++ ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ ++ unsigned clock_precision_digits; /* fraction of seconds in time stamp ++ * token. */ ++ unsigned flags; /* Optional info, see values above. */ ++ /* Callback functions. */ ++ TS_serial_cb serial_cb; ++ void *serial_cb_data; /* User data for serial_cb. */ ++ TS_time_cb time_cb; ++ void *time_cb_data; /* User data for time_cb. */ ++ TS_extension_cb extension_cb; ++ void *extension_cb_data; /* User data for extension_cb. */ ++ /* These members are used only while creating the response. */ ++ TS_REQ *request; ++ TS_RESP *response; ++ TS_TST_INFO *tst_info; ++} TS_RESP_CTX; ++ ++DECLARE_STACK_OF(EVP_MD) ++DECLARE_ASN1_SET_OF(EVP_MD) + + /* Creates a response context that can be used for generating responses. */ + TS_RESP_CTX *TS_RESP_CTX_new(void); +@@ -314,11 +542,8 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + /* This parameter must be set. */ + int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +-int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, +- const EVP_MD *signer_digest); +- + /* This parameter must be set. */ +-int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); ++int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); + + /* No additional certs are included in the response by default. */ + int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); +@@ -327,7 +552,7 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + * Adds a new acceptable policy, only the default policy is accepted by + * default. + */ +-int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); ++int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); + + /* + * Adds a new acceptable message digest. Note that no message digests are +@@ -440,25 +665,42 @@ int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +-typedef struct TS_verify_ctx TS_VERIFY_CTX; ++typedef struct TS_verify_ctx { ++ /* Set this to the union of TS_VFY_... flags you want to carry out. */ ++ unsigned flags; ++ /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ ++ X509_STORE *store; ++ STACK_OF(X509) *certs; ++ /* Must be set only with TS_VFY_POLICY. */ ++ ASN1_OBJECT *policy; ++ /* ++ * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the ++ * algorithm from the response is used. ++ */ ++ X509_ALGOR *md_alg; ++ unsigned char *imprint; ++ unsigned imprint_len; ++ /* Must be set only with TS_VFY_DATA. */ ++ BIO *data; ++ /* Must be set only with TS_VFY_TSA_NAME. */ ++ ASN1_INTEGER *nonce; ++ /* Must be set only with TS_VFY_TSA_NAME. */ ++ GENERAL_NAME *tsa_name; ++} TS_VERIFY_CTX; + + int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); + int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + + /* + * Declarations related to response verification context, ++ * they are defined in ts/ts_verify_ctx.c. + */ ++ ++/* Set all fields to zero. */ + TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); + void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); + void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); + void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); +-int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f); +-int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f); +-BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b); +-unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, +- unsigned char *hexstr, long len); +-X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s); +-STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs); + + /*- + * If ctx is NULL, it allocates and returns a new object, otherwise +@@ -497,17 +739,18 @@ int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + * ts/ts_conf.c + */ + ++#ifndef OPENSSL_NO_STDIO + X509 *TS_CONF_load_cert(const char *file); + STACK_OF(X509) *TS_CONF_load_certs(const char *file); + EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); ++#endif + const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); + int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +-#ifndef OPENSSL_NO_ENGINE + int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); + int TS_CONF_set_default_engine(const char *name); +-#endif ++#ifndef OPENSSL_NO_STDIO + int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); + int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, +@@ -515,8 +758,7 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, + TS_RESP_CTX *ctx); +-int TS_CONF_set_signer_digest(CONF *conf, const char *section, +- const char *md, TS_RESP_CTX *ctx); ++#endif + int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); + int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +@@ -535,12 +777,12 @@ int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_TS_strings(void); ++void ERR_load_TS_strings(void); + + /* Error codes for the TS functions. */ + + /* Function codes. */ ++# define TS_F_D2I_TS_RESP 147 + # define TS_F_DEF_SERIAL_CB 110 + # define TS_F_DEF_TIME_CB 111 + # define TS_F_ESS_ADD_SIGNING_CERT 112 +@@ -585,6 +827,7 @@ int ERR_load_TS_strings(void); + # define TS_F_TS_RESP_SET_TST_INFO 150 + # define TS_F_TS_RESP_SIGN 136 + # define TS_F_TS_RESP_VERIFY_SIGNATURE 106 ++# define TS_F_TS_RESP_VERIFY_TOKEN 107 + # define TS_F_TS_TST_INFO_SET_ACCURACY 137 + # define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 + # define TS_F_TS_TST_INFO_SET_NONCE 139 +@@ -604,6 +847,7 @@ int ERR_load_TS_strings(void); + # define TS_R_CERTIFICATE_VERIFY_ERROR 100 + # define TS_R_COULD_NOT_SET_ENGINE 127 + # define TS_R_COULD_NOT_SET_TIME 115 ++# define TS_R_D2I_TS_RESP_INT_FAILED 128 + # define TS_R_DETACHED_CONTENT 134 + # define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 + # define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +@@ -636,8 +880,7 @@ int ERR_load_TS_strings(void); + # define TS_R_VAR_LOOKUP_FAILURE 136 + # define TS_R_WRONG_CONTENT_TYPE 114 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/txt_db.h b/Cryptlib/Include/openssl/txt_db.h +index 0e6c943..98e23a2 100644 +--- a/Cryptlib/Include/openssl/txt_db.h ++++ b/Cryptlib/Include/openssl/txt_db.h +@@ -1,17 +1,68 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/txt_db/txt_db.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_TXT_DB_H + # define HEADER_TXT_DB_H + + # include +-# include ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + # include + # include + +@@ -21,14 +72,13 @@ + # define DB_ERROR_INDEX_OUT_OF_RANGE 3 + # define DB_ERROR_NO_INDEX 4 + # define DB_ERROR_INSERT_INDEX_CLASH 5 +-# define DB_ERROR_WRONG_NUM_FIELDS 6 + + #ifdef __cplusplus + extern "C" { + #endif + + typedef OPENSSL_STRING *OPENSSL_PSTRING; +-DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) ++DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + + typedef struct txt_db_st { + int num_fields; +@@ -41,10 +91,15 @@ typedef struct txt_db_st { + OPENSSL_STRING *arg_row; + } TXT_DB; + ++# ifndef OPENSSL_NO_BIO + TXT_DB *TXT_DB_read(BIO *in, int num); + long TXT_DB_write(BIO *out, TXT_DB *db); ++# else ++TXT_DB *TXT_DB_read(char *in, int num); ++long TXT_DB_write(char *out, TXT_DB *db); ++# endif + int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), +- OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp); ++ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); + void TXT_DB_free(TXT_DB *db); + OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + OPENSSL_STRING *value); +diff --git a/Cryptlib/Include/openssl/ui.h b/Cryptlib/Include/openssl/ui.h +index 49e763d..0dc1633 100644 +--- a/Cryptlib/Include/openssl/ui.h ++++ b/Cryptlib/Include/openssl/ui.h +@@ -1,29 +1,79 @@ ++/* crypto/ui/ui.h */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_UI_H + # define HEADER_UI_H + +-# include +- +-# ifndef OPENSSL_NO_UI +- +-# if OPENSSL_API_COMPAT < 0x10100000L +-# include +-# endif +-# include +-# include ++# ifndef OPENSSL_NO_DEPRECATED ++# include ++# endif ++# include ++# include + + #ifdef __cplusplus + extern "C" { + #endif + ++/* Declared already in ossl_typ.h */ ++/* typedef struct ui_st UI; */ ++/* typedef struct ui_method_st UI_METHOD; */ ++ + /* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. When +@@ -78,7 +128,7 @@ void UI_free(UI *ui); + added, so the result is *not* a string. + + On success, the all return an index of the added information. That index +- is useful when retrieving results with UI_get0_result(). */ ++ is usefull when retrieving results with UI_get0_result(). */ + int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); + int UI_dup_input_string(UI *ui, const char *prompt, int flags, +@@ -110,7 +160,7 @@ int UI_dup_error_string(UI *ui, const char *text); + * each UI being marked with this flag, or the application might get + * confused. + */ +-# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 ++# define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + + /*- + * The user of these routines may want to define flags of their own. The core +@@ -122,7 +172,7 @@ int UI_dup_error_string(UI *ui, const char *text); + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + * + */ +-# define UI_INPUT_FLAG_USER_BASE 16 ++# define UI_INPUT_FLAG_USER_BASE 16 + + /*- + * The following function helps construct a prompt. object_desc is a +@@ -179,7 +229,7 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +-# define UI_CTRL_PRINT_ERRORS 1 ++# define UI_CTRL_PRINT_ERRORS 1 + /* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 +@@ -190,9 +240,8 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)); + /* Some methods may use extra data */ + # define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) + # define UI_get_app_data(s) UI_get_ex_data(s,0) +- +-#define UI_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef) ++int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int UI_set_ex_data(UI *r, int idx, void *arg); + void *UI_get_ex_data(UI *r, int idx); + +@@ -220,7 +269,7 @@ UI_METHOD *UI_OpenSSL(void); + display a dialog box after it has been built. + a reader This function is called to read a given prompt, + maybe from the tty, maybe from a field in a +- window. Note that it's called with all string ++ window. Note that it's called wth all string + structures, not only the prompt ones, so it must + check such things itself. + a closer This function closes the session, maybe by closing +@@ -253,7 +302,7 @@ UI_METHOD *UI_OpenSSL(void); + * about a string or a prompt, including test data for a verification prompt. + */ + typedef struct ui_string_st UI_STRING; +-DEFINE_STACK_OF(UI_STRING) ++DECLARE_STACK_OF(UI_STRING) + + /* + * The different types of strings that are currently supported. This is only +@@ -269,7 +318,7 @@ enum UI_string_types { + }; + + /* Create and manipulate methods */ +-UI_METHOD *UI_create_method(const char *name); ++UI_METHOD *UI_create_method(char *name); + void UI_destroy_method(UI_METHOD *ui_method); + int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)); + int UI_method_set_writer(UI_METHOD *method, +@@ -305,7 +354,7 @@ int UI_get_input_flags(UI_STRING *uis); + /* Return the actual string to output (the prompt, info or error) */ + const char *UI_get0_output_string(UI_STRING *uis); + /* +- * Return the optional action string to output (the boolean prompt ++ * Return the optional action string to output (the boolean promtp + * instruction) + */ + const char *UI_get0_action_string(UI_STRING *uis); +@@ -333,19 +382,14 @@ int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_UI_strings(void); ++void ERR_load_UI_strings(void); + + /* Error codes for the UI functions. */ + + /* Function codes. */ +-# define UI_F_CLOSE_CONSOLE 115 +-# define UI_F_ECHO_CONSOLE 116 + # define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 + # define UI_F_GENERAL_ALLOCATE_PROMPT 109 +-# define UI_F_NOECHO_CONSOLE 117 +-# define UI_F_OPEN_CONSOLE 114 +-# define UI_F_UI_CREATE_METHOD 112 ++# define UI_F_GENERAL_ALLOCATE_STRING 100 + # define UI_F_UI_CTRL 111 + # define UI_F_UI_DUP_ERROR_STRING 101 + # define UI_F_UI_DUP_INFO_STRING 102 +@@ -354,7 +398,6 @@ int ERR_load_UI_strings(void); + # define UI_F_UI_DUP_VERIFY_STRING 106 + # define UI_F_UI_GET0_RESULT 107 + # define UI_F_UI_NEW_METHOD 104 +-# define UI_F_UI_PROCESS 113 + # define UI_F_UI_SET_RESULT 105 + + /* Reason codes. */ +@@ -362,17 +405,11 @@ int ERR_load_UI_strings(void); + # define UI_R_INDEX_TOO_LARGE 102 + # define UI_R_INDEX_TOO_SMALL 103 + # define UI_R_NO_RESULT_BUFFER 105 +-# define UI_R_PROCESSING_ERROR 107 + # define UI_R_RESULT_TOO_LARGE 100 + # define UI_R_RESULT_TOO_SMALL 101 +-# define UI_R_SYSASSIGN_ERROR 109 +-# define UI_R_SYSDASSGN_ERROR 110 +-# define UI_R_SYSQIOW_ERROR 111 + # define UI_R_UNKNOWN_CONTROL_COMMAND 106 +-# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE 108 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/openssl/ui_compat.h b/Cryptlib/Include/openssl/ui_compat.h +new file mode 100644 +index 0000000..bf54154 +--- /dev/null ++++ b/Cryptlib/Include/openssl/ui_compat.h +@@ -0,0 +1,88 @@ ++/* crypto/ui/ui.h */ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_UI_COMPAT_H ++# define HEADER_UI_COMPAT_H ++ ++# include ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ * The following functions were previously part of the DES section, and are ++ * provided here for backward compatibility reasons. ++ */ ++ ++# define des_read_pw_string(b,l,p,v) \ ++ _ossl_old_des_read_pw_string((b),(l),(p),(v)) ++# define des_read_pw(b,bf,s,p,v) \ ++ _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) ++ ++int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, ++ int verify); ++int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, ++ int verify); ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/Include/openssl/whrlpool.h b/Cryptlib/Include/openssl/whrlpool.h +index 20ea350..73c749d 100644 +--- a/Cryptlib/Include/openssl/whrlpool.h ++++ b/Cryptlib/Include/openssl/whrlpool.h +@@ -1,23 +1,12 @@ +-/* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + #ifndef HEADER_WHRLPOOL_H + # define HEADER_WHRLPOOL_H + +-#include +- +-# ifndef OPENSSL_NO_WHIRLPOOL + # include + # include +-# ifdef __cplusplus ++ ++#ifdef __cplusplus + extern "C" { +-# endif ++#endif + + # define WHIRLPOOL_DIGEST_LENGTH (512/8) + # define WHIRLPOOL_BBLOCK 512 +@@ -34,15 +23,19 @@ typedef struct { + size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)]; + } WHIRLPOOL_CTX; + ++# ifndef OPENSSL_NO_WHIRLPOOL ++# ifdef OPENSSL_FIPS ++int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c); ++# endif + int WHIRLPOOL_Init(WHIRLPOOL_CTX *c); + int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes); + void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits); + int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c); + unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md); ++# endif + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif +-# endif ++#endif + + #endif +diff --git a/Cryptlib/Include/openssl/x509.h b/Cryptlib/Include/openssl/x509.h +index c8996f3..6fa28eb 100644 +--- a/Cryptlib/Include/openssl/x509.h ++++ b/Cryptlib/Include/openssl/x509.h +@@ -1,12 +1,60 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ +- + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by +@@ -17,28 +65,60 @@ + # define HEADER_X509_H + + # include +-# include + # include +-# include +-# include +-# include ++# ifndef OPENSSL_NO_BUFFER ++# include ++# endif ++# ifndef OPENSSL_NO_EVP ++# include ++# endif ++# ifndef OPENSSL_NO_BIO ++# include ++# endif + # include + # include + # include +-# include + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# include +-# include +-# include ++# ifndef OPENSSL_NO_EC ++# include + # endif + +-# include ++# ifndef OPENSSL_NO_ECDSA ++# include ++# endif ++ ++# ifndef OPENSSL_NO_ECDH ++# include ++# endif ++ ++# ifndef OPENSSL_NO_DEPRECATED ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++# ifndef OPENSSL_NO_DH ++# include ++# endif ++# endif ++ ++# ifndef OPENSSL_NO_SHA ++# include ++# endif ++# include + + #ifdef __cplusplus + extern "C" { + #endif + ++# ifdef OPENSSL_SYS_WIN32 ++/* Under Win32 these are defined in wincrypt.h */ ++# undef X509_NAME ++# undef X509_CERT_PAIR ++# undef X509_EXTENSIONS ++# endif ++ + # define X509_FILETYPE_PEM 1 + # define X509_FILETYPE_ASN1 2 + # define X509_FILETYPE_DEFAULT 3 +@@ -54,11 +134,19 @@ extern "C" { + # define X509v3_KU_DECIPHER_ONLY 0x8000 + # define X509v3_KU_UNDEF 0xffff + ++typedef struct X509_objects_st { ++ int nid; ++ int (*a2i) (void); ++ int (*i2a) (void); ++} X509_OBJECTS; ++ + struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; + } /* X509_ALGOR */ ; + ++DECLARE_ASN1_SET_OF(X509_ALGOR) ++ + typedef STACK_OF(X509_ALGOR) X509_ALGORS; + + typedef struct X509_val_st { +@@ -66,35 +154,152 @@ typedef struct X509_val_st { + ASN1_TIME *notAfter; + } X509_VAL; + +-typedef struct X509_sig_st X509_SIG; +- +-typedef struct X509_name_entry_st X509_NAME_ENTRY; +- +-DEFINE_STACK_OF(X509_NAME_ENTRY) ++struct X509_pubkey_st { ++ X509_ALGOR *algor; ++ ASN1_BIT_STRING *public_key; ++ EVP_PKEY *pkey; ++}; ++ ++typedef struct X509_sig_st { ++ X509_ALGOR *algor; ++ ASN1_OCTET_STRING *digest; ++} X509_SIG; ++ ++typedef struct X509_name_entry_st { ++ ASN1_OBJECT *object; ++ ASN1_STRING *value; ++ int set; ++ int size; /* temp variable */ ++} X509_NAME_ENTRY; ++ ++DECLARE_STACK_OF(X509_NAME_ENTRY) ++DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) ++ ++/* we always keep X509_NAMEs in 2 forms. */ ++struct X509_name_st { ++ STACK_OF(X509_NAME_ENTRY) *entries; ++ int modified; /* true if 'bytes' needs to be built */ ++# ifndef OPENSSL_NO_BUFFER ++ BUF_MEM *bytes; ++# else ++ char *bytes; ++# endif ++/* unsigned long hash; Keep the hash around for lookups */ ++ unsigned char *canon_enc; ++ int canon_enclen; ++} /* X509_NAME */ ; + +-DEFINE_STACK_OF(X509_NAME) ++DECLARE_STACK_OF(X509_NAME) + + # define X509_EX_V_NETSCAPE_HACK 0x8000 + # define X509_EX_V_INIT 0x0001 +-typedef struct X509_extension_st X509_EXTENSION; ++typedef struct X509_extension_st { ++ ASN1_OBJECT *object; ++ ASN1_BOOLEAN critical; ++ ASN1_OCTET_STRING *value; ++} X509_EXTENSION; + + typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +-DEFINE_STACK_OF(X509_EXTENSION) +- +-typedef struct x509_attributes_st X509_ATTRIBUTE; +- +-DEFINE_STACK_OF(X509_ATTRIBUTE) +- +-typedef struct X509_req_info_st X509_REQ_INFO; ++DECLARE_STACK_OF(X509_EXTENSION) ++DECLARE_ASN1_SET_OF(X509_EXTENSION) ++ ++/* a sequence of these are used */ ++typedef struct x509_attributes_st { ++ ASN1_OBJECT *object; ++ int single; /* 0 for a set, 1 for a single item (which is ++ * wrong) */ ++ union { ++ char *ptr; ++ /* ++ * 0 ++ */ STACK_OF(ASN1_TYPE) *set; ++ /* ++ * 1 ++ */ ASN1_TYPE *single; ++ } value; ++} X509_ATTRIBUTE; ++ ++DECLARE_STACK_OF(X509_ATTRIBUTE) ++DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) ++ ++typedef struct X509_req_info_st { ++ ASN1_ENCODING enc; ++ ASN1_INTEGER *version; ++ X509_NAME *subject; ++ X509_PUBKEY *pubkey; ++ /* d=2 hl=2 l= 0 cons: cont: 00 */ ++ STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ ++} X509_REQ_INFO; + +-typedef struct X509_req_st X509_REQ; ++typedef struct X509_req_st { ++ X509_REQ_INFO *req_info; ++ X509_ALGOR *sig_alg; ++ ASN1_BIT_STRING *signature; ++ int references; ++} X509_REQ; ++ ++typedef struct x509_cinf_st { ++ ASN1_INTEGER *version; /* [ 0 ] default of v1 */ ++ ASN1_INTEGER *serialNumber; ++ X509_ALGOR *signature; ++ X509_NAME *issuer; ++ X509_VAL *validity; ++ X509_NAME *subject; ++ X509_PUBKEY *key; ++ ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ++ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ ++ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ ++ ASN1_ENCODING enc; ++} X509_CINF; + +-typedef struct x509_cert_aux_st X509_CERT_AUX; ++/* ++ * This stuff is certificate "auxiliary info" it contains details which are ++ * useful in certificate stores and databases. When used this is tagged onto ++ * the end of the certificate itself ++ */ + +-typedef struct x509_cinf_st X509_CINF; ++typedef struct x509_cert_aux_st { ++ STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ ++ STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ ++ ASN1_UTF8STRING *alias; /* "friendly name" */ ++ ASN1_OCTET_STRING *keyid; /* key id of private key */ ++ STACK_OF(X509_ALGOR) *other; /* other unspecified info */ ++} X509_CERT_AUX; ++ ++struct x509_st { ++ X509_CINF *cert_info; ++ X509_ALGOR *sig_alg; ++ ASN1_BIT_STRING *signature; ++ int valid; ++ int references; ++ char *name; ++ CRYPTO_EX_DATA ex_data; ++ /* These contain copies of various extension values */ ++ long ex_pathlen; ++ long ex_pcpathlen; ++ unsigned long ex_flags; ++ unsigned long ex_kusage; ++ unsigned long ex_xkusage; ++ unsigned long ex_nscert; ++ ASN1_OCTET_STRING *skid; ++ AUTHORITY_KEYID *akid; ++ X509_POLICY_CACHE *policy_cache; ++ STACK_OF(DIST_POINT) *crldp; ++ STACK_OF(GENERAL_NAME) *altname; ++ NAME_CONSTRAINTS *nc; ++# ifndef OPENSSL_NO_RFC3779 ++ STACK_OF(IPAddressFamily) *rfc3779_addr; ++ struct ASIdentifiers_st *rfc3779_asid; ++# endif ++# ifndef OPENSSL_NO_SHA ++ unsigned char sha1_hash[SHA_DIGEST_LENGTH]; ++# endif ++ X509_CERT_AUX *aux; ++} /* X509 */ ; + +-DEFINE_STACK_OF(X509) ++DECLARE_STACK_OF(X509) ++DECLARE_ASN1_SET_OF(X509) + + /* This is used for a table of trust checking functions */ + +@@ -107,11 +312,16 @@ typedef struct x509_trust_st { + void *arg2; + } X509_TRUST; + +-DEFINE_STACK_OF(X509_TRUST) ++DECLARE_STACK_OF(X509_TRUST) ++ ++typedef struct x509_cert_pair_st { ++ X509 *forward; ++ X509 *reverse; ++} X509_CERT_PAIR; + + /* standard trust ids */ + +-# define X509_TRUST_DEFAULT 0 /* Only valid in purpose settings */ ++# define X509_TRUST_DEFAULT -1/* Only valid in purpose settings */ + + # define X509_TRUST_COMPAT 1 + # define X509_TRUST_SSL_CLIENT 2 +@@ -127,14 +337,8 @@ DEFINE_STACK_OF(X509_TRUST) + # define X509_TRUST_MAX 8 + + /* trust_flags values */ +-# define X509_TRUST_DYNAMIC (1U << 0) +-# define X509_TRUST_DYNAMIC_NAME (1U << 1) +-/* No compat trust if self-signed, preempts "DO_SS" */ +-# define X509_TRUST_NO_SS_COMPAT (1U << 2) +-/* Compat trust if no explicit accepted trust EKUs */ +-# define X509_TRUST_DO_SS_COMPAT (1U << 3) +-/* Accept "anyEKU" as a wildcard trust OID */ +-# define X509_TRUST_OK_ANY_EKU (1U << 4) ++# define X509_TRUST_DYNAMIC 1 ++# define X509_TRUST_DYNAMIC_NAME 2 + + /* check_trust return codes */ + +@@ -165,7 +369,8 @@ DEFINE_STACK_OF(X509_TRUST) + + # define XN_FLAG_SEP_MASK (0xf << 16) + +-# define XN_FLAG_COMPAT 0/* Traditional; use old X509_NAME_print */ ++# define XN_FLAG_COMPAT 0/* Traditional SSLeay: use old ++ * X509_NAME_print */ + # define XN_FLAG_SEP_COMMA_PLUS (1 << 16)/* RFC2253 ,+ */ + # define XN_FLAG_SEP_CPLUS_SPC (2 << 16)/* ,+ spaced: more readable */ + # define XN_FLAG_SEP_SPLUS_SPC (3 << 16)/* ;+ spaced */ +@@ -219,11 +424,57 @@ DEFINE_STACK_OF(X509_TRUST) + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +-DEFINE_STACK_OF(X509_REVOKED) +- +-typedef struct X509_crl_info_st X509_CRL_INFO; ++struct x509_revoked_st { ++ ASN1_INTEGER *serialNumber; ++ ASN1_TIME *revocationDate; ++ STACK_OF(X509_EXTENSION) /* optional */ *extensions; ++ /* Set up if indirect CRL */ ++ STACK_OF(GENERAL_NAME) *issuer; ++ /* Revocation reason */ ++ int reason; ++ int sequence; /* load sequence */ ++}; ++ ++DECLARE_STACK_OF(X509_REVOKED) ++DECLARE_ASN1_SET_OF(X509_REVOKED) ++ ++typedef struct X509_crl_info_st { ++ ASN1_INTEGER *version; ++ X509_ALGOR *sig_alg; ++ X509_NAME *issuer; ++ ASN1_TIME *lastUpdate; ++ ASN1_TIME *nextUpdate; ++ STACK_OF(X509_REVOKED) *revoked; ++ STACK_OF(X509_EXTENSION) /* [0] */ *extensions; ++ ASN1_ENCODING enc; ++} X509_CRL_INFO; ++ ++struct X509_crl_st { ++ /* actual signature */ ++ X509_CRL_INFO *crl; ++ X509_ALGOR *sig_alg; ++ ASN1_BIT_STRING *signature; ++ int references; ++ int flags; ++ /* Copies of various extensions */ ++ AUTHORITY_KEYID *akid; ++ ISSUING_DIST_POINT *idp; ++ /* Convenient breakdown of IDP */ ++ int idp_flags; ++ int idp_reasons; ++ /* CRL and base CRL numbers for delta processing */ ++ ASN1_INTEGER *crl_number; ++ ASN1_INTEGER *base_crl_number; ++# ifndef OPENSSL_NO_SHA ++ unsigned char sha1_hash[SHA_DIGEST_LENGTH]; ++# endif ++ STACK_OF(GENERAL_NAMES) *issuers; ++ const X509_CRL_METHOD *meth; ++ void *meth_data; ++} /* X509_CRL */ ; + +-DEFINE_STACK_OF(X509_CRL) ++DECLARE_STACK_OF(X509_CRL) ++DECLARE_ASN1_SET_OF(X509_CRL) + + typedef struct private_key_st { + int version; +@@ -238,8 +489,10 @@ typedef struct private_key_st { + int key_free; /* true if we should auto free key_data */ + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; ++ int references; + } X509_PKEY; + ++# ifndef OPENSSL_NO_EVP + typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; +@@ -247,9 +500,11 @@ typedef struct X509_info_st { + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; ++ int references; + } X509_INFO; + +-DEFINE_STACK_OF(X509_INFO) ++DECLARE_STACK_OF(X509_INFO) ++# endif + + /* + * The next 2 structures and their 8 routines were sent to me by Pat Richard +@@ -263,7 +518,7 @@ typedef struct Netscape_spkac_st { + + typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ +- X509_ALGOR sig_algor; ++ X509_ALGOR *sig_algor; + ASN1_BIT_STRING *signature; + } NETSCAPE_SPKI; + +@@ -302,6 +557,23 @@ typedef struct PBKDF2PARAM_st { + X509_ALGOR *prf; + } PBKDF2PARAM; + ++/* PKCS#8 private key info structure */ ++ ++struct pkcs8_priv_key_info_st { ++ /* Flag for various broken formats */ ++ int broken; ++# define PKCS8_OK 0 ++# define PKCS8_NO_OCTET 1 ++# define PKCS8_EMBEDDED_PARAM 2 ++# define PKCS8_NS_DB 3 ++# define PKCS8_NEG_PRIVKEY 4 ++ ASN1_INTEGER *version; ++ X509_ALGOR *pkeyalg; ++ /* Should be OCTET STRING but some are broken */ ++ ASN1_TYPE *pkey; ++ STACK_OF(X509_ATTRIBUTE) *attributes; ++}; ++ + #ifdef __cplusplus + } + #endif +@@ -316,9 +588,22 @@ extern "C" { + # define X509_EXT_PACK_UNKNOWN 1 + # define X509_EXT_PACK_STRING 2 + ++# define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) ++/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ ++# define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) ++# define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) + # define X509_extract_key(x) X509_get_pubkey(x)/*****/ ++# define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) ++# define X509_REQ_get_subject_name(x) ((x)->req_info->subject) + # define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) + # define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) ++# define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) ++ ++# define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) ++# define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) ++# define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) ++# define X509_CRL_get_issuer(x) ((x)->crl->issuer) ++# define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) + + void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); + X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), +@@ -334,8 +619,15 @@ void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); + void *X509_CRL_get_meth_data(X509_CRL *crl); + ++/* ++ * This one is only used so that a binary form can output, as in ++ * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) ++ */ ++# define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) ++ + const char *X509_verify_cert_error_string(long n); + ++# ifndef OPENSSL_NO_EVP + int X509_verify(X509 *a, EVP_PKEY *r); + + int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +@@ -350,21 +642,16 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + + int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +-int X509_signature_print(BIO *bp, const X509_ALGOR *alg, +- const ASN1_STRING *sig); ++int X509_signature_print(BIO *bp, X509_ALGOR *alg, ASN1_STRING *sig); + + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +-# ifndef OPENSSL_NO_OCSP + int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert); +-# endif + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +-# ifndef OPENSSL_NO_OCSP + int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl); +-# endif + int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + + int X509_pubkey_digest(const X509 *data, const EVP_MD *type, +@@ -377,8 +664,9 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); + int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, + unsigned char *md, unsigned int *len); ++# endif + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + X509 *d2i_X509_fp(FILE *fp, X509 **x509); + int i2d_X509_fp(FILE *fp, X509 *x509); + X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl); +@@ -417,6 +705,7 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); + # endif + ++# ifndef OPENSSL_NO_BIO + X509 *d2i_X509_bio(BIO *bp, X509 **x509); + int i2d_X509_bio(BIO *bp, X509 *x509); + X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); +@@ -453,6 +742,7 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); + int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); + EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); ++# endif + + X509 *X509_dup(X509 *x509); + X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +@@ -463,8 +753,8 @@ X509_REQ *X509_REQ_dup(X509_REQ *req); + X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); + int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, + void *pval); +-void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, +- const void **ppval, const X509_ALGOR *algor); ++void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, ++ X509_ALGOR *algor); + void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); + int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +@@ -495,10 +785,8 @@ DECLARE_ASN1_FUNCTIONS(X509_VAL) + DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) + + int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +-EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key); + EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key); + int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); +-long X509_get_pathlen(X509 *x); + int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp); + EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length); + # ifndef OPENSSL_NO_RSA +@@ -515,11 +803,6 @@ EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); + # endif + + DECLARE_ASN1_FUNCTIONS(X509_SIG) +-void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, +- const ASN1_OCTET_STRING **pdigest); +-void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, +- ASN1_OCTET_STRING **pdigest); +- + DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) + DECLARE_ASN1_FUNCTIONS(X509_REQ) + +@@ -540,8 +823,10 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF) + DECLARE_ASN1_FUNCTIONS(X509) + DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) + +-#define X509_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef) ++DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR) ++ ++int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + int X509_set_ex_data(X509 *r, int idx, void *arg); + void *X509_get_ex_data(X509 *r, int idx); + int i2d_X509_AUX(X509 *a, unsigned char **pp); +@@ -549,26 +834,22 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length); + + int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +-void X509_get0_signature(const ASN1_BIT_STRING **psig, +- const X509_ALGOR **palg, const X509 *x); ++void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, ++ const X509 *x); + int X509_get_signature_nid(const X509 *x); + +-int X509_trusted(const X509 *x); +-int X509_alias_set1(X509 *x, const unsigned char *name, int len); +-int X509_keyid_set1(X509 *x, const unsigned char *id, int len); ++int X509_alias_set1(X509 *x, unsigned char *name, int len); ++int X509_keyid_set1(X509 *x, unsigned char *id, int len); + unsigned char *X509_alias_get0(X509 *x, int *len); + unsigned char *X509_keyid_get0(X509 *x, int *len); + int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *, + int); + int X509_TRUST_set(int *t, int trust); +-int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +-int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); ++int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); ++int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); + void X509_trust_clear(X509 *x); + void X509_reject_clear(X509 *x); + +-STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x); +-STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x); +- + DECLARE_ASN1_FUNCTIONS(X509_REVOKED) + DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) + DECLARE_ASN1_FUNCTIONS(X509_CRL) +@@ -580,14 +861,18 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + + X509_PKEY *X509_PKEY_new(void); + void X509_PKEY_free(X509_PKEY *a); ++int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp); ++X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, ++ long length); + + DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) + DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) + DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) + ++# ifndef OPENSSL_NO_EVP + X509_INFO *X509_INFO_new(void); + void X509_INFO_free(X509_INFO *a); +-char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size); ++char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); + + int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey); +@@ -611,61 +896,26 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + void *asn, EVP_MD_CTX *ctx); ++# endif + +-long X509_get_version(const X509 *x); + int X509_set_version(X509 *x, long version); + int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); + ASN1_INTEGER *X509_get_serialNumber(X509 *x); +-const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); + int X509_set_issuer_name(X509 *x, X509_NAME *name); +-X509_NAME *X509_get_issuer_name(const X509 *a); ++X509_NAME *X509_get_issuer_name(X509 *a); + int X509_set_subject_name(X509 *x, X509_NAME *name); +-X509_NAME *X509_get_subject_name(const X509 *a); +-const ASN1_TIME * X509_get0_notBefore(const X509 *x); +-ASN1_TIME *X509_getm_notBefore(const X509 *x); +-int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +-const ASN1_TIME *X509_get0_notAfter(const X509 *x); +-ASN1_TIME *X509_getm_notAfter(const X509 *x); +-int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); ++X509_NAME *X509_get_subject_name(X509 *a); ++int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); ++int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); + int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +-int X509_up_ref(X509 *x); +-int X509_get_signature_type(const X509 *x); +- +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define X509_get_notBefore X509_getm_notBefore +-# define X509_get_notAfter X509_getm_notAfter +-# define X509_set_notBefore X509_set1_notBefore +-# define X509_set_notAfter X509_set1_notAfter +-#endif +- +- +-/* +- * This one is only used so that a binary form can output, as in +- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) +- */ +-X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); +-const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +-void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, +- const ASN1_BIT_STRING **psuid); +-const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +- +-EVP_PKEY *X509_get0_pubkey(const X509 *x); + EVP_PKEY *X509_get_pubkey(X509 *x); + ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +-int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); ++int X509_certificate_type(X509 *x, EVP_PKEY *pubkey /* optional */ ); + +-long X509_REQ_get_version(const X509_REQ *req); + int X509_REQ_set_version(X509_REQ *x, long version); +-X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req); + int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +-void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, +- const X509_ALGOR **palg); +-int X509_REQ_get_signature_nid(const X509_REQ *req); +-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); + int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); + EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req); +-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req); +-X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); + int X509_REQ_extension_nid(int nid); + int *X509_REQ_get_extension_nids(void); + void X509_REQ_set_extension_nids(int *nids); +@@ -675,7 +925,7 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); + int X509_REQ_get_attr_count(const X509_REQ *req); + int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); +-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, ++int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); + X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +@@ -692,42 +942,19 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, + + int X509_CRL_set_version(X509_CRL *x, long version); + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +-int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +-int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); ++int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); ++int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); + int X509_CRL_sort(X509_CRL *crl); +-int X509_CRL_up_ref(X509_CRL *crl); + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate +-# define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate +-#endif +- +-long X509_CRL_get_version(const X509_CRL *crl); +-const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +-const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +-DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)) +-DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)) +-X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +-const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +-STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +-void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, +- const X509_ALGOR **palg); +-int X509_CRL_get_signature_nid(const X509_CRL *crl); +-int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); +- +-const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); + int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +-const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); + int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +-const STACK_OF(X509_EXTENSION) * +-X509_REVOKED_get0_extensions(const X509_REVOKED *r); + + X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + EVP_PKEY *skey, const EVP_MD *md, unsigned int flags); + + int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey); + +-int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); ++int X509_check_private_key(X509 *x509, EVP_PKEY *pkey); + int X509_chain_check_suiteb(int *perror_depth, + X509 *x, STACK_OF(X509) *chain, + unsigned long flags); +@@ -755,81 +982,78 @@ unsigned long X509_NAME_hash_old(X509_NAME *x); + + int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); + int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +-int X509_aux_print(BIO *out, X509 *x, int indent); +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); + int X509_print_fp(FILE *bp, X509 *x); + int X509_CRL_print_fp(FILE *bp, X509_CRL *x); + int X509_REQ_print_fp(FILE *bp, X509_REQ *req); +-int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, ++int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, + unsigned long flags); + # endif + +-int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +-int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, ++# ifndef OPENSSL_NO_BIO ++int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); ++int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, + unsigned long flags); + int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag, + unsigned long cflag); + int X509_print(BIO *bp, X509 *x); + int X509_ocspid_print(BIO *bp, X509 *x); ++int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent); + int X509_CRL_print(BIO *bp, X509_CRL *x); + int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, + unsigned long cflag); + int X509_REQ_print(BIO *bp, X509_REQ *req); ++# endif + +-int X509_NAME_entry_count(const X509_NAME *name); ++int X509_NAME_entry_count(X509_NAME *name); + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); +-int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, ++int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + char *buf, int len); + + /* +- * NOTE: you should be passing -1, not 0 as lastpos. The functions that use ++ * NOTE: you should be passsing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. + */ + int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos); +-int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, ++int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, + int lastpos); +-X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); ++X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); + X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +-int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, ++int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, + int loc, int set); +-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len, int loc, ++int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, ++ unsigned char *bytes, int len, int loc, + int set); + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +- const unsigned char *bytes, int len, int loc, ++ unsigned char *bytes, int len, int loc, + int set); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, + const unsigned char *bytes, + int len); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +- int type, +- const unsigned char *bytes, ++ int type, unsigned char *bytes, + int len); + int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, + int set); + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +- const ASN1_OBJECT *obj, int type, ++ ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len); +-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj); ++int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj); + int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +-ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +-ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +-int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); +- +-int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +- size_t *pderlen); ++ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); ++ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + + int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); + int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); + int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, +- const ASN1_OBJECT *obj, int lastpos); ++ ASN1_OBJECT *obj, int lastpos); + int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); + X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +@@ -837,40 +1061,37 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); + STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +-int X509_get_ext_count(const X509 *x); +-int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +-int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos); +-int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +-X509_EXTENSION *X509_get_ext(const X509 *x, int loc); ++int X509_get_ext_count(X509 *x); ++int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); ++int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos); ++int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); ++X509_EXTENSION *X509_get_ext(X509 *x, int loc); + X509_EXTENSION *X509_delete_ext(X509 *x, int loc); + int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +-void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); ++void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); + int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +-int X509_CRL_get_ext_count(const X509_CRL *x); +-int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); +-int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, +- int lastpos); +-int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); +-X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); ++int X509_CRL_get_ext_count(X509_CRL *x); ++int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); ++int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos); ++int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); ++X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); + int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +-void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx); ++void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); + int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags); + +-int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +-int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos); +-int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, ++int X509_REVOKED_get_ext_count(X509_REVOKED *x); ++int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); ++int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, + int lastpos); +-int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, +- int lastpos); +-X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); ++int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); ++X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); + X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); + int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); +-void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, +- int *idx); ++void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); + int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags); + +@@ -878,20 +1099,20 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, + ASN1_OCTET_STRING *data); + X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +- const ASN1_OBJECT *obj, int crit, ++ ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data); +-int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj); ++int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj); + int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); + int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); + ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex); + ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +-int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); ++int X509_EXTENSION_get_critical(X509_EXTENSION *ex); + + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); + int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); + int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, +- const ASN1_OBJECT *obj, int lastpos); ++ ASN1_OBJECT *obj, int lastpos); + X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); + X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, +@@ -910,8 +1131,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + int type, + const unsigned char *bytes, + int len); +-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +- const ASN1_OBJECT *obj, int lastpos, int type); ++void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj, ++ int lastpos, int type); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); +@@ -928,13 +1149,13 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); + void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); +-int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); ++int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); + ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); + ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + + int EVP_PKEY_get_attr_count(const EVP_PKEY *key); + int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); +-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, ++int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); + X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +@@ -971,13 +1192,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +-#ifndef OPENSSL_NO_SCRYPT +-X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, +- const unsigned char *salt, int saltlen, +- unsigned char *aiv, uint64_t N, uint64_t r, +- uint64_t p); +-#endif +- + X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); + +@@ -985,20 +1199,17 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + + DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) + +-EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); ++EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); + PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); ++PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); ++PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + + int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, int ptype, void *pval, + unsigned char *penc, int penclen); +-int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, ++int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, +- const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); +- +-const STACK_OF(X509_ATTRIBUTE) * +-PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +-int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, +- const unsigned char *bytes, int len); ++ X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8); + + int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, +@@ -1012,11 +1223,11 @@ int X509_TRUST_get_count(void); + X509_TRUST *X509_TRUST_get0(int idx); + int X509_TRUST_get_by_id(int id); + int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), +- const char *name, int arg1, void *arg2); ++ char *name, int arg1, void *arg2); + void X509_TRUST_cleanup(void); +-int X509_TRUST_get_flags(const X509_TRUST *xp); +-char *X509_TRUST_get0_name(const X509_TRUST *xp); +-int X509_TRUST_get_trust(const X509_TRUST *xp); ++int X509_TRUST_get_flags(X509_TRUST *xp); ++char *X509_TRUST_get0_name(X509_TRUST *xp); ++int X509_TRUST_get_trust(X509_TRUST *xp); + + /* BEGIN ERROR CODES */ + /* +@@ -1024,17 +1235,15 @@ int X509_TRUST_get_trust(const X509_TRUST *xp); + * made after this point may be overwritten when the script is next run. + */ + +-int ERR_load_X509_strings(void); ++void ERR_load_X509_strings(void); + + /* Error codes for the X509 functions. */ + + /* Function codes. */ + # define X509_F_ADD_CERT_DIR 100 +-# define X509_F_BUILD_CHAIN 106 + # define X509_F_BY_FILE_CTRL 101 +-# define X509_F_CHECK_NAME_CONSTRAINTS 149 ++# define X509_F_CHECK_NAME_CONSTRAINTS 106 + # define X509_F_CHECK_POLICY 145 +-# define X509_F_DANE_I2D 107 + # define X509_F_DIR_CTRL 102 + # define X509_F_GET_CERT_BY_SUBJECT 103 + # define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +@@ -1061,10 +1270,8 @@ int ERR_load_X509_strings(void); + # define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 + # define X509_F_X509_NAME_ONELINE 116 + # define X509_F_X509_NAME_PRINT 117 +-# define X509_F_X509_OBJECT_NEW 150 + # define X509_F_X509_PRINT_EX_FP 118 +-# define X509_F_X509_PUBKEY_DECODE 148 +-# define X509_F_X509_PUBKEY_GET0 119 ++# define X509_F_X509_PUBKEY_GET 119 + # define X509_F_X509_PUBKEY_SET 120 + # define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 + # define X509_F_X509_REQ_PRINT_EX 121 +@@ -1083,13 +1290,13 @@ int ERR_load_X509_strings(void); + + /* Reason codes. */ + # define X509_R_AKID_MISMATCH 110 +-# define X509_R_BAD_SELECTOR 133 + # define X509_R_BAD_X509_FILETYPE 100 + # define X509_R_BASE64_DECODE_ERROR 118 + # define X509_R_CANT_CHECK_DH_KEY 114 + # define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 + # define X509_R_CRL_ALREADY_DELTA 127 + # define X509_R_CRL_VERIFY_FAILURE 131 ++# define X509_R_ERR_ASN1_LIB 102 + # define X509_R_IDP_MISMATCH 128 + # define X509_R_INVALID_DIRECTORY 113 + # define X509_R_INVALID_FIELD_NAME 119 +diff --git a/Cryptlib/Include/openssl/x509_vfy.h b/Cryptlib/Include/openssl/x509_vfy.h +index 64f56df..e90d931 100644 +--- a/Cryptlib/Include/openssl/x509_vfy.h ++++ b/Cryptlib/Include/openssl/x509_vfy.h +@@ -1,24 +1,76 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_vfy.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#ifndef HEADER_X509_VFY_H +-# define HEADER_X509_VFY_H +- ++#ifndef HEADER_X509_H ++# include + /* +- * Protect against recursion, x509.h and x509_vfy.h each include the other. ++ * openssl/x509.h ends up #include-ing this file at about the only ++ * appropriate moment. + */ +-# ifndef HEADER_X509_H +-# include +-# endif ++#endif ++ ++#ifndef HEADER_X509_VFY_H ++# define HEADER_X509_VFY_H + + # include +-# include ++# ifndef OPENSSL_NO_LHASH ++# include ++# endif + # include + # include + # include +@@ -27,6 +79,24 @@ + extern "C" { + #endif + ++# if 0 ++/* Outer object */ ++typedef struct x509_hash_dir_st { ++ int num_dirs; ++ char **dirs; ++ int *dirs_type; ++ int num_dirs_alloced; ++} X509_HASH_DIR_CTX; ++# endif ++ ++typedef struct x509_file_st { ++ int num_paths; /* number of paths to files or directories */ ++ int num_alloced; ++ char **paths; /* the list of paths or directories */ ++ int *path_type; ++} X509_CERT_FILE_CTX; ++ ++/*******************************/ + /*- + SSL_CTX -> X509_STORE + -> X509_LOOKUP +@@ -44,41 +114,187 @@ The X509_STORE then calls a function to actually verify the + certificate chain. + */ + +-typedef enum { +- X509_LU_NONE = 0, +- X509_LU_X509, X509_LU_CRL +-} X509_LOOKUP_TYPE; ++# define X509_LU_RETRY -1 ++# define X509_LU_FAIL 0 ++# define X509_LU_X509 1 ++# define X509_LU_CRL 2 ++# define X509_LU_PKEY 3 ++ ++typedef struct x509_object_st { ++ /* one of the above types */ ++ int type; ++ union { ++ char *ptr; ++ X509 *x509; ++ X509_CRL *crl; ++ EVP_PKEY *pkey; ++ } data; ++} X509_OBJECT; ++ ++typedef struct x509_lookup_st X509_LOOKUP; ++ ++DECLARE_STACK_OF(X509_LOOKUP) ++DECLARE_STACK_OF(X509_OBJECT) ++ ++/* This is a static that defines the function interface */ ++typedef struct x509_lookup_method_st { ++ const char *name; ++ int (*new_item) (X509_LOOKUP *ctx); ++ void (*free) (X509_LOOKUP *ctx); ++ int (*init) (X509_LOOKUP *ctx); ++ int (*shutdown) (X509_LOOKUP *ctx); ++ int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, ++ char **ret); ++ int (*get_by_subject) (X509_LOOKUP *ctx, int type, X509_NAME *name, ++ X509_OBJECT *ret); ++ int (*get_by_issuer_serial) (X509_LOOKUP *ctx, int type, X509_NAME *name, ++ ASN1_INTEGER *serial, X509_OBJECT *ret); ++ int (*get_by_fingerprint) (X509_LOOKUP *ctx, int type, ++ unsigned char *bytes, int len, ++ X509_OBJECT *ret); ++ int (*get_by_alias) (X509_LOOKUP *ctx, int type, char *str, int len, ++ X509_OBJECT *ret); ++} X509_LOOKUP_METHOD; + +-#if OPENSSL_API_COMPAT < 0x10100000L +-#define X509_LU_RETRY -1 +-#define X509_LU_FAIL 0 +-#endif ++typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; ++ ++/* ++ * This structure hold all parameters associated with a verify operation by ++ * including an X509_VERIFY_PARAM structure in related structures the ++ * parameters used can be customized ++ */ ++ ++typedef struct X509_VERIFY_PARAM_st { ++ char *name; ++ time_t check_time; /* Time to use */ ++ unsigned long inh_flags; /* Inheritance flags */ ++ unsigned long flags; /* Various verify flags */ ++ int purpose; /* purpose to check untrusted certificates */ ++ int trust; /* trust setting to check */ ++ int depth; /* Verify depth */ ++ STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ ++ X509_VERIFY_PARAM_ID *id; /* opaque ID data */ ++} X509_VERIFY_PARAM; + +-DEFINE_STACK_OF(X509_LOOKUP) +-DEFINE_STACK_OF(X509_OBJECT) +-DEFINE_STACK_OF(X509_VERIFY_PARAM) ++DECLARE_STACK_OF(X509_VERIFY_PARAM) ++ ++/* ++ * This is used to hold everything. It is used for all certificate ++ * validation. Once we have a certificate chain, the 'verify' function is ++ * then called to actually check the cert chain. ++ */ ++struct x509_store_st { ++ /* The following is a cache of trusted certs */ ++ int cache; /* if true, stash any hits */ ++ STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ ++ /* These are external lookup methods */ ++ STACK_OF(X509_LOOKUP) *get_cert_methods; ++ X509_VERIFY_PARAM *param; ++ /* Callbacks for various operations */ ++ /* called to verify a certificate */ ++ int (*verify) (X509_STORE_CTX *ctx); ++ /* error callback */ ++ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); ++ /* get issuers cert from ctx */ ++ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); ++ /* check issued */ ++ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); ++ /* Check revocation status of chain */ ++ int (*check_revocation) (X509_STORE_CTX *ctx); ++ /* retrieve CRL */ ++ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); ++ /* Check CRL validity */ ++ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); ++ /* Check certificate against CRL */ ++ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); ++ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); ++ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); ++ int (*cleanup) (X509_STORE_CTX *ctx); ++ CRYPTO_EX_DATA ex_data; ++ int references; ++} /* X509_STORE */ ; + + int X509_STORE_set_depth(X509_STORE *store, int depth); + +-typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); +-typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); +-typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, +- X509_STORE_CTX *ctx, X509 *x); +-typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, +- X509 *x, X509 *issuer); +-typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); +-typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, +- X509_CRL **crl, X509 *x); +-typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); +-typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, +- X509_CRL *crl, X509 *x); +-typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); +-typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, +- X509_NAME *nm); +-typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, +- X509_NAME *nm); +-typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); ++# define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) ++# define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) + ++/* This is the functions plus an instance of the local variables. */ ++struct x509_lookup_st { ++ int init; /* have we been started */ ++ int skip; /* don't use us. */ ++ X509_LOOKUP_METHOD *method; /* the functions */ ++ char *method_data; /* method data */ ++ X509_STORE *store_ctx; /* who owns us */ ++} /* X509_LOOKUP */ ; ++ ++/* ++ * This is a used when verifying cert chains. Since the gathering of the ++ * cert chain can take some time (and have to be 'retried', this needs to be ++ * kept and passed around. ++ */ ++struct x509_store_ctx_st { /* X509_STORE_CTX */ ++ X509_STORE *ctx; ++ /* used when looking up certs */ ++ int current_method; ++ /* The following are set by the caller */ ++ /* The cert to check */ ++ X509 *cert; ++ /* chain of X509s - untrusted - passed in */ ++ STACK_OF(X509) *untrusted; ++ /* set of CRLs passed in */ ++ STACK_OF(X509_CRL) *crls; ++ X509_VERIFY_PARAM *param; ++ /* Other info for use with get_issuer() */ ++ void *other_ctx; ++ /* Callbacks for various operations */ ++ /* called to verify a certificate */ ++ int (*verify) (X509_STORE_CTX *ctx); ++ /* error callback */ ++ int (*verify_cb) (int ok, X509_STORE_CTX *ctx); ++ /* get issuers cert from ctx */ ++ int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); ++ /* check issued */ ++ int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); ++ /* Check revocation status of chain */ ++ int (*check_revocation) (X509_STORE_CTX *ctx); ++ /* retrieve CRL */ ++ int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); ++ /* Check CRL validity */ ++ int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); ++ /* Check certificate against CRL */ ++ int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); ++ int (*check_policy) (X509_STORE_CTX *ctx); ++ STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); ++ STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); ++ int (*cleanup) (X509_STORE_CTX *ctx); ++ /* The following is built up */ ++ /* if 0, rebuild chain */ ++ int valid; ++ /* index of last untrusted cert */ ++ int last_untrusted; ++ /* chain of X509s - built up and trusted */ ++ STACK_OF(X509) *chain; ++ /* Valid policy tree */ ++ X509_POLICY_TREE *tree; ++ /* Require explicit policy value */ ++ int explicit_policy; ++ /* When something goes wrong, this is why */ ++ int error_depth; ++ int error; ++ X509 *current_cert; ++ /* cert currently being tested as valid issuer */ ++ X509 *current_issuer; ++ /* current CRL */ ++ X509_CRL *current_crl; ++ /* score of current CRL */ ++ int current_crl_score; ++ /* Reason mask */ ++ unsigned int current_reasons; ++ /* For CRL path validation: parent context */ ++ X509_STORE_CTX *parent; ++ CRYPTO_EX_DATA ex_data; ++} /* X509_STORE_CTX */ ; + + void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +@@ -98,6 +314,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + + # define X509_V_OK 0 + # define X509_V_ERR_UNSPECIFIED 1 ++ + # define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 + # define X509_V_ERR_UNABLE_TO_GET_CRL 3 + # define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +@@ -130,6 +347,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_ERR_AKID_SKID_MISMATCH 30 + # define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 + # define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 ++ + # define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 + # define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 + # define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +@@ -138,23 +356,24 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 + # define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 + # define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 ++ + # define X509_V_ERR_INVALID_EXTENSION 41 + # define X509_V_ERR_INVALID_POLICY_EXTENSION 42 + # define X509_V_ERR_NO_EXPLICIT_POLICY 43 + # define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 + # define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 ++ + # define X509_V_ERR_UNNESTED_RESOURCE 46 ++ + # define X509_V_ERR_PERMITTED_VIOLATION 47 + # define X509_V_ERR_EXCLUDED_VIOLATION 48 + # define X509_V_ERR_SUBTREE_MINMAX 49 +-/* The application is not happy */ + # define X509_V_ERR_APPLICATION_VERIFICATION 50 + # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 + # define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 + # define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 + # define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 +-/* Another issuer check debug option */ +-# define X509_V_ERR_PATH_LOOP 55 ++ + /* Suite B mode algorithm violation */ + # define X509_V_ERR_SUITE_B_INVALID_VERSION 56 + # define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57 +@@ -162,30 +381,23 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59 + # define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60 + # define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61 ++ + /* Host, email and IP check errors */ + # define X509_V_ERR_HOSTNAME_MISMATCH 62 + # define X509_V_ERR_EMAIL_MISMATCH 63 + # define X509_V_ERR_IP_ADDRESS_MISMATCH 64 +-/* DANE TLSA errors */ +-# define X509_V_ERR_DANE_NO_MATCH 65 +-/* security level errors */ +-# define X509_V_ERR_EE_KEY_TOO_SMALL 66 +-# define X509_V_ERR_CA_KEY_TOO_SMALL 67 +-# define X509_V_ERR_CA_MD_TOO_WEAK 68 ++ + /* Caller error */ +-# define X509_V_ERR_INVALID_CALL 69 ++# define X509_V_ERR_INVALID_CALL 65 + /* Issuer lookup error */ +-# define X509_V_ERR_STORE_LOOKUP 70 +-/* Certificate transparency */ +-# define X509_V_ERR_NO_VALID_SCTS 71 ++# define X509_V_ERR_STORE_LOOKUP 66 + +-# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 ++# define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 67 + + /* Certificate verify flags */ + +-# if OPENSSL_API_COMPAT < 0x10100000L +-# define X509_V_FLAG_CB_ISSUER_CHECK 0x0 /* Deprecated */ +-# endif ++/* Send issuer+subject checks to verify_cb */ ++# define X509_V_FLAG_CB_ISSUER_CHECK 0x1 + /* Use check time instead of current time */ + # define X509_V_FLAG_USE_CHECK_TIME 0x2 + /* Lookup CRLs */ +@@ -212,7 +424,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 + /* Delta CRL support */ + # define X509_V_FLAG_USE_DELTAS 0x2000 +-/* Check self-signed CA signature */ ++/* Check selfsigned CA signature */ + # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 + /* Use trusted store first */ + # define X509_V_FLAG_TRUSTED_FIRST 0x8000 +@@ -222,11 +434,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + # define X509_V_FLAG_SUITEB_192_LOS 0x20000 + /* Suite B 128 bit mode allowing 192 bit algorithms */ + # define X509_V_FLAG_SUITEB_128_LOS 0x30000 ++ + /* Allow partial chains if at least one certificate is in trusted store */ + # define X509_V_FLAG_PARTIAL_CHAIN 0x80000 + /* + * If the initial chain is not trusted, do not attempt to build an alternative +- * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag ++ * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. + */ + # define X509_V_FLAG_NO_ALT_CHAINS 0x100000 +@@ -245,83 +458,31 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, ++int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name); + X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, +- X509_LOOKUP_TYPE type, +- X509_NAME *name); ++ int type, X509_NAME *name); + X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + X509_OBJECT *x); +-int X509_OBJECT_up_ref_count(X509_OBJECT *a); +-X509_OBJECT *X509_OBJECT_new(void); +-void X509_OBJECT_free(X509_OBJECT *a); +-X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +-X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a); +-X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); ++void X509_OBJECT_up_ref_count(X509_OBJECT *a); ++void X509_OBJECT_free_contents(X509_OBJECT *a); + X509_STORE *X509_STORE_new(void); + void X509_STORE_free(X509_STORE *v); +-int X509_STORE_lock(X509_STORE *ctx); +-int X509_STORE_unlock(X509_STORE *ctx); +-int X509_STORE_up_ref(X509_STORE *v); +-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v); + +-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +-STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); ++STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); ++STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); + int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); + int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); + int X509_STORE_set_trust(X509_STORE *ctx, int trust); + int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +-X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); +-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); + +-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +-#define X509_STORE_set_verify_func(ctx, func) \ +- X509_STORE_set_verify((ctx),(func)) +-void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, +- X509_STORE_CTX_verify_fn verify); +-X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); + void X509_STORE_set_verify_cb(X509_STORE *ctx, +- X509_STORE_CTX_verify_cb verify_cb); +-# define X509_STORE_set_verify_cb_func(ctx,func) \ +- X509_STORE_set_verify_cb((ctx),(func)) +-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx); +-void X509_STORE_set_get_issuer(X509_STORE *ctx, +- X509_STORE_CTX_get_issuer_fn get_issuer); +-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx); +-void X509_STORE_set_check_issued(X509_STORE *ctx, +- X509_STORE_CTX_check_issued_fn check_issued); +-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx); +-void X509_STORE_set_check_revocation(X509_STORE *ctx, +- X509_STORE_CTX_check_revocation_fn check_revocation); +-X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx); +-void X509_STORE_set_get_crl(X509_STORE *ctx, +- X509_STORE_CTX_get_crl_fn get_crl); +-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx); +-void X509_STORE_set_check_crl(X509_STORE *ctx, +- X509_STORE_CTX_check_crl_fn check_crl); +-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx); +-void X509_STORE_set_cert_crl(X509_STORE *ctx, +- X509_STORE_CTX_cert_crl_fn cert_crl); +-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx); +-void X509_STORE_set_check_policy(X509_STORE *ctx, +- X509_STORE_CTX_check_policy_fn check_policy); +-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx); +-void X509_STORE_set_lookup_certs(X509_STORE *ctx, +- X509_STORE_CTX_lookup_certs_fn lookup_certs); +-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx); +-void X509_STORE_set_lookup_crls(X509_STORE *ctx, +- X509_STORE_CTX_lookup_crls_fn lookup_crls); +-#define X509_STORE_set_lookup_crls_cb(ctx, func) \ +- X509_STORE_set_lookup_crls((ctx), (func)) +-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx); +-void X509_STORE_set_cleanup(X509_STORE *ctx, +- X509_STORE_CTX_cleanup_fn cleanup); +-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx); +- +-#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef) +-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data); +-void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx); ++ int (*verify_cb) (int, X509_STORE_CTX *)); ++ ++void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, ++ STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX ++ *ctx, ++ X509_NAME *nm)); + + X509_STORE_CTX *X509_STORE_CTX_new(void); + +@@ -330,93 +491,70 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + void X509_STORE_CTX_free(X509_STORE_CTX *ctx); + int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +-void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); ++void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); + void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + + X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx); +-X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +-STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +-void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +-void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +- X509_STORE_CTX_verify_cb verify); +-X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); +-X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); +-X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx); +-X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); +-X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx); +-X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx); +-X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx); +-X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx); +-X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx); +-X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx); +-X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx); +-X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx); +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain +-# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted +-# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack +-# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +-# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs +-# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls +-#endif + + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); ++ ++#ifndef OPENSSL_NO_STDIO + X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); + X509_LOOKUP_METHOD *X509_LOOKUP_file(void); ++#endif + + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); + int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +-int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, +- X509_NAME *name, X509_OBJECT *ret); +-X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, +- X509_LOOKUP_TYPE type, +- X509_NAME *name); ++int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, ++ X509_OBJECT *ret); + + int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + ++# ifndef OPENSSL_NO_STDIO + int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); + int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); ++# endif + + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); + void X509_LOOKUP_free(X509_LOOKUP *ctx); + int X509_LOOKUP_init(X509_LOOKUP *ctx); +-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- X509_NAME *name, X509_OBJECT *ret); +-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- X509_NAME *name, ASN1_INTEGER *serial, +- X509_OBJECT *ret); +-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- const unsigned char *bytes, int len, ++int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, ++ X509_OBJECT *ret); ++int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, ++ ASN1_INTEGER *serial, X509_OBJECT *ret); ++int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, ++ unsigned char *bytes, int len, + X509_OBJECT *ret); +-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- const char *str, int len, X509_OBJECT *ret); ++int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, ++ X509_OBJECT *ret); + int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); + ++# ifndef OPENSSL_NO_STDIO + int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); + int X509_STORE_set_default_paths(X509_STORE *ctx); ++# endif + +-#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \ +- CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef) ++int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, ++ CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); + int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data); + void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx); + int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); + int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +-void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +-void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); + X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); + X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); + X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +-STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); ++STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); + STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +-void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); ++void X509_STORE_CTX_set_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); + void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); + int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +@@ -425,22 +563,16 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); + void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); ++void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, ++ int (*verify_cb) (int, X509_STORE_CTX *)); + + X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); + int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); +-int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + + X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +-/* +- * Bridge opacity barrier between libcrypt and libssl, also needed to support +- * offline testing in test/danetest.c +- */ +-void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane); +-#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0) +- + /* X509_VERIFY_PARAM functions */ + + X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +@@ -458,18 +590,12 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); + int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); + void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +-void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +-time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); + int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); + int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); + +-int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, +- uint32_t flags); +-uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param); +- + int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen); + int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, +@@ -477,7 +603,6 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); + char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *); +-void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *); + int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen); + int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, +@@ -486,7 +611,6 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, + const char *ipasc); + + int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +-int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param); + const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); + + int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +@@ -495,19 +619,6 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); + const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); + void X509_VERIFY_PARAM_table_cleanup(void); + +-/* Non positive return values are errors */ +-#define X509_PCY_TREE_FAILURE -2 /* Failure to satisfy explicit policy */ +-#define X509_PCY_TREE_INVALID -1 /* Inconsistent or invalid extensions */ +-#define X509_PCY_TREE_INTERNAL 0 /* Internal error, most likely malloc */ +- +-/* +- * Positive return values form a bit mask, all but the first are internal to +- * the library and don't appear in results from X509_policy_check(). +- */ +-#define X509_PCY_TREE_VALID 1 /* The policy tree is valid */ +-#define X509_PCY_TREE_EMPTY 2 /* The policy tree is empty */ +-#define X509_PCY_TREE_EXPLICIT 4 /* Explicit policy required */ +- + int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags); +diff --git a/Cryptlib/Include/openssl/x509v3.h b/Cryptlib/Include/openssl/x509v3.h +index 1d8ef87..a2e78aa 100644 +--- a/Cryptlib/Include/openssl/x509v3.h ++++ b/Cryptlib/Include/openssl/x509v3.h +@@ -1,12 +1,61 @@ ++/* x509v3.h */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + #ifndef HEADER_X509V3_H + # define HEADER_X509V3_H + +@@ -18,6 +67,13 @@ + extern "C" { + #endif + ++# ifdef OPENSSL_SYS_WIN32 ++/* Under Win32 these are defined in wincrypt.h */ ++# undef X509_NAME ++# undef X509_CERT_PAIR ++# undef X509_EXTENSIONS ++# endif ++ + /* Forward reference */ + struct v3_ext_method; + struct v3_ext_ctx; +@@ -68,8 +124,8 @@ struct v3_ext_method { + }; + + typedef struct X509V3_CONF_METHOD_st { +- char *(*get_string) (void *db, const char *section, const char *value); +- STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section); ++ char *(*get_string) (void *db, char *section, char *value); ++ STACK_OF(CONF_VALUE) *(*get_section) (void *db, char *section); + void (*free_string) (void *db, char *string); + void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section); + } X509V3_CONF_METHOD; +@@ -77,7 +133,6 @@ typedef struct X509V3_CONF_METHOD_st { + /* Context specific info */ + struct v3_ext_ctx { + # define CTX_TEST 0x1 +-# define X509V3_CTX_REPLACE 0x2 + int flags; + X509 *issuer_cert; + X509 *subject_cert; +@@ -90,7 +145,7 @@ struct v3_ext_ctx { + + typedef struct v3_ext_method X509V3_EXT_METHOD; + +-DEFINE_STACK_OF(X509V3_EXT_METHOD) ++DECLARE_STACK_OF(X509V3_EXT_METHOD) + + /* ext_flags values */ + # define X509V3_EXT_DYNAMIC 0x1 +@@ -151,6 +206,8 @@ typedef struct GENERAL_NAME_st { + } d; + } GENERAL_NAME; + ++typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; ++ + typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +@@ -160,13 +217,11 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + + typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +-typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE; +- +-DEFINE_STACK_OF(GENERAL_NAME) +-typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +-DEFINE_STACK_OF(GENERAL_NAMES) ++DECLARE_STACK_OF(GENERAL_NAME) ++DECLARE_ASN1_SET_OF(GENERAL_NAME) + +-DEFINE_STACK_OF(ACCESS_DESCRIPTION) ++DECLARE_STACK_OF(ACCESS_DESCRIPTION) ++DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) + + typedef struct DIST_POINT_NAME_st { + int type; +@@ -201,7 +256,8 @@ struct DIST_POINT_st { + + typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +-DEFINE_STACK_OF(DIST_POINT) ++DECLARE_STACK_OF(DIST_POINT) ++DECLARE_ASN1_SET_OF(DIST_POINT) + + struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; +@@ -216,7 +272,8 @@ typedef struct SXNET_ID_st { + ASN1_OCTET_STRING *user; + } SXNETID; + +-DEFINE_STACK_OF(SXNETID) ++DECLARE_STACK_OF(SXNETID) ++DECLARE_ASN1_SET_OF(SXNETID) + + typedef struct SXNET_st { + ASN1_INTEGER *version; +@@ -242,7 +299,8 @@ typedef struct POLICYQUALINFO_st { + } d; + } POLICYQUALINFO; + +-DEFINE_STACK_OF(POLICYQUALINFO) ++DECLARE_STACK_OF(POLICYQUALINFO) ++DECLARE_ASN1_SET_OF(POLICYQUALINFO) + + typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; +@@ -251,14 +309,15 @@ typedef struct POLICYINFO_st { + + typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +-DEFINE_STACK_OF(POLICYINFO) ++DECLARE_STACK_OF(POLICYINFO) ++DECLARE_ASN1_SET_OF(POLICYINFO) + + typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; + } POLICY_MAPPING; + +-DEFINE_STACK_OF(POLICY_MAPPING) ++DECLARE_STACK_OF(POLICY_MAPPING) + + typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +@@ -268,7 +327,7 @@ typedef struct GENERAL_SUBTREE_st { + ASN1_INTEGER *maximum; + } GENERAL_SUBTREE; + +-DEFINE_STACK_OF(GENERAL_SUBTREE) ++DECLARE_STACK_OF(GENERAL_SUBTREE) + + struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; +@@ -355,7 +414,6 @@ struct ISSUING_DIST_POINT_st { + # define EXFLAG_SI 0x20 + # define EXFLAG_V1 0x40 + # define EXFLAG_INVALID 0x80 +-/* EXFLAG_SET is set to indicate that some values have been precomputed */ + # define EXFLAG_SET 0x100 + # define EXFLAG_CRITICAL 0x200 + # define EXFLAG_PROXY 0x400 +@@ -443,20 +501,20 @@ typedef struct x509_purpose_st { + # define X509V3_ADD_DELETE 5L + # define X509V3_ADD_SILENT 0x10 + +-DEFINE_STACK_OF(X509_PURPOSE) ++DECLARE_STACK_OF(X509_PURPOSE) + + DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) + + DECLARE_ASN1_FUNCTIONS(SXNET) + DECLARE_ASN1_FUNCTIONS(SXNETID) + +-int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen); +-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, ++int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); ++int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, + int userlen); +-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, ++int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, + int userlen); + +-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); ++ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); + ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); + ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); + +@@ -474,9 +532,6 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); +-char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); +-ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *str); + + STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, + GENERAL_NAME *gen, +@@ -502,14 +557,12 @@ int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + + char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +- const ASN1_OCTET_STRING *ia5); ++ ASN1_OCTET_STRING *ia5); + ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *str); ++ X509V3_CTX *ctx, char *str); + + DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +-int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a); +- +-DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) ++int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a); + + DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) + DECLARE_ASN1_FUNCTIONS(POLICYINFO) +@@ -525,7 +578,6 @@ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT) + int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + + int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); +-int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc); + + DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) + DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) +@@ -545,8 +597,8 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS) + + GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, int gen_type, +- const char *value, int is_nc); ++ X509V3_CTX *ctx, int gen_type, char *value, ++ int is_nc); + + # ifdef HEADER_CONF_H + GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, +@@ -558,40 +610,40 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + void X509V3_conf_free(CONF_VALUE *val); + + X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, +- const char *value); +-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, +- const char *value); +-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, ++ char *value); ++X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, ++ char *value); ++int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, + STACK_OF(X509_EXTENSION) **sk); +-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, ++int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509 *cert); +-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, ++int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req); +-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, ++int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_CRL *crl); + + X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, + X509V3_CTX *ctx, int ext_nid, +- const char *value); ++ char *value); + X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *name, const char *value); ++ char *name, char *value); + int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *section, X509 *cert); ++ char *section, X509 *cert); + int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *section, X509_REQ *req); ++ char *section, X509_REQ *req); + int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *section, X509_CRL *crl); ++ char *section, X509_CRL *crl); + +-int X509V3_add_value_bool_nf(const char *name, int asn1_bool, ++int X509V3_add_value_bool_nf(char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +-int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +-int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); ++int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); ++int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); + void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); + void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); + # endif + +-char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section); +-STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); ++char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); ++STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section); + void X509V3_string_free(X509V3_CTX *ctx, char *str); + void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); + void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, +@@ -603,13 +655,13 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist); + int X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +-int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, ++int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist); +-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); ++char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); ++ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); ++char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); + char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, +- const ASN1_ENUMERATED *aint); ++ ASN1_ENUMERATED *aint); + int X509V3_EXT_add(X509V3_EXT_METHOD *ext); + int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); + int X509V3_EXT_add_alias(int nid_to, int nid_from); +@@ -620,28 +672,27 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); + int X509V3_add_standard_extensions(void); + STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); + void *X509V3_EXT_d2i(X509_EXTENSION *ext); +-void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, ++void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); ++int X509V3_EXT_free(int nid, void *ext_data); + + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); + int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags); + +-#if OPENSSL_API_COMPAT < 0x10100000L +-/* The new declarations are in crypto.h, but the old ones were here. */ +-# define hex_to_string OPENSSL_buf2hexstr +-# define string_to_hex OPENSSL_hexstr2buf +-#endif ++char *hex_to_string(const unsigned char *buffer, long len); ++unsigned char *string_to_hex(const char *str, long *len); ++int name_cmp(const char *name, const char *cmp); + + void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); + int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent); +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); + #endif +-int X509V3_extensions_print(BIO *out, const char *title, +- const STACK_OF(X509_EXTENSION) *exts, ++int X509V3_extensions_print(BIO *out, char *title, ++ STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent); + + int X509_check_ca(X509 *x); +@@ -650,27 +701,18 @@ int X509_supported_extension(X509_EXTENSION *ex); + int X509_PURPOSE_set(int *p, int purpose); + int X509_check_issued(X509 *issuer, X509 *subject); + int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); +-void X509_set_proxy_flag(X509 *x); +-void X509_set_proxy_pathlen(X509 *x, long l); +-long X509_get_proxy_pathlen(X509 *x); +- +-uint32_t X509_get_extension_flags(X509 *x); +-uint32_t X509_get_key_usage(X509 *x); +-uint32_t X509_get_extended_key_usage(X509 *x); +-const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x); +- + int X509_PURPOSE_get_count(void); + X509_PURPOSE *X509_PURPOSE_get0(int idx); +-int X509_PURPOSE_get_by_sname(const char *sname); ++int X509_PURPOSE_get_by_sname(char *sname); + int X509_PURPOSE_get_by_id(int id); + int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), +- const char *name, const char *sname, void *arg); +-char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +-char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +-int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); ++ char *name, char *sname, void *arg); ++char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); ++char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); ++int X509_PURPOSE_get_trust(X509_PURPOSE *xp); + void X509_PURPOSE_cleanup(void); +-int X509_PURPOSE_get_id(const X509_PURPOSE *); ++int X509_PURPOSE_get_id(X509_PURPOSE *); + + STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); + STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +@@ -690,8 +732,6 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); + # define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 + /* Constraint verifier subdomain patterns to match a single labels. */ + # define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +-/* Never check the subject CN */ +-# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 + /* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject +@@ -709,19 +749,21 @@ int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + + ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); + ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); ++int a2i_ipadd(unsigned char *ipout, const char *ipasc); + int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype); + + void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +-DEFINE_STACK_OF(X509_POLICY_NODE) ++DECLARE_STACK_OF(X509_POLICY_NODE) ++ ++# ifndef OPENSSL_NO_RFC3779 + +-#ifndef OPENSSL_NO_RFC3779 + typedef struct ASRange_st { + ASN1_INTEGER *min, *max; + } ASRange; + +-# define ASIdOrRange_id 0 +-# define ASIdOrRange_range 1 ++# define ASIdOrRange_id 0 ++# define ASIdOrRange_range 1 + + typedef struct ASIdOrRange_st { + int type; +@@ -732,10 +774,10 @@ typedef struct ASIdOrRange_st { + } ASIdOrRange; + + typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +-DEFINE_STACK_OF(ASIdOrRange) ++DECLARE_STACK_OF(ASIdOrRange) + +-# define ASIdentifierChoice_inherit 0 +-# define ASIdentifierChoice_asIdsOrRanges 1 ++# define ASIdentifierChoice_inherit 0 ++# define ASIdentifierChoice_asIdsOrRanges 1 + + typedef struct ASIdentifierChoice_st { + int type; +@@ -758,8 +800,8 @@ typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min, *max; + } IPAddressRange; + +-# define IPAddressOrRange_addressPrefix 0 +-# define IPAddressOrRange_addressRange 1 ++# define IPAddressOrRange_addressPrefix 0 ++# define IPAddressOrRange_addressRange 1 + + typedef struct IPAddressOrRange_st { + int type; +@@ -770,10 +812,10 @@ typedef struct IPAddressOrRange_st { + } IPAddressOrRange; + + typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +-DEFINE_STACK_OF(IPAddressOrRange) ++DECLARE_STACK_OF(IPAddressOrRange) + +-# define IPAddressChoice_inherit 0 +-# define IPAddressChoice_addressesOrRanges 1 ++# define IPAddressChoice_inherit 0 ++# define IPAddressChoice_addressesOrRanges 1 + + typedef struct IPAddressChoice_st { + int type; +@@ -789,7 +831,7 @@ typedef struct IPAddressFamily_st { + } IPAddressFamily; + + typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +-DEFINE_STACK_OF(IPAddressFamily) ++DECLARE_STACK_OF(IPAddressFamily) + + DECLARE_ASN1_FUNCTIONS(IPAddressRange) + DECLARE_ASN1_FUNCTIONS(IPAddressOrRange) +@@ -799,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + /* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +-# define V3_ASID_ASNUM 0 +-# define V3_ASID_RDI 1 ++# define V3_ASID_ASNUM 0 ++# define V3_ASID_RDI 1 + + /* + * AFI values, assigned by IANA. It'd be nice to make the AFI +@@ -808,80 +850,80 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +-# define IANA_AFI_IPV4 1 +-# define IANA_AFI_IPV6 2 ++# define IANA_AFI_IPV4 1 ++# define IANA_AFI_IPV6 2 + + /* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +-int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +-int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, +- ASN1_INTEGER *min, ASN1_INTEGER *max); +-int X509v3_addr_add_inherit(IPAddrBlocks *addr, +- const unsigned afi, const unsigned *safi); +-int X509v3_addr_add_prefix(IPAddrBlocks *addr, +- const unsigned afi, const unsigned *safi, +- unsigned char *a, const int prefixlen); +-int X509v3_addr_add_range(IPAddrBlocks *addr, +- const unsigned afi, const unsigned *safi, +- unsigned char *min, unsigned char *max); +-unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +-int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, +- unsigned char *min, unsigned char *max, +- const int length); ++int v3_asid_add_inherit(ASIdentifiers *asid, int which); ++int v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ++ ASN1_INTEGER *min, ASN1_INTEGER *max); ++int v3_addr_add_inherit(IPAddrBlocks *addr, ++ const unsigned afi, const unsigned *safi); ++int v3_addr_add_prefix(IPAddrBlocks *addr, ++ const unsigned afi, const unsigned *safi, ++ unsigned char *a, const int prefixlen); ++int v3_addr_add_range(IPAddrBlocks *addr, ++ const unsigned afi, const unsigned *safi, ++ unsigned char *min, unsigned char *max); ++unsigned v3_addr_get_afi(const IPAddressFamily *f); ++int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, ++ unsigned char *min, unsigned char *max, ++ const int length); + + /* + * Canonical forms. + */ +-int X509v3_asid_is_canonical(ASIdentifiers *asid); +-int X509v3_addr_is_canonical(IPAddrBlocks *addr); +-int X509v3_asid_canonize(ASIdentifiers *asid); +-int X509v3_addr_canonize(IPAddrBlocks *addr); ++int v3_asid_is_canonical(ASIdentifiers *asid); ++int v3_addr_is_canonical(IPAddrBlocks *addr); ++int v3_asid_canonize(ASIdentifiers *asid); ++int v3_addr_canonize(IPAddrBlocks *addr); + + /* + * Tests for inheritance and containment. + */ +-int X509v3_asid_inherits(ASIdentifiers *asid); +-int X509v3_addr_inherits(IPAddrBlocks *addr); +-int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +-int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); ++int v3_asid_inherits(ASIdentifiers *asid); ++int v3_addr_inherits(IPAddrBlocks *addr); ++int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); ++int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + + /* + * Check whether RFC 3779 extensions nest properly in chains. + */ +-int X509v3_asid_validate_path(X509_STORE_CTX *); +-int X509v3_addr_validate_path(X509_STORE_CTX *); +-int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, +- ASIdentifiers *ext, +- int allow_inheritance); +-int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, +- IPAddrBlocks *ext, int allow_inheritance); ++int v3_asid_validate_path(X509_STORE_CTX *); ++int v3_addr_validate_path(X509_STORE_CTX *); ++int v3_asid_validate_resource_set(STACK_OF(X509) *chain, ++ ASIdentifiers *ext, int allow_inheritance); ++int v3_addr_validate_resource_set(STACK_OF(X509) *chain, ++ IPAddrBlocks *ext, int allow_inheritance); + +-#endif /* OPENSSL_NO_RFC3779 */ ++# endif /* OPENSSL_NO_RFC3779 */ + + /* BEGIN ERROR CODES */ + /* + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +- +-int ERR_load_X509V3_strings(void); ++void ERR_load_X509V3_strings(void); + + /* Error codes for the X509V3 functions. */ + + /* Function codes. */ + # define X509V3_F_A2I_GENERAL_NAME 164 +-# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL 166 + # define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 + # define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 + # define X509V3_F_COPY_EMAIL 122 + # define X509V3_F_COPY_ISSUER 123 + # define X509V3_F_DO_DIRNAME 144 ++# define X509V3_F_DO_EXT_CONF 124 + # define X509V3_F_DO_EXT_I2D 135 + # define X509V3_F_DO_EXT_NCONF 151 ++# define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 + # define X509V3_F_GNAMES_FROM_SECTNAME 156 ++# define X509V3_F_HEX_TO_STRING 111 + # define X509V3_F_I2S_ASN1_ENUMERATED 121 + # define X509V3_F_I2S_ASN1_IA5STRING 149 + # define X509V3_F_I2S_ASN1_INTEGER 120 +@@ -895,8 +937,10 @@ int ERR_load_X509V3_strings(void); + # define X509V3_F_S2I_ASN1_IA5STRING 100 + # define X509V3_F_S2I_ASN1_INTEGER 108 + # define X509V3_F_S2I_ASN1_OCTET_STRING 112 ++# define X509V3_F_S2I_ASN1_SKEY_ID 114 + # define X509V3_F_S2I_SKEY_ID 115 + # define X509V3_F_SET_DIST_POINT_NAME 158 ++# define X509V3_F_STRING_TO_HEX 113 + # define X509V3_F_SXNET_ADD_ID_ASC 125 + # define X509V3_F_SXNET_ADD_ID_INTEGER 126 + # define X509V3_F_SXNET_ADD_ID_ULONG 127 +@@ -918,12 +962,14 @@ int ERR_load_X509V3_strings(void); + # define X509V3_F_V2I_POLICY_CONSTRAINTS 146 + # define X509V3_F_V2I_POLICY_MAPPINGS 145 + # define X509V3_F_V2I_SUBJECT_ALT 154 +-# define X509V3_F_V2I_TLS_FEATURE 165 ++# define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 + # define X509V3_F_V3_GENERIC_EXTENSION 116 + # define X509V3_F_X509V3_ADD1_I2D 140 + # define X509V3_F_X509V3_ADD_VALUE 105 + # define X509V3_F_X509V3_EXT_ADD 104 + # define X509V3_F_X509V3_EXT_ADD_ALIAS 106 ++# define X509V3_F_X509V3_EXT_CONF 107 ++# define X509V3_F_X509V3_EXT_FREE 165 + # define X509V3_F_X509V3_EXT_I2D 136 + # define X509V3_F_X509V3_EXT_NCONF 152 + # define X509V3_F_X509V3_GET_SECTION 142 +@@ -938,6 +984,7 @@ int ERR_load_X509V3_strings(void); + # define X509V3_R_BAD_OBJECT 119 + # define X509V3_R_BN_DEC2BN_ERROR 100 + # define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 ++# define X509V3_R_CANNOT_FIND_FREE_FUNCTION 168 + # define X509V3_R_DIRNAME_ERROR 149 + # define X509V3_R_DISTPOINT_ALREADY_SET 160 + # define X509V3_R_DUPLICATE_ZONE_ID 133 +@@ -951,6 +998,7 @@ int ERR_load_X509V3_strings(void); + # define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 + # define X509V3_R_EXTENSION_VALUE_ERROR 116 + # define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 ++# define X509V3_R_ILLEGAL_HEX_DIGIT 113 + # define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 + # define X509V3_R_INVALID_ASNUMBER 162 + # define X509V3_R_INVALID_ASRANGE 163 +@@ -983,11 +1031,13 @@ int ERR_load_X509V3_strings(void); + # define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 + # define X509V3_R_NO_PUBLIC_KEY 114 + # define X509V3_R_NO_SUBJECT_DETAILS 125 ++# define X509V3_R_ODD_NUMBER_OF_DIGITS 112 + # define X509V3_R_OPERATION_NOT_DEFINED 148 + # define X509V3_R_OTHERNAME_ERROR 147 + # define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 + # define X509V3_R_POLICY_PATH_LENGTH 156 + # define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 ++# define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 + # define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 + # define X509V3_R_SECTION_NOT_FOUND 150 + # define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +@@ -1000,7 +1050,7 @@ int ERR_load_X509V3_strings(void); + # define X509V3_R_UNSUPPORTED_TYPE 167 + # define X509V3_R_USER_TOO_LONG 132 + +-# ifdef __cplusplus ++#ifdef __cplusplus + } +-# endif ++#endif + #endif +diff --git a/Cryptlib/Include/sgtty.h b/Cryptlib/Include/sgtty.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sgtty.h ++++ b/Cryptlib/Include/sgtty.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/signal.h b/Cryptlib/Include/signal.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/signal.h ++++ b/Cryptlib/Include/signal.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/stdarg.h b/Cryptlib/Include/stdarg.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/stdarg.h ++++ b/Cryptlib/Include/stdarg.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/stddef.h b/Cryptlib/Include/stddef.h +index 6f59a25..8dfc36f 100644 +--- a/Cryptlib/Include/stddef.h ++++ b/Cryptlib/Include/stddef.h +@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include +diff --git a/Cryptlib/Include/stdio.h b/Cryptlib/Include/stdio.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/stdio.h ++++ b/Cryptlib/Include/stdio.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/stdlib.h b/Cryptlib/Include/stdlib.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/stdlib.h ++++ b/Cryptlib/Include/stdlib.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/string.h b/Cryptlib/Include/string.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/string.h ++++ b/Cryptlib/Include/string.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/strings.h b/Cryptlib/Include/strings.h +index 6f59a25..8dfc36f 100644 +--- a/Cryptlib/Include/strings.h ++++ b/Cryptlib/Include/strings.h +@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include +diff --git a/Cryptlib/Include/sys/ioctl.h b/Cryptlib/Include/sys/ioctl.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/ioctl.h ++++ b/Cryptlib/Include/sys/ioctl.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/sys/param.h b/Cryptlib/Include/sys/param.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/param.h ++++ b/Cryptlib/Include/sys/param.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/sys/socket.h b/Cryptlib/Include/sys/socket.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/socket.h ++++ b/Cryptlib/Include/sys/socket.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/sys/stat.h b/Cryptlib/Include/sys/stat.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/stat.h ++++ b/Cryptlib/Include/sys/stat.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/sys/time.h b/Cryptlib/Include/sys/time.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/time.h ++++ b/Cryptlib/Include/sys/time.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/sys/times.h b/Cryptlib/Include/sys/times.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/times.h ++++ b/Cryptlib/Include/sys/times.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/sys/types.h b/Cryptlib/Include/sys/types.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/types.h ++++ b/Cryptlib/Include/sys/types.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/sys/un.h b/Cryptlib/Include/sys/un.h +index e95c19c..ee07f6b 100644 +--- a/Cryptlib/Include/sys/un.h ++++ b/Cryptlib/Include/sys/un.h +@@ -12,5 +12,5 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + +diff --git a/Cryptlib/Include/syslog.h b/Cryptlib/Include/syslog.h +index 6f59a25..8dfc36f 100644 +--- a/Cryptlib/Include/syslog.h ++++ b/Cryptlib/Include/syslog.h +@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include +diff --git a/Cryptlib/Include/time.h b/Cryptlib/Include/time.h +index 6f59a25..8dfc36f 100644 +--- a/Cryptlib/Include/time.h ++++ b/Cryptlib/Include/time.h +@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include +diff --git a/Cryptlib/Include/unistd.h b/Cryptlib/Include/unistd.h +index 6f59a25..8dfc36f 100644 +--- a/Cryptlib/Include/unistd.h ++++ b/Cryptlib/Include/unistd.h +@@ -12,4 +12,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include +diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h +index 8cccf72..92cc963 100644 +--- a/Cryptlib/InternalCryptLib.h ++++ b/Cryptlib/InternalCryptLib.h +@@ -1,7 +1,7 @@ +-/** @file ++/** @file + Internal include file for BaseCryptLib. + +-Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -15,16 +15,13 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + #ifndef __INTERNAL_CRYPT_LIB_H__ + #define __INTERNAL_CRYPT_LIB_H__ + +-#undef _WIN32 +-#undef _WIN64 +- + #include + #include + #include + #include + #include + +-#include "CrtLibSupport.h" ++#include "OpenSslSupport.h" + + #include + +@@ -34,3 +31,4 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + #endif + + #endif ++ +diff --git a/Cryptlib/Library/BaseLib.h b/Cryptlib/Library/BaseLib.h +index c29919e..4c99fa9 100644 +--- a/Cryptlib/Library/BaseLib.h ++++ b/Cryptlib/Library/BaseLib.h +@@ -1,8 +1,2 @@ + #include + #include +- +-UINT32 WriteUnaligned32 (UINT32 *Buffer, UINT32 Value); +-UINTN AsciiStrSize (CHAR8 *string); +-char *AsciiStrnCpy(char *Destination, char *Source, UINTN count); +-char *AsciiStrCat(char *Destination, char *Source); +-UINTN AsciiStrDecimalToUintn(const char *String); +diff --git a/Cryptlib/Library/BaseMemoryLib.h b/Cryptlib/Library/BaseMemoryLib.h +index cc118e3..e69de29 100644 +--- a/Cryptlib/Library/BaseMemoryLib.h ++++ b/Cryptlib/Library/BaseMemoryLib.h +@@ -1 +0,0 @@ +-CHAR8 *ScanMem8(CHAR8 *str, UINTN count, CHAR8 ch); +diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile +index e99f009..74ed692 100644 +--- a/Cryptlib/Makefile ++++ b/Cryptlib/Makefile +@@ -40,7 +40,7 @@ OBJS = Hash/CryptMd4Null.o \ + Pk/CryptTs.o \ + Pk/CryptX509.o \ + Pk/CryptAuthenticode.o \ +- Pem/CryptPemNull.o \ ++ Pem/CryptPem.o \ + SysCall/CrtWrapper.o \ + SysCall/TimerWrapper.o \ + SysCall/BaseMemAllocation.o \ +diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile +index e54105b..d146dbc 100644 +--- a/Cryptlib/OpenSSL/Makefile ++++ b/Cryptlib/OpenSSL/Makefile +@@ -3,7 +3,7 @@ EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_IN + + CFLAGS = -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \ + -ffreestanding -std=gnu89 -I$(shell $(CC) -print-file-name=include) \ +- -Wall $(EFI_INCLUDES) -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DNO_SYSLOG -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC ++ -Wall $(EFI_INCLUDES) -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC + + ifeq ($(ARCH),x86_64) + CFLAGS += -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \ +@@ -23,431 +23,445 @@ endif + LDFLAGS = -nostdlib -znocombreloc + + TARGET = libopenssl.a +-OBJS = crypto/bio/b_print.o \ +- crypto/aes/aes_cbc.o \ +- crypto/aes/aes_cfb.o \ +- crypto/aes/aes_core.o \ +- crypto/aes/aes_ecb.o \ +- crypto/aes/aes_ige.o \ +- crypto/aes/aes_misc.o \ +- crypto/aes/aes_ofb.o \ +- crypto/aes/aes_wrap.o \ +- crypto/asn1/a_bitstr.o \ +- crypto/asn1/a_d2i_fp.o \ +- crypto/asn1/a_digest.o \ +- crypto/asn1/a_dup.o \ +- crypto/asn1/a_gentm.o \ +- crypto/asn1/a_i2d_fp.o \ +- crypto/asn1/a_int.o \ +- crypto/asn1/a_mbstr.o \ +- crypto/asn1/a_object.o \ +- crypto/asn1/a_octet.o \ +- crypto/asn1/a_print.o \ +- crypto/asn1/a_sign.o \ +- crypto/asn1/a_strex.o \ +- crypto/asn1/a_strnid.o \ +- crypto/asn1/a_time.o \ +- crypto/asn1/a_type.o \ +- crypto/asn1/a_utctm.o \ +- crypto/asn1/a_utf8.o \ +- crypto/asn1/a_verify.o \ +- crypto/asn1/ameth_lib.o \ +- crypto/asn1/asn1_err.o \ +- crypto/asn1/asn1_gen.o \ +- crypto/asn1/asn1_lib.o \ +- crypto/asn1/asn1_par.o \ +- crypto/asn1/asn_mime.o \ +- crypto/asn1/asn_moid.o \ +- crypto/asn1/asn_mstbl.o \ +- crypto/asn1/asn_pack.o \ +- crypto/asn1/bio_asn1.o \ +- crypto/asn1/bio_ndef.o \ +- crypto/asn1/d2i_pr.o \ +- crypto/asn1/d2i_pu.o \ +- crypto/asn1/evp_asn1.o \ +- crypto/asn1/f_int.o \ +- crypto/asn1/f_string.o \ +- crypto/asn1/i2d_pr.o \ +- crypto/asn1/i2d_pu.o \ +- crypto/asn1/n_pkey.o \ +- crypto/asn1/nsseq.o \ +- crypto/asn1/p5_pbe.o \ +- crypto/asn1/p5_pbev2.o \ +- crypto/asn1/p5_scrypt.o \ +- crypto/asn1/p8_pkey.o \ +- crypto/asn1/t_bitst.o \ +- crypto/asn1/t_pkey.o \ +- crypto/asn1/t_spki.o \ +- crypto/asn1/tasn_dec.o \ +- crypto/asn1/tasn_enc.o \ +- crypto/asn1/tasn_fre.o \ +- crypto/asn1/tasn_new.o \ +- crypto/asn1/tasn_prn.o \ +- crypto/asn1/tasn_scn.o \ +- crypto/asn1/tasn_typ.o \ +- crypto/asn1/tasn_utl.o \ +- crypto/asn1/x_algor.o \ +- crypto/asn1/x_bignum.o \ +- crypto/asn1/x_info.o \ +- crypto/asn1/x_long.o \ +- crypto/asn1/x_pkey.o \ +- crypto/asn1/x_sig.o \ +- crypto/asn1/x_spki.o \ +- crypto/asn1/x_val.o \ +- crypto/async/arch/async_null.o \ +- crypto/async/arch/async_posix.o \ +- crypto/async/arch/async_win.o \ +- crypto/async/async.o \ +- crypto/async/async_err.o \ +- crypto/async/async_wait.o \ +- crypto/bio/b_addr.o \ +- crypto/bio/b_dump.o \ +- crypto/bio/b_sock.o \ +- crypto/bio/b_sock2.o \ +- crypto/bio/bf_buff.o \ +- crypto/bio/bf_lbuf.o \ +- crypto/bio/bf_nbio.o \ +- crypto/bio/bf_null.o \ +- crypto/bio/bio_cb.o \ +- crypto/bio/bio_err.o \ +- crypto/bio/bio_lib.o \ +- crypto/bio/bio_meth.o \ +- crypto/bio/bss_acpt.o \ +- crypto/bio/bss_bio.o \ +- crypto/bio/bss_conn.o \ +- crypto/bio/bss_dgram.o \ +- crypto/bio/bss_fd.o \ +- crypto/bio/bss_file.o \ +- crypto/bio/bss_log.o \ +- crypto/bio/bss_mem.o \ +- crypto/bio/bss_null.o \ +- crypto/bio/bss_sock.o \ +- crypto/bn/bn_add.o \ +- crypto/bn/bn_asm.o \ +- crypto/bn/bn_blind.o \ +- crypto/bn/bn_const.o \ +- crypto/bn/bn_ctx.o \ +- crypto/bn/bn_depr.o \ +- crypto/bn/bn_dh.o \ +- crypto/bn/bn_div.o \ +- crypto/bn/bn_err.o \ +- crypto/bn/bn_exp.o \ +- crypto/bn/bn_exp2.o \ +- crypto/bn/bn_gcd.o \ +- crypto/bn/bn_gf2m.o \ +- crypto/bn/bn_intern.o \ +- crypto/bn/bn_kron.o \ +- crypto/bn/bn_lib.o \ +- crypto/bn/bn_mod.o \ +- crypto/bn/bn_mont.o \ +- crypto/bn/bn_mpi.o \ +- crypto/bn/bn_mul.o \ +- crypto/bn/bn_nist.o \ +- crypto/bn/bn_prime.o \ +- crypto/bn/bn_print.o \ +- crypto/bn/bn_rand.o \ +- crypto/bn/bn_recp.o \ +- crypto/bn/bn_shift.o \ +- crypto/bn/bn_sqr.o \ +- crypto/bn/bn_sqrt.o \ +- crypto/bn/bn_srp.o \ +- crypto/bn/bn_word.o \ +- crypto/bn/bn_x931p.o \ +- crypto/buffer/buf_err.o \ +- crypto/buffer/buffer.o \ +- crypto/cmac/cm_ameth.o \ +- crypto/cmac/cm_pmeth.o \ +- crypto/cmac/cmac.o \ +- crypto/comp/c_zlib.o \ +- crypto/comp/comp_err.o \ +- crypto/comp/comp_lib.o \ +- crypto/conf/conf_api.o \ +- crypto/conf/conf_def.o \ +- crypto/conf/conf_err.o \ +- crypto/conf/conf_lib.o \ +- crypto/conf/conf_mall.o \ +- crypto/conf/conf_mod.o \ +- crypto/conf/conf_sap.o \ +- crypto/cpt_err.o \ +- crypto/cryptlib.o \ +- crypto/cversion.o \ +- crypto/dh/dh_ameth.o \ +- crypto/dh/dh_asn1.o \ +- crypto/dh/dh_check.o \ +- crypto/dh/dh_depr.o \ +- crypto/dh/dh_err.o \ +- crypto/dh/dh_gen.o \ +- crypto/dh/dh_kdf.o \ +- crypto/dh/dh_key.o \ +- crypto/dh/dh_lib.o \ +- crypto/dh/dh_meth.o \ +- crypto/dh/dh_pmeth.o \ +- crypto/dh/dh_prn.o \ +- crypto/dh/dh_rfc5114.o \ +- crypto/dso/dso_dl.o \ +- crypto/dso/dso_dlfcn.o \ +- crypto/dso/dso_err.o \ +- crypto/dso/dso_lib.o \ +- crypto/dso/dso_openssl.o \ +- crypto/dso/dso_vms.o \ +- crypto/dso/dso_win32.o \ +- crypto/ebcdic.o \ +- crypto/err/err.o \ +- crypto/err/err_all.o \ +- crypto/err/err_prn.o \ +- crypto/evp/bio_b64.o \ +- crypto/evp/bio_enc.o \ +- crypto/evp/bio_md.o \ +- crypto/evp/bio_ok.o \ +- crypto/evp/c_allc.o \ +- crypto/evp/c_alld.o \ +- crypto/evp/cmeth_lib.o \ +- crypto/evp/digest.o \ +- crypto/evp/e_aes.o \ +- crypto/evp/e_aes_cbc_hmac_sha1.o \ +- crypto/evp/e_aes_cbc_hmac_sha256.o \ +- crypto/evp/e_bf.o \ +- crypto/evp/e_camellia.o \ +- crypto/evp/e_cast.o \ +- crypto/evp/e_chacha20_poly1305.o \ +- crypto/evp/e_des.o \ +- crypto/evp/e_des3.o \ +- crypto/evp/e_idea.o \ +- crypto/evp/e_null.o \ +- crypto/evp/e_old.o \ +- crypto/evp/e_rc2.o \ +- crypto/evp/e_rc4.o \ +- crypto/evp/e_rc4_hmac_md5.o \ +- crypto/evp/e_rc5.o \ +- crypto/evp/e_seed.o \ +- crypto/evp/e_xcbc_d.o \ +- crypto/evp/encode.o \ +- crypto/evp/evp_cnf.o \ +- crypto/evp/evp_enc.o \ +- crypto/evp/evp_err.o \ +- crypto/evp/evp_key.o \ +- crypto/evp/evp_lib.o \ +- crypto/evp/evp_pbe.o \ +- crypto/evp/evp_pkey.o \ +- crypto/evp/m_md2.o \ +- crypto/evp/m_md4.o \ +- crypto/evp/m_md5.o \ +- crypto/evp/m_md5_sha1.o \ +- crypto/evp/m_mdc2.o \ +- crypto/evp/m_null.o \ +- crypto/evp/m_ripemd.o \ +- crypto/evp/m_sha1.o \ +- crypto/evp/m_sigver.o \ +- crypto/evp/m_wp.o \ +- crypto/evp/names.o \ +- crypto/evp/p5_crpt.o \ +- crypto/evp/p5_crpt2.o \ +- crypto/evp/p_dec.o \ +- crypto/evp/p_enc.o \ +- crypto/evp/p_lib.o \ +- crypto/evp/p_open.o \ +- crypto/evp/p_seal.o \ +- crypto/evp/p_sign.o \ +- crypto/evp/p_verify.o \ +- crypto/evp/pmeth_fn.o \ +- crypto/evp/pmeth_gn.o \ +- crypto/evp/pmeth_lib.o \ +- crypto/evp/scrypt.o \ +- crypto/ex_data.o \ +- crypto/hmac/hm_ameth.o \ +- crypto/hmac/hm_pmeth.o \ +- crypto/hmac/hmac.o \ +- crypto/init.o \ +- crypto/kdf/hkdf.o \ +- crypto/kdf/kdf_err.o \ +- crypto/kdf/tls1_prf.o \ +- crypto/lhash/lh_stats.o \ +- crypto/lhash/lhash.o \ +- crypto/md5/md5_dgst.o \ +- crypto/md5/md5_one.o \ +- crypto/mem.o \ +- crypto/mem_clr.o \ +- crypto/mem_dbg.o \ +- crypto/mem_sec.o \ +- crypto/modes/cbc128.o \ +- crypto/modes/ccm128.o \ +- crypto/modes/cfb128.o \ +- crypto/modes/ctr128.o \ +- crypto/modes/cts128.o \ +- crypto/modes/gcm128.o \ +- crypto/modes/ocb128.o \ +- crypto/modes/ofb128.o \ +- crypto/modes/wrap128.o \ +- crypto/modes/xts128.o \ +- crypto/o_dir.o \ +- crypto/o_fips.o \ +- crypto/o_fopen.o \ +- crypto/o_init.o \ +- crypto/o_str.o \ +- crypto/o_time.o \ +- crypto/objects/o_names.o \ +- crypto/objects/obj_dat.o \ +- crypto/objects/obj_err.o \ +- crypto/objects/obj_lib.o \ +- crypto/objects/obj_xref.o \ +- crypto/ocsp/ocsp_asn.o \ +- crypto/ocsp/ocsp_cl.o \ +- crypto/ocsp/ocsp_err.o \ +- crypto/ocsp/ocsp_ext.o \ +- crypto/ocsp/ocsp_ht.o \ +- crypto/ocsp/ocsp_lib.o \ +- crypto/ocsp/ocsp_prn.o \ +- crypto/ocsp/ocsp_srv.o \ +- crypto/ocsp/ocsp_vfy.o \ +- crypto/ocsp/v3_ocsp.o \ +- crypto/pem/pem_all.o \ +- crypto/pem/pem_err.o \ +- crypto/pem/pem_info.o \ +- crypto/pem/pem_lib.o \ +- crypto/pem/pem_oth.o \ +- crypto/pem/pem_pk8.o \ +- crypto/pem/pem_pkey.o \ +- crypto/pem/pem_sign.o \ +- crypto/pem/pem_x509.o \ +- crypto/pem/pem_xaux.o \ +- crypto/pem/pvkfmt.o \ +- crypto/pkcs12/p12_add.o \ +- crypto/pkcs12/p12_asn.o \ +- crypto/pkcs12/p12_attr.o \ +- crypto/pkcs12/p12_crpt.o \ +- crypto/pkcs12/p12_crt.o \ +- crypto/pkcs12/p12_decr.o \ +- crypto/pkcs12/p12_init.o \ +- crypto/pkcs12/p12_key.o \ +- crypto/pkcs12/p12_kiss.o \ +- crypto/pkcs12/p12_mutl.o \ +- crypto/pkcs12/p12_npas.o \ +- crypto/pkcs12/p12_p8d.o \ +- crypto/pkcs12/p12_p8e.o \ +- crypto/pkcs12/p12_sbag.o \ +- crypto/pkcs12/p12_utl.o \ +- crypto/pkcs12/pk12err.o \ +- crypto/pkcs7/bio_pk7.o \ +- crypto/pkcs7/pk7_asn1.o \ +- crypto/pkcs7/pk7_attr.o \ +- crypto/pkcs7/pk7_doit.o \ +- crypto/pkcs7/pk7_lib.o \ +- crypto/pkcs7/pk7_mime.o \ +- crypto/pkcs7/pk7_smime.o \ +- crypto/pkcs7/pkcs7err.o \ +- crypto/rand/md_rand.o \ +- crypto/rand/rand_egd.o \ +- crypto/rand/rand_err.o \ +- crypto/rand/rand_lib.o \ +- crypto/rand/rand_unix.o \ +- crypto/rand/rand_vms.o \ +- crypto/rand/rand_win.o \ +- crypto/rand/randfile.o \ +- crypto/rc4/rc4_enc.o \ +- crypto/rc4/rc4_skey.o \ +- crypto/rsa/rsa_ameth.o \ +- crypto/rsa/rsa_asn1.o \ +- crypto/rsa/rsa_chk.o \ +- crypto/rsa/rsa_crpt.o \ +- crypto/rsa/rsa_depr.o \ +- crypto/rsa/rsa_err.o \ +- crypto/rsa/rsa_gen.o \ +- crypto/rsa/rsa_lib.o \ +- crypto/rsa/rsa_meth.o \ +- crypto/rsa/rsa_none.o \ +- crypto/rsa/rsa_null.o \ +- crypto/rsa/rsa_oaep.o \ +- crypto/rsa/rsa_ossl.o \ +- crypto/rsa/rsa_pk1.o \ +- crypto/rsa/rsa_pmeth.o \ +- crypto/rsa/rsa_prn.o \ +- crypto/rsa/rsa_pss.o \ +- crypto/rsa/rsa_saos.o \ +- crypto/rsa/rsa_sign.o \ +- crypto/rsa/rsa_ssl.o \ +- crypto/rsa/rsa_x931.o \ +- crypto/rsa/rsa_x931g.o \ +- crypto/sha/sha1_one.o \ +- crypto/sha/sha1dgst.o \ +- crypto/sha/sha256.o \ +- crypto/sha/sha512.o \ +- crypto/stack/stack.o \ +- crypto/threads_none.o \ +- crypto/threads_pthread.o \ +- crypto/threads_win.o \ +- crypto/txt_db/txt_db.o \ +- crypto/uid.o \ +- crypto/x509/by_dir.o \ +- crypto/x509/by_file.o \ +- crypto/x509/t_crl.o \ +- crypto/x509/t_req.o \ +- crypto/x509/t_x509.o \ +- crypto/x509/x509_att.o \ +- crypto/x509/x509_cmp.o \ +- crypto/x509/x509_d2.o \ +- crypto/x509/x509_def.o \ +- crypto/x509/x509_err.o \ +- crypto/x509/x509_ext.o \ +- crypto/x509/x509_lu.o \ +- crypto/x509/x509_obj.o \ +- crypto/x509/x509_r2x.o \ +- crypto/x509/x509_req.o \ +- crypto/x509/x509_set.o \ +- crypto/x509/x509_trs.o \ +- crypto/x509/x509_txt.o \ +- crypto/x509/x509_v3.o \ +- crypto/x509/x509_vfy.o \ +- crypto/x509/x509_vpm.o \ +- crypto/x509/x509cset.o \ +- crypto/x509/x509name.o \ +- crypto/x509/x509rset.o \ +- crypto/x509/x509spki.o \ +- crypto/x509/x509type.o \ +- crypto/x509/x_all.o \ +- crypto/x509/x_attrib.o \ +- crypto/x509/x_crl.o \ +- crypto/x509/x_exten.o \ +- crypto/x509/x_name.o \ +- crypto/x509/x_pubkey.o \ +- crypto/x509/x_req.o \ +- crypto/x509/x_x509.o \ +- crypto/x509/x_x509a.o \ +- crypto/x509v3/pcy_cache.o \ +- crypto/x509v3/pcy_data.o \ +- crypto/x509v3/pcy_lib.o \ +- crypto/x509v3/pcy_map.o \ +- crypto/x509v3/pcy_node.o \ +- crypto/x509v3/pcy_tree.o \ +- crypto/x509v3/v3_addr.o \ +- crypto/x509v3/v3_akey.o \ +- crypto/x509v3/v3_akeya.o \ +- crypto/x509v3/v3_alt.o \ +- crypto/x509v3/v3_asid.o \ +- crypto/x509v3/v3_bcons.o \ +- crypto/x509v3/v3_bitst.o \ +- crypto/x509v3/v3_conf.o \ +- crypto/x509v3/v3_cpols.o \ +- crypto/x509v3/v3_crld.o \ +- crypto/x509v3/v3_enum.o \ +- crypto/x509v3/v3_extku.o \ +- crypto/x509v3/v3_genn.o \ +- crypto/x509v3/v3_ia5.o \ +- crypto/x509v3/v3_info.o \ +- crypto/x509v3/v3_int.o \ +- crypto/x509v3/v3_lib.o \ +- crypto/x509v3/v3_ncons.o \ +- crypto/x509v3/v3_pci.o \ +- crypto/x509v3/v3_pcia.o \ +- crypto/x509v3/v3_pcons.o \ +- crypto/x509v3/v3_pku.o \ +- crypto/x509v3/v3_pmaps.o \ +- crypto/x509v3/v3_prn.o \ +- crypto/x509v3/v3_purp.o \ +- crypto/x509v3/v3_skey.o \ +- crypto/x509v3/v3_sxnet.o \ +- crypto/x509v3/v3_tlsf.o \ +- crypto/x509v3/v3_utl.o \ +- crypto/x509v3/v3err.o ++OBJS = crypto/cryptlib.o \ ++ crypto/mem.o \ ++ crypto/mem_clr.o \ ++ crypto/mem_dbg.o \ ++ crypto/cversion.o \ ++ crypto/ex_data.o \ ++ crypto/cpt_err.o \ ++ crypto/ebcdic.o \ ++ crypto/uid.o \ ++ crypto/o_time.o \ ++ crypto/o_str.o \ ++ crypto/o_dir.o \ ++ crypto/o_fips.o \ ++ crypto/o_init.o \ ++ crypto/fips_ers.o \ ++ crypto/md4/md4_dgst.o \ ++ crypto/md4/md4_one.o \ ++ crypto/md5/md5_dgst.o \ ++ crypto/md5/md5_one.o \ ++ crypto/sha/sha_dgst.o \ ++ crypto/sha/sha1dgst.o \ ++ crypto/sha/sha_one.o \ ++ crypto/sha/sha1_one.o \ ++ crypto/sha/sha256.o \ ++ crypto/sha/sha512.o \ ++ crypto/hmac/hmac.o \ ++ crypto/hmac/hm_ameth.o \ ++ crypto/hmac/hm_pmeth.o \ ++ crypto/des/set_key.o \ ++ crypto/des/ecb_enc.o \ ++ crypto/des/cbc_enc.o \ ++ crypto/des/ecb3_enc.o \ ++ crypto/des/cfb64enc.o \ ++ crypto/des/cfb64ede.o \ ++ crypto/des/cfb_enc.o \ ++ crypto/des/ofb64ede.o \ ++ crypto/des/enc_read.o \ ++ crypto/des/enc_writ.o \ ++ crypto/des/ofb64enc.o \ ++ crypto/des/ofb_enc.o \ ++ crypto/des/str2key.o \ ++ crypto/des/pcbc_enc.o \ ++ crypto/des/qud_cksm.o \ ++ crypto/des/rand_key.o \ ++ crypto/des/des_enc.o \ ++ crypto/des/fcrypt_b.o \ ++ crypto/des/fcrypt.o \ ++ crypto/des/xcbc_enc.o \ ++ crypto/des/rpc_enc.o \ ++ crypto/des/cbc_cksm.o \ ++ crypto/des/ede_cbcm_enc.o \ ++ crypto/des/des_old.o \ ++ crypto/des/des_old2.o \ ++ crypto/des/read2pwd.o \ ++ crypto/rc4/rc4_enc.o \ ++ crypto/rc4/rc4_skey.o \ ++ crypto/rc4/rc4_utl.o \ ++ crypto/aes/aes_misc.o \ ++ crypto/aes/aes_ecb.o \ ++ crypto/aes/aes_cfb.o \ ++ crypto/aes/aes_ofb.o \ ++ crypto/aes/aes_ctr.o \ ++ crypto/aes/aes_ige.o \ ++ crypto/aes/aes_wrap.o \ ++ crypto/aes/aes_core.o \ ++ crypto/aes/aes_cbc.o \ ++ crypto/modes/cbc128.o \ ++ crypto/modes/ctr128.o \ ++ crypto/modes/cts128.o \ ++ crypto/modes/cfb128.o \ ++ crypto/modes/ofb128.o \ ++ crypto/modes/gcm128.o \ ++ crypto/modes/ccm128.o \ ++ crypto/modes/xts128.o \ ++ crypto/modes/wrap128.o \ ++ crypto/bn/bn_add.o \ ++ crypto/bn/bn_div.o \ ++ crypto/bn/bn_exp.o \ ++ crypto/bn/bn_lib.o \ ++ crypto/bn/bn_ctx.o \ ++ crypto/bn/bn_mul.o \ ++ crypto/bn/bn_mod.o \ ++ crypto/bn/bn_print.o \ ++ crypto/bn/bn_rand.o \ ++ crypto/bn/bn_shift.o \ ++ crypto/bn/bn_word.o \ ++ crypto/bn/bn_blind.o \ ++ crypto/bn/bn_kron.o \ ++ crypto/bn/bn_sqrt.o \ ++ crypto/bn/bn_gcd.o \ ++ crypto/bn/bn_prime.o \ ++ crypto/bn/bn_err.o \ ++ crypto/bn/bn_sqr.o \ ++ crypto/bn/bn_asm.o \ ++ crypto/bn/bn_recp.o \ ++ crypto/bn/bn_mont.o \ ++ crypto/bn/bn_mpi.o \ ++ crypto/bn/bn_exp2.o \ ++ crypto/bn/bn_gf2m.o \ ++ crypto/bn/bn_nist.o \ ++ crypto/bn/bn_depr.o \ ++ crypto/bn/bn_x931p.o \ ++ crypto/bn/bn_const.o \ ++ crypto/rsa/rsa_eay.o \ ++ crypto/rsa/rsa_gen.o \ ++ crypto/rsa/rsa_lib.o \ ++ crypto/rsa/rsa_sign.o \ ++ crypto/rsa/rsa_saos.o \ ++ crypto/rsa/rsa_err.o \ ++ crypto/rsa/rsa_pk1.o \ ++ crypto/rsa/rsa_ssl.o \ ++ crypto/rsa/rsa_none.o \ ++ crypto/rsa/rsa_oaep.o \ ++ crypto/rsa/rsa_chk.o \ ++ crypto/rsa/rsa_null.o \ ++ crypto/rsa/rsa_pss.o \ ++ crypto/rsa/rsa_x931.o \ ++ crypto/rsa/rsa_asn1.o \ ++ crypto/rsa/rsa_depr.o \ ++ crypto/rsa/rsa_ameth.o \ ++ crypto/rsa/rsa_prn.o \ ++ crypto/rsa/rsa_pmeth.o \ ++ crypto/rsa/rsa_crpt.o \ ++ crypto/dso/dso_dl.o \ ++ crypto/dso/dso_dlfcn.o \ ++ crypto/dso/dso_err.o \ ++ crypto/dso/dso_lib.o \ ++ crypto/dso/dso_null.o \ ++ crypto/dso/dso_openssl.o \ ++ crypto/dso/dso_win32.o \ ++ crypto/dso/dso_vms.o \ ++ crypto/dso/dso_beos.o \ ++ crypto/dh/dh_asn1.o \ ++ crypto/dh/dh_gen.o \ ++ crypto/dh/dh_key.o \ ++ crypto/dh/dh_lib.o \ ++ crypto/dh/dh_check.o \ ++ crypto/dh/dh_err.o \ ++ crypto/dh/dh_depr.o \ ++ crypto/dh/dh_ameth.o \ ++ crypto/dh/dh_pmeth.o \ ++ crypto/dh/dh_prn.o \ ++ crypto/dh/dh_rfc5114.o \ ++ crypto/buffer/buffer.o \ ++ crypto/buffer/buf_str.o \ ++ crypto/buffer/buf_err.o \ ++ crypto/bio/bio_lib.o \ ++ crypto/bio/bio_cb.o \ ++ crypto/bio/bio_err.o \ ++ crypto/bio/bss_mem.o \ ++ crypto/bio/bss_null.o \ ++ crypto/bio/bss_fd.o \ ++ crypto/bio/bss_file.o \ ++ crypto/bio/bss_sock.o \ ++ crypto/bio/bss_conn.o \ ++ crypto/bio/bf_null.o \ ++ crypto/bio/bf_buff.o \ ++ crypto/bio/b_dump.o \ ++ crypto/bio/b_print.o \ ++ crypto/bio/b_sock.o \ ++ crypto/bio/bss_acpt.o \ ++ crypto/bio/bf_nbio.o \ ++ crypto/bio/bss_log.o \ ++ crypto/bio/bss_bio.o \ ++ crypto/bio/bss_dgram.o \ ++ crypto/stack/stack.o \ ++ crypto/lhash/lhash.o \ ++ crypto/lhash/lh_stats.o \ ++ crypto/rand/md_rand.o \ ++ crypto/rand/randfile.o \ ++ crypto/rand/rand_lib.o \ ++ crypto/rand/rand_err.o \ ++ crypto/rand/rand_unix.o \ ++ crypto/err/err.o \ ++ crypto/err/err_all.o \ ++ crypto/err/err_prn.o \ ++ crypto/objects/o_names.o \ ++ crypto/objects/obj_dat.o \ ++ crypto/objects/obj_lib.o \ ++ crypto/objects/obj_err.o \ ++ crypto/objects/obj_xref.o \ ++ crypto/evp/encode.o \ ++ crypto/evp/digest.o \ ++ crypto/evp/evp_enc.o \ ++ crypto/evp/evp_key.o \ ++ crypto/evp/evp_acnf.o \ ++ crypto/evp/evp_cnf.o \ ++ crypto/evp/e_des.o \ ++ crypto/evp/e_bf.o \ ++ crypto/evp/e_idea.o \ ++ crypto/evp/e_des3.o \ ++ crypto/evp/e_camellia.o \ ++ crypto/evp/e_rc4.o \ ++ crypto/evp/e_aes.o \ ++ crypto/evp/names.o \ ++ crypto/evp/e_seed.o \ ++ crypto/evp/e_xcbc_d.o \ ++ crypto/evp/e_rc2.o \ ++ crypto/evp/e_cast.o \ ++ crypto/evp/e_rc5.o \ ++ crypto/evp/m_null.o \ ++ crypto/evp/m_md2.o \ ++ crypto/evp/m_md4.o \ ++ crypto/evp/m_md5.o \ ++ crypto/evp/m_sha.o \ ++ crypto/evp/m_sha1.o \ ++ crypto/evp/m_wp.o \ ++ crypto/evp/m_dss.o \ ++ crypto/evp/m_dss1.o \ ++ crypto/evp/m_mdc2.o \ ++ crypto/evp/m_ripemd.o \ ++ crypto/evp/m_ecdsa.o \ ++ crypto/evp/p_open.o \ ++ crypto/evp/p_seal.o \ ++ crypto/evp/p_sign.o \ ++ crypto/evp/p_verify.o \ ++ crypto/evp/p_lib.o \ ++ crypto/evp/p_enc.o \ ++ crypto/evp/p_dec.o \ ++ crypto/evp/bio_md.o \ ++ crypto/evp/bio_b64.o \ ++ crypto/evp/bio_enc.o \ ++ crypto/evp/evp_err.o \ ++ crypto/evp/e_null.o \ ++ crypto/evp/c_all.o \ ++ crypto/evp/c_allc.o \ ++ crypto/evp/c_alld.o \ ++ crypto/evp/evp_lib.o \ ++ crypto/evp/bio_ok.o \ ++ crypto/evp/evp_pkey.o \ ++ crypto/evp/evp_pbe.o \ ++ crypto/evp/p5_crpt.o \ ++ crypto/evp/p5_crpt2.o \ ++ crypto/evp/e_old.o \ ++ crypto/evp/pmeth_lib.o \ ++ crypto/evp/pmeth_fn.o \ ++ crypto/evp/pmeth_gn.o \ ++ crypto/evp/m_sigver.o \ ++ crypto/evp/e_aes_cbc_hmac_sha1.o \ ++ crypto/evp/e_aes_cbc_hmac_sha256.o \ ++ crypto/evp/e_rc4_hmac_md5.o \ ++ crypto/asn1/a_object.o \ ++ crypto/asn1/a_bitstr.o \ ++ crypto/asn1/a_utctm.o \ ++ crypto/asn1/a_gentm.o \ ++ crypto/asn1/a_time.o \ ++ crypto/asn1/a_int.o \ ++ crypto/asn1/a_octet.o \ ++ crypto/asn1/a_print.o \ ++ crypto/asn1/a_type.o \ ++ crypto/asn1/a_set.o \ ++ crypto/asn1/a_dup.o \ ++ crypto/asn1/a_d2i_fp.o \ ++ crypto/asn1/a_i2d_fp.o \ ++ crypto/asn1/a_enum.o \ ++ crypto/asn1/a_utf8.o \ ++ crypto/asn1/a_sign.o \ ++ crypto/asn1/a_digest.o \ ++ crypto/asn1/a_verify.o \ ++ crypto/asn1/a_mbstr.o \ ++ crypto/asn1/a_strex.o \ ++ crypto/asn1/x_algor.o \ ++ crypto/asn1/x_val.o \ ++ crypto/asn1/x_pubkey.o \ ++ crypto/asn1/x_sig.o \ ++ crypto/asn1/x_req.o \ ++ crypto/asn1/x_attrib.o \ ++ crypto/asn1/x_bignum.o \ ++ crypto/asn1/x_long.o \ ++ crypto/asn1/x_name.o \ ++ crypto/asn1/x_x509.o \ ++ crypto/asn1/x_x509a.o \ ++ crypto/asn1/x_crl.o \ ++ crypto/asn1/x_info.o \ ++ crypto/asn1/x_spki.o \ ++ crypto/asn1/nsseq.o \ ++ crypto/asn1/x_nx509.o \ ++ crypto/asn1/d2i_pu.o \ ++ crypto/asn1/d2i_pr.o \ ++ crypto/asn1/i2d_pu.o \ ++ crypto/asn1/i2d_pr.o \ ++ crypto/asn1/t_req.o \ ++ crypto/asn1/t_x509.o \ ++ crypto/asn1/t_x509a.o \ ++ crypto/asn1/t_crl.o \ ++ crypto/asn1/t_pkey.o \ ++ crypto/asn1/t_spki.o \ ++ crypto/asn1/t_bitst.o \ ++ crypto/asn1/tasn_new.o \ ++ crypto/asn1/tasn_fre.o \ ++ crypto/asn1/tasn_enc.o \ ++ crypto/asn1/tasn_dec.o \ ++ crypto/asn1/tasn_utl.o \ ++ crypto/asn1/tasn_typ.o \ ++ crypto/asn1/tasn_prn.o \ ++ crypto/asn1/ameth_lib.o \ ++ crypto/asn1/f_int.o \ ++ crypto/asn1/f_string.o \ ++ crypto/asn1/n_pkey.o \ ++ crypto/asn1/f_enum.o \ ++ crypto/asn1/x_pkey.o \ ++ crypto/asn1/a_bool.o \ ++ crypto/asn1/x_exten.o \ ++ crypto/asn1/bio_asn1.o \ ++ crypto/asn1/bio_ndef.o \ ++ crypto/asn1/asn_mime.o \ ++ crypto/asn1/asn1_gen.o \ ++ crypto/asn1/asn1_par.o \ ++ crypto/asn1/asn1_lib.o \ ++ crypto/asn1/asn1_err.o \ ++ crypto/asn1/a_bytes.o \ ++ crypto/asn1/a_strnid.o \ ++ crypto/asn1/evp_asn1.o \ ++ crypto/asn1/asn_pack.o \ ++ crypto/asn1/p5_pbe.o \ ++ crypto/asn1/p5_pbev2.o \ ++ crypto/asn1/p8_pkey.o \ ++ crypto/asn1/asn_moid.o \ ++ crypto/pem/pem_sign.o \ ++ crypto/pem/pem_seal.o \ ++ crypto/pem/pem_info.o \ ++ crypto/pem/pem_lib.o \ ++ crypto/pem/pem_all.o \ ++ crypto/pem/pem_err.o \ ++ crypto/pem/pem_x509.o \ ++ crypto/pem/pem_xaux.o \ ++ crypto/pem/pem_oth.o \ ++ crypto/pem/pem_pk8.o \ ++ crypto/pem/pem_pkey.o \ ++ crypto/pem/pvkfmt.o \ ++ crypto/x509/x509_def.o \ ++ crypto/x509/x509_d2.o \ ++ crypto/x509/x509_r2x.o \ ++ crypto/x509/x509_cmp.o \ ++ crypto/x509/x509_obj.o \ ++ crypto/x509/x509_req.o \ ++ crypto/x509/x509spki.o \ ++ crypto/x509/x509_vfy.o \ ++ crypto/x509/x509_set.o \ ++ crypto/x509/x509cset.o \ ++ crypto/x509/x509rset.o \ ++ crypto/x509/x509_err.o \ ++ crypto/x509/x509name.o \ ++ crypto/x509/x509_v3.o \ ++ crypto/x509/x509_ext.o \ ++ crypto/x509/x509_att.o \ ++ crypto/x509/x509type.o \ ++ crypto/x509/x509_lu.o \ ++ crypto/x509/x_all.o \ ++ crypto/x509/x509_txt.o \ ++ crypto/x509/x509_trs.o \ ++ crypto/x509/x509_vpm.o \ ++ crypto/x509v3/v3_bcons.o \ ++ crypto/x509v3/v3_bitst.o \ ++ crypto/x509v3/v3_conf.o \ ++ crypto/x509v3/v3_extku.o \ ++ crypto/x509v3/v3_ia5.o \ ++ crypto/x509v3/v3_lib.o \ ++ crypto/x509v3/v3_prn.o \ ++ crypto/x509v3/v3_utl.o \ ++ crypto/x509v3/v3err.o \ ++ crypto/x509v3/v3_genn.o \ ++ crypto/x509v3/v3_alt.o \ ++ crypto/x509v3/v3_skey.o \ ++ crypto/x509v3/v3_akey.o \ ++ crypto/x509v3/v3_pku.o \ ++ crypto/x509v3/v3_int.o \ ++ crypto/x509v3/v3_enum.o \ ++ crypto/x509v3/v3_sxnet.o \ ++ crypto/x509v3/v3_cpols.o \ ++ crypto/x509v3/v3_crld.o \ ++ crypto/x509v3/v3_purp.o \ ++ crypto/x509v3/v3_info.o \ ++ crypto/x509v3/v3_ocsp.o \ ++ crypto/x509v3/v3_akeya.o \ ++ crypto/x509v3/v3_pmaps.o \ ++ crypto/x509v3/v3_pcons.o \ ++ crypto/x509v3/v3_ncons.o \ ++ crypto/x509v3/v3_pcia.o \ ++ crypto/x509v3/v3_pci.o \ ++ crypto/x509v3/pcy_cache.o \ ++ crypto/x509v3/pcy_node.o \ ++ crypto/x509v3/pcy_data.o \ ++ crypto/x509v3/pcy_map.o \ ++ crypto/x509v3/pcy_tree.o \ ++ crypto/x509v3/pcy_lib.o \ ++ crypto/x509v3/v3_asid.o \ ++ crypto/x509v3/v3_addr.o \ ++ crypto/conf/conf_err.o \ ++ crypto/conf/conf_lib.o \ ++ crypto/conf/conf_api.o \ ++ crypto/conf/conf_def.o \ ++ crypto/conf/conf_mod.o \ ++ crypto/conf/conf_mall.o \ ++ crypto/conf/conf_sap.o \ ++ crypto/txt_db/txt_db.o \ ++ crypto/pkcs7/pk7_asn1.o \ ++ crypto/pkcs7/pk7_lib.o \ ++ crypto/pkcs7/pkcs7err.o \ ++ crypto/pkcs7/pk7_doit.o \ ++ crypto/pkcs7/pk7_smime.o \ ++ crypto/pkcs7/pk7_attr.o \ ++ crypto/pkcs7/pk7_mime.o \ ++ crypto/pkcs7/bio_pk7.o \ ++ crypto/pkcs12/p12_add.o \ ++ crypto/pkcs12/p12_asn.o \ ++ crypto/pkcs12/p12_attr.o \ ++ crypto/pkcs12/p12_crpt.o \ ++ crypto/pkcs12/p12_crt.o \ ++ crypto/pkcs12/p12_decr.o \ ++ crypto/pkcs12/p12_init.o \ ++ crypto/pkcs12/p12_key.o \ ++ crypto/pkcs12/p12_kiss.o \ ++ crypto/pkcs12/p12_mutl.o \ ++ crypto/pkcs12/p12_utl.o \ ++ crypto/pkcs12/p12_npas.o \ ++ crypto/pkcs12/pk12err.o \ ++ crypto/pkcs12/p12_p8d.o \ ++ crypto/pkcs12/p12_p8e.o \ ++ crypto/comp/comp_lib.o \ ++ crypto/comp/comp_err.o \ ++ crypto/comp/c_rle.o \ ++ crypto/comp/c_zlib.o \ ++ crypto/ocsp/ocsp_asn.o \ ++ crypto/ocsp/ocsp_ext.o \ ++ crypto/ocsp/ocsp_ht.o \ ++ crypto/ocsp/ocsp_lib.o \ ++ crypto/ocsp/ocsp_cl.o \ ++ crypto/ocsp/ocsp_srv.o \ ++ crypto/ocsp/ocsp_prn.o \ ++ crypto/ocsp/ocsp_vfy.o \ ++ crypto/ocsp/ocsp_err.o \ ++ crypto/ui/ui_lib.o \ ++ crypto/ui/ui_util.o \ ++ crypto/ui/ui_compat.o \ ++ crypto/krb5/krb5_asn.o \ ++ crypto/cmac/cmac.o \ ++ crypto/cmac/cm_ameth.o \ ++ crypto/cmac/cm_pmeth.o \ + + all: $(TARGET) + +diff --git a/Cryptlib/OpenSSL/buildinf.h b/Cryptlib/OpenSSL/buildinf.h +index 3d967d2..673bf78 100644 +--- a/Cryptlib/OpenSSL/buildinf.h ++++ b/Cryptlib/OpenSSL/buildinf.h +@@ -1,2 +1,2 @@ + #define PLATFORM "UEFI" +-#define DATE "Tues Mar 21 01:23:45 PDT 2017" ++#define DATE "Mon Mar 8 14:17:05 PDT 2010" +diff --git a/Cryptlib/OpenSSL/crypto/LPdir_nyi.c b/Cryptlib/OpenSSL/crypto/LPdir_nyi.c +index 049044c..b16e849 100644 +--- a/Cryptlib/OpenSSL/crypto/LPdir_nyi.c ++++ b/Cryptlib/OpenSSL/crypto/LPdir_nyi.c +@@ -1,12 +1,3 @@ +-/* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + /* + * Copyright (c) 2004, Richard Levitte + * All rights reserved. +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +index 342841f..805d0e2 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c +@@ -1,10 +1,52 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes_cbc.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +index f010e3c..1225000 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c +@@ -1,10 +1,52 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes_cfb.c */ ++/* ==================================================================== ++ * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +index bd5c779..7019b5d 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_core.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_core.c +@@ -1,12 +1,4 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- ++/* crypto/aes/aes_core.c */ + /** + * rijndael-alg-fst.c + * +@@ -36,10 +28,14 @@ + /* Note: rewritten a little bit to provide error control and an OpenSSL- + compatible API */ + ++#ifndef AES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif + #include + + #include +-#include + #include + #include "aes_locl.h" + +@@ -629,8 +625,8 @@ static const u32 rcon[] = { + /** + * Expand the cipher key into the encryption key schedule. + */ +-int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) ++int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) + { + + u32 *rk; +@@ -644,9 +640,9 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + + rk = key->rd_key; + +- if (bits == 128) ++ if (bits==128) + key->rounds = 10; +- else if (bits == 192) ++ else if (bits==192) + key->rounds = 12; + else + key->rounds = 14; +@@ -731,8 +727,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + /** + * Expand the cipher key into the decryption key schedule. + */ +-int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) ++int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) + { + + u32 *rk; +@@ -740,7 +736,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + u32 temp; + + /* first, start with an encryption schedule */ +- status = AES_set_encrypt_key(userKey, bits, key); ++ status = private_AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; + +@@ -1208,11 +1204,11 @@ static const u32 rcon[] = { + /** + * Expand the cipher key into the encryption key schedule. + */ +-int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) ++int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) + { + u32 *rk; +- int i = 0; ++ int i = 0; + u32 temp; + + if (!userKey || !key) +@@ -1222,9 +1218,9 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + + rk = key->rd_key; + +- if (bits == 128) ++ if (bits==128) + key->rounds = 10; +- else if (bits == 192) ++ else if (bits==192) + key->rounds = 12; + else + key->rounds = 14; +@@ -1309,8 +1305,8 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + /** + * Expand the cipher key into the decryption key schedule. + */ +-int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +- AES_KEY *key) ++int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) + { + + u32 *rk; +@@ -1318,7 +1314,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + u32 temp; + + /* first, start with an encryption schedule */ +- status = AES_set_encrypt_key(userKey, bits, key); ++ status = private_AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; + +@@ -1355,7 +1351,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + rk[j] = tpe ^ ROTATE(tpd,16) ^ + ROTATE(tp9,24) ^ ROTATE(tpb,8); + #else +- rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ ++ rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 8) ^ (tp9 << 24) ^ + (tpb >> 24) ^ (tpb << 8); + #endif +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +new file mode 100644 +index 0000000..9e760c4 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c +@@ -0,0 +1,63 @@ ++/* crypto/aes/aes_ctr.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include ++ ++void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, ++ size_t length, const AES_KEY *key, ++ unsigned char ivec[AES_BLOCK_SIZE], ++ unsigned char ecount_buf[AES_BLOCK_SIZE], ++ unsigned int *num) ++{ ++ CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, ++ (block128_f) AES_encrypt); ++} +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c +index 29bfc1a..52151a5 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c +@@ -1,12 +1,59 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes_ecb.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + ++#ifndef AES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif + #include + + #include +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +index 9125264..8f2b770 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c +@@ -1,13 +1,55 @@ +-/* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes_ige.c */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #include + #include "aes_locl.h" +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_locl.h b/Cryptlib/OpenSSL/crypto/aes/aes_locl.h +index adee29d..7acd74e 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_locl.h ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_locl.h +@@ -1,16 +1,63 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes.h */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_AES_LOCL_H + # define HEADER_AES_LOCL_H + + # include ++ ++# ifdef OPENSSL_NO_AES ++# error AES is disabled. ++# endif ++ + # include + # include + # include +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +index 7403c84..fafad4d 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c +@@ -1,16 +1,61 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes_misc.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include ++#include + #include + #include "aes_locl.h" + ++const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT; ++ + const char *AES_options(void) + { + #ifdef FULL_UNROLL +@@ -19,3 +64,23 @@ const char *AES_options(void) + return "aes(partial)"; + #endif + } ++ ++/* FIPS wrapper functions to block low level AES calls in FIPS mode */ ++ ++int AES_set_encrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) ++{ ++#ifdef OPENSSL_FIPS ++ fips_cipher_abort(AES); ++#endif ++ return private_AES_set_encrypt_key(userKey, bits, key); ++} ++ ++int AES_set_decrypt_key(const unsigned char *userKey, const int bits, ++ AES_KEY *key) ++{ ++#ifdef OPENSSL_FIPS ++ fips_cipher_abort(AES); ++#endif ++ return private_AES_set_decrypt_key(userKey, bits, key); ++} +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +index 215b538..64a08ca 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c +@@ -1,10 +1,52 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/aes/aes_ofb.c */ ++/* ==================================================================== ++ * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +index cae0b21..b7b64d5 100644 +--- a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c ++++ b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c +@@ -1,13 +1,58 @@ ++/* crypto/aes/aes_wrap.c */ + /* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +index 33be907..f906188 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c +@@ -1,20 +1,68 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_bitstr.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "asn1_locl.h" + + int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) + { +- return ASN1_STRING_set(x, d, len); ++ return M_ASN1_BIT_STRING_set(x, d, len); + } + + int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) +@@ -66,11 +114,10 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) + + *(p++) = (unsigned char)bits; + d = a->data; +- if (len > 0) { +- memcpy(p, d, len); +- p += len; ++ memcpy(p, d, len); ++ p += len; ++ if (len > 0) + p[-1] &= (0xff << bits); +- } + *pp = p; + return (ret); + } +@@ -89,7 +136,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + } + + if ((a == NULL) || ((*a) == NULL)) { +- if ((ret = ASN1_BIT_STRING_new()) == NULL) ++ if ((ret = M_ASN1_BIT_STRING_new()) == NULL) + return (NULL); + } else + ret = (*a); +@@ -108,7 +155,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ + + if (len-- > 1) { /* using one because of the bits left byte */ +- s = OPENSSL_malloc((int)len); ++ s = (unsigned char *)OPENSSL_malloc((int)len); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; +@@ -120,7 +167,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + s = NULL; + + ret->length = (int)len; +- OPENSSL_free(ret->data); ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); + ret->data = s; + ret->type = V_ASN1_BIT_STRING; + if (a != NULL) +@@ -129,8 +177,8 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + return (ret); + err: + ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i); +- if ((a == NULL) || (*a != ret)) +- ASN1_BIT_STRING_free(ret); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_BIT_STRING_free(ret); + return (NULL); + } + +@@ -156,7 +204,11 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) + if ((a->length < (w + 1)) || (a->data == NULL)) { + if (!value) + return (1); /* Don't need to set */ +- c = OPENSSL_clear_realloc(a->data, a->length, w + 1); ++ if (a->data == NULL) ++ c = (unsigned char *)OPENSSL_malloc(w + 1); ++ else ++ c = (unsigned char *)OPENSSL_realloc_clean(a->data, ++ a->length, w + 1); + if (c == NULL) { + ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); + return 0; +@@ -172,7 +224,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) + return (1); + } + +-int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) ++int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) + { + int w, v; + +@@ -189,8 +241,8 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) + * which is not specified in 'flags', 1 otherwise. + * 'len' is the length of 'flags'. + */ +-int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, +- const unsigned char *flags, int flags_len) ++int ASN1_BIT_STRING_check(ASN1_BIT_STRING *a, ++ unsigned char *flags, int flags_len) + { + int i, ok; + /* Check if there is one bit set at all. */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c +new file mode 100644 +index 0000000..1b85bc9 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c +@@ -0,0 +1,111 @@ ++/* crypto/asn1/a_bool.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++ ++int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) ++{ ++ int r; ++ unsigned char *p; ++ ++ r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); ++ if (pp == NULL) ++ return (r); ++ p = *pp; ++ ++ ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); ++ *(p++) = (unsigned char)a; ++ *pp = p; ++ return (r); ++} ++ ++int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) ++{ ++ int ret = -1; ++ const unsigned char *p; ++ long len; ++ int inf, tag, xclass; ++ int i = 0; ++ ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) { ++ i = ASN1_R_BAD_OBJECT_HEADER; ++ goto err; ++ } ++ ++ if (tag != V_ASN1_BOOLEAN) { ++ i = ASN1_R_EXPECTING_A_BOOLEAN; ++ goto err; ++ } ++ ++ if (len != 1) { ++ i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH; ++ goto err; ++ } ++ ret = (int)*(p++); ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c +new file mode 100644 +index 0000000..65e5394 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c +@@ -0,0 +1,334 @@ ++/* crypto/asn1/a_bytes.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++ ++static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c, ++ int depth); ++static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a, ++ const unsigned char **pp, long length, ++ int Ptag, int Pclass, int depth, ++ int *perr); ++/* ++ * type is a 'bitmap' of acceptable string types. ++ */ ++ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp, ++ long length, int type) ++{ ++ ASN1_STRING *ret = NULL; ++ const unsigned char *p; ++ unsigned char *s; ++ long len; ++ int inf, tag, xclass; ++ int i = 0; ++ ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) ++ goto err; ++ ++ if (tag >= 32) { ++ i = ASN1_R_TAG_VALUE_TOO_HIGH; ++ goto err; ++ } ++ if (!(ASN1_tag2bit(tag) & type)) { ++ i = ASN1_R_WRONG_TYPE; ++ goto err; ++ } ++ ++ /* If a bit-string, exit early */ ++ if (tag == V_ASN1_BIT_STRING) ++ return (d2i_ASN1_BIT_STRING(a, pp, length)); ++ ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = ASN1_STRING_new()) == NULL) ++ return (NULL); ++ } else ++ ret = (*a); ++ ++ if (len != 0) { ++ s = OPENSSL_malloc((int)len + 1); ++ if (s == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ memcpy(s, p, (int)len); ++ s[len] = '\0'; ++ p += len; ++ } else ++ s = NULL; ++ ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ ret->length = (int)len; ++ ret->data = s; ++ ret->type = tag; ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ ASN1_STRING_free(ret); ++ return (NULL); ++} ++ ++int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) ++{ ++ int ret, r, constructed; ++ unsigned char *p; ++ ++ if (a == NULL) ++ return (0); ++ ++ if (tag == V_ASN1_BIT_STRING) ++ return (i2d_ASN1_BIT_STRING(a, pp)); ++ ++ ret = a->length; ++ r = ASN1_object_size(0, ret, tag); ++ if (pp == NULL) ++ return (r); ++ p = *pp; ++ ++ if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) ++ constructed = 1; ++ else ++ constructed = 0; ++ ASN1_put_object(&p, constructed, ret, tag, xclass); ++ memcpy(p, a->data, a->length); ++ p += a->length; ++ *pp = p; ++ return (r); ++} ++ ++/* ++ * Maximum recursion depth of d2i_ASN1_bytes(): much more than should be ++ * encountered in pratice. ++ */ ++ ++#define ASN1_BYTES_MAXDEPTH 20 ++ ++ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp, ++ long length, int Ptag, int Pclass) ++{ ++ int err = 0; ++ ASN1_STRING *s = int_d2i_ASN1_bytes(a, pp, length, Ptag, Pclass, 0, &err); ++ if (err != 0) ++ ASN1err(ASN1_F_D2I_ASN1_BYTES, err); ++ return s; ++} ++ ++static ASN1_STRING *int_d2i_ASN1_bytes(ASN1_STRING **a, ++ const unsigned char **pp, long length, ++ int Ptag, int Pclass, ++ int depth, int *perr) ++{ ++ ASN1_STRING *ret = NULL; ++ const unsigned char *p; ++ unsigned char *s; ++ long len; ++ int inf, tag, xclass; ++ ++ if (depth > ASN1_BYTES_MAXDEPTH) { ++ *perr = ASN1_R_NESTED_ASN1_STRING; ++ return NULL; ++ } ++ ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = ASN1_STRING_new()) == NULL) ++ return (NULL); ++ } else ++ ret = (*a); ++ ++ p = *pp; ++ inf = ASN1_get_object(&p, &len, &tag, &xclass, length); ++ if (inf & 0x80) { ++ *perr = ASN1_R_BAD_OBJECT_HEADER; ++ goto err; ++ } ++ ++ if (tag != Ptag) { ++ *perr = ASN1_R_WRONG_TAG; ++ goto err; ++ } ++ ++ if (inf & V_ASN1_CONSTRUCTED) { ++ ASN1_const_CTX c; ++ ++ c.error = 0; ++ c.pp = pp; ++ c.p = p; ++ c.inf = inf; ++ c.slen = len; ++ c.tag = Ptag; ++ c.xclass = Pclass; ++ c.max = (length == 0) ? 0 : (p + length); ++ if (!asn1_collate_primitive(ret, &c, depth)) { ++ *perr = c.error; ++ goto err; ++ } else { ++ p = c.p; ++ } ++ } else { ++ if (len != 0) { ++ if ((ret->length < len) || (ret->data == NULL)) { ++ s = OPENSSL_malloc((int)len + 1); ++ if (s == NULL) { ++ *perr = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ } else ++ s = ret->data; ++ memcpy(s, p, (int)len); ++ s[len] = '\0'; ++ p += len; ++ } else { ++ s = NULL; ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ } ++ ++ ret->length = (int)len; ++ ret->data = s; ++ ret->type = Ptag; ++ } ++ ++ if (a != NULL) ++ (*a) = ret; ++ *pp = p; ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ ASN1_STRING_free(ret); ++ return (NULL); ++} ++ ++/* ++ * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them ++ * into the one structure that is then returned ++ */ ++/* ++ * There have been a few bug fixes for this function from Paul Keogh ++ * , many thanks to him ++ */ ++static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c, ++ int depth) ++{ ++ ASN1_STRING *os = NULL; ++ BUF_MEM b; ++ int num; ++ ++ b.length = 0; ++ b.max = 0; ++ b.data = NULL; ++ ++ if (a == NULL) { ++ c->error = ERR_R_PASSED_NULL_PARAMETER; ++ goto err; ++ } ++ ++ num = 0; ++ for (;;) { ++ if (c->inf & 1) { ++ c->eos = ASN1_const_check_infinite_end(&c->p, ++ (long)(c->max - c->p)); ++ if (c->eos) ++ break; ++ } else { ++ if (c->slen <= 0) ++ break; ++ } ++ ++ c->q = c->p; ++ if (int_d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass, ++ depth + 1, &c->error) == NULL) { ++ goto err; ++ } ++ ++ if (!BUF_MEM_grow_clean(&b, num + os->length)) { ++ c->error = ERR_R_BUF_LIB; ++ goto err; ++ } ++ memcpy(&(b.data[num]), os->data, os->length); ++ if (!(c->inf & 1)) ++ c->slen -= (c->p - c->q); ++ num += os->length; ++ } ++ ++ if (!asn1_const_Finish(c)) ++ goto err; ++ ++ a->length = num; ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ a->data = (unsigned char *)b.data; ++ if (os != NULL) ++ ASN1_STRING_free(os); ++ return (1); ++ err: ++ if (os != NULL) ++ ASN1_STRING_free(os); ++ if (b.data != NULL) ++ OPENSSL_free(b.data); ++ return (0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c +index e5c1d0e..51b6f24 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c +@@ -1,23 +1,71 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_d2i_fp.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" +-#include "internal/numbers.h" ++#include "cryptlib.h" + #include +-#include ++#include + + static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); + + #ifndef NO_OLD_ASN1 +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + + void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) + { +@@ -49,7 +97,8 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) + p = (unsigned char *)b->data; + ret = d2i(x, &p, len); + err: +- BUF_MEM_free(b); ++ if (b != NULL) ++ BUF_MEM_free(b); + return (ret); + } + +@@ -69,11 +118,12 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) + p = (const unsigned char *)b->data; + ret = ASN1_item_d2i(x, &p, len, it); + err: +- BUF_MEM_free(b); ++ if (b != NULL) ++ BUF_MEM_free(b); + return (ret); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) + { + BIO *b; +@@ -97,15 +147,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) + BUF_MEM *b; + unsigned char *p; + int i; ++ ASN1_const_CTX c; + size_t want = HEADER_SIZE; +- uint32_t eos = 0; ++ int eos = 0; + size_t off = 0; + size_t len = 0; + +- const unsigned char *q; +- long slen; +- int inf, tag, xclass; +- + b = BUF_MEM_new(); + if (b == NULL) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); +@@ -137,9 +184,10 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) + /* else data already loaded */ + + p = (unsigned char *)&(b->data[off]); +- q = p; +- inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off); +- if (inf & 0x80) { ++ c.p = p; ++ c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass), ++ len - off); ++ if (c.inf & 0x80) { + unsigned long e; + + e = ERR_GET_REASON(ERR_peek_error()); +@@ -148,27 +196,27 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) + else + ERR_clear_error(); /* clear error */ + } +- i = q - p; /* header length */ ++ i = c.p - p; /* header length */ + off += i; /* end of data */ + +- if (inf & 1) { ++ if (c.inf & 1) { + /* no data body so go round again */ +- if (eos == UINT32_MAX) { ++ eos++; ++ if (eos < 0) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); + goto err; + } +- eos++; + want = HEADER_SIZE; +- } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) { ++ } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) { + /* eos value, so go back and read another header */ + eos--; +- if (eos == 0) ++ if (eos <= 0) + break; + else + want = HEADER_SIZE; + } else { +- /* suck in slen bytes of data */ +- want = slen; ++ /* suck in c.slen bytes of data */ ++ want = c.slen; + if (want > (len - off)) { + size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; + +@@ -210,12 +258,12 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) + chunk_max *= 2; + } + } +- if (off + slen < off) { ++ if (off + c.slen < off) { + ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + goto err; + } +- off += slen; +- if (eos == 0) { ++ off += c.slen; ++ if (eos <= 0) { + break; + } else + want = HEADER_SIZE; +@@ -230,6 +278,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) + *pb = b; + return off; + err: +- BUF_MEM_free(b); ++ if (b != NULL) ++ BUF_MEM_free(b); + return -1; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +index 46bff0d..7cbc475 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_digest.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef NO_SYS_TYPES_H + # include +@@ -30,17 +79,15 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, + unsigned char *str, *p; + + i = i2d(data, NULL); +- if ((str = OPENSSL_malloc(i)) == NULL) { ++ if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) { + ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); + return (0); + } + p = str; + i2d(data, &p); + +- if (!EVP_Digest(str, i, md, len, type, NULL)) { +- OPENSSL_free(str); ++ if (!EVP_Digest(str, i, md, len, type, NULL)) + return 0; +- } + OPENSSL_free(str); + return (1); + } +@@ -57,10 +104,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, + if (!str) + return (0); + +- if (!EVP_Digest(str, i, md, len, type, NULL)) { +- OPENSSL_free(str); ++ if (!EVP_Digest(str, i, md, len, type, NULL)) + return 0; +- } + OPENSSL_free(str); + return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +index d9a57b2..349ab56 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_dup.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + #ifndef NO_OLD_ASN1 +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c +new file mode 100644 +index 0000000..c3498ac +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c +@@ -0,0 +1,181 @@ ++/* crypto/asn1/a_enum.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++ ++/* ++ * Code for ENUMERATED type: identical to INTEGER apart from a different tag. ++ * for comments on encoding see a_int.c ++ */ ++ ++int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) ++{ ++ int j, k; ++ unsigned int i; ++ unsigned char buf[sizeof(long) + 1]; ++ long d; ++ ++ a->type = V_ASN1_ENUMERATED; ++ if (a->length < (int)(sizeof(long) + 1)) { ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ if ((a->data = ++ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) ++ memset((char *)a->data, 0, sizeof(long) + 1); ++ } ++ if (a->data == NULL) { ++ ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ d = v; ++ if (d < 0) { ++ d = -d; ++ a->type = V_ASN1_NEG_ENUMERATED; ++ } ++ ++ for (i = 0; i < sizeof(long); i++) { ++ if (d == 0) ++ break; ++ buf[i] = (int)d & 0xff; ++ d >>= 8; ++ } ++ j = 0; ++ for (k = i - 1; k >= 0; k--) ++ a->data[j++] = buf[k]; ++ a->length = j; ++ return (1); ++} ++ ++long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) ++{ ++ int neg = 0, i; ++ long r = 0; ++ ++ if (a == NULL) ++ return (0L); ++ i = a->type; ++ if (i == V_ASN1_NEG_ENUMERATED) ++ neg = 1; ++ else if (i != V_ASN1_ENUMERATED) ++ return -1; ++ ++ if (a->length > (int)sizeof(long)) { ++ /* hmm... a bit ugly */ ++ return (0xffffffffL); ++ } ++ if (a->data == NULL) ++ return 0; ++ ++ for (i = 0; i < a->length; i++) { ++ r <<= 8; ++ r |= (unsigned char)a->data[i]; ++ } ++ if (neg) ++ r = -r; ++ return (r); ++} ++ ++ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) ++{ ++ ASN1_ENUMERATED *ret; ++ int len, j; ++ ++ if (ai == NULL) ++ ret = M_ASN1_ENUMERATED_new(); ++ else ++ ret = ai; ++ if (ret == NULL) { ++ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ if (BN_is_negative(bn)) ++ ret->type = V_ASN1_NEG_ENUMERATED; ++ else ++ ret->type = V_ASN1_ENUMERATED; ++ j = BN_num_bits(bn); ++ len = ((j == 0) ? 0 : ((j / 8) + 1)); ++ if (ret->length < len + 4) { ++ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); ++ if (!new_data) { ++ ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ret->data = new_data; ++ } ++ ++ ret->length = BN_bn2bin(bn, ret->data); ++ return (ret); ++ err: ++ if (ret != ai) ++ M_ASN1_ENUMERATED_free(ret); ++ return (NULL); ++} ++ ++BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) ++{ ++ BIGNUM *ret; ++ ++ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) ++ ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB); ++ else if (ai->type == V_ASN1_NEG_ENUMERATED) ++ BN_set_negative(ret, 1); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +index c02c8d9..fa76dca 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c +@@ -1,22 +1,123 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_gentm.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* +- * GENERALIZEDTIME implementation. Based on UTCTIME ++ * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include "o_time.h" + #include + #include "asn1_locl.h" + ++#if 0 ++ ++int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) ++{ ++# ifdef CHARSET_EBCDIC ++ /* KLUDGE! We convert to ascii before writing DER */ ++ int len; ++ char tmp[24]; ++ ASN1_STRING tmpstr = *(ASN1_STRING *)a; ++ ++ len = tmpstr.length; ++ ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); ++ tmpstr.data = tmp; ++ ++ a = (ASN1_GENERALIZEDTIME *)&tmpstr; ++# endif ++ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, ++ V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); ++} ++ ++ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, ++ unsigned char **pp, ++ long length) ++{ ++ ASN1_GENERALIZEDTIME *ret = NULL; ++ ++ ret = ++ (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, ++ V_ASN1_GENERALIZEDTIME, ++ V_ASN1_UNIVERSAL); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); ++ return (NULL); ++ } ++# ifdef CHARSET_EBCDIC ++ ascii2ebcdic(ret->data, ret->data, ret->length); ++# endif ++ if (!ASN1_GENERALIZEDTIME_check(ret)) { ++ ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); ++ goto err; ++ } ++ ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_GENERALIZEDTIME_free(ret); ++ return (NULL); ++} ++ ++#endif ++ + int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) + { + static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; +@@ -148,7 +249,8 @@ int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) + t.data = (unsigned char *)str; + if (ASN1_GENERALIZEDTIME_check(&t)) { + if (s != NULL) { +- if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) ++ if (!ASN1_STRING_set((ASN1_STRING *)s, ++ (unsigned char *)str, t.length)) + return 0; + s->type = V_ASN1_GENERALIZEDTIME; + } +@@ -171,103 +273,40 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + struct tm *ts; + struct tm data; + size_t len = 20; +- ASN1_GENERALIZEDTIME *tmps = NULL; + + if (s == NULL) +- tmps = ASN1_GENERALIZEDTIME_new(); +- else +- tmps = s; +- if (tmps == NULL) +- return NULL; ++ s = M_ASN1_GENERALIZEDTIME_new(); ++ if (s == NULL) ++ return (NULL); + + ts = OPENSSL_gmtime(&t, &data); + if (ts == NULL) +- goto err; ++ return (NULL); + + if (offset_day || offset_sec) { + if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) +- goto err; ++ return NULL; + } + +- p = (char *)tmps->data; +- if ((p == NULL) || ((size_t)tmps->length < len)) { ++ p = (char *)s->data; ++ if ((p == NULL) || ((size_t)s->length < len)) { + p = OPENSSL_malloc(len); + if (p == NULL) { + ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); +- goto err; ++ return (NULL); + } +- OPENSSL_free(tmps->data); +- tmps->data = (unsigned char *)p; ++ if (s->data != NULL) ++ OPENSSL_free(s->data); ++ s->data = (unsigned char *)p; + } + + BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900, + ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min, + ts->tm_sec); +- tmps->length = strlen(p); +- tmps->type = V_ASN1_GENERALIZEDTIME; ++ s->length = strlen(p); ++ s->type = V_ASN1_GENERALIZEDTIME; + #ifdef CHARSET_EBCDIC_not +- ebcdic2ascii(tmps->data, tmps->data, tmps->length); ++ ebcdic2ascii(s->data, s->data, s->length); + #endif +- return tmps; +- err: +- if (s == NULL) +- ASN1_GENERALIZEDTIME_free(tmps); +- return NULL; +-} +- +-const char *_asn1_mon[12] = { +- "Jan", "Feb", "Mar", "Apr", "May", "Jun", +- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" +-}; +- +-int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) +-{ +- char *v; +- int gmt = 0; +- int i; +- int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; +- char *f = NULL; +- int f_len = 0; +- +- i = tm->length; +- v = (char *)tm->data; +- +- if (i < 12) +- goto err; +- if (v[i - 1] == 'Z') +- gmt = 1; +- for (i = 0; i < 12; i++) +- if ((v[i] > '9') || (v[i] < '0')) +- goto err; +- y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 +- + (v[2] - '0') * 10 + (v[3] - '0'); +- M = (v[4] - '0') * 10 + (v[5] - '0'); +- if ((M > 12) || (M < 1)) +- goto err; +- d = (v[6] - '0') * 10 + (v[7] - '0'); +- h = (v[8] - '0') * 10 + (v[9] - '0'); +- m = (v[10] - '0') * 10 + (v[11] - '0'); +- if (tm->length >= 14 && +- (v[12] >= '0') && (v[12] <= '9') && +- (v[13] >= '0') && (v[13] <= '9')) { +- s = (v[12] - '0') * 10 + (v[13] - '0'); +- /* Check for fractions of seconds. */ +- if (tm->length >= 15 && v[14] == '.') { +- int l = tm->length; +- f = &v[14]; /* The decimal point. */ +- f_len = 1; +- while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') +- ++f_len; +- } +- } +- +- if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", +- _asn1_mon[M - 1], d, h, m, s, f_len, f, y, +- (gmt) ? " GMT" : "") <= 0) +- return (0); +- else +- return (1); +- err: +- BIO_write(bp, "Bad time value", 14); +- return (0); ++ return (s); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c +index 1514ede..0f56cd4 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c +@@ -1,20 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_i2d_fp.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + + #ifndef NO_OLD_ASN1 + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) + { + BIO *b; +@@ -38,7 +87,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) + int i, j = 0, n, ret = 1; + + n = i2d(x, NULL); +- b = OPENSSL_malloc(n); ++ b = (char *)OPENSSL_malloc(n); + if (b == NULL) { + ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); + return (0); +@@ -64,7 +113,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) + + #endif + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) + { + BIO *b; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +index e0bcd6e..7e26704 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c +@@ -1,23 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_int.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" +-#include "internal/numbers.h" +-#include ++#include "cryptlib.h" + #include + #include +-#include "asn1_locl.h" + + ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x) + { +- return ASN1_STRING_dup(x); ++ return M_ASN1_INTEGER_dup(x); + } + + int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) +@@ -41,11 +87,10 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) + } + + /*- +- * This converts a big endian buffer and sign into its content encoding. +- * This is used for INTEGER and ENUMERATED types. ++ * This converts an ASN1 INTEGER into its content encoding. + * The internal representation is an ASN1_STRING whose data is a big endian + * representation of the value, ignoring the sign. The sign is determined by +- * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive. ++ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. + * + * Positive integers are no problem: they are almost the same as the DER + * encoding, except if the first byte is >= 0x80 we need to add a zero pad. +@@ -66,19 +111,19 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) + * followed by optional zeros isn't padded. + */ + +-static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, +- unsigned char **pp) ++int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) + { +- int pad = 0; +- size_t ret, i; +- unsigned char *p, pb = 0; +- const unsigned char *n; ++ int pad = 0, ret, i, neg; ++ unsigned char *p, *n, pb = 0; + +- if (b == NULL || blen == 0) ++ if (a == NULL) ++ return (0); ++ neg = a->type & V_ASN1_NEG; ++ if (a->length == 0) + ret = 1; + else { +- ret = blen; +- i = b[0]; ++ ret = a->length; ++ i = a->data[0]; + if (ret == 1 && i == 0) + neg = 0; + if (!neg && (i > 127)) { +@@ -93,8 +138,8 @@ static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, + * Special case: if any other bytes non zero we pad: + * otherwise we don't. + */ +- for (i = 1; i < blen; i++) +- if (b[i]) { ++ for (i = 1; i < a->length; i++) ++ if (a->data[i]) { + pad = 1; + pb = 0xFF; + break; +@@ -104,299 +149,127 @@ static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, + ret += pad; + } + if (pp == NULL) +- return ret; ++ return (ret); + p = *pp; + + if (pad) + *(p++) = pb; +- if (b == NULL || blen == 0) +- *p = 0; ++ if (a->length == 0) ++ *(p++) = 0; + else if (!neg) +- memcpy(p, b, blen); ++ memcpy(p, a->data, (unsigned int)a->length); + else { + /* Begin at the end of the encoding */ +- n = b + blen; +- p += blen; +- i = blen; ++ n = a->data + a->length - 1; ++ p += a->length - 1; ++ i = a->length; + /* Copy zeros to destination as long as source is zero */ +- while (!n[-1] && i > 1) { +- *(--p) = 0; ++ while (!*n && i > 1) { ++ *(p--) = 0; + n--; + i--; + } + /* Complement and increment next octet */ +- *(--p) = ((*(--n)) ^ 0xff) + 1; ++ *(p--) = ((*(n--)) ^ 0xff) + 1; + i--; + /* Complement any octets left */ + for (; i > 0; i--) +- *(--p) = *(--n) ^ 0xff; ++ *(p--) = *(n--) ^ 0xff; + } + + *pp += ret; +- return ret; +-} +- +-/* +- * convert content octets into a big endian buffer. Returns the length +- * of buffer or 0 on error: for malformed INTEGER. If output buffer is +- * NULL just return length. +- */ +- +-static size_t c2i_ibuf(unsigned char *b, int *pneg, +- const unsigned char *p, size_t plen) +-{ +- size_t i; +- int neg, pad; +- /* Zero content length is illegal */ +- if (plen == 0) { +- ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT); +- return 0; +- } +- neg = p[0] & 0x80; +- if (pneg) +- *pneg = neg; +- /* Handle common case where length is 1 octet separately */ +- if (plen == 1) { +- if (b) { +- if (neg) +- b[0] = (p[0] ^ 0xFF) + 1; +- else +- b[0] = p[0]; +- } +- return 1; +- } +- if (p[0] == 0 || p[0] == 0xFF) +- pad = 1; +- else +- pad = 0; +- /* reject illegal padding: first two octets MSB can't match */ +- if (pad && (neg == (p[1] & 0x80))) { +- ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING); +- return 0; +- } +- /* If positive just copy across */ +- if (neg == 0) { +- if (b) +- memcpy(b, p + pad, plen - pad); +- return plen - pad; +- } +- +- if (neg && pad) { +- /* check is any following octets are non zero */ +- for (i = 1; i < plen; i++) { +- if (p[i] != 0) +- break; +- } +- /* if all bytes are zero handle as special case */ +- if (i == plen) { +- if (b) { +- b[0] = 1; +- memset(b + 1, 0, plen - 1); +- } +- return plen; +- } +- } +- +- plen -= pad; +- /* Must be negative: calculate twos complement */ +- if (b) { +- const unsigned char *from = p + plen - 1 + pad; +- unsigned char *to = b + plen; +- i = plen; +- while (*from == 0 && i) { +- *--to = 0; +- i--; +- from--; +- } +- *--to = (*from-- ^ 0xff) + 1; +- OPENSSL_assert(i != 0); +- i--; +- for (; i > 0; i--) +- *--to = *from-- ^ 0xff; +- } +- return plen; +-} +- +-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +-{ +- return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp); +-} +- +-/* Convert big endian buffer into uint64_t, return 0 on error */ +-static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen) +-{ +- size_t i; +- if (blen > sizeof(*pr)) { +- ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE); +- return 0; +- } +- *pr = 0; +- if (b == NULL) +- return 0; +- for (i = 0; i < blen; i++) { +- *pr <<= 8; +- *pr |= b[i]; +- } +- return 1; ++ return (ret); + } + +-static size_t asn1_put_uint64(unsigned char *b, uint64_t r) +-{ +- if (r >= 0x100) { +- unsigned char *p; +- uint64_t rtmp = r; +- size_t i = 0; +- +- /* Work out how many bytes we need */ +- while (rtmp) { +- rtmp >>= 8; +- i++; +- } +- +- /* Copy from end to beginning */ +- p = b + i - 1; +- +- do { +- *p-- = r & 0xFF; +- r >>= 8; +- } while (p >= b); ++/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ + +- return i; +- } +- +- b[0] = (unsigned char)r; +- return 1; +- +-} +- +-/* +- * Absolute value of INT64_MIN: we can't just use -INT64_MIN as it produces +- * overflow warnings. +- */ +- +-#define ABS_INT64_MIN \ +- ((uint64_t)INT64_MAX + (uint64_t)(-(INT64_MIN + INT64_MAX))) +- +-/* signed version of asn1_get_uint64 */ +-static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, +- int neg) +-{ +- uint64_t r; +- if (asn1_get_uint64(&r, b, blen) == 0) +- return 0; +- if (neg) { +- if (r > ABS_INT64_MIN) { +- ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL); +- return 0; +- } +- *pr = 0 - (uint64_t)r; +- } else { +- if (r > INT64_MAX) { +- ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE); +- return 0; +- } +- *pr = (int64_t)r; +- } +- return 1; +-} +- +-/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */ + ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long len) + { + ASN1_INTEGER *ret = NULL; +- size_t r; +- int neg; +- +- r = c2i_ibuf(NULL, NULL, *pp, len); +- +- if (r == 0) +- return NULL; ++ const unsigned char *p, *pend; ++ unsigned char *to, *s; ++ int i; + + if ((a == NULL) || ((*a) == NULL)) { +- ret = ASN1_INTEGER_new(); +- if (ret == NULL) +- return NULL; ++ if ((ret = M_ASN1_INTEGER_new()) == NULL) ++ return (NULL); + ret->type = V_ASN1_INTEGER; + } else +- ret = *a; +- +- if (ASN1_STRING_set(ret, NULL, r) == 0) +- goto err; +- +- c2i_ibuf(ret->data, &neg, *pp, len); +- +- if (neg) +- ret->type |= V_ASN1_NEG; ++ ret = (*a); + +- *pp += len; +- if (a != NULL) +- (*a) = ret; +- return ret; +- err: +- ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); +- if ((a == NULL) || (*a != ret)) +- ASN1_INTEGER_free(ret); +- return NULL; +-} ++ p = *pp; ++ pend = p + len; + +-static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype) +-{ +- if (a == NULL) { +- ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if ((a->type & ~V_ASN1_NEG) != itype) { +- ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE); +- return 0; ++ /* ++ * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies ++ * a missing NULL parameter. ++ */ ++ s = (unsigned char *)OPENSSL_malloc((int)len + 1); ++ if (s == NULL) { ++ i = ERR_R_MALLOC_FAILURE; ++ goto err; + } +- return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG); +-} +- +-static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype) +-{ +- unsigned char tbuf[sizeof(r)]; +- size_t l; +- a->type = itype; +- if (r < 0) { +- l = asn1_put_uint64(tbuf, -r); +- a->type |= V_ASN1_NEG; ++ to = s; ++ if (!len) { ++ /* ++ * Strictly speaking this is an illegal INTEGER but we tolerate it. ++ */ ++ ret->type = V_ASN1_INTEGER; ++ } else if (*p & 0x80) { /* a negative number */ ++ ret->type = V_ASN1_NEG_INTEGER; ++ if ((*p == 0xff) && (len != 1)) { ++ p++; ++ len--; ++ } ++ i = len; ++ p += i - 1; ++ to += i - 1; ++ while ((!*p) && i) { ++ *(to--) = 0; ++ i--; ++ p--; ++ } ++ /* ++ * Special case: if all zeros then the number will be of the form FF ++ * followed by n zero bytes: this corresponds to 1 followed by n zero ++ * bytes. We've already written n zeros so we just append an extra ++ * one and set the first byte to a 1. This is treated separately ++ * because it is the only case where the number of bytes is larger ++ * than len. ++ */ ++ if (!i) { ++ *s = 1; ++ s[len] = 0; ++ len++; ++ } else { ++ *(to--) = (*(p--) ^ 0xff) + 1; ++ i--; ++ for (; i > 0; i--) ++ *(to--) = *(p--) ^ 0xff; ++ } + } else { +- l = asn1_put_uint64(tbuf, r); +- a->type &= ~V_ASN1_NEG; +- } +- if (l == 0) +- return 0; +- return ASN1_STRING_set(a, tbuf, l); +-} +- +-static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a, +- int itype) +-{ +- if (a == NULL) { +- ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER); +- return 0; +- } +- if ((a->type & ~V_ASN1_NEG) != itype) { +- ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE); +- return 0; +- } +- if (a->type & V_ASN1_NEG) { +- ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE); +- return 0; ++ ret->type = V_ASN1_INTEGER; ++ if ((*p == 0) && (len != 1)) { ++ p++; ++ len--; ++ } ++ memcpy(s, p, (int)len); + } +- return asn1_get_uint64(pr, a->data, a->length); +-} + +-static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype) +-{ +- unsigned char tbuf[sizeof(r)]; +- size_t l; +- a->type = itype; +- l = asn1_put_uint64(tbuf, r); +- if (l == 0) +- return 0; +- return ASN1_STRING_set(a, tbuf, l); ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); ++ ret->data = s; ++ ret->length = (int)len; ++ if (a != NULL) ++ (*a) = ret; ++ *pp = pend; ++ return (ret); ++ err: ++ ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_INTEGER_free(ret); ++ return (NULL); + } + + /* +@@ -416,7 +289,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + int i; + + if ((a == NULL) || ((*a) == NULL)) { +- if ((ret = ASN1_INTEGER_new()) == NULL) ++ if ((ret = M_ASN1_INTEGER_new()) == NULL) + return (NULL); + ret->type = V_ASN1_INTEGER; + } else +@@ -438,7 +311,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies + * a missing NULL parameter. + */ +- s = OPENSSL_malloc((int)len + 1); ++ s = (unsigned char *)OPENSSL_malloc((int)len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; +@@ -453,7 +326,8 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + p += len; + } + +- OPENSSL_free(ret->data); ++ if (ret->data != NULL) ++ OPENSSL_free(ret->data); + ret->data = s; + ret->length = (int)len; + if (a != NULL) +@@ -462,163 +336,129 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + return (ret); + err: + ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); +- if ((a == NULL) || (*a != ret)) +- ASN1_INTEGER_free(ret); ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_INTEGER_free(ret); + return (NULL); + } + +-static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, +- int atype) ++int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) + { +- ASN1_INTEGER *ret; +- int len; +- +- if (ai == NULL) { +- ret = ASN1_STRING_type_new(atype); +- } else { +- ret = ai; +- ret->type = atype; ++ int j, k; ++ unsigned int i; ++ unsigned char buf[sizeof(long) + 1]; ++ long d; ++ ++ a->type = V_ASN1_INTEGER; ++ if (a->length < (int)(sizeof(long) + 1)) { ++ if (a->data != NULL) ++ OPENSSL_free(a->data); ++ if ((a->data = ++ (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL) ++ memset((char *)a->data, 0, sizeof(long) + 1); + } +- +- if (ret == NULL) { +- ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR); +- goto err; ++ if (a->data == NULL) { ++ ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); ++ return (0); + } +- +- if (BN_is_negative(bn) && !BN_is_zero(bn)) +- ret->type |= V_ASN1_NEG_INTEGER; +- +- len = BN_num_bytes(bn); +- +- if (len == 0) +- len = 1; +- +- if (ASN1_STRING_set(ret, NULL, len) == 0) { +- ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* Correct zero case */ +- if (BN_is_zero(bn)) +- ret->data[0] = 0; +- else +- len = BN_bn2bin(bn, ret->data); +- ret->length = len; +- return ret; +- err: +- if (ret != ai) +- ASN1_INTEGER_free(ret); +- return (NULL); +-} +- +-static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn, +- int itype) +-{ +- BIGNUM *ret; +- +- if ((ai->type & ~V_ASN1_NEG) != itype) { +- ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE); +- return NULL; ++ d = v; ++ if (d < 0) { ++ d = -d; ++ a->type = V_ASN1_NEG_INTEGER; + } + +- ret = BN_bin2bn(ai->data, ai->length, bn); +- if (ret == 0) { +- ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB); +- return NULL; ++ for (i = 0; i < sizeof(long); i++) { ++ if (d == 0) ++ break; ++ buf[i] = (int)d & 0xff; ++ d >>= 8; + } +- if (ai->type & V_ASN1_NEG) +- BN_set_negative(ret, 1); +- return ret; +-} +- +-int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a) +-{ +- return asn1_string_get_int64(pr, a, V_ASN1_INTEGER); +-} +- +-int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r) +-{ +- return asn1_string_set_int64(a, r, V_ASN1_INTEGER); +-} +- +-int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a) +-{ +- return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER); +-} +- +-int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r) +-{ +- return asn1_string_set_uint64(a, r, V_ASN1_INTEGER); +-} +- +-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) +-{ +- return ASN1_INTEGER_set_int64(a, v); ++ j = 0; ++ for (k = i - 1; k >= 0; k--) ++ a->data[j++] = buf[k]; ++ a->length = j; ++ return (1); + } + + long ASN1_INTEGER_get(const ASN1_INTEGER *a) + { +- int i; +- int64_t r; ++ int neg = 0, i; ++ long r = 0; ++ + if (a == NULL) +- return 0; +- i = ASN1_INTEGER_get_int64(&r, a); +- if (i == 0) ++ return (0L); ++ i = a->type; ++ if (i == V_ASN1_NEG_INTEGER) ++ neg = 1; ++ else if (i != V_ASN1_INTEGER) + return -1; +- if (r > LONG_MAX || r < LONG_MIN) +- return -1; +- return (long)r; +-} + +-ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) +-{ +- return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER); +-} ++ if (a->length > (int)sizeof(long)) { ++ /* hmm... a bit ugly, return all ones */ ++ return -1; ++ } ++ if (a->data == NULL) ++ return 0; + +-BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) +-{ +- return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER); ++ for (i = 0; i < a->length; i++) { ++ r <<= 8; ++ r |= (unsigned char)a->data[i]; ++ } ++ if (neg) ++ r = -r; ++ return (r); + } + +-int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a) ++ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) + { +- return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED); +-} ++ ASN1_INTEGER *ret; ++ int len, j; + +-int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r) +-{ +- return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED); ++ if (ai == NULL) ++ ret = M_ASN1_INTEGER_new(); ++ else ++ ret = ai; ++ if (ret == NULL) { ++ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ if (BN_is_negative(bn) && !BN_is_zero(bn)) ++ ret->type = V_ASN1_NEG_INTEGER; ++ else ++ ret->type = V_ASN1_INTEGER; ++ j = BN_num_bits(bn); ++ len = ((j == 0) ? 0 : ((j / 8) + 1)); ++ if (ret->length < len + 4) { ++ unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); ++ if (!new_data) { ++ ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ret->data = new_data; ++ } ++ ret->length = BN_bn2bin(bn, ret->data); ++ /* Correct zero case */ ++ if (!ret->length) { ++ ret->data[0] = 0; ++ ret->length = 1; ++ } ++ return (ret); ++ err: ++ if (ret != ai) ++ M_ASN1_INTEGER_free(ret); ++ return (NULL); + } + +-int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) ++BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) + { +- return ASN1_ENUMERATED_set_int64(a, v); +-} ++ BIGNUM *ret; + +-long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a) +-{ +- int i; +- int64_t r; +- if (a == NULL) +- return 0; +- if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED) +- return -1; +- if (a->length > (int)sizeof(long)) +- return 0xffffffffL; +- i = ASN1_ENUMERATED_get_int64(&r, a); +- if (i == 0) +- return -1; +- if (r > LONG_MAX || r < LONG_MIN) +- return -1; +- return (long)r; ++ if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) ++ ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB); ++ else if (ai->type == V_ASN1_NEG_INTEGER) ++ BN_set_negative(ret, 1); ++ return (ret); + } + +-ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) +-{ +- return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED); +-} ++IMPLEMENT_STACK_OF(ASN1_INTEGER) + +-BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) +-{ +- return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED); +-} ++IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c +index 5578e92..6935efe 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c +@@ -1,15 +1,65 @@ ++/* a_mbstr.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + static int traverse_string(const unsigned char *p, int len, int inform, +@@ -22,14 +72,13 @@ static int cpy_asc(unsigned long value, void *arg); + static int cpy_bmp(unsigned long value, void *arg); + static int cpy_univ(unsigned long value, void *arg); + static int cpy_utf8(unsigned long value, void *arg); +-static int is_numeric(unsigned long value); + static int is_printable(unsigned long value); + + /* + * These functions take a string in UTF8, ASCII or multibyte form and a mask + * of permissible ASN1 string types. It then works out the minimal type +- * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8) +- * and creates a string of the correct type with the supplied data. Yes this is ++ * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and ++ * creates a string of the correct type with the supplied data. Yes this is + * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum + * size limits too. + */ +@@ -120,9 +169,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + + /* Now work out output format and string type */ + outform = MBSTRING_ASC; +- if (mask & B_ASN1_NUMERICSTRING) +- str_type = V_ASN1_NUMERICSTRING; +- else if (mask & B_ASN1_PRINTABLESTRING) ++ if (mask & B_ASN1_PRINTABLESTRING) + str_type = V_ASN1_PRINTABLESTRING; + else if (mask & B_ASN1_IA5STRING) + str_type = V_ASN1_IA5STRING; +@@ -143,14 +190,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + if (*out) { + free_out = 0; + dest = *out; +- OPENSSL_free(dest->data); +- dest->data = NULL; +- dest->length = 0; ++ if (dest->data) { ++ dest->length = 0; ++ OPENSSL_free(dest->data); ++ dest->data = NULL; ++ } + dest->type = str_type; + } else { + free_out = 1; + dest = ASN1_STRING_type_new(str_type); +- if (dest == NULL) { ++ if (!dest) { + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); + return -1; + } +@@ -188,7 +237,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + cpyfunc = cpy_utf8; + break; + } +- if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { ++ if (!(p = OPENSSL_malloc(outlen + 1))) { + if (free_out) + ASN1_STRING_free(dest); + ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); +@@ -273,8 +322,6 @@ static int type_str(unsigned long value, void *arg) + { + unsigned long types; + types = *((unsigned long *)arg); +- if ((types & B_ASN1_NUMERICSTRING) && !is_numeric(value)) +- types &= ~B_ASN1_NUMERICSTRING; + if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) + types &= ~B_ASN1_PRINTABLESTRING; + if ((types & B_ASN1_IA5STRING) && (value > 127)) +@@ -374,22 +421,3 @@ static int is_printable(unsigned long value) + #endif /* CHARSET_EBCDIC */ + return 0; + } +- +-/* Return 1 if the character is a digit or space */ +-static int is_numeric(unsigned long value) +-{ +- int ch; +- if (value > 0x7f) +- return 0; +- ch = (int)value; +-#ifndef CHARSET_EBCDIC +- if (!isdigit(ch) && ch != ' ') +- return 0; +-#else +- if (ch > os_toascii['9']) +- return 0; +- if (ch < os_toascii['0'] && ch != os_toascii[' ']) +- return 0; +-#endif +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +index 79f0ecd..229a40f 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c +@@ -1,23 +1,70 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_object.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/asn1_int.h" +-#include "asn1_locl.h" + +-int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) ++int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) + { + unsigned char *p; + int objsize; +@@ -90,9 +137,9 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) + } + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { + use_bn = 1; +- if (bl == NULL) ++ if (!bl) + bl = BN_new(); +- if (bl == NULL || !BN_set_word(bl, l)) ++ if (!bl || !BN_set_word(bl, l)) + goto err; + } + if (use_bn) { +@@ -124,7 +171,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) + OPENSSL_free(tmp); + tmpsize = blsize + 32; + tmp = OPENSSL_malloc(tmpsize); +- if (tmp == NULL) ++ if (!tmp) + goto err; + } + while (blsize--) { +@@ -156,21 +203,23 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) + } + if (tmp != ftmp) + OPENSSL_free(tmp); +- BN_free(bl); ++ if (bl) ++ BN_free(bl); + return (len); + err: + if (tmp != ftmp) + OPENSSL_free(tmp); +- BN_free(bl); ++ if (bl) ++ BN_free(bl); + return (0); + } + +-int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) ++int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) + { + return OBJ_obj2txt(buf, buf_len, a, 0); + } + +-int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) ++int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) + { + char buf[80], *p = buf; + int i; +@@ -180,15 +229,12 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) + i = i2t_ASN1_OBJECT(buf, sizeof buf, a); + if (i > (int)(sizeof(buf) - 1)) { + p = OPENSSL_malloc(i + 1); +- if (p == NULL) ++ if (!p) + return -1; + i2t_ASN1_OBJECT(p, i + 1, a); + } +- if (i <= 0) { +- i = BIO_write(bp, "", 9); +- i += BIO_dump(bp, (const char *)a->data, a->length); +- return i; +- } ++ if (i <= 0) ++ return BIO_write(bp, "", 9); + BIO_write(bp, p, i); + if (p != buf) + OPENSSL_free(p); +@@ -226,7 +272,7 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long len) + { +- ASN1_OBJECT *ret = NULL, tobj; ++ ASN1_OBJECT *ret = NULL; + const unsigned char *p; + unsigned char *data; + int i, length; +@@ -243,29 +289,6 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + } + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; +- /* +- * Try to lookup OID in table: these are all valid encodings so if we get +- * a match we know the OID is valid. +- */ +- tobj.nid = NID_undef; +- tobj.data = p; +- tobj.length = length; +- tobj.flags = 0; +- i = OBJ_obj2nid(&tobj); +- if (i != NID_undef) { +- /* +- * Return shared registered OID object: this improves efficiency +- * because we don't have to return a dynamically allocated OID +- * and NID lookups can use the cached value. +- */ +- ret = OBJ_nid2obj(i); +- if (a) { +- ASN1_OBJECT_free(*a); +- *a = ret; +- } +- *pp += len; +- return ret; +- } + for (i = 0; i < length; i++, p++) { + if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { + ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); +@@ -291,8 +314,9 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + /* once detached we can change it */ + if ((data == NULL) || (ret->length < length)) { + ret->length = 0; +- OPENSSL_free(data); +- data = OPENSSL_malloc(length); ++ if (data != NULL) ++ OPENSSL_free(data); ++ data = (unsigned char *)OPENSSL_malloc(length); + if (data == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; +@@ -314,7 +338,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + return (ret); + err: + ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); +- if ((a == NULL) || (*a != ret)) ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) + ASN1_OBJECT_free(ret); + return (NULL); + } +@@ -323,11 +347,16 @@ ASN1_OBJECT *ASN1_OBJECT_new(void) + { + ASN1_OBJECT *ret; + +- ret = OPENSSL_zalloc(sizeof(*ret)); ++ ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); + if (ret == NULL) { + ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ ret->length = 0; ++ ret->data = NULL; ++ ret->nid = 0; ++ ret->sn = NULL; ++ ret->ln = NULL; + ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; + return (ret); + } +@@ -340,13 +369,16 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) + #ifndef CONST_STRICT /* disable purely for compile-time strict + * const checking. Doing this on a "real" + * compile will cause memory leaks */ +- OPENSSL_free((void*)a->sn); +- OPENSSL_free((void*)a->ln); ++ if (a->sn != NULL) ++ OPENSSL_free((void *)a->sn); ++ if (a->ln != NULL) ++ OPENSSL_free((void *)a->ln); + #endif + a->sn = a->ln = NULL; + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { +- OPENSSL_free((void*)a->data); ++ if (a->data != NULL) ++ OPENSSL_free((void *)a->data); + a->data = NULL; + a->length = 0; + } +@@ -368,3 +400,7 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + ASN1_OBJECT_FLAG_DYNAMIC_DATA; + return (OBJ_dup(&o)); + } ++ ++IMPLEMENT_STACK_OF(ASN1_OBJECT) ++ ++IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +index 2e1205c..1a6e9ca 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c +@@ -1,29 +1,78 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_octet.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) + { +- return ASN1_STRING_dup(x); ++ return M_ASN1_OCTET_STRING_dup(x); + } + + int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b) + { +- return ASN1_STRING_cmp(a, b); ++ return M_ASN1_OCTET_STRING_cmp(a, b); + } + + int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, + int len) + { +- return ASN1_STRING_set(x, d, len); ++ return M_ASN1_OCTET_STRING_set(x, d, len); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c +index 1aafe7c..d83e4ad 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_print.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_print.c +@@ -1,15 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_print.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + int ASN1_PRINTABLE_type(const unsigned char *s, int len) +@@ -28,6 +76,7 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len) + #ifndef CHARSET_EBCDIC + if (!(((c >= 'a') && (c <= 'z')) || + ((c >= 'A') && (c <= 'Z')) || ++ (c == ' ') || + ((c >= '0') && (c <= '9')) || + (c == ' ') || (c == '\'') || + (c == '(') || (c == ')') || +@@ -78,32 +127,3 @@ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) + s->type = ASN1_PRINTABLE_type(s->data, s->length); + return (1); + } +- +-int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) +-{ +- int i, n; +- char buf[80]; +- const char *p; +- +- if (v == NULL) +- return (0); +- n = 0; +- p = (const char *)v->data; +- for (i = 0; i < v->length; i++) { +- if ((p[i] > '~') || ((p[i] < ' ') && +- (p[i] != '\n') && (p[i] != '\r'))) +- buf[n] = '.'; +- else +- buf[n] = p[i]; +- n++; +- if (n >= 80) { +- if (BIO_write(bp, buf, n) <= 0) +- return (0); +- n = 0; +- } +- } +- if (n > 0) +- if (BIO_write(bp, buf, n) <= 0) +- return (0); +- return (1); +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +new file mode 100644 +index 0000000..5fb5865 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_set.c +@@ -0,0 +1,243 @@ ++/* crypto/asn1/a_set.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++ ++#ifndef NO_ASN1_OLD ++ ++typedef struct { ++ unsigned char *pbData; ++ int cbData; ++} MYBLOB; ++ ++/* ++ * SetBlobCmp This function compares two elements of SET_OF block ++ */ ++static int SetBlobCmp(const void *elem1, const void *elem2) ++{ ++ const MYBLOB *b1 = (const MYBLOB *)elem1; ++ const MYBLOB *b2 = (const MYBLOB *)elem2; ++ int r; ++ ++ r = memcmp(b1->pbData, b2->pbData, ++ b1->cbData < b2->cbData ? b1->cbData : b2->cbData); ++ if (r != 0) ++ return r; ++ return b1->cbData - b2->cbData; ++} ++ ++/* ++ * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) ++ */ ++int i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, ++ i2d_of_void *i2d, int ex_tag, int ex_class, int is_set) ++{ ++ int ret = 0, r; ++ int i; ++ unsigned char *p; ++ unsigned char *pStart, *pTempMem; ++ MYBLOB *rgSetBlob; ++ int totSize; ++ ++ if (a == NULL) ++ return (0); ++ for (i = sk_OPENSSL_BLOCK_num(a) - 1; i >= 0; i--) { ++ int tmplen = i2d(sk_OPENSSL_BLOCK_value(a, i), NULL); ++ if (tmplen > INT_MAX - ret) ++ return -1; ++ ret += i2d(sk_OPENSSL_BLOCK_value(a, i), NULL); ++ } ++ r = ASN1_object_size(1, ret, ex_tag); ++ if (pp == NULL || r == -1) ++ return (r); ++ ++ p = *pp; ++ ASN1_put_object(&p, 1, ret, ex_tag, ex_class); ++ ++/* Modified by gp@nsj.co.jp */ ++ /* And then again by Ben */ ++ /* And again by Steve */ ++ ++ if (!is_set || (sk_OPENSSL_BLOCK_num(a) < 2)) { ++ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) ++ i2d(sk_OPENSSL_BLOCK_value(a, i), &p); ++ ++ *pp = p; ++ return (r); ++ } ++ ++ pStart = p; /* Catch the beg of Setblobs */ ++ /* In this array we will store the SET blobs */ ++ rgSetBlob = OPENSSL_malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB)); ++ if (rgSetBlob == NULL) { ++ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ ++ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); i++) { ++ rgSetBlob[i].pbData = p; /* catch each set encode blob */ ++ i2d(sk_OPENSSL_BLOCK_value(a, i), &p); ++ rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this ++ * SetBlob */ ++ } ++ *pp = p; ++ totSize = p - pStart; /* This is the total size of all set blobs */ ++ ++ /* ++ * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs ++ * *Copy to temp-mem *Copy from temp-mem to user-mem ++ */ ++ qsort(rgSetBlob, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB), SetBlobCmp); ++ if (!(pTempMem = OPENSSL_malloc(totSize))) { ++ ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ ++/* Copy to temp mem */ ++ p = pTempMem; ++ for (i = 0; i < sk_OPENSSL_BLOCK_num(a); ++i) { ++ memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); ++ p += rgSetBlob[i].cbData; ++ } ++ ++/* Copy back to user mem*/ ++ memcpy(pStart, pTempMem, totSize); ++ OPENSSL_free(pTempMem); ++ OPENSSL_free(rgSetBlob); ++ ++ return (r); ++} ++ ++STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, ++ const unsigned char **pp, ++ long length, d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK), ++ int ex_tag, int ex_class) ++{ ++ ASN1_const_CTX c; ++ STACK_OF(OPENSSL_BLOCK) *ret = NULL; ++ ++ if ((a == NULL) || ((*a) == NULL)) { ++ if ((ret = sk_OPENSSL_BLOCK_new_null()) == NULL) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } else ++ ret = (*a); ++ ++ c.p = *pp; ++ c.max = (length == 0) ? 0 : (c.p + length); ++ ++ c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p); ++ if (c.inf & 0x80) ++ goto err; ++ if (ex_class != c.xclass) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS); ++ goto err; ++ } ++ if (ex_tag != c.tag) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG); ++ goto err; ++ } ++ if ((c.slen + c.p) > c.max) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR); ++ goto err; ++ } ++ /* ++ * check for infinite constructed - it can be as long as the amount of ++ * data passed to us ++ */ ++ if (c.inf == (V_ASN1_CONSTRUCTED + 1)) ++ c.slen = length + *pp - c.p; ++ c.max = c.p + c.slen; ++ ++ while (c.p < c.max) { ++ char *s; ++ ++ if (M_ASN1_D2I_end_sequence()) ++ break; ++ /* ++ * XXX: This was called with 4 arguments, incorrectly, it seems if ++ * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) ++ */ ++ if ((s = d2i(NULL, &c.p, c.slen)) == NULL) { ++ ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT); ++ asn1_add_error(*pp, (int)(c.p - *pp)); ++ goto err; ++ } ++ if (!sk_OPENSSL_BLOCK_push(ret, s)) ++ goto err; ++ } ++ if (a != NULL) ++ (*a) = ret; ++ *pp = c.p; ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) { ++ if (free_func != NULL) ++ sk_OPENSSL_BLOCK_pop_free(ret, free_func); ++ else ++ sk_OPENSSL_BLOCK_free(ret); ++ } ++ return (NULL); ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +index 7e21a5e..51c6a0c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c +@@ -1,16 +1,118 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_sign.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef NO_SYS_TYPES_H + # include +@@ -21,8 +123,7 @@ + #include + #include + #include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" ++#include "asn1_locl.h" + + #ifndef NO_ASN1_OLD + +@@ -30,15 +131,12 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, + const EVP_MD *type) + { +- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX ctx; + unsigned char *p, *buf_in = NULL, *buf_out = NULL; + int i, inl = 0, outl = 0, outll = 0; + X509_ALGOR *a; + +- if (ctx == NULL) { +- ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ EVP_MD_CTX_init(&ctx); + for (i = 0; i < 2; i++) { + if (i == 0) + a = algor1; +@@ -73,9 +171,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, + } + } + inl = i2d(data, NULL); +- buf_in = OPENSSL_malloc((unsigned int)inl); ++ buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl); + outll = outl = EVP_PKEY_size(pkey); +- buf_out = OPENSSL_malloc((unsigned int)outl); ++ buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl); + if ((buf_in == NULL) || (buf_out == NULL)) { + outl = 0; + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); +@@ -84,15 +182,16 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, + p = buf_in; + + i2d(data, &p); +- if (!EVP_SignInit_ex(ctx, type, NULL) +- || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl) +- || !EVP_SignFinal(ctx, (unsigned char *)buf_out, ++ if (!EVP_SignInit_ex(&ctx, type, NULL) ++ || !EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl) ++ || !EVP_SignFinal(&ctx, (unsigned char *)buf_out, + (unsigned int *)&outl, pkey)) { + outl = 0; + ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); + goto err; + } +- OPENSSL_free(signature->data); ++ if (signature->data != NULL) ++ OPENSSL_free(signature->data); + signature->data = buf_out; + buf_out = NULL; + signature->length = outl; +@@ -103,9 +202,15 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + err: +- EVP_MD_CTX_free(ctx); +- OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); +- OPENSSL_clear_free((char *)buf_out, outll); ++ EVP_MD_CTX_cleanup(&ctx); ++ if (buf_in != NULL) { ++ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ } ++ if (buf_out != NULL) { ++ OPENSSL_cleanse((char *)buf_out, outll); ++ OPENSSL_free(buf_out); ++ } + return (outl); + } + +@@ -115,22 +220,13 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, + EVP_PKEY *pkey, const EVP_MD *type) + { +- int rv; +- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); +- +- if (ctx == NULL) { +- ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); ++ EVP_MD_CTX ctx; ++ EVP_MD_CTX_init(&ctx); ++ if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { ++ EVP_MD_CTX_cleanup(&ctx); + return 0; + } +- if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { +- EVP_MD_CTX_free(ctx); +- return 0; +- } +- +- rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); +- +- EVP_MD_CTX_free(ctx); +- return rv; ++ return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); + } + + int ASN1_item_sign_ctx(const ASN1_ITEM *it, +@@ -145,16 +241,11 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, + int rv; + + type = EVP_MD_CTX_md(ctx); +- pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); ++ pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + +- if (type == NULL || pkey == NULL) { ++ if (!type || !pkey) { + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); +- goto err; +- } +- +- if (pkey->ameth == NULL) { +- ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); +- goto err; ++ return 0; + } + + if (pkey->ameth->item_sign) { +@@ -176,13 +267,17 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, + rv = 2; + + if (rv == 2) { +- if (!OBJ_find_sigid_by_algs(&signid, +- EVP_MD_nid(type), +- pkey->ameth->pkey_id)) { +- ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, +- ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); +- goto err; +- } ++ if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { ++ if (!pkey->ameth || ++ !OBJ_find_sigid_by_algs(&signid, ++ EVP_MD_nid(type), ++ pkey->ameth->pkey_id)) { ++ ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ++ ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); ++ return 0; ++ } ++ } else ++ signid = type->pkey_type; + + if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) + paramtype = V_ASN1_NULL; +@@ -211,7 +306,8 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, + ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); + goto err; + } +- OPENSSL_free(signature->data); ++ if (signature->data != NULL) ++ OPENSSL_free(signature->data); + signature->data = buf_out; + buf_out = NULL; + signature->length = outl; +@@ -222,7 +318,14 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + err: +- OPENSSL_clear_free((char *)buf_in, (unsigned int)inl); +- OPENSSL_clear_free((char *)buf_out, outll); ++ EVP_MD_CTX_cleanup(ctx); ++ if (buf_in != NULL) { ++ OPENSSL_cleanse((char *)buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ } ++ if (buf_out != NULL) { ++ OPENSSL_cleanse((char *)buf_out, outll); ++ OPENSSL_free(buf_out); ++ } + return (outl); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +index 9839f5c..91203b7 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c +@@ -1,16 +1,65 @@ ++/* a_strex.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" +-#include "internal/asn1_int.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -26,7 +75,6 @@ + #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) + + #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ +- ASN1_STRFLGS_ESC_2254 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) +@@ -35,6 +83,18 @@ + * Three IO functions for sending data to memory, a BIO and and a FILE + * pointer. + */ ++#if 0 /* never used */ ++static int send_mem_chars(void *arg, const void *buf, int len) ++{ ++ unsigned char **out = arg; ++ if (!out) ++ return 1; ++ memcpy(*out, buf, len); ++ *out += len; ++ return 1; ++} ++#endif ++ + static int send_bio_chars(void *arg, const void *buf, int len) + { + if (!arg) +@@ -44,7 +104,7 @@ static int send_bio_chars(void *arg, const void *buf, int len) + return 1; + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + static int send_fp_chars(void *arg, const void *buf, int len) + { + if (!arg) +@@ -66,8 +126,7 @@ typedef int char_io (void *arg, const void *buf, int len); + static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, + char_io *io_ch, void *arg) + { +- unsigned short chflgs; +- unsigned char chtmp; ++ unsigned char chflgs, chtmp; + char tmphex[HEX_SIZE(long) + 3]; + + if (c > 0xffffffffL) +@@ -104,9 +163,7 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, + return -1; + return 2; + } +- if (chflgs & (ASN1_STRFLGS_ESC_CTRL +- | ASN1_STRFLGS_ESC_MSB +- | ASN1_STRFLGS_ESC_2254)) { ++ if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) { + BIO_snprintf(tmphex, 11, "\\%02X", chtmp); + if (!io_ch(arg, tmphex, 3)) + return -1; +@@ -136,12 +193,11 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, + */ + + static int do_buf(unsigned char *buf, int buflen, +- int type, unsigned short flags, char *quotes, char_io *io_ch, ++ int type, unsigned char flags, char *quotes, char_io *io_ch, + void *arg) + { + int i, outlen, len; +- unsigned short orflags; +- unsigned char *p, *q; ++ unsigned char orflags, *p, *q; + unsigned long c; + p = buf; + q = buf + buflen; +@@ -191,7 +247,7 @@ static int do_buf(unsigned char *buf, int buflen, + * character will never be escaped on first and last. + */ + len = +- do_esc_char(utfbuf[i], (unsigned short)(flags | orflags), ++ do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), + quotes, io_ch, arg); + if (len < 0) + return -1; +@@ -199,7 +255,7 @@ static int do_buf(unsigned char *buf, int buflen, + } + } else { + len = +- do_esc_char(c, (unsigned short)(flags | orflags), quotes, ++ do_esc_char(c, (unsigned char)(flags | orflags), quotes, + io_ch, arg); + if (len < 0) + return -1; +@@ -238,7 +294,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, + */ + + static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, +- const ASN1_STRING *str) ++ ASN1_STRING *str) + { + /* + * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to +@@ -261,7 +317,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, + t.value.ptr = (char *)str; + der_len = i2d_ASN1_TYPE(&t, NULL); + der_buf = OPENSSL_malloc(der_len); +- if (der_buf == NULL) ++ if (!der_buf) + return -1; + p = der_buf; + i2d_ASN1_TYPE(&t, &p); +@@ -296,15 +352,15 @@ static const signed char tag2nbyte[] = { + */ + + static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, +- const ASN1_STRING *str) ++ ASN1_STRING *str) + { + int outlen, len; + int type; + char quotes; +- unsigned short flags; ++ unsigned char flags; + quotes = 0; + /* Keep a copy of escape flags */ +- flags = (unsigned short)(lflags & ESC_FLAGS); ++ flags = (unsigned char)(lflags & ESC_FLAGS); + + type = str->type; + +@@ -388,14 +444,14 @@ static int do_indent(char_io *io_ch, void *arg, int indent) + #define FN_WIDTH_LN 25 + #define FN_WIDTH_SN 10 + +-static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, ++static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, + int indent, unsigned long flags) + { + int i, prev = -1, orflags, cnt; + int fn_opt, fn_nid; + ASN1_OBJECT *fn; +- const ASN1_STRING *val; +- const X509_NAME_ENTRY *ent; ++ ASN1_STRING *val; ++ X509_NAME_ENTRY *ent; + char objtmp[80]; + const char *objbuf; + int outlen, len; +@@ -459,7 +515,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, + else + ent = X509_NAME_get_entry(n, i); + if (prev != -1) { +- if (prev == X509_NAME_ENTRY_set(ent)) { ++ if (prev == ent->set) { + if (!io_ch(arg, sep_mv, sep_mv_len)) + return -1; + outlen += sep_mv_len; +@@ -472,7 +528,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, + outlen += indent; + } + } +- prev = X509_NAME_ENTRY_set(ent); ++ prev = ent->set; + fn = X509_NAME_ENTRY_get_object(ent); + val = X509_NAME_ENTRY_get_data(ent); + fn_nid = OBJ_obj2nid(fn); +@@ -526,7 +582,7 @@ static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, + + /* Wrappers round the main functions */ + +-int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, ++int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, + unsigned long flags) + { + if (flags == XN_FLAG_COMPAT) +@@ -534,8 +590,8 @@ int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + return do_name_ex(send_bio_chars, out, nm, indent, flags); + } + +-#ifndef OPENSSL_NO_STDIO +-int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, ++#ifndef OPENSSL_NO_FP_API ++int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, + unsigned long flags) + { + if (flags == XN_FLAG_COMPAT) { +@@ -552,13 +608,13 @@ int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + } + #endif + +-int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags) ++int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) + { + return do_print_ex(send_bio_chars, out, flags, str); + } + +-#ifndef OPENSSL_NO_STDIO +-int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) ++#ifndef OPENSSL_NO_FP_API ++int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) + { + return do_print_ex(send_fp_chars, fp, flags, str); + } +@@ -569,7 +625,7 @@ int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flag + * in output string or a negative error code + */ + +-int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) ++int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) + { + ASN1_STRING stmp, *str = &stmp; + int mbflag, type, ret; +@@ -593,53 +649,3 @@ int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) + *out = stmp.data; + return stmp.length; + } +- +-/* Return 1 if host is a valid hostname and 0 otherwise */ +-int asn1_valid_host(const ASN1_STRING *host) +-{ +- int hostlen = host->length; +- const unsigned char *hostptr = host->data; +- int type = host->type; +- int i; +- char width = -1; +- unsigned short chflags = 0, prevchflags; +- +- if (type > 0 && type < 31) +- width = tag2nbyte[type]; +- if (width == -1 || hostlen == 0) +- return 0; +- /* Treat UTF8String as width 1 as any MSB set is invalid */ +- if (width == 0) +- width = 1; +- for (i = 0 ; i < hostlen; i+= width) { +- prevchflags = chflags; +- /* Value must be <= 0x7F: check upper bytes are all zeroes */ +- if (width == 4) { +- if (*hostptr++ != 0 || *hostptr++ != 0 || *hostptr++ != 0) +- return 0; +- } else if (width == 2) { +- if (*hostptr++ != 0) +- return 0; +- } +- if (*hostptr > 0x7f) +- return 0; +- chflags = char_type[*hostptr++]; +- if (!(chflags & (CHARTYPE_HOST_ANY | CHARTYPE_HOST_WILD))) { +- /* Nothing else allowed at start or end of string */ +- if (i == 0 || i == hostlen - 1) +- return 0; +- /* Otherwise invalid if not dot or hyphen */ +- if (!(chflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN))) +- return 0; +- /* +- * If previous is dot or hyphen then illegal unless both +- * are hyphens: as .- -. .. are all illegal +- */ +- if (prevchflags & (CHARTYPE_HOST_DOT | CHARTYPE_HOST_HYPHEN) +- && ((prevchflags & CHARTYPE_HOST_DOT) +- || (chflags & CHARTYPE_HOST_DOT))) +- return 0; +- } +- } +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +index 53832c8..2d2303d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c +@@ -1,15 +1,65 @@ ++/* a_strnid.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -50,19 +100,19 @@ int ASN1_STRING_set_default_mask_asc(const char *p) + { + unsigned long mask; + char *end; +- if (strncmp(p, "MASK:", 5) == 0) { ++ if (!strncmp(p, "MASK:", 5)) { + if (!p[5]) + return 0; + mask = strtoul(p + 5, &end, 0); + if (*end) + return 0; +- } else if (strcmp(p, "nombstr") == 0) ++ } else if (!strcmp(p, "nombstr")) + mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); +- else if (strcmp(p, "pkix") == 0) ++ else if (!strcmp(p, "pkix")) + mask = ~((unsigned long)B_ASN1_T61STRING); +- else if (strcmp(p, "utf8only") == 0) ++ else if (!strcmp(p, "utf8only")) + mask = B_ASN1_UTF8STRING; +- else if (strcmp(p, "default") == 0) ++ else if (!strcmp(p, "default")) + mask = 0xFFFFFFFFL; + else + return 0; +@@ -118,10 +168,6 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + #define ub_email_address 128 + #define ub_serial_number 64 + +-/* From RFC4524 */ +- +-#define ub_rfc822_mailbox 256 +- + /* This table must be kept in NID order */ + + static const ASN1_STRING_TABLE tbl_standard[] = { +@@ -146,12 +192,7 @@ static const ASN1_STRING_TABLE tbl_standard[] = { + {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, +- {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, +- {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING, +- STABLE_NO_MASK}, +- {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, +- {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, +- {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK} ++ {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} + }; + + static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, +@@ -172,52 +213,20 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); + ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) + { + int idx; ++ ASN1_STRING_TABLE *ttmp; + ASN1_STRING_TABLE fnd; + fnd.nid = nid; +- if (stable) { +- idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); +- if (idx >= 0) +- return sk_ASN1_STRING_TABLE_value(stable, idx); +- } +- return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard)); +-} +- +-/* +- * Return a string table pointer which can be modified: either directly from +- * table or a copy of an internal value added to the table. +- */ +- +-static ASN1_STRING_TABLE *stable_get(int nid) +-{ +- ASN1_STRING_TABLE *tmp, *rv; +- /* Always need a string table so allocate one if NULL */ +- if (stable == NULL) { +- stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); +- if (stable == NULL) +- return NULL; +- } +- tmp = ASN1_STRING_TABLE_get(nid); +- if (tmp && tmp->flags & STABLE_FLAGS_MALLOC) +- return tmp; +- rv = OPENSSL_zalloc(sizeof(*rv)); +- if (rv == NULL) ++ ttmp = OBJ_bsearch_table(&fnd, tbl_standard, ++ sizeof(tbl_standard) / ++ sizeof(ASN1_STRING_TABLE)); ++ if (ttmp) ++ return ttmp; ++ if (!stable) + return NULL; +- if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { +- OPENSSL_free(rv); ++ idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); ++ if (idx < 0) + return NULL; +- } +- if (tmp) { +- rv->nid = tmp->nid; +- rv->minsize = tmp->minsize; +- rv->maxsize = tmp->maxsize; +- rv->mask = tmp->mask; +- rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; +- } else { +- rv->minsize = -1; +- rv->maxsize = -1; +- rv->flags = STABLE_FLAGS_MALLOC; +- } +- return rv; ++ return sk_ASN1_STRING_TABLE_value(stable, idx); + } + + int ASN1_STRING_TABLE_add(int nid, +@@ -225,19 +234,33 @@ int ASN1_STRING_TABLE_add(int nid, + unsigned long flags) + { + ASN1_STRING_TABLE *tmp; +- tmp = stable_get(nid); +- if (!tmp) { ++ char new_nid = 0; ++ flags &= ~STABLE_FLAGS_MALLOC; ++ if (!stable) ++ stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); ++ if (!stable) { + ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } +- if (minsize >= 0) ++ if (!(tmp = ASN1_STRING_TABLE_get(nid))) { ++ tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); ++ if (!tmp) { ++ ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ tmp->flags = flags | STABLE_FLAGS_MALLOC; ++ tmp->nid = nid; ++ tmp->minsize = tmp->maxsize = -1; ++ new_nid = 1; ++ } else ++ tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; ++ if (minsize != -1) + tmp->minsize = minsize; +- if (maxsize >= 0) ++ if (maxsize != -1) + tmp->maxsize = maxsize; +- if (mask) +- tmp->mask = mask; +- if (flags) +- tmp->flags = STABLE_FLAGS_MALLOC | flags; ++ tmp->mask = mask; ++ if (new_nid) ++ sk_ASN1_STRING_TABLE_push(stable, tmp); + return 1; + } + +@@ -258,6 +281,8 @@ static void st_free(ASN1_STRING_TABLE *tbl) + } + + ++IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) ++ + #ifdef STRING_TABLE_TEST + + main() +@@ -265,7 +290,8 @@ main() + ASN1_STRING_TABLE *tmp; + int i, last_nid = -1; + +- for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) { ++ for (tmp = tbl_standard, i = 0; ++ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) { + if (tmp->nid < last_nid) { + last_nid = 0; + break; +@@ -278,7 +304,8 @@ main() + exit(0); + } + +- for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) ++ for (tmp = tbl_standard, i = 0; ++ i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) + printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, + OBJ_nid2ln(tmp->nid)); + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +index 3f82c2b..fcb2d56 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_time.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_time.c +@@ -1,10 +1,56 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_time.c */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /*- +@@ -12,11 +58,13 @@ + * Time ::= CHOICE { + * utcTime UTCTime, + * generalTime GeneralizedTime } ++ * written by Steve Henson. + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include "o_time.h" + #include + #include "asn1_locl.h" + +@@ -24,6 +72,33 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) + + IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) + ++#if 0 ++int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) ++{ ++# ifdef CHARSET_EBCDIC ++ /* KLUDGE! We convert to ascii before writing DER */ ++ char tmp[24]; ++ ASN1_STRING tmpstr; ++ ++ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { ++ int len; ++ ++ tmpstr = *(ASN1_STRING *)a; ++ len = tmpstr.length; ++ ebcdic2ascii(tmp, tmpstr.data, ++ (len >= sizeof tmp) ? sizeof tmp : len); ++ tmpstr.data = tmp; ++ a = (ASN1_GENERALIZEDTIME *)&tmpstr; ++ } ++# endif ++ if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) ++ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, ++ a->type, V_ASN1_UNIVERSAL)); ++ ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME); ++ return -1; ++} ++#endif ++ + ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) + { + return ASN1_TIME_adj(s, t, 0, 0); +@@ -49,7 +124,7 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, + return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec); + } + +-int ASN1_TIME_check(const ASN1_TIME *t) ++int ASN1_TIME_check(ASN1_TIME *t) + { + if (t->type == V_ASN1_GENERALIZEDTIME) + return ASN1_GENERALIZEDTIME_check(t); +@@ -69,8 +144,8 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, + if (!ASN1_TIME_check(t)) + return NULL; + +- if (out == NULL || *out == NULL) { +- if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL) ++ if (!out || !*out) { ++ if (!(ret = ASN1_GENERALIZEDTIME_new())) + return NULL; + if (out) + *out = ret; +@@ -92,11 +167,11 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, + str = (char *)ret->data; + /* Work out the century and prepend */ + if (t->data[0] >= '5') +- OPENSSL_strlcpy(str, "19", newlen); ++ BUF_strlcpy(str, "19", newlen); + else +- OPENSSL_strlcpy(str, "20", newlen); ++ BUF_strlcpy(str, "20", newlen); + +- OPENSSL_strlcat(str, (char *)t->data, newlen); ++ BUF_strlcat(str, (char *)t->data, newlen); + + return ret; + } +@@ -151,13 +226,3 @@ int ASN1_TIME_diff(int *pday, int *psec, + return 0; + return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to); + } +- +-int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) +-{ +- if (tm->type == V_ASN1_UTCTIME) +- return ASN1_UTCTIME_print(bp, tm); +- if (tm->type == V_ASN1_GENERALIZEDTIME) +- return ASN1_GENERALIZEDTIME_print(bp, tm); +- BIO_write(bp, "Bad time value", 14); +- return (0); +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +index df42360..bb166e8 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_type.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_type.c +@@ -1,19 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_type.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "asn1_locl.h" + +-int ASN1_TYPE_get(const ASN1_TYPE *a) ++int ASN1_TYPE_get(ASN1_TYPE *a) + { + if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) + return (a->type); +@@ -25,7 +73,7 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) + { + if (a->value.ptr != NULL) { + ASN1_TYPE **tmp_a = &a; +- asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); ++ ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); + } + a->type = type; + if (type == V_ASN1_BOOLEAN) +@@ -55,6 +103,10 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) + return 1; + } + ++IMPLEMENT_STACK_OF(ASN1_TYPE) ++ ++IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) ++ + /* Returns 0 if they are equal, != 0 otherwise. */ + int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) + { +@@ -101,34 +153,3 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) + + return result; + } +- +-ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t) +-{ +- ASN1_OCTET_STRING *oct; +- ASN1_TYPE *rt; +- +- oct = ASN1_item_pack(s, it, NULL); +- if (oct == NULL) +- return NULL; +- +- if (t && *t) { +- rt = *t; +- } else { +- rt = ASN1_TYPE_new(); +- if (rt == NULL) { +- ASN1_OCTET_STRING_free(oct); +- return NULL; +- } +- if (t) +- *t = rt; +- } +- ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct); +- return rt; +-} +- +-void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t) +-{ +- if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL) +- return NULL; +- return ASN1_item_unpack(t->value.sequence, it); +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +index 7916e30..724a10b 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c +@@ -1,18 +1,115 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_utctm.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include "o_time.h" + #include + #include "asn1_locl.h" + ++#if 0 ++int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) ++{ ++# ifndef CHARSET_EBCDIC ++ return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, ++ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL)); ++# else ++ /* KLUDGE! We convert to ascii before writing DER */ ++ int len; ++ char tmp[24]; ++ ASN1_STRING x = *(ASN1_STRING *)a; ++ ++ len = x.length; ++ ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); ++ x.data = tmp; ++ return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); ++# endif ++} ++ ++ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, ++ long length) ++{ ++ ASN1_UTCTIME *ret = NULL; ++ ++ ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, ++ V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); ++ if (ret == NULL) { ++ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); ++ return (NULL); ++ } ++# ifdef CHARSET_EBCDIC ++ ascii2ebcdic(ret->data, ret->data, ret->length); ++# endif ++ if (!ASN1_UTCTIME_check(ret)) { ++ ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); ++ goto err; ++ } ++ ++ return (ret); ++ err: ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) ++ M_ASN1_UTCTIME_free(ret); ++ return (NULL); ++} ++ ++#endif ++ + int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) + { + static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; +@@ -119,7 +216,8 @@ int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) + t.data = (unsigned char *)str; + if (ASN1_UTCTIME_check(&t)) { + if (s != NULL) { +- if (!ASN1_STRING_set((ASN1_STRING *)s, str, t.length)) ++ if (!ASN1_STRING_set((ASN1_STRING *)s, ++ (unsigned char *)str, t.length)) + return 0; + s->type = V_ASN1_UTCTIME; + } +@@ -143,11 +241,11 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int free_s = 0; + + if (s == NULL) { +- s = ASN1_UTCTIME_new(); +- if (s == NULL) +- goto err; + free_s = 1; ++ s = M_ASN1_UTCTIME_new(); + } ++ if (s == NULL) ++ goto err; + + ts = OPENSSL_gmtime(&t, &data); + if (ts == NULL) +@@ -168,7 +266,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); + goto err; + } +- OPENSSL_free(s->data); ++ if (s->data != NULL) ++ OPENSSL_free(s->data); + s->data = (unsigned char *)p; + } + +@@ -182,8 +281,8 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + #endif + return (s); + err: +- if (free_s) +- ASN1_UTCTIME_free(s); ++ if (free_s && s) ++ M_ASN1_UTCTIME_free(s); + return NULL; + } + +@@ -212,43 +311,42 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) + return 0; + } + +-int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) ++#if 0 ++time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) + { +- const char *v; +- int gmt = 0; +- int i; +- int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; ++ struct tm tm; ++ int offset; + +- i = tm->length; +- v = (const char *)tm->data; ++ memset(&tm, '\0', sizeof tm); + +- if (i < 10) +- goto err; +- if (v[i - 1] == 'Z') +- gmt = 1; +- for (i = 0; i < 10; i++) +- if ((v[i] > '9') || (v[i] < '0')) +- goto err; +- y = (v[0] - '0') * 10 + (v[1] - '0'); +- if (y < 50) +- y += 100; +- M = (v[2] - '0') * 10 + (v[3] - '0'); +- if ((M > 12) || (M < 1)) +- goto err; +- d = (v[4] - '0') * 10 + (v[5] - '0'); +- h = (v[6] - '0') * 10 + (v[7] - '0'); +- m = (v[8] - '0') * 10 + (v[9] - '0'); +- if (tm->length >= 12 && +- (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) +- s = (v[10] - '0') * 10 + (v[11] - '0'); +- +- if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", +- _asn1_mon[M - 1], d, h, m, s, y + 1900, +- (gmt) ? " GMT" : "") <= 0) +- return (0); +- else +- return (1); +- err: +- BIO_write(bp, "Bad time value", 14); +- return (0); ++# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') ++ tm.tm_year = g2(s->data); ++ if (tm.tm_year < 50) ++ tm.tm_year += 100; ++ tm.tm_mon = g2(s->data + 2) - 1; ++ tm.tm_mday = g2(s->data + 4); ++ tm.tm_hour = g2(s->data + 6); ++ tm.tm_min = g2(s->data + 8); ++ tm.tm_sec = g2(s->data + 10); ++ if (s->data[12] == 'Z') ++ offset = 0; ++ else { ++ offset = g2(s->data + 13) * 60 + g2(s->data + 15); ++ if (s->data[12] == '-') ++ offset = -offset; ++ } ++# undef g2 ++ ++ /* ++ * FIXME: mktime assumes the current timezone ++ * instead of UTC, and unless we rewrite OpenSSL ++ * in Lisp we cannot locally change the timezone ++ * without possibly interfering with other parts ++ * of the program. timegm, which uses UTC, is ++ * non-standard. ++ * Also time_t is inappropriate for general ++ * UTC times because it may a 32 bit type. ++ */ ++ return mktime(&tm) - offset * 60; + } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c +index e2dc09f..23dc2e8 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_utf8.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + /* UTF8 utilities */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +index 00ab136..3ffd934 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c +@@ -1,16 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/a_verify.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include "asn1_locl.h" + + #ifndef NO_SYS_TYPES_H + # include +@@ -21,23 +71,18 @@ + #include + #include + #include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" + + #ifndef NO_ASN1_OLD + + int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, + char *data, EVP_PKEY *pkey) + { +- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX ctx; + const EVP_MD *type; + unsigned char *p, *buf_in = NULL; + int ret = -1, i, inl; + +- if (ctx == NULL) { +- ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ EVP_MD_CTX_init(&ctx); + i = OBJ_obj2nid(a->algorithm); + type = EVP_get_digestbyname(OBJ_nid2sn(i)); + if (type == NULL) { +@@ -59,26 +104,30 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, + p = buf_in; + + i2d(data, &p); +- ret = EVP_VerifyInit_ex(ctx, type, NULL) +- && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl); +- +- OPENSSL_clear_free(buf_in, (unsigned int)inl); +- +- if (!ret) { ++ if (!EVP_VerifyInit_ex(&ctx, type, NULL) ++ || !EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl)) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; + goto err; + } +- ret = -1; + +- if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, ++ OPENSSL_cleanse(buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ ++ if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data, + (unsigned int)signature->length, pkey) <= 0) { + ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); + ret = 0; + goto err; + } ++ /* ++ * we don't need to zero the 'ctx' because we just checked public ++ * information ++ */ ++ /* memset(&ctx,0,sizeof(ctx)); */ + ret = 1; + err: +- EVP_MD_CTX_free(ctx); ++ EVP_MD_CTX_cleanup(&ctx); + return (ret); + } + +@@ -87,7 +136,7 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, + int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) + { +- EVP_MD_CTX *ctx = NULL; ++ EVP_MD_CTX ctx; + unsigned char *buf_in = NULL; + int ret = -1, inl; + +@@ -103,11 +152,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + return -1; + } + +- ctx = EVP_MD_CTX_new(); +- if (ctx == NULL) { +- ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ EVP_MD_CTX_init(&ctx); + + /* Convert signature OID into digest and public key OIDs */ + if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { +@@ -120,7 +165,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; + } +- ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); ++ ret = pkey->ameth->item_verify(&ctx, it, asn, a, signature, pkey); + /* + * Return value of 2 means carry on, anything else means we exit + * straight away: either a fatal error of the underlying verification +@@ -144,7 +189,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + goto err; + } + +- if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { ++ if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); + ret = 0; + goto err; +@@ -159,24 +204,28 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + goto err; + } + +- ret = EVP_DigestVerifyUpdate(ctx, buf_in, inl); +- +- OPENSSL_clear_free(buf_in, (unsigned int)inl); +- +- if (!ret) { ++ if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); ++ ret = 0; + goto err; + } +- ret = -1; + +- if (EVP_DigestVerifyFinal(ctx, signature->data, ++ OPENSSL_cleanse(buf_in, (unsigned int)inl); ++ OPENSSL_free(buf_in); ++ ++ if (EVP_DigestVerifyFinal(&ctx, signature->data, + (size_t)signature->length) <= 0) { + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); + ret = 0; + goto err; + } ++ /* ++ * we don't need to zero the 'ctx' because we just checked public ++ * information ++ */ ++ /* memset(&ctx,0,sizeof(ctx)); */ + ret = 1; + err: +- EVP_MD_CTX_free(ctx); ++ EVP_MD_CTX_cleanup(&ctx); + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c b/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c +index cfde49a..43ddebb 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/ameth_lib.c +@@ -1,19 +1,77 @@ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#include "asn1_locl.h" ++ ++extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; ++extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; ++extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; ++extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; + + /* Keep this sorted in type order !! */ + static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { +@@ -39,21 +97,20 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { + &cmac_asn1_meth, + #endif + #ifndef OPENSSL_NO_DH +- &dhx_asn1_meth, +-#endif +-#ifndef OPENSSL_NO_EC +- &ecx25519_asn1_meth ++ &dhx_asn1_meth + #endif + }; + + typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); ++DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD) + static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; + + #ifdef TEST + void main() + { + int i; +- for (i = 0; i < OSSL_NELEM(standard_methods); i++) ++ for (i = 0; ++ i < sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); i++) + fprintf(stderr, "Number %d id=%d (%s)\n", i, + standard_methods[i]->pkey_id, + OBJ_nid2sn(standard_methods[i]->pkey_id)); +@@ -74,7 +131,7 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, + + int EVP_PKEY_asn1_get_count(void) + { +- int num = OSSL_NELEM(standard_methods); ++ int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); + if (app_methods) + num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods); + return num; +@@ -82,7 +139,7 @@ int EVP_PKEY_asn1_get_count(void) + + const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) + { +- int num = OSSL_NELEM(standard_methods); ++ int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); + if (idx < 0) + return NULL; + if (idx < num) +@@ -102,7 +159,8 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) + if (idx >= 0) + return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); + } +- ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods)); ++ ret = OBJ_bsearch_ameth(&t, standard_methods, sizeof(standard_methods) ++ / sizeof(EVP_PKEY_ASN1_METHOD *)); + if (!ret || !*ret) + return NULL; + return *ret; +@@ -167,8 +225,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + ameth = EVP_PKEY_asn1_get0(i); + if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + continue; +- if (((int)strlen(ameth->pem_str) == len) +- && (strncasecmp(ameth->pem_str, str, len) == 0)) ++ if (((int)strlen(ameth->pem_str) == len) && ++ !strncasecmp(ameth->pem_str, str, len)) + return ameth; + } + return NULL; +@@ -178,7 +236,7 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) + { + if (app_methods == NULL) { + app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); +- if (app_methods == NULL) ++ if (!app_methods) + return 0; + } + if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) +@@ -191,7 +249,7 @@ int EVP_PKEY_asn1_add_alias(int to, int from) + { + EVP_PKEY_ASN1_METHOD *ameth; + ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL); +- if (ameth == NULL) ++ if (!ameth) + return 0; + ameth->pkey_base_id = to; + if (!EVP_PKEY_asn1_add0(ameth)) { +@@ -221,7 +279,7 @@ int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, + return 1; + } + +-const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) ++const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey) + { + return pkey->ameth; + } +@@ -229,30 +287,63 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) + EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, + const char *pem_str, const char *info) + { +- EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth)); +- +- if (ameth == NULL) ++ EVP_PKEY_ASN1_METHOD *ameth; ++ ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD)); ++ if (!ameth) + return NULL; + ++ memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD)); ++ + ameth->pkey_id = id; + ameth->pkey_base_id = id; + ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; + + if (info) { +- ameth->info = OPENSSL_strdup(info); ++ ameth->info = BUF_strdup(info); + if (!ameth->info) + goto err; +- } ++ } else ++ ameth->info = NULL; + + if (pem_str) { +- ameth->pem_str = OPENSSL_strdup(pem_str); ++ ameth->pem_str = BUF_strdup(pem_str); + if (!ameth->pem_str) + goto err; +- } ++ } else ++ ameth->pem_str = NULL; ++ ++ ameth->pub_decode = 0; ++ ameth->pub_encode = 0; ++ ameth->pub_cmp = 0; ++ ameth->pub_print = 0; ++ ++ ameth->priv_decode = 0; ++ ameth->priv_encode = 0; ++ ameth->priv_print = 0; ++ ++ ameth->old_priv_encode = 0; ++ ameth->old_priv_decode = 0; ++ ++ ameth->item_verify = 0; ++ ameth->item_sign = 0; ++ ++ ameth->pkey_size = 0; ++ ameth->pkey_bits = 0; ++ ++ ameth->param_decode = 0; ++ ameth->param_encode = 0; ++ ameth->param_missing = 0; ++ ameth->param_copy = 0; ++ ameth->param_cmp = 0; ++ ameth->param_print = 0; ++ ++ ameth->pkey_free = 0; ++ ameth->pkey_ctrl = 0; + + return ameth; + + err: ++ + EVP_PKEY_asn1_free(ameth); + return NULL; + +@@ -295,8 +386,10 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) + { + if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) { +- OPENSSL_free(ameth->pem_str); +- OPENSSL_free(ameth->info); ++ if (ameth->pem_str) ++ OPENSSL_free(ameth->pem_str); ++ if (ameth->info) ++ OPENSSL_free(ameth->info); + OPENSSL_free(ameth); + } + } +@@ -324,7 +417,7 @@ void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + + void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode) (EVP_PKEY *pk, +- const PKCS8_PRIV_KEY_INFO ++ PKCS8_PRIV_KEY_INFO + *p8inf), + int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, + const EVP_PKEY *pk), +@@ -374,13 +467,6 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + ameth->pkey_ctrl = pkey_ctrl; + } + +-void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, +- int (*pkey_security_bits) (const EVP_PKEY +- *pk)) +-{ +- ameth->pkey_security_bits = pkey_security_bits; +-} +- + void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, + int (*item_verify) (EVP_MD_CTX *ctx, + const ASN1_ITEM *it, +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +index 97c3dec..fd4ac8d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/asn1_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -20,33 +71,38 @@ + + static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"}, ++ {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"}, + {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"}, + {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"}, +- {ERR_FUNC(ASN1_F_APPEND_EXP), "append_exp"}, ++ {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"}, + {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"}, +- {ERR_FUNC(ASN1_F_ASN1_CB), "asn1_cb"}, +- {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "asn1_check_tlen"}, +- {ERR_FUNC(ASN1_F_ASN1_COLLECT), "asn1_collect"}, +- {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "asn1_d2i_ex_primitive"}, ++ {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"}, ++ {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"}, ++ {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"}, ++ {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"}, ++ {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"}, + {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"}, +- {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "asn1_d2i_read_bio"}, ++ {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"}, + {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, +- {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "asn1_do_adb"}, +- {ERR_FUNC(ASN1_F_ASN1_DO_LOCK), "asn1_do_lock"}, ++ {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, + {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, +- {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "asn1_ex_c2i"}, +- {ERR_FUNC(ASN1_F_ASN1_FIND_END), "asn1_find_end"}, ++ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, ++ {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, ++ {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"}, + {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"}, ++ {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, + {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, +- {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "asn1_get_int64"}, + {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, +- {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "asn1_get_uint64"}, ++ {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"}, + {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, + {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, ++ {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"}, ++ {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, +- {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_D2I), "asn1_item_embed_d2i"}, +- {ERR_FUNC(ASN1_F_ASN1_ITEM_EMBED_NEW), "asn1_item_embed_new"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, ++ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, +@@ -56,65 +112,85 @@ static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"}, + {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"}, + {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"}, +- {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "asn1_output_data"}, ++ {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"}, ++ {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"}, + {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_new"}, +- {ERR_FUNC(ASN1_F_ASN1_SCTX_NEW), "ASN1_SCTX_new"}, ++ {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"}, ++ {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"}, ++ {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, + {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, +- {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "asn1_str2type"}, +- {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "asn1_string_get_int64"}, +- {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "asn1_string_get_uint64"}, ++ {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, +- {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "asn1_string_to_bn"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, +- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "asn1_template_ex_d2i"}, +- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "asn1_template_new"}, +- {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "asn1_template_noexp_d2i"}, ++ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, ++ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, ++ {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"}, + {ERR_FUNC(ASN1_F_ASN1_TIME_ADJ), "ASN1_TIME_adj"}, ++ {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"}, + {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING), + "ASN1_TYPE_get_int_octetstring"}, + {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"}, ++ {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"}, + {ERR_FUNC(ASN1_F_ASN1_UTCTIME_ADJ), "ASN1_UTCTIME_adj"}, ++ {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"}, + {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"}, +- {ERR_FUNC(ASN1_F_B64_READ_ASN1), "b64_read_asn1"}, +- {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_write_ASN1"}, ++ {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"}, ++ {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"}, + {ERR_FUNC(ASN1_F_BIO_NEW_NDEF), "BIO_new_NDEF"}, +- {ERR_FUNC(ASN1_F_BITSTR_CB), "bitstr_cb"}, +- {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "bn_to_asn1_string"}, ++ {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, ++ {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, ++ {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, + {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, + {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, + {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, +- {ERR_FUNC(ASN1_F_C2I_IBUF), "c2i_ibuf"}, +- {ERR_FUNC(ASN1_F_COLLECT_DATA), "collect_data"}, ++ {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "D2I_ASN1_HEADER"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"}, + {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"}, ++ {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"}, + {ERR_FUNC(ASN1_F_D2I_AUTOPRIVATEKEY), "d2i_AutoPrivateKey"}, ++ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"}, ++ {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"}, + {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"}, + {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"}, +- {ERR_FUNC(ASN1_F_DO_TCREATE), "do_tcreate"}, ++ {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"}, ++ {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"}, ++ {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"}, ++ {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"}, ++ {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"}, + {ERR_FUNC(ASN1_F_I2D_ASN1_BIO_STREAM), "i2d_ASN1_bio_stream"}, ++ {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"}, ++ {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"}, + {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"}, + {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"}, + {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"}, + {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"}, ++ {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"}, + {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"}, +- {ERR_FUNC(ASN1_F_LONG_C2I), "long_c2i"}, +- {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "oid_module_init"}, +- {ERR_FUNC(ASN1_F_PARSE_TAGGING), "parse_tagging"}, ++ {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"}, ++ {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, ++ {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, + {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, +- {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_SCRYPT), "PKCS5_pbe2_set_scrypt"}, + {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, + {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, + {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"}, +- {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "pkcs5_scrypt_set"}, + {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, + {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, +- {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "stbl_module_init"}, ++ {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"}, + {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"}, + {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"}, +- {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "x509_name_encode"}, +- {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "x509_name_ex_d2i"}, +- {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "x509_name_ex_new"}, ++ {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"}, ++ {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"}, ++ {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"}, ++ {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"}, + {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"}, + {0, NULL} + }; +@@ -124,7 +200,10 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, + {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"}, + {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, ++ {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"}, + {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, ++ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, ++ {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, + {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), + "bmpstring is wrong length"}, + {ERR_REASON(ASN1_R_BN_LIB), "bn lib"}, +@@ -135,16 +214,21 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"}, + {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"}, + {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"}, ++ {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"}, + {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"}, + {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), + "digest and key type not supported"}, + {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"}, + {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"}, + {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, ++ {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT), ++ "error parsing set element"}, + {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS), + "error setting cipher params"}, + {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"}, + {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"}, ++ {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"}, ++ {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"}, + {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"}, + {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), + "explicit tag not constructed"}, +@@ -158,7 +242,6 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"}, + {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"}, + {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, +- {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"}, + {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, + {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"}, + {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"}, +@@ -166,10 +249,8 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"}, + {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), + "illegal options on item template"}, +- {ERR_REASON(ASN1_R_ILLEGAL_PADDING), "illegal padding"}, + {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"}, + {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"}, +- {ERR_REASON(ASN1_R_ILLEGAL_ZERO_CONTENT), "illegal zero content"}, + {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, + {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), + "integer too large for long"}, +@@ -181,15 +262,13 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"}, + {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"}, + {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, +- {ERR_REASON(ASN1_R_INVALID_SCRYPT_PARAMETERS), +- "invalid scrypt parameters"}, + {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"}, +- {ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE), +- "invalid string table value"}, ++ {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"}, + {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), + "invalid universalstring length"}, + {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, +- {ERR_REASON(ASN1_R_INVALID_VALUE), "invalid value"}, ++ {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"}, ++ {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"}, + {ERR_REASON(ASN1_R_LIST_ERROR), "list error"}, + {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, + {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"}, +@@ -204,6 +283,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"}, + {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"}, + {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"}, ++ {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, + {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), + "no multipart body failure"}, +@@ -212,6 +292,8 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"}, + {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"}, + {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"}, ++ {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING), ++ "private key header missing"}, + {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"}, + {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"}, + {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"}, +@@ -222,14 +304,16 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"}, + {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"}, + {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"}, ++ {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"}, + {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), + "the asn1 object identifier is not known for this md"}, + {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, +- {ERR_REASON(ASN1_R_TOO_LARGE), "too large"}, + {ERR_REASON(ASN1_R_TOO_LONG), "too long"}, +- {ERR_REASON(ASN1_R_TOO_SMALL), "too small"}, + {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"}, + {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"}, ++ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, ++ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), ++ "unable to decode rsa private key"}, + {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, + {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), + "universalstring is wrong length"}, +@@ -241,20 +325,24 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), + "unknown signature algorithm"}, + {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"}, ++ {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unknown format"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), + "unsupported any defined by type"}, ++ {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, ++ {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), ++ "unsupported encryption algorithm"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), + "unsupported public key type"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, +- {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"}, + {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, + {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, ++ {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"}, + {0, NULL} + }; + + #endif + +-int ERR_load_ASN1_strings(void) ++void ERR_load_ASN1_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -263,5 +351,4 @@ int ERR_load_ASN1_strings(void) + ERR_load_strings(0, ASN1_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +index 493a693..6574923 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c +@@ -1,13 +1,63 @@ ++/* asn1_gen.c */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -62,7 +112,7 @@ typedef struct { + int exp_count; + } tag_exp_arg; + +-static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, ++static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, + int *perr); + static int bitstr_cb(const char *elem, int len, void *bitstr); + static int asn1_cb(const char *elem, int len, void *bitstr); +@@ -75,7 +125,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, + static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); + static int asn1_str2tag(const char *tagstr, int len); + +-ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) ++ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) + { + X509V3_CTX cnf; + +@@ -86,7 +136,7 @@ ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) + return ASN1_generate_v3(str, &cnf); + } + +-ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) ++ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) + { + int err = 0; + ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); +@@ -95,7 +145,7 @@ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) + return ret; + } + +-static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, ++static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, + int *perr) + { + ASN1_TYPE *ret; +@@ -109,7 +159,7 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, + unsigned char *p; + const unsigned char *cp; + int cpy_len; +- long hdr_len = 0; ++ long hdr_len; + int hdr_constructed = 0, hdr_tag, hdr_class; + int r; + +@@ -193,7 +243,7 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, + /* Allocate buffer for new encoding */ + + new_der = OPENSSL_malloc(len); +- if (new_der == NULL) ++ if (!new_der) + goto err; + + /* Generate tagged encoding */ +@@ -230,8 +280,10 @@ static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, + ret = d2i_ASN1_TYPE(NULL, &cp, len); + + err: +- OPENSSL_free(orig_der); +- OPENSSL_free(new_der); ++ if (orig_der) ++ OPENSSL_free(orig_der); ++ if (new_der) ++ OPENSSL_free(new_der); + + return ret; + +@@ -325,16 +377,16 @@ static int asn1_cb(const char *elem, int len, void *bitstr) + ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); + return -1; + } +- if (strncmp(vstart, "ASCII", 5) == 0) ++ if (!strncmp(vstart, "ASCII", 5)) + arg->format = ASN1_GEN_FORMAT_ASCII; +- else if (strncmp(vstart, "UTF8", 4) == 0) ++ else if (!strncmp(vstart, "UTF8", 4)) + arg->format = ASN1_GEN_FORMAT_UTF8; +- else if (strncmp(vstart, "HEX", 3) == 0) ++ else if (!strncmp(vstart, "HEX", 3)) + arg->format = ASN1_GEN_FORMAT_HEX; +- else if (strncmp(vstart, "BITLIST", 7) == 0) ++ else if (!strncmp(vstart, "BITLIST", 7)) + arg->format = ASN1_GEN_FORMAT_BITLIST; + else { +- ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); ++ ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); + return -1; + } + break; +@@ -391,6 +443,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) + ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); + ERR_add_error_data(2, "Char=", erch); + return 0; ++ break; + + } + } else +@@ -442,12 +495,15 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, + + if (derlen < 0) + goto bad; +- if ((ret = ASN1_TYPE_new()) == NULL) ++ ++ if (!(ret = ASN1_TYPE_new())) + goto bad; +- if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL) ++ ++ if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) + goto bad; + + ret->type = utype; ++ + ret->value.asn1_string->data = der; + ret->value.asn1_string->length = derlen; + +@@ -455,10 +511,13 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, + + bad: + +- OPENSSL_free(der); ++ if (der) ++ OPENSSL_free(der); + +- sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); +- X509V3_section_free(cnf, sect); ++ if (sk) ++ sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); ++ if (sect) ++ X509V3_section_free(cnf, sect); + + return ret; + } +@@ -567,8 +626,8 @@ static int asn1_str2tag(const char *tagstr, int len) + len = strlen(tagstr); + + tntmp = tnst; +- for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { +- if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0)) ++ for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { ++ if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) + return tntmp->tag; + } + +@@ -578,12 +637,15 @@ static int asn1_str2tag(const char *tagstr, int len) + static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + { + ASN1_TYPE *atmp = NULL; ++ + CONF_VALUE vtmp; ++ + unsigned char *rdata; + long rdlen; ++ + int no_unused = 1; + +- if ((atmp = ASN1_TYPE_new()) == NULL) { ++ if (!(atmp = ASN1_TYPE_new())) { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -620,8 +682,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); + goto bad_form; + } +- if ((atmp->value.integer +- = s2i_ASN1_INTEGER(NULL, str)) == NULL) { ++ if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); + goto bad_str; + } +@@ -632,7 +693,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); + goto bad_form; + } +- if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) { ++ if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); + goto bad_str; + } +@@ -644,7 +705,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); + goto bad_form; + } +- if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { ++ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + goto bad_str; + } +@@ -669,6 +730,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_NUMERICSTRING: ++ + if (format == ASN1_GEN_FORMAT_ASCII) + format = MBSTRING_ASC; + else if (format == ASN1_GEN_FORMAT_UTF8) +@@ -687,20 +749,25 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + break; + + case V_ASN1_BIT_STRING: ++ + case V_ASN1_OCTET_STRING: +- if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { ++ ++ if (!(atmp->value.asn1_string = ASN1_STRING_new())) { + ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + goto bad_form; + } + + if (format == ASN1_GEN_FORMAT_HEX) { +- if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) { ++ ++ if (!(rdata = string_to_hex((char *)str, &rdlen))) { + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); + goto bad_str; + } ++ + atmp->value.asn1_string->data = rdata; + atmp->value.asn1_string->length = rdlen; + atmp->value.asn1_string->type = utype; ++ + } else if (format == ASN1_GEN_FORMAT_ASCII) + ASN1_STRING_set(atmp->value.asn1_string, str, -1); + else if ((format == ASN1_GEN_FORMAT_BITLIST) +@@ -728,6 +795,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) + default: + ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); + goto bad_str; ++ break; + } + + atmp->type = utype; +@@ -761,29 +829,3 @@ static int bitstr_cb(const char *elem, int len, void *bitstr) + } + return 1; + } +- +-static int mask_cb(const char *elem, int len, void *arg) +-{ +- unsigned long *pmask = arg, tmpmask; +- int tag; +- if (elem == NULL) +- return 0; +- if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { +- *pmask |= B_ASN1_DIRECTORYSTRING; +- return 1; +- } +- tag = asn1_str2tag(elem, len); +- if (!tag || (tag & ASN1_GEN_FLAG)) +- return 0; +- tmpmask = ASN1_tag2bit(tag); +- if (!tmpmask) +- return 0; +- *pmask |= tmpmask; +- return 1; +-} +- +-int ASN1_str2mask(const char *str, unsigned long *pmask) +-{ +- *pmask = 0; +- return CONF_parse_list(str, '|', 1, mask_cb, pmask); +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +index 8ca53b4..e63e82a 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c +@@ -1,21 +1,71 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/asn1_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "asn1_locl.h" ++#include + + static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, + long max); + static void asn1_put_length(unsigned char **pp, int length); ++const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT; + + static int _asn1_check_infinite_end(const unsigned char **p, long len) + { +@@ -87,6 +137,12 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + ++#if 0 ++ fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", ++ (int)p, *plength, omax, (int)*pp, (int)(p + *plength), ++ (int)(omax + *pp)); ++ ++#endif + if (*plength > (omax - (p - *pp))) { + ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG); + /* +@@ -119,14 +175,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, + *inf = 0; + i = *p & 0x7f; + if (*(p++) & 0x80) { +- if (max < (long)i + 1) +- return 0; +- /* Skip leading zeroes */ +- while (i && *p == 0) { +- p++; +- i--; +- } +- if (i > sizeof(long)) ++ if (i > sizeof(ret) || max < (long)i) + return 0; + while (i-- > 0) { + ret <<= 8L; +@@ -233,6 +282,57 @@ int ASN1_object_size(int constructed, int length, int tag) + return ret + length; + } + ++static int _asn1_Finish(ASN1_const_CTX *c) ++{ ++ if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) { ++ if (!ASN1_const_check_infinite_end(&c->p, c->slen)) { ++ c->error = ERR_R_MISSING_ASN1_EOS; ++ return (0); ++ } ++ } ++ if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) { ++ c->error = ERR_R_ASN1_LENGTH_MISMATCH; ++ return (0); ++ } ++ return (1); ++} ++ ++int asn1_Finish(ASN1_CTX *c) ++{ ++ return _asn1_Finish((ASN1_const_CTX *)c); ++} ++ ++int asn1_const_Finish(ASN1_const_CTX *c) ++{ ++ return _asn1_Finish(c); ++} ++ ++int asn1_GetSequence(ASN1_const_CTX *c, long *length) ++{ ++ const unsigned char *q; ++ ++ q = c->p; ++ c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass), ++ *length); ++ if (c->inf & 0x80) { ++ c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL; ++ return (0); ++ } ++ if (c->tag != V_ASN1_SEQUENCE) { ++ c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE; ++ return (0); ++ } ++ (*length) -= (c->p - q); ++ if (c->max && (*length < 0)) { ++ c->error = ERR_R_ASN1_LENGTH_MISMATCH; ++ return (0); ++ } ++ if (c->inf == (1 | V_ASN1_CONSTRUCTED)) ++ c->slen = *length; ++ c->eos = 0; ++ return (1); ++} ++ + int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) + { + if (str == NULL) +@@ -240,9 +340,7 @@ int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) + dst->type = str->type; + if (!ASN1_STRING_set(dst, str->data, str->length)) + return 0; +- /* Copy flags but preserve embed value */ +- dst->flags &= ASN1_STRING_FLAG_EMBED; +- dst->flags |= str->flags & ~ASN1_STRING_FLAG_EMBED; ++ dst->flags = str->flags; + return 1; + } + +@@ -252,7 +350,7 @@ ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) + if (!str) + return NULL; + ret = ASN1_STRING_new(); +- if (ret == NULL) ++ if (!ret) + return NULL; + if (!ASN1_STRING_copy(ret, str)) { + ASN1_STRING_free(ret); +@@ -274,7 +372,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) + } + if ((str->length <= len) || (str->data == NULL)) { + c = str->data; +- str->data = OPENSSL_realloc(c, len + 1); ++ if (c == NULL) ++ str->data = OPENSSL_malloc(len + 1); ++ else ++ str->data = OPENSSL_realloc(c, len + 1); ++ + if (str->data == NULL) { + ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); + str->data = c; +@@ -292,7 +394,8 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) + + void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) + { +- OPENSSL_free(str->data); ++ if (str->data) ++ OPENSSL_free(str->data); + str->data = data; + str->length = len; + } +@@ -306,37 +409,30 @@ ASN1_STRING *ASN1_STRING_type_new(int type) + { + ASN1_STRING *ret; + +- ret = OPENSSL_zalloc(sizeof(*ret)); ++ ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); + if (ret == NULL) { + ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ ret->length = 0; + ret->type = type; ++ ret->data = NULL; ++ ret->flags = 0; + return (ret); + } + +-void asn1_string_embed_free(ASN1_STRING *a, int embed) +-{ +- if (a == NULL) +- return; +- if (!(a->flags & ASN1_STRING_FLAG_NDEF)) +- OPENSSL_free(a->data); +- if (embed == 0) +- OPENSSL_free(a); +-} +- + void ASN1_STRING_free(ASN1_STRING *a) + { + if (a == NULL) + return; +- asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED); ++ if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) ++ OPENSSL_free(a->data); ++ OPENSSL_free(a); + } + + void ASN1_STRING_clear_free(ASN1_STRING *a) + { +- if (a == NULL) +- return; +- if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) ++ if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + OPENSSL_cleanse(a->data, a->length); + ASN1_STRING_free(a); + } +@@ -356,29 +452,32 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) + return (i); + } + +-int ASN1_STRING_length(const ASN1_STRING *x) ++void asn1_add_error(const unsigned char *address, int offset) + { +- return x->length; ++ char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1]; ++ ++ BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address); ++ BIO_snprintf(buf2, sizeof buf2, "%d", offset); ++ ERR_add_error_data(4, "address=", buf1, " offset=", buf2); + } + +-void ASN1_STRING_length_set(ASN1_STRING *x, int len) ++int ASN1_STRING_length(const ASN1_STRING *x) + { +- x->length = len; ++ return M_ASN1_STRING_length(x); + } + +-int ASN1_STRING_type(const ASN1_STRING *x) ++void ASN1_STRING_length_set(ASN1_STRING *x, int len) + { +- return x->type; ++ M_ASN1_STRING_length_set(x, len); ++ return; + } + +-const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) ++int ASN1_STRING_type(ASN1_STRING *x) + { +- return x->data; ++ return M_ASN1_STRING_type(x); + } + +-# if OPENSSL_API_COMPAT < 0x10100000L + unsigned char *ASN1_STRING_data(ASN1_STRING *x) + { +- return x->data; ++ return M_ASN1_STRING_data(x); + } +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h b/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h +index 5f597bd..4c004fa 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_locl.h +@@ -1,10 +1,60 @@ ++/* asn1t.h */ + /* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* Internal ASN1 structures and functions: not for application use */ +@@ -12,67 +62,74 @@ + int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); + int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); + +-/* ASN1 scan context structure */ ++/* ASN1 print context structure */ + +-struct asn1_sctx_st { +- /* The ASN1_ITEM associated with this field */ +- const ASN1_ITEM *it; +- /* If ASN1_TEMPLATE associated with this field */ +- const ASN1_TEMPLATE *tt; +- /* Various flags associated with field and context */ ++struct asn1_pctx_st { + unsigned long flags; +- /* If SEQUENCE OF or SET OF, field index */ +- int skidx; +- /* ASN1 depth of field */ +- int depth; +- /* Structure and field name */ +- const char *sname, *fname; +- /* If a primitive type the type of underlying field */ +- int prim_type; +- /* The field value itself */ +- ASN1_VALUE **field; +- /* Callback to pass information to */ +- int (*scan_cb) (ASN1_SCTX *ctx); +- /* Context specific application data */ +- void *app_data; +-} /* ASN1_SCTX */ ; +- +-typedef struct mime_param_st MIME_PARAM; +-DEFINE_STACK_OF(MIME_PARAM) +-typedef struct mime_header_st MIME_HEADER; +-DEFINE_STACK_OF(MIME_HEADER) +- +-/* Month values for printing out times */ +-extern const char *_asn1_mon[12]; +- +-void asn1_string_embed_free(ASN1_STRING *a, int embed); ++ unsigned long nm_flags; ++ unsigned long cert_flags; ++ unsigned long oid_flags; ++ unsigned long str_flags; ++} /* ASN1_PCTX */ ; + +-int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, +- const ASN1_ITEM *it); ++/* ASN1 public key method structure */ + +-ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); ++struct evp_pkey_asn1_method_st { ++ int pkey_id; ++ int pkey_base_id; ++ unsigned long pkey_flags; ++ char *pem_str; ++ char *info; ++ int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); ++ int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); ++ int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); ++ int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *pctx); ++ int (*priv_decode) (EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf); ++ int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); ++ int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *pctx); ++ int (*pkey_size) (const EVP_PKEY *pk); ++ int (*pkey_bits) (const EVP_PKEY *pk); ++ int (*param_decode) (EVP_PKEY *pkey, ++ const unsigned char **pder, int derlen); ++ int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); ++ int (*param_missing) (const EVP_PKEY *pk); ++ int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); ++ int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); ++ int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, ++ ASN1_PCTX *pctx); ++ int (*sig_print) (BIO *out, ++ const X509_ALGOR *sigalg, const ASN1_STRING *sig, ++ int indent, ASN1_PCTX *pctx); ++ void (*pkey_free) (EVP_PKEY *pkey); ++ int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); ++ /* Legacy functions for old PEM */ ++ int (*old_priv_decode) (EVP_PKEY *pkey, ++ const unsigned char **pder, int derlen); ++ int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); ++ /* Custom ASN1 signature verification */ ++ int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ++ X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); ++ int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ++ X509_ALGOR *alg1, X509_ALGOR *alg2, ++ ASN1_BIT_STRING *sig); ++} /* EVP_PKEY_ASN1_METHOD */ ; + +-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, +- int nullerr); +- +-int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); +- +-void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +-void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, +- const ASN1_ITEM *it); +-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, +- const ASN1_ITEM *it); ++/* ++ * Method to handle CRL access. In general a CRL could be very large (several ++ * Mb) and can consume large amounts of resources if stored in memory by ++ * multiple processes. This method allows general CRL operations to be ++ * redirected to more efficient callbacks: for example a CRL entry database. ++ */ + +-void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); +-void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); ++#define X509_CRL_METHOD_DYNAMIC 1 + +-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, +- long length); +-int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); +-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, +- const unsigned char **pp, long length); +-int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); +-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, +- long length); ++struct x509_crl_method_st { ++ int flags; ++ int (*crl_init) (X509_CRL *crl); ++ int (*crl_free) (X509_CRL *crl); ++ int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, ++ ASN1_INTEGER *ser, X509_NAME *issuer); ++ int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); ++}; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +index 4db3df9..e85e339 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/asn1_par.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -76,19 +125,28 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + ASN1_OBJECT *o = NULL; + ASN1_OCTET_STRING *os = NULL; + /* ASN1_BMPSTRING *bmp=NULL; */ +- int dump_indent, dump_cont = 0; ++ int dump_indent; ++ ++#if 0 ++ dump_indent = indent; ++#else ++ dump_indent = 6; /* Because we know BIO_dump_indent() */ ++#endif + + if (depth > ASN1_PARSE_MAXDEPTH) { + BIO_puts(bp, "BAD RECURSION DEPTH\n"); + return 0; + } + +- dump_indent = 6; /* Because we know BIO_dump_indent() */ + p = *pp; + tot = p + length; +- while (length > 0) { ++ op = p - 1; ++ while ((p < tot) && (op < p)) { + op = p; + j = ASN1_get_object(&p, &len, &tag, &xclass, length); ++#ifdef LINT ++ j = j; ++#endif + if (j & 0x80) { + if (BIO_write(bp, "Error in encoding\n", 18) <= 0) + goto end; +@@ -115,7 +173,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) + goto end; + if (j & V_ASN1_CONSTRUCTED) { +- const unsigned char *sp = p; ++ const unsigned char *sp; + + ep = p + len; + if (BIO_write(bp, "\n", 1) <= 0) +@@ -126,6 +184,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + goto end; + } + if ((j == 0x21) && (len == 0)) { ++ sp = p; + for (;;) { + r = asn1_parse2(bp, &p, (long)(tot - p), + offset + (p - *pp), depth + 1, +@@ -144,8 +203,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + + while (p < ep) { + sp = p; +- r = asn1_parse2(bp, &p, tmp, +- offset + (p - *pp), depth + 1, ++ r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1, + indent, dump); + if (r == 0) { + ret = 0; +@@ -179,18 +237,19 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + goto end; + i2a_ASN1_OBJECT(bp, o); + } else { +- if (BIO_puts(bp, ":BAD OBJECT") <= 0) ++ if (BIO_write(bp, ":BAD OBJECT", 11) <= 0) + goto end; +- dump_cont = 1; + } + } else if (tag == V_ASN1_BOOLEAN) { +- if (len != 1) { +- if (BIO_puts(bp, ":BAD BOOLEAN") <= 0) ++ int ii; ++ ++ opp = op; ++ ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl); ++ if (ii < 0) { ++ if (BIO_write(bp, "Bad boolean\n", 12) <= 0) + goto end; +- dump_cont = 1; + } +- if (len > 0) +- BIO_printf(bp, ":%u", p[0]); ++ BIO_printf(bp, ":%d", ii); + } else if (tag == V_ASN1_BMPSTRING) { + /* do the BMP thang */ + } else if (tag == V_ASN1_OCTET_STRING) { +@@ -247,8 +306,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + nl = 1; + } + } +- ASN1_OCTET_STRING_free(os); +- os = NULL; ++ if (os != NULL) { ++ M_ASN1_OCTET_STRING_free(os); ++ os = NULL; ++ } + } else if (tag == V_ASN1_INTEGER) { + ASN1_INTEGER *bs; + int i; +@@ -270,11 +331,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + goto end; + } + } else { +- if (BIO_puts(bp, ":BAD INTEGER") <= 0) ++ if (BIO_write(bp, "BAD INTEGER", 11) <= 0) + goto end; +- dump_cont = 1; + } +- ASN1_INTEGER_free(bs); ++ M_ASN1_INTEGER_free(bs); + } else if (tag == V_ASN1_ENUMERATED) { + ASN1_ENUMERATED *bs; + int i; +@@ -296,11 +356,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + goto end; + } + } else { +- if (BIO_puts(bp, ":BAD ENUMERATED") <= 0) ++ if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) + goto end; +- dump_cont = 1; + } +- ASN1_ENUMERATED_free(bs); ++ M_ASN1_ENUMERATED_free(bs); + } else if (len > 0 && dump) { + if (!nl) { + if (BIO_write(bp, "\n", 1) <= 0) +@@ -312,18 +371,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + goto end; + nl = 1; + } +- if (dump_cont) { +- int i; +- const unsigned char *tmp = op + hl; +- if (BIO_puts(bp, ":[") <= 0) +- goto end; +- for (i = 0; i < len; i++) { +- if (BIO_printf(bp, "%02X", tmp[i]) <= 0) +- goto end; +- } +- if (BIO_puts(bp, "]") <= 0) +- goto end; +- } + + if (!nl) { + if (BIO_write(bp, "\n", 1) <= 0) +@@ -339,8 +386,10 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + } + ret = 1; + end: +- ASN1_OBJECT_free(o); +- ASN1_OCTET_STRING_free(os); ++ if (o != NULL) ++ ASN1_OBJECT_free(o); ++ if (os != NULL) ++ M_ASN1_OCTET_STRING_free(os); + *pp = p; + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +index d7ec801..5170906 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c +@@ -1,21 +1,65 @@ ++/* asn_mime.c */ + /* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/evp_int.h" +-#include "internal/bio.h" + #include "asn1_locl.h" + + /* +@@ -28,35 +72,41 @@ + * from parameter values. Quotes are stripped off + */ + +-struct mime_param_st { ++typedef struct { + char *param_name; /* Param name e.g. "micalg" */ + char *param_value; /* Param value e.g. "sha1" */ +-}; ++} MIME_PARAM; + +-struct mime_header_st { ++DECLARE_STACK_OF(MIME_PARAM) ++IMPLEMENT_STACK_OF(MIME_PARAM) ++ ++typedef struct { + char *name; /* Name of line e.g. "content-type" */ + char *value; /* Value of line e.g. "text/plain" */ + STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ +-}; ++} MIME_HEADER; ++ ++DECLARE_STACK_OF(MIME_HEADER) ++IMPLEMENT_STACK_OF(MIME_HEADER) + + static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it); + static char *strip_ends(char *name); + static char *strip_start(char *name); + static char *strip_end(char *name); +-static MIME_HEADER *mime_hdr_new(const char *name, const char *value); +-static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value); ++static MIME_HEADER *mime_hdr_new(char *name, char *value); ++static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); + static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); + static int mime_hdr_cmp(const MIME_HEADER *const *a, + const MIME_HEADER *const *b); + static int mime_param_cmp(const MIME_PARAM *const *a, + const MIME_PARAM *const *b); + static void mime_param_free(MIME_PARAM *param); +-static int mime_bound_check(char *line, int linelen, const char *bound, int blen); +-static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret); +-static int strip_eol(char *linebuf, int *plen, int flags); +-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name); +-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name); ++static int mime_bound_check(char *line, int linelen, char *bound, int blen); ++static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); ++static int strip_eol(char *linebuf, int *plen); ++static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); ++static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); + static void mime_hdr_free(MIME_HEADER *hdr); + + #define MAX_SMLEN 1024 +@@ -101,7 +151,7 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + BIO *b64; + int r; + b64 = BIO_new(BIO_f_base64()); +- if (b64 == NULL) { ++ if (!b64) { + ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -132,8 +182,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) + { + BIO *b64; + ASN1_VALUE *val; +- +- if ((b64 = BIO_new(BIO_f_base64())) == NULL) { ++ if (!(b64 = BIO_new(BIO_f_base64()))) { + ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -142,7 +191,7 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) + if (!val) + ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR); + (void)BIO_flush(bio); +- BIO_pop(bio); ++ bio = BIO_pop(bio); + BIO_free(b64); + return val; + } +@@ -197,6 +246,7 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) + case NID_id_GostR3411_94: + BIO_puts(out, "gostr3411-94"); + goto err; ++ break; + + default: + if (have_unknown) +@@ -320,7 +370,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + int rv = 1; + + /* +- * If data is not detached or resigning then the output BIO is already ++ * If data is not deteched or resigning then the output BIO is already + * set up to finalise when it is written through. + */ + if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { +@@ -380,13 +430,12 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) + if (bcont) + *bcont = NULL; + +- if ((headers = mime_parse_hdr(bio)) == NULL) { ++ if (!(headers = mime_parse_hdr(bio))) { + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR); + return NULL; + } + +- if ((hdr = mime_hdr_find(headers, "content-type")) == NULL +- || hdr->value == NULL) { ++ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); + return NULL; +@@ -394,7 +443,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) + + /* Handle multipart/signed */ + +- if (strcmp(hdr->value, "multipart/signed") == 0) { ++ if (!strcmp(hdr->value, "multipart/signed")) { + /* Split into two parts */ + prm = mime_param_find(hdr, "boundary"); + if (!prm || !prm->param_value) { +@@ -413,7 +462,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) + /* Parse the signature piece */ + asnin = sk_BIO_value(parts, 1); + +- if ((headers = mime_parse_hdr(asnin)) == NULL) { ++ if (!(headers = mime_parse_hdr(asnin))) { + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; +@@ -421,8 +470,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) + + /* Get content type */ + +- if ((hdr = mime_hdr_find(headers, "content-type")) == NULL +- || hdr->value == NULL) { ++ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); + return NULL; +@@ -438,7 +486,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) + } + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + /* Read in ASN1 */ +- if ((val = b64_read_asn1(asnin, it)) == NULL) { ++ if (!(val = b64_read_asn1(asnin, it))) { + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; +@@ -465,7 +513,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) + + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + +- if ((val = b64_read_asn1(bio, it)) == NULL) { ++ if (!(val = b64_read_asn1(bio, it))) { + ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); + return NULL; + } +@@ -485,32 +533,20 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) + * when streaming as we don't end up with one OCTET STRING per line. + */ + bf = BIO_new(BIO_f_buffer()); +- if (bf == NULL) ++ if (!bf) + return 0; + out = BIO_push(bf, out); + if (flags & SMIME_BINARY) { + while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) + BIO_write(out, linebuf, len); + } else { +- int eolcnt = 0; + if (flags & SMIME_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { +- eol = strip_eol(linebuf, &len, flags); +- if (len) { +- /* Not EOF: write out all CRLF */ +- if (flags & SMIME_ASCIICRLF) { +- int i; +- for (i = 0; i < eolcnt; i++) +- BIO_write(out, "\r\n", 2); +- eolcnt = 0; +- } ++ eol = strip_eol(linebuf, &len); ++ if (len) + BIO_write(out, linebuf, len); +- if (eol) +- BIO_write(out, "\r\n", 2); +- } else if (flags & SMIME_ASCIICRLF) +- eolcnt++; +- else if (eol) ++ if (eol) + BIO_write(out, "\r\n", 2); + } + } +@@ -528,12 +564,11 @@ int SMIME_text(BIO *in, BIO *out) + STACK_OF(MIME_HEADER) *headers; + MIME_HEADER *hdr; + +- if ((headers = mime_parse_hdr(in)) == NULL) { ++ if (!(headers = mime_parse_hdr(in))) { + ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR); + return 0; + } +- if ((hdr = mime_hdr_find(headers, "content-type")) == NULL +- || hdr->value == NULL) { ++ if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return 0; +@@ -557,7 +592,7 @@ int SMIME_text(BIO *in, BIO *out) + * canonical parts in a STACK of bios + */ + +-static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) ++static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) + { + char linebuf[MAX_SMLEN]; + int len, blen; +@@ -572,32 +607,24 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) + first = 1; + parts = sk_BIO_new_null(); + *ret = parts; +- if (*ret == NULL) +- return 0; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + state = mime_bound_check(linebuf, len, bound, blen); + if (state == 1) { + first = 1; + part++; + } else if (state == 2) { +- if (!sk_BIO_push(parts, bpart)) { +- BIO_free(bpart); +- return 0; +- } ++ sk_BIO_push(parts, bpart); + return 1; + } else if (part) { + /* Strip CR+LF from linebuf */ +- next_eol = strip_eol(linebuf, &len, 0); ++ next_eol = strip_eol(linebuf, &len); + if (first) { + first = 0; + if (bpart) +- if (!sk_BIO_push(parts, bpart)) { +- BIO_free(bpart); +- return 0; +- } ++ sk_BIO_push(parts, bpart); + bpart = BIO_new(BIO_s_mem()); + if (bpart == NULL) +- return 0; ++ return 1; + BIO_set_mem_eof_return(bpart, 0); + } else if (eol) + BIO_write(bpart, "\r\n", 2); +@@ -606,7 +633,6 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) + BIO_write(bpart, linebuf, len); + } + } +- BIO_free(bpart); + return 0; + } + +@@ -625,12 +651,12 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) + char *p, *q, c; + char *ntmp; + char linebuf[MAX_SMLEN]; +- MIME_HEADER *mhdr = NULL, *new_hdr = NULL; ++ MIME_HEADER *mhdr = NULL; + STACK_OF(MIME_HEADER) *headers; + int len, state, save_state = 0; + + headers = sk_MIME_HEADER_new(mime_hdr_cmp); +- if (headers == NULL) ++ if (!headers) + return NULL; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ +@@ -662,13 +688,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) + if (c == ';') { + mime_debug("Found End Value\n"); + *p = 0; +- new_hdr = mime_hdr_new(ntmp, strip_ends(q)); +- if (new_hdr == NULL) +- goto err; +- if (!sk_MIME_HEADER_push(headers, new_hdr)) +- goto err; +- mhdr = new_hdr; +- new_hdr = NULL; ++ mhdr = mime_hdr_new(ntmp, strip_ends(q)); ++ sk_MIME_HEADER_push(headers, mhdr); + ntmp = NULL; + q = p + 1; + state = MIME_NAME; +@@ -719,13 +740,8 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) + } + + if (state == MIME_TYPE) { +- new_hdr = mime_hdr_new(ntmp, strip_ends(q)); +- if (new_hdr == NULL) +- goto err; +- if (!sk_MIME_HEADER_push(headers, new_hdr)) +- goto err; +- mhdr = new_hdr; +- new_hdr = NULL; ++ mhdr = mime_hdr_new(ntmp, strip_ends(q)); ++ sk_MIME_HEADER_push(headers, mhdr); + } else if (state == MIME_VALUE) + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + if (p == linebuf) +@@ -734,10 +750,6 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) + + return headers; + +-err: +- mime_hdr_free(new_hdr); +- sk_MIME_HEADER_pop_free(headers, mime_hdr_free); +- return NULL; + } + + static char *strip_ends(char *name) +@@ -787,14 +799,13 @@ static char *strip_end(char *name) + return NULL; + } + +-static MIME_HEADER *mime_hdr_new(const char *name, const char *value) ++static MIME_HEADER *mime_hdr_new(char *name, char *value) + { +- MIME_HEADER *mhdr = NULL; +- char *tmpname = NULL, *tmpval = NULL, *p; ++ MIME_HEADER *mhdr; ++ char *tmpname, *tmpval, *p; + int c; +- + if (name) { +- if ((tmpname = OPENSSL_strdup(name)) == NULL) ++ if (!(tmpname = BUF_strdup(name))) + return NULL; + for (p = tmpname; *p; p++) { + c = (unsigned char)*p; +@@ -803,10 +814,11 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value) + *p = c; + } + } +- } ++ } else ++ tmpname = NULL; + if (value) { +- if ((tmpval = OPENSSL_strdup(value)) == NULL) +- goto err; ++ if (!(tmpval = BUF_strdup(value))) ++ return NULL; + for (p = tmpval; *p; p++) { + c = (unsigned char)*p; + if (isupper(c)) { +@@ -814,32 +826,27 @@ static MIME_HEADER *mime_hdr_new(const char *name, const char *value) + *p = c; + } + } +- } +- mhdr = OPENSSL_malloc(sizeof(*mhdr)); +- if (mhdr == NULL) +- goto err; ++ } else ++ tmpval = NULL; ++ mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER)); ++ if (!mhdr) ++ return NULL; + mhdr->name = tmpname; + mhdr->value = tmpval; +- if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL) +- goto err; ++ if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) ++ return NULL; + return mhdr; +- +- err: +- OPENSSL_free(tmpname); +- OPENSSL_free(tmpval); +- OPENSSL_free(mhdr); +- return NULL; + } + +-static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value) ++static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) + { +- char *tmpname = NULL, *tmpval = NULL, *p; ++ char *tmpname, *tmpval, *p; + int c; +- MIME_PARAM *mparam = NULL; ++ MIME_PARAM *mparam; + if (name) { +- tmpname = OPENSSL_strdup(name); ++ tmpname = BUF_strdup(name); + if (!tmpname) +- goto err; ++ return 0; + for (p = tmpname; *p; p++) { + c = (unsigned char)*p; + if (isupper(c)) { +@@ -847,26 +854,22 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *va + *p = c; + } + } +- } ++ } else ++ tmpname = NULL; + if (value) { +- tmpval = OPENSSL_strdup(value); ++ tmpval = BUF_strdup(value); + if (!tmpval) +- goto err; +- } ++ return 0; ++ } else ++ tmpval = NULL; + /* Parameter values are case sensitive so leave as is */ +- mparam = OPENSSL_malloc(sizeof(*mparam)); +- if (mparam == NULL) +- goto err; ++ mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM)); ++ if (!mparam) ++ return 0; + mparam->param_name = tmpname; + mparam->param_value = tmpval; +- if (!sk_MIME_PARAM_push(mhdr->params, mparam)) +- goto err; ++ sk_MIME_PARAM_push(mhdr->params, mparam); + return 1; +- err: +- OPENSSL_free(tmpname); +- OPENSSL_free(tmpval); +- OPENSSL_free(mparam); +- return 0; + } + + static int mime_hdr_cmp(const MIME_HEADER *const *a, +@@ -888,28 +891,22 @@ static int mime_param_cmp(const MIME_PARAM *const *a, + + /* Find a header with a given name (if possible) */ + +-static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name) ++static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) + { + MIME_HEADER htmp; + int idx; +- +- htmp.name = (char *)name; +- htmp.value = NULL; +- htmp.params = NULL; +- ++ htmp.name = name; + idx = sk_MIME_HEADER_find(hdrs, &htmp); + if (idx < 0) + return NULL; + return sk_MIME_HEADER_value(hdrs, idx); + } + +-static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name) ++static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) + { + MIME_PARAM param; + int idx; +- +- param.param_name = (char *)name; +- param.param_value = NULL; ++ param.param_name = name; + idx = sk_MIME_PARAM_find(hdr->params, ¶m); + if (idx < 0) + return NULL; +@@ -918,10 +915,10 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name) + + static void mime_hdr_free(MIME_HEADER *hdr) + { +- if (hdr == NULL) +- return; +- OPENSSL_free(hdr->name); +- OPENSSL_free(hdr->value); ++ if (hdr->name) ++ OPENSSL_free(hdr->name); ++ if (hdr->value) ++ OPENSSL_free(hdr->value); + if (hdr->params) + sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); + OPENSSL_free(hdr); +@@ -929,8 +926,10 @@ static void mime_hdr_free(MIME_HEADER *hdr) + + static void mime_param_free(MIME_PARAM *param) + { +- OPENSSL_free(param->param_name); +- OPENSSL_free(param->param_value); ++ if (param->param_name) ++ OPENSSL_free(param->param_name); ++ if (param->param_value) ++ OPENSSL_free(param->param_value); + OPENSSL_free(param); + } + +@@ -940,7 +939,7 @@ static void mime_param_free(MIME_PARAM *param) + * 1 : part boundary + * 2 : final boundary + */ +-static int mime_bound_check(char *line, int linelen, const char *bound, int blen) ++static int mime_bound_check(char *line, int linelen, char *bound, int blen) + { + if (linelen == -1) + linelen = strlen(line); +@@ -950,9 +949,8 @@ static int mime_bound_check(char *line, int linelen, const char *bound, int blen + if (blen + 2 > linelen) + return 0; + /* Check for part boundary */ +- if ((strncmp(line, "--", 2) == 0) +- && strncmp(line + 2, bound, blen) == 0) { +- if (strncmp(line + blen + 2, "--", 2) == 0) ++ if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { ++ if (!strncmp(line + blen + 2, "--", 2)) + return 2; + else + return 1; +@@ -960,7 +958,7 @@ static int mime_bound_check(char *line, int linelen, const char *bound, int blen + return 0; + } + +-static int strip_eol(char *linebuf, int *plen, int flags) ++static int strip_eol(char *linebuf, int *plen) + { + int len = *plen; + char *p, c; +@@ -970,8 +968,6 @@ static int strip_eol(char *linebuf, int *plen, int flags) + c = *p; + if (c == '\n') + is_eol = 1; +- else if (is_eol && flags & SMIME_ASCIICRLF && c < 33) +- continue; + else if (c != '\r') + break; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c +index 8176b76..fab2dd9 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c +@@ -1,24 +1,73 @@ ++/* asn_moid.c */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include ++#include + #include +-#include "internal/asn1_int.h" +-#include "internal/objects.h" + + /* Simple ASN1 OID module: add all objects in a given section */ + +-static int do_create(const char *value, const char *name); ++static int do_create(char *value, char *name); + + static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) + { +@@ -26,9 +75,8 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) + const char *oid_section; + STACK_OF(CONF_VALUE) *sktmp; + CONF_VALUE *oval; +- + oid_section = CONF_imodule_get_value(md); +- if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { ++ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { + ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); + return 0; + } +@@ -44,6 +92,7 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) + + static void oid_module_finish(CONF_IMODULE *md) + { ++ OBJ_cleanup(); + } + + void ASN1_add_oid_module(void) +@@ -57,12 +106,11 @@ void ASN1_add_oid_module(void) + * shortname = some long name, 1.2.3.4 + */ + +-static int do_create(const char *value, const char *name) ++static int do_create(char *value, char *name) + { + int nid; + ASN1_OBJECT *oid; +- const char *ln, *ostr, *p; +- char *lntmp; ++ char *ln, *ostr, *p, *lntmp; + p = strrchr(value, ','); + if (!p) { + ln = name; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c +deleted file mode 100644 +index 8260939..0000000 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mstbl.c ++++ /dev/null +@@ -1,114 +0,0 @@ +-/* +- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +-#include "internal/cryptlib.h" +-#include +-#include +- +-/* Multi string module: add table entries from a given section */ +- +-static int do_tcreate(const char *value, const char *name); +- +-static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf) +-{ +- int i; +- const char *stbl_section; +- STACK_OF(CONF_VALUE) *sktmp; +- CONF_VALUE *mval; +- +- stbl_section = CONF_imodule_get_value(md); +- if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) { +- ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); +- return 0; +- } +- for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { +- mval = sk_CONF_VALUE_value(sktmp, i); +- if (!do_tcreate(mval->value, mval->name)) { +- ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE); +- return 0; +- } +- } +- return 1; +-} +- +-static void stbl_module_finish(CONF_IMODULE *md) +-{ +- ASN1_STRING_TABLE_cleanup(); +-} +- +-void ASN1_add_stable_module(void) +-{ +- CONF_module_add("stbl_section", stbl_module_init, stbl_module_finish); +-} +- +-/* +- * Create an table entry based on a name value pair. format is oid_name = +- * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags". +- */ +- +-static int do_tcreate(const char *value, const char *name) +-{ +- char *eptr; +- int nid, i, rv = 0; +- long tbl_min = -1, tbl_max = -1; +- unsigned long tbl_mask = 0, tbl_flags = 0; +- STACK_OF(CONF_VALUE) *lst = NULL; +- CONF_VALUE *cnf = NULL; +- nid = OBJ_sn2nid(name); +- if (nid == NID_undef) +- nid = OBJ_ln2nid(name); +- if (nid == NID_undef) +- goto err; +- lst = X509V3_parse_list(value); +- if (!lst) +- goto err; +- for (i = 0; i < sk_CONF_VALUE_num(lst); i++) { +- cnf = sk_CONF_VALUE_value(lst, i); +- if (strcmp(cnf->name, "min") == 0) { +- tbl_min = strtoul(cnf->value, &eptr, 0); +- if (*eptr) +- goto err; +- } else if (strcmp(cnf->name, "max") == 0) { +- tbl_max = strtoul(cnf->value, &eptr, 0); +- if (*eptr) +- goto err; +- } else if (strcmp(cnf->name, "mask") == 0) { +- if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask) +- goto err; +- } else if (strcmp(cnf->name, "flags") == 0) { +- if (strcmp(cnf->value, "nomask") == 0) +- tbl_flags = STABLE_NO_MASK; +- else if (strcmp(cnf->value, "none") == 0) +- tbl_flags = STABLE_FLAGS_CLEAR; +- else +- goto err; +- } else +- goto err; +- } +- rv = 1; +- err: +- if (rv == 0) { +- ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE); +- if (cnf) +- ERR_add_error_data(4, "field=", cnf->name, +- ", value=", cnf->value); +- else +- ERR_add_error_data(4, "name=", name, ", value=", value); +- } else { +- rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max, +- tbl_mask, tbl_flags); +- if (!rv) +- ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE); +- } +- sk_CONF_VALUE_pop_free(lst, X509V3_conf_free); +- return rv; +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +index 63bc306..366caf0 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c +@@ -1,62 +1,207 @@ ++/* asn_pack.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + ++#ifndef NO_ASN1_OLD ++ + /* ASN1 packing and unpacking functions */ + +-ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) ++/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ ++ ++STACK_OF(OPENSSL_BLOCK) *ASN1_seq_unpack(const unsigned char *buf, int len, ++ d2i_of_void *d2i, ++ void (*free_func) (OPENSSL_BLOCK)) ++{ ++ STACK_OF(OPENSSL_BLOCK) *sk; ++ const unsigned char *pbuf; ++ pbuf = buf; ++ if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, ++ V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) ++ ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR); ++ return sk; ++} ++ ++/* ++ * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a ++ * OPENSSL_malloc'ed buffer ++ */ ++ ++unsigned char *ASN1_seq_pack(STACK_OF(OPENSSL_BLOCK) *safes, i2d_of_void *i2d, ++ unsigned char **buf, int *len) ++{ ++ int safelen; ++ unsigned char *safe, *p; ++ if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL, IS_SEQUENCE))) { ++ ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR); ++ return NULL; ++ } ++ if (!(safe = OPENSSL_malloc(safelen))) { ++ ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ p = safe; ++ i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, ++ IS_SEQUENCE); ++ if (len) ++ *len = safelen; ++ if (buf) ++ *buf = safe; ++ return safe; ++} ++ ++/* Extract an ASN1 object from an ASN1_STRING */ ++ ++void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i) ++{ ++ const unsigned char *p; ++ char *ret; ++ ++ p = oct->data; ++ if (!(ret = d2i(NULL, &p, oct->length))) ++ ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR); ++ return ret; ++} ++ ++/* Pack an ASN1 object into an ASN1_STRING */ ++ ++ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct) + { ++ unsigned char *p; + ASN1_STRING *octmp; + +- if (oct == NULL || *oct == NULL) { +- if ((octmp = ASN1_STRING_new()) == NULL) { +- ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); ++ if (!oct || !*oct) { ++ if (!(octmp = ASN1_STRING_new())) { ++ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); + return NULL; + } +- } else { ++ if (oct) ++ *oct = octmp; ++ } else + octmp = *oct; +- } +- +- OPENSSL_free(octmp->data); +- octmp->data = NULL; + +- if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) { +- ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); ++ if (!(octmp->length = i2d(obj, NULL))) { ++ ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR); + goto err; + } +- if (octmp->data == NULL) { +- ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); ++ if (!(p = OPENSSL_malloc(octmp->length))) { ++ ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE); + goto err; + } +- +- if (oct != NULL && *oct == NULL) +- *oct = octmp; +- ++ octmp->data = p; ++ i2d(obj, &p); + return octmp; + err: +- if (oct == NULL || *oct == NULL) ++ if (!oct || !*oct) { + ASN1_STRING_free(octmp); ++ if (oct) ++ *oct = NULL; ++ } + return NULL; + } + ++#endif ++ ++/* ASN1_ITEM versions of the above */ ++ ++ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) ++{ ++ ASN1_STRING *octmp; ++ ++ if (!oct || !*oct) { ++ if (!(octmp = ASN1_STRING_new())) { ++ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (oct) ++ *oct = octmp; ++ } else ++ octmp = *oct; ++ ++ if (octmp->data) { ++ OPENSSL_free(octmp->data); ++ octmp->data = NULL; ++ } ++ ++ if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { ++ ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); ++ return NULL; ++ } ++ if (!octmp->data) { ++ ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ return octmp; ++} ++ + /* Extract an ASN1 object from an ASN1_STRING */ + +-void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) ++void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) + { + const unsigned char *p; + void *ret; + + p = oct->data; +- if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL) ++ if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) + ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR); + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c +index 400effa..c3afff6 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/bio_asn1.c +@@ -1,10 +1,60 @@ ++/* bio_asn1.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -14,7 +64,7 @@ + */ + + #include +-#include ++#include + #include + + /* Must be large enough for biggest tag+length */ +@@ -75,7 +125,7 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, + asn1_bio_state_t ex_state, + asn1_bio_state_t other_state); + +-static const BIO_METHOD methods_asn1 = { ++static BIO_METHOD methods_asn1 = { + BIO_TYPE_ASN1, + "asn1", + asn1_bio_write, +@@ -88,55 +138,59 @@ static const BIO_METHOD methods_asn1 = { + asn1_bio_callback_ctrl, + }; + +-const BIO_METHOD *BIO_f_asn1(void) ++BIO_METHOD *BIO_f_asn1(void) + { + return (&methods_asn1); + } + + static int asn1_bio_new(BIO *b) + { +- BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); +- +- if (ctx == NULL) ++ BIO_ASN1_BUF_CTX *ctx; ++ ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX)); ++ if (!ctx) + return 0; + if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { + OPENSSL_free(ctx); + return 0; + } +- BIO_set_data(b, ctx); +- BIO_set_init(b, 1); +- ++ b->init = 1; ++ b->ptr = (char *)ctx; ++ b->flags = 0; + return 1; + } + + static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) + { + ctx->buf = OPENSSL_malloc(size); +- if (ctx->buf == NULL) ++ if (!ctx->buf) + return 0; + ctx->bufsize = size; ++ ctx->bufpos = 0; ++ ctx->buflen = 0; ++ ctx->copylen = 0; + ctx->asn1_class = V_ASN1_UNIVERSAL; + ctx->asn1_tag = V_ASN1_OCTET_STRING; ++ ctx->ex_buf = NULL; ++ ctx->ex_len = 0; ++ ctx->ex_pos = 0; + ctx->state = ASN1_STATE_START; ++ ctx->prefix = ctx->prefix_free = ctx->suffix = ctx->suffix_free = NULL; ++ ctx->ex_arg = NULL; + return 1; + } + + static int asn1_bio_free(BIO *b) + { + BIO_ASN1_BUF_CTX *ctx; +- +- if (b == NULL) +- return 0; +- +- ctx = BIO_get_data(b); ++ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; + if (ctx == NULL) + return 0; +- +- OPENSSL_free(ctx->buf); ++ if (ctx->buf) ++ OPENSSL_free(ctx->buf); + OPENSSL_free(ctx); +- BIO_set_data(b, NULL); +- BIO_set_init(b, 0); +- ++ b->init = 0; ++ b->ptr = NULL; ++ b->flags = 0; + return 1; + } + +@@ -145,11 +199,10 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) + BIO_ASN1_BUF_CTX *ctx; + int wrmax, wrlen, ret; + unsigned char *p; +- BIO *next; +- +- ctx = BIO_get_data(b); +- next = BIO_next(b); +- if (in == NULL || inl < 0 || ctx == NULL || next == NULL) ++ if (!in || (inl < 0) || (b->next_bio == NULL)) ++ return 0; ++ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; ++ if (ctx == NULL) + return 0; + + wrlen = 0; +@@ -187,7 +240,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) + break; + + case ASN1_STATE_HEADER_COPY: +- ret = BIO_write(next, ctx->buf + ctx->bufpos, ctx->buflen); ++ ret = BIO_write(b->next_bio, ctx->buf + ctx->bufpos, ctx->buflen); + if (ret <= 0) + goto done; + +@@ -207,7 +260,7 @@ static int asn1_bio_write(BIO *b, const char *in, int inl) + wrmax = ctx->copylen; + else + wrmax = inl; +- ret = BIO_write(next, in, wrmax); ++ ret = BIO_write(b->next_bio, in, wrmax); + if (ret <= 0) + break; + wrlen += ret; +@@ -243,11 +296,10 @@ static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, + asn1_ps_func *cleanup, asn1_bio_state_t next) + { + int ret; +- + if (ctx->ex_len <= 0) + return 1; + for (;;) { +- ret = BIO_write(BIO_next(b), ctx->ex_buf + ctx->ex_pos, ctx->ex_len); ++ ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos, ctx->ex_len); + if (ret <= 0) + break; + ctx->ex_len -= ret; +@@ -282,10 +334,9 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, + + static int asn1_bio_read(BIO *b, char *in, int inl) + { +- BIO *next = BIO_next(b); +- if (next == NULL) ++ if (!b->next_bio) + return 0; +- return BIO_read(next, in, inl); ++ return BIO_read(b->next_bio, in, inl); + } + + static int asn1_bio_puts(BIO *b, const char *str) +@@ -295,18 +346,16 @@ static int asn1_bio_puts(BIO *b, const char *str) + + static int asn1_bio_gets(BIO *b, char *str, int size) + { +- BIO *next = BIO_next(b); +- if (next == NULL) ++ if (!b->next_bio) + return 0; +- return BIO_gets(next, str, size); ++ return BIO_gets(b->next_bio, str, size); + } + + static long asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { +- BIO *next = BIO_next(b); +- if (next == NULL) +- return 0; +- return BIO_callback_ctrl(next, cmd, fp); ++ if (b->next_bio == NULL) ++ return (0); ++ return BIO_callback_ctrl(b->next_bio, cmd, fp); + } + + static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) +@@ -314,12 +363,9 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) + BIO_ASN1_BUF_CTX *ctx; + BIO_ASN1_EX_FUNCS *ex_func; + long ret = 1; +- BIO *next; +- +- ctx = BIO_get_data(b); ++ ctx = (BIO_ASN1_BUF_CTX *)b->ptr; + if (ctx == NULL) + return 0; +- next = BIO_next(b); + switch (cmd) { + + case BIO_C_SET_PREFIX: +@@ -355,7 +401,7 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) + break; + + case BIO_CTRL_FLUSH: +- if (next == NULL) ++ if (!b->next_bio) + return 0; + + /* Call post function if possible */ +@@ -373,16 +419,17 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) + } + + if (ctx->state == ASN1_STATE_DONE) +- return BIO_ctrl(next, cmd, arg1, arg2); ++ return BIO_ctrl(b->next_bio, cmd, arg1, arg2); + else { + BIO_clear_retry_flags(b); + return 0; + } ++ break; + + default: +- if (next == NULL) ++ if (!b->next_bio) + return 0; +- return BIO_ctrl(next, cmd, arg1, arg2); ++ return BIO_ctrl(b->next_bio, cmd, arg1, arg2); + + } + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c b/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c +index 0f206b2..8d70466 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/bio_ndef.c +@@ -1,10 +1,56 @@ ++/* bio_ndef.c */ + /* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -19,7 +65,7 @@ + /* + * The usage is quite simple, initialize an ASN1 structure, get a BIO from it + * then any data written through the BIO will end up translated to +- * appropriate format on the fly. The data is streamed out and does *not* ++ * approptiate format on the fly. The data is streamed out and does *not* + * need to be all held in memory at once. When the BIO is flushed the output + * is finalized and any signatures etc written out. The BIO is a 'proper' + * BIO and can handle non blocking I/O correctly. The usage is simple. The +@@ -60,21 +106,21 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) + ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); + return NULL; + } +- ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux)); ++ ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT)); + asn_bio = BIO_new(BIO_f_asn1()); +- if (ndef_aux == NULL || asn_bio == NULL) +- goto err; + + /* ASN1 bio needs to be next to output BIO */ ++ + out = BIO_push(asn_bio, out); +- if (out == NULL) ++ ++ if (!ndef_aux || !asn_bio || !out) + goto err; + + BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); + BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); + + /* +- * Now let callback prepends any digest, cipher etc BIOs ASN1 structure ++ * Now let callback prepend any digest, cipher etc BIOs ASN1 structure + * needs. + */ + +@@ -90,14 +136,17 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) + ndef_aux->ndef_bio = sarg.ndef_bio; + ndef_aux->boundary = sarg.boundary; + ndef_aux->out = out; ++ ndef_aux->derbuf = NULL; + + BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); + + return sarg.ndef_bio; + + err: +- BIO_free(asn_bio); +- OPENSSL_free(ndef_aux); ++ if (asn_bio) ++ BIO_free(asn_bio); ++ if (ndef_aux) ++ OPENSSL_free(ndef_aux); + return NULL; + } + +@@ -114,7 +163,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) + + derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + p = OPENSSL_malloc(derlen); +- if (p == NULL) ++ if (!p) + return 0; + + ndef_aux->derbuf = p; +@@ -139,7 +188,8 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, + + ndef_aux = *(NDEF_SUPPORT **)parg; + +- OPENSSL_free(ndef_aux->derbuf); ++ if (ndef_aux->derbuf) ++ OPENSSL_free(ndef_aux->derbuf); + + ndef_aux->derbuf = NULL; + *pbuf = NULL; +@@ -183,7 +233,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) + + derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + p = OPENSSL_malloc(derlen); +- if (p == NULL) ++ if (!p) + return 0; + + ndef_aux->derbuf = p; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/charmap.h b/Cryptlib/OpenSSL/crypto/asn1/charmap.h +index 2a75925..3305ad1 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/charmap.h ++++ b/Cryptlib/OpenSSL/crypto/asn1/charmap.h +@@ -1,34 +1,15 @@ + /* +- * WARNING: do not edit! +- * Generated by crypto/asn1/charmap.pl +- * +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Auto generated with chartype.pl script. Mask of various character ++ * properties + */ + +-#define CHARTYPE_HOST_ANY 4096 +-#define CHARTYPE_HOST_DOT 8192 +-#define CHARTYPE_HOST_HYPHEN 16384 +-#define CHARTYPE_HOST_WILD 32768 +- +-/* +- * Mask of various character properties +- */ +- +-static const unsigned short char_type[] = { +- 1026, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, +- 2, 2, 2, 2, 2, 2, 2, 2, 120, 0, 1, 40, +- 0, 0, 0, 16, 1040, 1040, 33792, 25, 25, 16400, 8208, 16, +- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 16, 9, +- 9, 16, 9, 16, 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, +- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, +- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 0, 1025, 0, 0, 0, +- 0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, +- 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, +- 4112, 4112, 4112, 0, 0, 0, 0, 2 ++static const unsigned char char_type[] = { ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, ++ 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16, ++ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0, ++ 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, ++ 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2 + }; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +index e311b90..86dcf5f 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c +@@ -1,22 +1,72 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/d2i_pr.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + #include + #include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" ++#include "asn1_locl.h" + + EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length) +@@ -32,8 +82,10 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + } else { + ret = *a; + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(ret->engine); +- ret->engine = NULL; ++ if (ret->engine) { ++ ENGINE_finish(ret->engine); ++ ret->engine = NULL; ++ } + #endif + } + +@@ -66,7 +118,7 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + (*a) = ret; + return (ret); + err: +- if (a == NULL || *a != ret) ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) + EVP_PKEY_free(ret); + return (NULL); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +index dfdc1a6..33542dd 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c +@@ -1,23 +1,76 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/d2i_pu.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include +-#include +-#include +- +-#include "internal/evp_int.h" ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++#ifndef OPENSSL_NO_EC ++# include ++#endif + + EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length) +@@ -40,7 +93,10 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + switch (EVP_PKEY_id(ret)) { + #ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: +- if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) { ++ /* TMP UGLY CAST */ ++ if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, ++ (const unsigned char **)pp, ++ length)) == NULL) { + ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); + goto err; + } +@@ -49,7 +105,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + #ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + /* TMP UGLY CAST */ +- if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) { ++ if (!d2i_DSAPublicKey(&(ret->pkey.dsa), ++ (const unsigned char **)pp, length)) { + ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); + goto err; + } +@@ -57,7 +114,8 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + #endif + #ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: +- if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) { ++ if (!o2i_ECPublicKey(&(ret->pkey.ec), ++ (const unsigned char **)pp, length)) { + ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); + goto err; + } +@@ -72,7 +130,7 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + (*a) = ret; + return (ret); + err: +- if (a == NULL || *a != ret) ++ if ((ret != NULL) && ((a == NULL) || (*a != ret))) + EVP_PKEY_free(ret); + return (NULL); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +index a458367..5876afa 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c +@@ -1,25 +1,74 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/evp_asn1.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include ++#include + + int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) + { + ASN1_STRING *os; + +- if ((os = ASN1_OCTET_STRING_new()) == NULL) ++ if ((os = M_ASN1_OCTET_STRING_new()) == NULL) + return (0); +- if (!ASN1_OCTET_STRING_set(os, data, len)) { +- ASN1_OCTET_STRING_free(os); ++ if (!M_ASN1_OCTET_STRING_set(os, data, len)) { ++ M_ASN1_OCTET_STRING_free(os); + return 0; + } + ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); +@@ -27,17 +76,17 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) + } + + /* int max_len: for returned value */ +-int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) ++int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len) + { + int ret, num; +- const unsigned char *p; ++ unsigned char *p; + + if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { + ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG); + return (-1); + } +- p = ASN1_STRING_get0_data(a->value.octet_string); +- ret = ASN1_STRING_length(a->value.octet_string); ++ p = M_ASN1_STRING_data(a->value.octet_string); ++ ret = M_ASN1_STRING_length(a->value.octet_string); + if (ret < max_len) + num = ret; + else +@@ -46,70 +95,101 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l + return (ret); + } + +-typedef struct { +- long num; +- ASN1_OCTET_STRING *oct; +-} asn1_int_oct; +- +-ASN1_SEQUENCE(asn1_int_oct) = { +- ASN1_SIMPLE(asn1_int_oct, num, LONG), +- ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING) +-} static_ASN1_SEQUENCE_END(asn1_int_oct) +- +-DECLARE_ASN1_ITEM(asn1_int_oct) +- + int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, + int len) + { +- asn1_int_oct atmp; +- ASN1_OCTET_STRING oct; +- +- atmp.num = num; +- atmp.oct = &oct; +- oct.data = data; +- oct.type = V_ASN1_OCTET_STRING; +- oct.length = len; +- oct.flags = 0; +- +- if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a)) +- return 1; +- return 0; ++ int n, size; ++ ASN1_OCTET_STRING os, *osp; ++ ASN1_INTEGER in; ++ unsigned char *p; ++ unsigned char buf[32]; /* when they have 256bit longs, I'll be in ++ * trouble */ ++ in.data = buf; ++ in.length = 32; ++ os.data = data; ++ os.type = V_ASN1_OCTET_STRING; ++ os.length = len; ++ ASN1_INTEGER_set(&in, num); ++ n = i2d_ASN1_INTEGER(&in, NULL); ++ n += M_i2d_ASN1_OCTET_STRING(&os, NULL); ++ ++ size = ASN1_object_size(1, n, V_ASN1_SEQUENCE); ++ ++ if ((osp = ASN1_STRING_new()) == NULL) ++ return (0); ++ /* Grow the 'string' */ ++ if (!ASN1_STRING_set(osp, NULL, size)) { ++ ASN1_STRING_free(osp); ++ return (0); ++ } ++ ++ M_ASN1_STRING_length_set(osp, size); ++ p = M_ASN1_STRING_data(osp); ++ ++ ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); ++ i2d_ASN1_INTEGER(&in, &p); ++ M_i2d_ASN1_OCTET_STRING(&os, &p); ++ ++ ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp); ++ return (1); + } + + /* +- * we return the actual length... ++ * we return the actual length..., num may be missing, in which case, set it ++ * to zero + */ + /* int max_len: for returned value */ +-int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, ++int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, + unsigned char *data, int max_len) + { +- asn1_int_oct *atmp = NULL; + int ret = -1, n; ++ ASN1_INTEGER *ai = NULL; ++ ASN1_OCTET_STRING *os = NULL; ++ const unsigned char *p; ++ long length; ++ ASN1_const_CTX c; + + if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { + goto err; + } ++ p = M_ASN1_STRING_data(a->value.sequence); ++ length = M_ASN1_STRING_length(a->value.sequence); + +- atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a); ++ c.pp = &p; ++ c.p = p; ++ c.max = p + length; ++ c.error = ASN1_R_DATA_IS_WRONG; + +- if (atmp == NULL) ++ M_ASN1_D2I_start_sequence(); ++ c.q = c.p; ++ if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL) ++ goto err; ++ c.slen -= (c.p - c.q); ++ c.q = c.p; ++ if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL) ++ goto err; ++ c.slen -= (c.p - c.q); ++ if (!M_ASN1_D2I_end_sequence()) + goto err; + + if (num != NULL) +- *num = atmp->num; ++ *num = ASN1_INTEGER_get(ai); + +- ret = ASN1_STRING_length(atmp->oct); ++ ret = M_ASN1_STRING_length(os); + if (max_len > ret) + n = ret; + else + n = max_len; + + if (data != NULL) +- memcpy(data, ASN1_STRING_get0_data(atmp->oct), n); +- if (ret == -1) { ++ memcpy(data, M_ASN1_STRING_data(os), n); ++ if (0) { + err: + ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); + } +- M_ASN1_free_of(atmp, asn1_int_oct); +- return ret; ++ if (os != NULL) ++ M_ASN1_OCTET_STRING_free(os); ++ if (ai != NULL) ++ M_ASN1_INTEGER_free(ai); ++ return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c +new file mode 100644 +index 0000000..94cd54d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c +@@ -0,0 +1,203 @@ ++/* crypto/asn1/f_enum.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++ ++/* Based on a_int.c: equivalent ENUMERATED functions */ ++ ++int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) ++{ ++ int i, n = 0; ++ static const char *h = "0123456789ABCDEF"; ++ char buf[2]; ++ ++ if (a == NULL) ++ return (0); ++ ++ if (a->length == 0) { ++ if (BIO_write(bp, "00", 2) != 2) ++ goto err; ++ n = 2; ++ } else { ++ for (i = 0; i < a->length; i++) { ++ if ((i != 0) && (i % 35 == 0)) { ++ if (BIO_write(bp, "\\\n", 2) != 2) ++ goto err; ++ n += 2; ++ } ++ buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; ++ buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; ++ if (BIO_write(bp, buf, 2) != 2) ++ goto err; ++ n += 2; ++ } ++ } ++ return (n); ++ err: ++ return (-1); ++} ++ ++int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) ++{ ++ int ret = 0; ++ int i, j, k, m, n, again, bufsize; ++ unsigned char *s = NULL, *sp; ++ unsigned char *bufp; ++ int num = 0, slen = 0, first = 1; ++ ++ bs->type = V_ASN1_ENUMERATED; ++ ++ bufsize = BIO_gets(bp, buf, size); ++ for (;;) { ++ if (bufsize < 1) ++ goto err_sl; ++ i = bufsize; ++ if (buf[i - 1] == '\n') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ if (buf[i - 1] == '\r') ++ buf[--i] = '\0'; ++ if (i == 0) ++ goto err_sl; ++ again = (buf[i - 1] == '\\'); ++ ++ for (j = 0; j < i; j++) { ++ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || ++ ((buf[j] >= 'a') && (buf[j] <= 'f')) || ++ ((buf[j] >= 'A') && (buf[j] <= 'F')))) { ++ i = j; ++ break; ++ } ++ } ++ buf[i] = '\0'; ++ /* ++ * We have now cleared all the crap off the end of the line ++ */ ++ if (i < 2) ++ goto err_sl; ++ ++ bufp = (unsigned char *)buf; ++ if (first) { ++ first = 0; ++ if ((bufp[0] == '0') && (buf[1] == '0')) { ++ bufp += 2; ++ i -= 2; ++ } ++ } ++ k = 0; ++ i -= again; ++ if (i % 2 != 0) { ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS); ++ goto err; ++ } ++ i /= 2; ++ if (num + i > slen) { ++ if (s == NULL) ++ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + ++ i * 2); ++ else ++ sp = (unsigned char *)OPENSSL_realloc(s, ++ (unsigned int)num + ++ i * 2); ++ if (sp == NULL) { ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ s = sp; ++ slen = num + i * 2; ++ } ++ for (j = 0; j < i; j++, k += 2) { ++ for (n = 0; n < 2; n++) { ++ m = bufp[k + n]; ++ if ((m >= '0') && (m <= '9')) ++ m -= '0'; ++ else if ((m >= 'a') && (m <= 'f')) ++ m = m - 'a' + 10; ++ else if ((m >= 'A') && (m <= 'F')) ++ m = m - 'A' + 10; ++ else { ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ++ ASN1_R_NON_HEX_CHARACTERS); ++ goto err; ++ } ++ s[num + j] <<= 4; ++ s[num + j] |= m; ++ } ++ } ++ num += i; ++ if (again) ++ bufsize = BIO_gets(bp, buf, size); ++ else ++ break; ++ } ++ bs->length = num; ++ bs->data = s; ++ ret = 1; ++ err: ++ if (0) { ++ err_sl: ++ ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); ++ } ++ if (ret != 1) ++ OPENSSL_free(s); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c +index 51fc884..2bdc78d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/f_int.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/f_int.c +@@ -1,19 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/f_int.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +-int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) ++int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) + { + int i, n = 0; + static const char *h = "0123456789ABCDEF"; +@@ -53,6 +101,7 @@ int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) + + int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) + { ++ int ret = 0; + int i, j, k, m, n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; +@@ -63,16 +112,16 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) +- goto err; ++ goto err_sl; + i = bufsize; + if (buf[i - 1] == '\n') + buf[--i] = '\0'; + if (i == 0) +- goto err; ++ goto err_sl; + if (buf[i - 1] == '\r') + buf[--i] = '\0'; + if (i == 0) +- goto err; ++ goto err_sl; + again = (buf[i - 1] == '\\'); + + for (j = 0; j < i; j++) { +@@ -98,7 +147,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) + * We have now cleared all the crap off the end of the line + */ + if (i < 2) +- goto err; ++ goto err_sl; + + bufp = (unsigned char *)buf; + if (first) { +@@ -112,24 +161,32 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) + i -= again; + if (i % 2 != 0) { + ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS); +- OPENSSL_free(s); +- return 0; ++ goto err; + } + i /= 2; + if (num + i > slen) { +- sp = OPENSSL_clear_realloc(s, slen, num + i * 2); ++ if (s == NULL) ++ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + ++ i * 2); ++ else ++ sp = OPENSSL_realloc_clean(s, slen, num + i * 2); + if (sp == NULL) { + ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(s); +- return 0; ++ goto err; + } + s = sp; + slen = num + i * 2; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { +- m = OPENSSL_hexchar2int(bufp[k + n]); +- if (m < 0) { ++ m = bufp[k + n]; ++ if ((m >= '0') && (m <= '9')) ++ m -= '0'; ++ else if ((m >= 'a') && (m <= 'f')) ++ m = m - 'a' + 10; ++ else if ((m >= 'A') && (m <= 'F')) ++ m = m - 'A' + 10; ++ else { + ASN1err(ASN1_F_A2I_ASN1_INTEGER, + ASN1_R_NON_HEX_CHARACTERS); + goto err; +@@ -146,22 +203,13 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) + } + bs->length = num; + bs->data = s; +- return 1; ++ ret = 1; + err: +- ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); +- OPENSSL_free(s); +- return 0; +-} +- +-int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) +-{ +- return i2a_ASN1_INTEGER(bp, a); +-} +- +-int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) +-{ +- int rv = a2i_ASN1_INTEGER(bp, bs, buf, size); +- if (rv == 1) +- bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG); +- return rv; ++ if (0) { ++ err_sl: ++ ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); ++ } ++ if (ret != 1) ++ OPENSSL_free(s); ++ return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c +index b9258bb..0f7b9cf 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/f_string.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/f_string.c +@@ -1,19 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/f_string.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +-int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) ++int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) + { + int i, n = 0; + static const char *h = "0123456789ABCDEF"; +@@ -47,7 +95,8 @@ int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) + + int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) + { +- int i, j, k, m, n, again, bufsize, spec_char; ++ int ret = 0; ++ int i, j, k, m, n, again, bufsize; + unsigned char *s = NULL, *sp; + unsigned char *bufp; + int num = 0, slen = 0, first = 1; +@@ -58,7 +107,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) + if (first) + break; + else +- goto err; ++ goto err_sl; + } + first = 0; + +@@ -66,27 +115,27 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) + if (buf[i - 1] == '\n') + buf[--i] = '\0'; + if (i == 0) +- goto err; ++ goto err_sl; + if (buf[i - 1] == '\r') + buf[--i] = '\0'; + if (i == 0) +- goto err; ++ goto err_sl; + again = (buf[i - 1] == '\\'); + + for (j = i - 1; j > 0; j--) { + #ifndef CHARSET_EBCDIC +- spec_char = (!(((buf[j] >= '0') && (buf[j] <= '9')) || ++ if (!(((buf[j] >= '0') && (buf[j] <= '9')) || + ((buf[j] >= 'a') && (buf[j] <= 'f')) || +- ((buf[j] >= 'A') && (buf[j] <= 'F')))); ++ ((buf[j] >= 'A') && (buf[j] <= 'F')))) + #else + /* + * This #ifdef is not strictly necessary, since the characters + * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but + * not the whole alphabet). Nevertheless, isxdigit() is faster. + */ +- spec_char = (!isxdigit(buf[j])); ++ if (!isxdigit(buf[j])) + #endif +- if (spec_char) { ++ { + i = j; + break; + } +@@ -96,7 +145,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) + * We have now cleared all the crap off the end of the line + */ + if (i < 2) +- goto err; ++ goto err_sl; + + bufp = (unsigned char *)buf; + +@@ -104,28 +153,37 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) + i -= again; + if (i % 2 != 0) { + ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS); +- OPENSSL_free(s); +- return 0; ++ goto err; + } + i /= 2; + if (num + i > slen) { +- sp = OPENSSL_realloc(s, (unsigned int)num + i * 2); ++ if (s == NULL) ++ sp = (unsigned char *)OPENSSL_malloc((unsigned int)num + ++ i * 2); ++ else ++ sp = (unsigned char *)OPENSSL_realloc(s, ++ (unsigned int)num + ++ i * 2); + if (sp == NULL) { + ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(s); +- return 0; ++ goto err; + } + s = sp; + slen = num + i * 2; + } + for (j = 0; j < i; j++, k += 2) { + for (n = 0; n < 2; n++) { +- m = OPENSSL_hexchar2int(bufp[k + n]); +- if (m < 0) { ++ m = bufp[k + n]; ++ if ((m >= '0') && (m <= '9')) ++ m -= '0'; ++ else if ((m >= 'a') && (m <= 'f')) ++ m = m - 'a' + 10; ++ else if ((m >= 'A') && (m <= 'F')) ++ m = m - 'A' + 10; ++ else { + ASN1err(ASN1_F_A2I_ASN1_STRING, + ASN1_R_NON_HEX_CHARACTERS); +- OPENSSL_free(s); +- return 0; ++ goto err; + } + s[num + j] <<= 4; + s[num + j] |= m; +@@ -139,10 +197,13 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) + } + bs->length = num; + bs->data = s; +- return 1; +- ++ ret = 1; + err: +- ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); +- OPENSSL_free(s); +- return 0; ++ if (0) { ++ err_sl: ++ ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); ++ } ++ if (ret != 1) ++ OPENSSL_free(s); ++ return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +index 445b0c8..12966ec 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/i2d_pr.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" ++#include "asn1_locl.h" + + int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) + { +diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c +index 8986c43..b8ed355 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c +@@ -1,38 +1,93 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/i2d_pu.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include +-#include +-#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++#ifndef OPENSSL_NO_EC ++# include ++#endif + + int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) + { +- switch (EVP_PKEY_id(a)) { ++ switch (a->type) { + #ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: +- return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); ++ return (i2d_RSAPublicKey(a->pkey.rsa, pp)); + #endif + #ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: +- return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp); ++ return (i2d_DSAPublicKey(a->pkey.dsa, pp)); + #endif + #ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: +- return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp); ++ return (i2o_ECPublicKey(a->pkey.ec, pp)); + #endif + default: + ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); +- return -1; ++ return (-1); + } + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +index 267ce60..bede55c 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c +@@ -1,22 +1,68 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/n_pkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "openssl/opensslconf.h" +-#ifdef OPENSSL_NO_RSA +-NON_EMPTY_TRANSLATION_UNIT +-#else +- +-# include "internal/cryptlib.h" +-# include ++#include ++#include "cryptlib.h" ++#ifndef OPENSSL_NO_RSA + # include + # include + # include ++# include + # include + # include + +@@ -41,7 +87,7 @@ typedef struct netscape_encrypted_pkey_st { + ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { + ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), + ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) +-} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) ++} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) + + DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) + DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) +@@ -51,12 +97,258 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = { + ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), + ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), + ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) +-} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) ++} ASN1_SEQUENCE_END(NETSCAPE_PKEY) + + DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) + DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) + IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) + ++static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey); ++ ++int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)) ++{ ++ return i2d_RSA_NET(a, pp, cb, 0); ++} ++ ++int i2d_RSA_NET(const RSA *a, unsigned char **pp, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey) ++{ ++ int i, j, ret = 0; ++ int rsalen, pkeylen, olen; ++ NETSCAPE_PKEY *pkey = NULL; ++ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; ++ unsigned char buf[256], *zz; ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); ++ ++ if (a == NULL) ++ return (0); ++ ++ if ((pkey = NETSCAPE_PKEY_new()) == NULL) ++ goto err; ++ if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) ++ goto err; ++ pkey->version = 0; ++ ++ pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); ++ if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ pkey->algor->parameter->type = V_ASN1_NULL; ++ ++ rsalen = i2d_RSAPrivateKey(a, NULL); ++ ++ /* ++ * Fake some octet strings just for the initial length calculation. ++ */ ++ ++ pkey->private_key->length = rsalen; ++ ++ pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); ++ ++ enckey->enckey->digest->length = pkeylen; ++ ++ enckey->os->length = 11; /* "private-key" */ ++ ++ enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); ++ if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) ++ goto err; ++ enckey->enckey->algor->parameter->type = V_ASN1_NULL; ++ ++ if (pp == NULL) { ++ olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); ++ NETSCAPE_PKEY_free(pkey); ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ return olen; ++ } ++ ++ /* Since its RC4 encrypted length is actual length */ ++ if ((zz = (unsigned char *)OPENSSL_malloc(rsalen)) == NULL) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ pkey->private_key->data = zz; ++ /* Write out private key encoding */ ++ i2d_RSAPrivateKey(a, &zz); ++ ++ if ((zz = OPENSSL_malloc(pkeylen)) == NULL) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ enckey->enckey->digest->data = zz; ++ i2d_NETSCAPE_PKEY(pkey, &zz); ++ ++ /* Wipe the private key encoding */ ++ OPENSSL_cleanse(pkey->private_key->data, rsalen); ++ ++ if (cb == NULL) ++#ifndef OPENSSL_NO_UI ++ cb = EVP_read_pw_string; ++#else ++ i = 1; ++ else ++#endif ++ i = cb((char *)buf, 256, "Enter Private Key password:", 1); ++ if (i != 0) { ++ ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); ++ goto err; ++ } ++ i = strlen((char *)buf); ++ /* If the key is used for SGC the algorithm is modified a little. */ ++ if (sgckey) { ++ if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) ++ goto err; ++ memcpy(buf + 16, "SGCKEYSALT", 10); ++ i = 26; ++ } ++ ++ if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) ++ goto err; ++ OPENSSL_cleanse(buf, 256); ++ ++ /* Encrypt private key in place */ ++ zz = enckey->enckey->digest->data; ++ if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) ++ goto err; ++ if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen)) ++ goto err; ++ if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j)) ++ goto err; ++ ++ ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); ++ err: ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ NETSCAPE_PKEY_free(pkey); ++ return (ret); ++} ++ ++RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify)) ++{ ++ return d2i_RSA_NET(a, pp, length, cb, 0); ++} ++ ++RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey) ++{ ++ RSA *ret = NULL; ++ const unsigned char *p; ++ NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; ++ ++ p = *pp; ++ ++ enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); ++ if (!enckey) { ++ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR); ++ return NULL; ++ } ++ ++ if ((enckey->os->length != 11) || (strncmp("private-key", ++ (char *)enckey->os->data, ++ 11) != 0)) { ++ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING); ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ return NULL; ++ } ++ if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { ++ ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); ++ goto err; ++ } ++ if (cb == NULL) ++#ifndef OPENSSL_NO_UI ++ cb = EVP_read_pw_string; ++#else ++ goto err; ++#endif ++ if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL) ++ goto err; ++ ++ *pp = p; ++ ++ err: ++ NETSCAPE_ENCRYPTED_PKEY_free(enckey); ++ return ret; ++ ++} ++ ++static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, ++ int (*cb) (char *buf, int len, const char *prompt, ++ int verify), int sgckey) ++{ ++ NETSCAPE_PKEY *pkey = NULL; ++ RSA *ret = NULL; ++ int i, j; ++ unsigned char buf[256]; ++ const unsigned char *zz; ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX_init(&ctx); ++ ++ i = cb((char *)buf, 256, "Enter Private Key password:", 0); ++ if (i != 0) { ++ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); ++ goto err; ++ } ++ ++ i = strlen((char *)buf); ++ if (sgckey) { ++ if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) ++ goto err; ++ memcpy(buf + 16, "SGCKEYSALT", 10); ++ i = 26; ++ } ++ ++ if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL)) ++ goto err; ++ OPENSSL_cleanse(buf, 256); ++ ++ if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) ++ goto err; ++ if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length)) ++ goto err; ++ if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j)) ++ goto err; ++ os->length = i + j; ++ ++ zz = os->data; ++ ++ if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { ++ ASN1err(ASN1_F_D2I_RSA_NET_2, ++ ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); ++ goto err; ++ } ++ ++ zz = pkey->private_key->data; ++ if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) { ++ ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY); ++ goto err; ++ } ++ err: ++ EVP_CIPHER_CTX_cleanup(&ctx); ++ NETSCAPE_PKEY_free(pkey); ++ return (ret); ++} ++ + # endif /* OPENSSL_NO_RC4 */ + ++#else /* !OPENSSL_NO_RSA */ ++ ++# if PEDANTIC ++static void *dummy = &dummy; ++# endif ++ + #endif +diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +index c7baf40..f2f7cba 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c +@@ -1,10 +1,60 @@ ++/* nsseq.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +index ab7e168..e2a1def 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c +@@ -1,14 +1,64 @@ ++/* p5_pbe.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -29,10 +79,10 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + { + PBEPARAM *pbe = NULL; + ASN1_STRING *pbe_str = NULL; +- unsigned char *sstr = NULL; ++ unsigned char *sstr; + + pbe = PBEPARAM_new(); +- if (pbe == NULL) { ++ if (!pbe) { + ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -44,20 +94,16 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + } + if (!saltlen) + saltlen = PKCS5_SALT_LEN; +- +- sstr = OPENSSL_malloc(saltlen); +- if (sstr == NULL) { ++ if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { + ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + goto err; + } ++ sstr = ASN1_STRING_data(pbe->salt); + if (salt) + memcpy(sstr, salt, saltlen); + else if (RAND_bytes(sstr, saltlen) <= 0) + goto err; + +- ASN1_STRING_set0(pbe->salt, sstr, saltlen); +- sstr = NULL; +- + if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { + ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + goto err; +@@ -70,9 +116,10 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + return 1; + + err: +- OPENSSL_free(sstr); +- PBEPARAM_free(pbe); +- ASN1_STRING_free(pbe_str); ++ if (pbe != NULL) ++ PBEPARAM_free(pbe); ++ if (pbe_str != NULL) ++ ASN1_STRING_free(pbe_str); + return 0; + } + +@@ -83,7 +130,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + { + X509_ALGOR *ret; + ret = X509_ALGOR_new(); +- if (ret == NULL) { ++ if (!ret) { + ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +index 14e8700..4c037d3 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c +@@ -1,14 +1,64 @@ ++/* p5_pbev2.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999-2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -43,7 +93,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + { + X509_ALGOR *scheme = NULL, *ret = NULL; + int alg_nid, keylen; +- EVP_CIPHER_CTX *ctx = NULL; ++ EVP_CIPHER_CTX ctx; + unsigned char iv[EVP_MAX_IV_LENGTH]; + PBE2PARAM *pbe2 = NULL; + +@@ -54,13 +104,14 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + goto err; + } + +- if ((pbe2 = PBE2PARAM_new()) == NULL) ++ if (!(pbe2 = PBE2PARAM_new())) + goto merr; + + /* Setup the AlgorithmIdentifier for the encryption scheme */ + scheme = pbe2->encryption; ++ + scheme->algorithm = OBJ_nid2obj(alg_nid); +- if ((scheme->parameter = ASN1_TYPE_new()) == NULL) ++ if (!(scheme->parameter = ASN1_TYPE_new())) + goto merr; + + /* Create random IV */ +@@ -71,15 +122,14 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + goto err; + } + +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) +- goto merr; ++ EVP_CIPHER_CTX_init(&ctx); + + /* Dummy cipherinit to just setup the IV, and PRF */ +- if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) ++ if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) + goto err; +- if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { ++ if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { + ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); ++ EVP_CIPHER_CTX_cleanup(&ctx); + goto err; + } + /* +@@ -87,12 +137,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + * here: just means use default PRF. + */ + if ((prf_nid == -1) && +- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { ++ EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { + ERR_clear_error(); +- prf_nid = NID_hmacWithSHA256; ++ prf_nid = NID_hmacWithSHA1; + } +- EVP_CIPHER_CTX_free(ctx); +- ctx = NULL; ++ EVP_CIPHER_CTX_cleanup(&ctx); + + /* If its RC2 then we'd better setup the key length */ + +@@ -112,16 +161,19 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + + /* Now set up top level AlgorithmIdentifier */ + +- if ((ret = X509_ALGOR_new()) == NULL) ++ if (!(ret = X509_ALGOR_new())) ++ goto merr; ++ if (!(ret->parameter = ASN1_TYPE_new())) + goto merr; + + ret->algorithm = OBJ_nid2obj(NID_pbes2); + + /* Encode PBE2PARAM into parameter */ + +- if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, +- &ret->parameter)) ++ if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM), ++ &ret->parameter->value.sequence)) + goto merr; ++ ret->parameter->type = V_ASN1_SEQUENCE; + + PBE2PARAM_free(pbe2); + pbe2 = NULL; +@@ -132,7 +184,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); + + err: +- EVP_CIPHER_CTX_free(ctx); + PBE2PARAM_free(pbe2); + /* Note 'scheme' is freed as part of pbe2 */ + X509_ALGOR_free(ret); +@@ -153,17 +204,17 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + PBKDF2PARAM *kdf = NULL; + ASN1_OCTET_STRING *osalt = NULL; + +- if ((kdf = PBKDF2PARAM_new()) == NULL) ++ if (!(kdf = PBKDF2PARAM_new())) + goto merr; +- if ((osalt = ASN1_OCTET_STRING_new()) == NULL) ++ if (!(osalt = M_ASN1_OCTET_STRING_new())) + goto merr; + + kdf->salt->value.octet_string = osalt; + kdf->salt->type = V_ASN1_OCTET_STRING; + +- if (saltlen == 0) ++ if (!saltlen) + saltlen = PKCS5_SALT_LEN; +- if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) ++ if (!(osalt->data = OPENSSL_malloc(saltlen))) + goto merr; + + osalt->length = saltlen; +@@ -182,7 +233,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + /* If have a key len set it up */ + + if (keylen > 0) { +- if ((kdf->keylength = ASN1_INTEGER_new()) == NULL) ++ if (!(kdf->keylength = M_ASN1_INTEGER_new())) + goto merr; + if (!ASN1_INTEGER_set(kdf->keylength, keylen)) + goto merr; +@@ -191,7 +242,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + /* prf can stay NULL if we are using hmacWithSHA1 */ + if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { + kdf->prf = X509_ALGOR_new(); +- if (kdf->prf == NULL) ++ if (!kdf->prf) + goto merr; + X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL); + } +@@ -199,16 +250,20 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + /* Finally setup the keyfunc structure */ + + keyfunc = X509_ALGOR_new(); +- if (keyfunc == NULL) ++ if (!keyfunc) + goto merr; + + keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); + + /* Encode PBKDF2PARAM into parameter of pbe2 */ + +- if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf, +- &keyfunc->parameter)) ++ if (!(keyfunc->parameter = ASN1_TYPE_new())) ++ goto merr; ++ ++ if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM), ++ &keyfunc->parameter->value.sequence)) + goto merr; ++ keyfunc->parameter->type = V_ASN1_SEQUENCE; + + PBKDF2PARAM_free(kdf); + return keyfunc; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c b/Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c +deleted file mode 100644 +index 4cb7837..0000000 +--- a/Cryptlib/OpenSSL/crypto/asn1/p5_scrypt.c ++++ /dev/null +@@ -1,283 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_NO_SCRYPT +-/* PKCS#5 scrypt password based encryption structures */ +- +-typedef struct { +- ASN1_OCTET_STRING *salt; +- ASN1_INTEGER *costParameter; +- ASN1_INTEGER *blockSize; +- ASN1_INTEGER *parallelizationParameter; +- ASN1_INTEGER *keyLength; +-} SCRYPT_PARAMS; +- +-ASN1_SEQUENCE(SCRYPT_PARAMS) = { +- ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING), +- ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER), +- ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), +- ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), +- ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), +-} static_ASN1_SEQUENCE_END(SCRYPT_PARAMS) +- +-DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) +-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) +- +-static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, +- size_t keylen, uint64_t N, uint64_t r, +- uint64_t p); +- +-/* +- * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt +- */ +- +-X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, +- const unsigned char *salt, int saltlen, +- unsigned char *aiv, uint64_t N, uint64_t r, +- uint64_t p) +-{ +- X509_ALGOR *scheme = NULL, *ret = NULL; +- int alg_nid; +- size_t keylen = 0; +- EVP_CIPHER_CTX *ctx = NULL; +- unsigned char iv[EVP_MAX_IV_LENGTH]; +- PBE2PARAM *pbe2 = NULL; +- +- if (!cipher) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER); +- goto err; +- } +- +- if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, +- ASN1_R_INVALID_SCRYPT_PARAMETERS); +- goto err; +- } +- +- alg_nid = EVP_CIPHER_type(cipher); +- if (alg_nid == NID_undef) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, +- ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); +- goto err; +- } +- +- pbe2 = PBE2PARAM_new(); +- if (pbe2 == NULL) +- goto merr; +- +- /* Setup the AlgorithmIdentifier for the encryption scheme */ +- scheme = pbe2->encryption; +- +- scheme->algorithm = OBJ_nid2obj(alg_nid); +- scheme->parameter = ASN1_TYPE_new(); +- if (scheme->parameter == NULL) +- goto merr; +- +- /* Create random IV */ +- if (EVP_CIPHER_iv_length(cipher)) { +- if (aiv) +- memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); +- else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) +- goto err; +- } +- +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) +- goto merr; +- +- /* Dummy cipherinit to just setup the IV */ +- if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) +- goto err; +- if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) < 0) { +- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, +- ASN1_R_ERROR_SETTING_CIPHER_PARAMS); +- goto err; +- } +- EVP_CIPHER_CTX_free(ctx); +- ctx = NULL; +- +- /* If its RC2 then we'd better setup the key length */ +- +- if (alg_nid == NID_rc2_cbc) +- keylen = EVP_CIPHER_key_length(cipher); +- +- /* Setup keyfunc */ +- +- X509_ALGOR_free(pbe2->keyfunc); +- +- pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p); +- +- if (pbe2->keyfunc == NULL) +- goto merr; +- +- /* Now set up top level AlgorithmIdentifier */ +- +- ret = X509_ALGOR_new(); +- if (ret == NULL) +- goto merr; +- +- ret->algorithm = OBJ_nid2obj(NID_pbes2); +- +- /* Encode PBE2PARAM into parameter */ +- +- if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, +- &ret->parameter) == NULL) +- goto merr; +- +- PBE2PARAM_free(pbe2); +- pbe2 = NULL; +- +- return ret; +- +- merr: +- ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE); +- +- err: +- PBE2PARAM_free(pbe2); +- X509_ALGOR_free(ret); +- EVP_CIPHER_CTX_free(ctx); +- +- return NULL; +-} +- +-static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, +- size_t keylen, uint64_t N, uint64_t r, +- uint64_t p) +-{ +- X509_ALGOR *keyfunc = NULL; +- SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new(); +- +- if (sparam == NULL) +- goto merr; +- +- if (!saltlen) +- saltlen = PKCS5_SALT_LEN; +- +- /* This will either copy salt or grow the buffer */ +- if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0) +- goto merr; +- +- if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0) +- goto err; +- +- if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0) +- goto merr; +- +- if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0) +- goto merr; +- +- if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0) +- goto merr; +- +- /* If have a key len set it up */ +- +- if (keylen > 0) { +- sparam->keyLength = ASN1_INTEGER_new(); +- if (sparam->keyLength == NULL) +- goto merr; +- if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0) +- goto merr; +- } +- +- /* Finally setup the keyfunc structure */ +- +- keyfunc = X509_ALGOR_new(); +- if (keyfunc == NULL) +- goto merr; +- +- keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt); +- +- /* Encode SCRYPT_PARAMS into parameter of pbe2 */ +- +- if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam, +- &keyfunc->parameter) == NULL) +- goto merr; +- +- SCRYPT_PARAMS_free(sparam); +- return keyfunc; +- +- merr: +- ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE); +- err: +- SCRYPT_PARAMS_free(sparam); +- X509_ALGOR_free(keyfunc); +- return NULL; +-} +- +-int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, +- int passlen, ASN1_TYPE *param, +- const EVP_CIPHER *c, const EVP_MD *md, int en_de) +-{ +- unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; +- uint64_t p, r, N; +- size_t saltlen; +- size_t keylen = 0; +- int rv = 0; +- SCRYPT_PARAMS *sparam = NULL; +- +- if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { +- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET); +- goto err; +- } +- +- /* Decode parameter */ +- +- sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param); +- +- if (sparam == NULL) { +- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR); +- goto err; +- } +- +- keylen = EVP_CIPHER_CTX_key_length(ctx); +- +- /* Now check the parameters of sparam */ +- +- if (sparam->keyLength) { +- uint64_t spkeylen; +- if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0) +- || (spkeylen != keylen)) { +- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, +- EVP_R_UNSUPPORTED_KEYLENGTH); +- goto err; +- } +- } +- /* Check all parameters fit in uint64_t and are acceptable to scrypt */ +- if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0 +- || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0 +- || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0 +- || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { +- EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, +- EVP_R_ILLEGAL_SCRYPT_PARAMETERS); +- goto err; +- } +- +- /* it seems that its all OK */ +- +- salt = sparam->salt->data; +- saltlen = sparam->salt->length; +- if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen) +- == 0) +- goto err; +- rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); +- err: +- if (keylen) +- OPENSSL_cleanse(key, keylen); +- SCRYPT_PARAMS_free(sparam); +- return rv; +-} +-#endif /* OPENSSL_NO_SCRYPT */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +index dbee827..0a425cd 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c +@@ -1,17 +1,66 @@ ++/* p8_pkey.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + + /* Minor tweak to operation: zero private key data */ + static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, +@@ -20,8 +69,10 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ + if (operation == ASN1_OP_FREE_PRE) { + PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; +- if (key->pkey) +- OPENSSL_cleanse(key->pkey->data, key->pkey->length); ++ if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING ++ && key->pkey->value.octet_string != NULL) ++ OPENSSL_cleanse(key->pkey->value.octet_string->data, ++ key->pkey->value.octet_string->length); + } + return 1; + } +@@ -29,7 +80,7 @@ static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { + ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), + ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), +- ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), + ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) + } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) + +@@ -39,42 +90,56 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, + int version, + int ptype, void *pval, unsigned char *penc, int penclen) + { ++ unsigned char **ppenc = NULL; + if (version >= 0) { + if (!ASN1_INTEGER_set(priv->version, version)) + return 0; + } +- if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) ++ if (penc) { ++ int pmtype; ++ ASN1_OCTET_STRING *oct; ++ oct = ASN1_OCTET_STRING_new(); ++ if (!oct) ++ return 0; ++ oct->data = penc; ++ ppenc = &oct->data; ++ oct->length = penclen; ++ if (priv->broken == PKCS8_NO_OCTET) ++ pmtype = V_ASN1_SEQUENCE; ++ else ++ pmtype = V_ASN1_OCTET_STRING; ++ ASN1_TYPE_set(priv->pkey, pmtype, oct); ++ } ++ if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) { ++ /* If call fails do not swallow 'enc' */ ++ if (ppenc) ++ *ppenc = NULL; + return 0; +- if (penc) +- ASN1_STRING_set0(priv->pkey, penc, penclen); ++ } + return 1; + } + +-int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, ++int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, +- const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8) ++ X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) + { + if (ppkalg) + *ppkalg = p8->pkeyalg->algorithm; +- if (pk) { +- *pk = ASN1_STRING_get0_data(p8->pkey); +- *ppklen = ASN1_STRING_length(p8->pkey); +- } ++ if (p8->pkey->type == V_ASN1_OCTET_STRING) { ++ p8->broken = PKCS8_OK; ++ if (pk) { ++ *pk = p8->pkey->value.octet_string->data; ++ *ppklen = p8->pkey->value.octet_string->length; ++ } ++ } else if (p8->pkey->type == V_ASN1_SEQUENCE) { ++ p8->broken = PKCS8_NO_OCTET; ++ if (pk) { ++ *pk = p8->pkey->value.sequence->data; ++ *ppklen = p8->pkey->value.sequence->length; ++ } ++ } else ++ return 0; + if (pa) + *pa = p8->pkeyalg; + return 1; + } +- +-const STACK_OF(X509_ATTRIBUTE) * +-PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8) +-{ +- return p8->attributes; +-} +- +-int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, +- const unsigned char *bytes, int len) +-{ +- if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL) +- return 1; +- return 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c +index c0aeca4..d5cf3c7 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c +@@ -1,14 +1,64 @@ ++/* t_bitst.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -30,7 +80,7 @@ int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + return 1; + } + +-int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, ++int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl) + { + int bitnum; +@@ -44,12 +94,11 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + return 1; + } + +-int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl) ++int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) + { + BIT_STRING_BITNAME *bnam; + for (bnam = tbl; bnam->lname; bnam++) { +- if ((strcmp(bnam->sname, name) == 0) +- || (strcmp(bnam->lname, name) == 0)) ++ if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name)) + return bnam->bitnum; + } + return -1; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +new file mode 100644 +index 0000000..0dfaf0b +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c +@@ -0,0 +1,133 @@ ++/* t_crl.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include ++ ++#ifndef OPENSSL_NO_FP_API ++int X509_CRL_print_fp(FILE *fp, X509_CRL *x) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = X509_CRL_print(b, x); ++ BIO_free(b); ++ return (ret); ++} ++#endif ++ ++int X509_CRL_print(BIO *out, X509_CRL *x) ++{ ++ STACK_OF(X509_REVOKED) *rev; ++ X509_REVOKED *r; ++ long l; ++ int i; ++ char *p; ++ ++ BIO_printf(out, "Certificate Revocation List (CRL):\n"); ++ l = X509_CRL_get_version(x); ++ BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); ++ i = OBJ_obj2nid(x->sig_alg->algorithm); ++ X509_signature_print(out, x->sig_alg, NULL); ++ p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); ++ BIO_printf(out, "%8sIssuer: %s\n", "", p); ++ OPENSSL_free(p); ++ BIO_printf(out, "%8sLast Update: ", ""); ++ ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); ++ BIO_printf(out, "\n%8sNext Update: ", ""); ++ if (X509_CRL_get_nextUpdate(x)) ++ ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); ++ else ++ BIO_printf(out, "NONE"); ++ BIO_printf(out, "\n"); ++ ++ X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8); ++ ++ rev = X509_CRL_get_REVOKED(x); ++ ++ if (sk_X509_REVOKED_num(rev) > 0) ++ BIO_printf(out, "Revoked Certificates:\n"); ++ else ++ BIO_printf(out, "No Revoked Certificates.\n"); ++ ++ for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { ++ r = sk_X509_REVOKED_value(rev, i); ++ BIO_printf(out, " Serial Number: "); ++ i2a_ASN1_INTEGER(out, r->serialNumber); ++ BIO_printf(out, "\n Revocation Date: "); ++ ASN1_TIME_print(out, r->revocationDate); ++ BIO_printf(out, "\n"); ++ X509V3_extensions_print(out, "CRL entry extensions", ++ r->extensions, 0, 8); ++ } ++ X509_signature_print(out, x->sig_alg, x->signature); ++ ++ return 1; ++ ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +index 3b2c9df..735c342 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c +@@ -1,59 +1,77 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/t_pkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/bn_int.h" +- +-/* Number of octets per line */ +-#define ASN1_BUF_PRINT_WIDTH 15 +-/* Maximum indent */ +-#define ASN1_PRINT_MAX_INDENT 128 +- +-int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent) +-{ +- size_t i; +- +- for (i = 0; i < buflen; i++) { +- if ((i % ASN1_BUF_PRINT_WIDTH) == 0) { +- if (i > 0 && BIO_puts(bp, "\n") <= 0) +- return 0; +- if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT)) +- return 0; +- } +- /* +- * Use colon separators for each octet for compatibility as +- * this function is used to print out key components. +- */ +- if (BIO_printf(bp, "%02x%s", buf[i], +- (i == buflen - 1) ? "" : ":") <= 0) +- return 0; +- } +- if (BIO_write(bp, "\n", 1) <= 0) +- return 0; +- return 1; +-} ++#include + + int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, +- unsigned char *ign, int indent) ++ unsigned char *buf, int off) + { +- int n, rv = 0; ++ int n, i; + const char *neg; +- unsigned char *buf = NULL, *tmp = NULL; +- int buflen; + + if (num == NULL) +- return 1; +- neg = BN_is_negative(num) ? "-" : ""; +- if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT)) ++ return (1); ++ neg = (BN_is_negative(num)) ? "-" : ""; ++ if (!BIO_indent(bp, off, 128)) + return 0; + if (BN_is_zero(num)) { + if (BIO_printf(bp, "%s 0\n", number) <= 0) +@@ -63,31 +81,33 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + + if (BN_num_bytes(num) <= BN_BYTES) { + if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, +- (unsigned long)bn_get_words(num)[0], neg, +- (unsigned long)bn_get_words(num)[0]) <= 0) +- return 0; +- return 1; +- } +- +- buflen = BN_num_bytes(num) + 1; +- buf = tmp = OPENSSL_malloc(buflen); +- if (buf == NULL) +- goto err; +- buf[0] = 0; +- if (BIO_printf(bp, "%s%s\n", number, +- (neg[0] == '-') ? " (Negative)" : "") <= 0) +- goto err; +- n = BN_bn2bin(num, buf + 1); ++ (unsigned long)num->d[0], neg, ++ (unsigned long)num->d[0]) ++ <= 0) ++ return (0); ++ } else { ++ buf[0] = 0; ++ if (BIO_printf(bp, "%s%s", number, ++ (neg[0] == '-') ? " (Negative)" : "") <= 0) ++ return (0); ++ n = BN_bn2bin(num, &buf[1]); + +- if (buf[1] & 0x80) +- n++; +- else +- tmp++; ++ if (buf[1] & 0x80) ++ n++; ++ else ++ buf++; + +- if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0) +- goto err; +- rv = 1; +- err: +- OPENSSL_clear_free(buf, buflen); +- return rv; ++ for (i = 0; i < n; i++) { ++ if ((i % 15) == 0) { ++ if (BIO_puts(bp, "\n") <= 0 || !BIO_indent(bp, off + 4, 128)) ++ return 0; ++ } ++ if (BIO_printf(bp, "%02x%s", buf[i], ((i + 1) == n) ? "" : ":") ++ <= 0) ++ return (0); ++ } ++ if (BIO_write(bp, "\n", 1) <= 0) ++ return (0); ++ } ++ return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +new file mode 100644 +index 0000000..70aba4c +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c +@@ -0,0 +1,255 @@ ++/* crypto/asn1/t_req.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++ ++#ifndef OPENSSL_NO_FP_API ++int X509_REQ_print_fp(FILE *fp, X509_REQ *x) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = X509_REQ_print(b, x); ++ BIO_free(b); ++ return (ret); ++} ++#endif ++ ++int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, ++ unsigned long cflag) ++{ ++ unsigned long l; ++ int i; ++ const char *neg; ++ X509_REQ_INFO *ri; ++ EVP_PKEY *pkey; ++ STACK_OF(X509_ATTRIBUTE) *sk; ++ STACK_OF(X509_EXTENSION) *exts; ++ char mlch = ' '; ++ int nmindent = 0; ++ ++ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { ++ mlch = '\n'; ++ nmindent = 12; ++ } ++ ++ if (nmflags == X509_FLAG_COMPAT) ++ nmindent = 16; ++ ++ ri = x->req_info; ++ if (!(cflag & X509_FLAG_NO_HEADER)) { ++ if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) ++ goto err; ++ if (BIO_write(bp, " Data:\n", 10) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_VERSION)) { ++ neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : ""; ++ l = 0; ++ for (i = 0; i < ri->version->length; i++) { ++ l <<= 8; ++ l += ri->version->data[i]; ++ } ++ if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, l, neg, ++ l) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_SUBJECT)) { ++ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) ++ goto err; ++ if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_PUBKEY)) { ++ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) ++ goto err; ++ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) ++ goto err; ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; ++ ++ pkey = X509_REQ_get_pubkey(x); ++ if (pkey == NULL) { ++ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ++ ERR_print_errors(bp); ++ } else { ++ EVP_PKEY_print_public(bp, pkey, 16, NULL); ++ EVP_PKEY_free(pkey); ++ } ++ } ++ ++ if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { ++ /* may not be */ ++ if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) ++ goto err; ++ ++ sk = x->req_info->attributes; ++ if (sk_X509_ATTRIBUTE_num(sk) == 0) { ++ if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) ++ goto err; ++ } else { ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { ++ ASN1_TYPE *at; ++ X509_ATTRIBUTE *a; ++ ASN1_BIT_STRING *bs = NULL; ++ ASN1_TYPE *t; ++ int j, type = 0, count = 1, ii = 0; ++ ++ a = sk_X509_ATTRIBUTE_value(sk, i); ++ if (X509_REQ_extension_nid(OBJ_obj2nid(a->object))) ++ continue; ++ if (BIO_printf(bp, "%12s", "") <= 0) ++ goto err; ++ if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { ++ if (a->single) { ++ t = a->value.single; ++ type = t->type; ++ bs = t->value.bit_string; ++ } else { ++ ii = 0; ++ count = sk_ASN1_TYPE_num(a->value.set); ++ get_next: ++ at = sk_ASN1_TYPE_value(a->value.set, ii); ++ type = at->type; ++ bs = at->value.asn1_string; ++ } ++ } ++ for (j = 25 - j; j > 0; j--) ++ if (BIO_write(bp, " ", 1) != 1) ++ goto err; ++ if (BIO_puts(bp, ":") <= 0) ++ goto err; ++ if ((type == V_ASN1_PRINTABLESTRING) || ++ (type == V_ASN1_UTF8STRING) || ++ (type == V_ASN1_T61STRING) || ++ (type == V_ASN1_IA5STRING)) { ++ if (BIO_write(bp, (char *)bs->data, bs->length) ++ != bs->length) ++ goto err; ++ BIO_puts(bp, "\n"); ++ } else { ++ BIO_puts(bp, "unable to print attribute\n"); ++ } ++ if (++ii < count) ++ goto get_next; ++ } ++ } ++ } ++ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { ++ exts = X509_REQ_get_extensions(x); ++ if (exts) { ++ BIO_printf(bp, "%8sRequested Extensions:\n", ""); ++ for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { ++ ASN1_OBJECT *obj; ++ X509_EXTENSION *ex; ++ int j; ++ ex = sk_X509_EXTENSION_value(exts, i); ++ if (BIO_printf(bp, "%12s", "") <= 0) ++ goto err; ++ obj = X509_EXTENSION_get_object(ex); ++ i2a_ASN1_OBJECT(bp, obj); ++ j = X509_EXTENSION_get_critical(ex); ++ if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0) ++ goto err; ++ if (!X509V3_EXT_print(bp, ex, cflag, 16)) { ++ BIO_printf(bp, "%16s", ""); ++ M_ASN1_OCTET_STRING_print(bp, ex->value); ++ } ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ++ } ++ } ++ ++ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { ++ if (!X509_signature_print(bp, x->sig_alg, x->signature)) ++ goto err; ++ } ++ ++ return (1); ++ err: ++ X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); ++ return (0); ++} ++ ++int X509_REQ_print(BIO *bp, X509_REQ *x) ++{ ++ return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +index 51b56d0..3bf48db 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c +@@ -1,18 +1,72 @@ ++/* t_spki.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include +-#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif + #include + + /* Print out an SPKI */ +@@ -21,12 +75,10 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) + { + EVP_PKEY *pkey; + ASN1_IA5STRING *chal; +- ASN1_OBJECT *spkioid; + int i, n; + char *s; + BIO_printf(out, "Netscape SPKI:\n"); +- X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey); +- i = OBJ_obj2nid(spkioid); ++ i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); + BIO_printf(out, " Public Key Algorithm: %s\n", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + pkey = X509_PUBKEY_get(spki->spkac->pubkey); +@@ -39,7 +91,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) + chal = spki->spkac->challenge; + if (chal->length) + BIO_printf(out, " Challenge String: %s\n", chal->data); +- i = OBJ_obj2nid(spki->sig_algor.algorithm); ++ i = OBJ_obj2nid(spki->sig_algor->algorithm); + BIO_printf(out, " Signature Algorithm: %s", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +new file mode 100644 +index 0000000..8888396 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c +@@ -0,0 +1,556 @@ ++/* crypto/asn1/t_x509.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++#ifndef OPENSSL_NO_EC ++# include ++#endif ++#include ++#include ++#include ++#include "asn1_locl.h" ++ ++#ifndef OPENSSL_NO_FP_API ++int X509_print_fp(FILE *fp, X509 *x) ++{ ++ return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); ++} ++ ++int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, ++ unsigned long cflag) ++{ ++ BIO *b; ++ int ret; ++ ++ if ((b = BIO_new(BIO_s_file())) == NULL) { ++ X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); ++ return (0); ++ } ++ BIO_set_fp(b, fp, BIO_NOCLOSE); ++ ret = X509_print_ex(b, x, nmflag, cflag); ++ BIO_free(b); ++ return (ret); ++} ++#endif ++ ++int X509_print(BIO *bp, X509 *x) ++{ ++ return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); ++} ++ ++int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, ++ unsigned long cflag) ++{ ++ long l; ++ int ret = 0, i; ++ char *m = NULL, mlch = ' '; ++ int nmindent = 0; ++ X509_CINF *ci; ++ ASN1_INTEGER *bs; ++ EVP_PKEY *pkey = NULL; ++ const char *neg; ++ ++ if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { ++ mlch = '\n'; ++ nmindent = 12; ++ } ++ ++ if (nmflags == X509_FLAG_COMPAT) ++ nmindent = 16; ++ ++ ci = x->cert_info; ++ if (!(cflag & X509_FLAG_NO_HEADER)) { ++ if (BIO_write(bp, "Certificate:\n", 13) <= 0) ++ goto err; ++ if (BIO_write(bp, " Data:\n", 10) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_VERSION)) { ++ l = X509_get_version(x); ++ if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_SERIAL)) { ++ ++ if (BIO_write(bp, " Serial Number:", 22) <= 0) ++ goto err; ++ ++ bs = X509_get_serialNumber(x); ++ if (bs->length < (int)sizeof(long) ++ || (bs->length == sizeof(long) && (bs->data[0] & 0x80) == 0)) { ++ l = ASN1_INTEGER_get(bs); ++ if (bs->type == V_ASN1_NEG_INTEGER) { ++ l = -l; ++ neg = "-"; ++ } else ++ neg = ""; ++ if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0) ++ goto err; ++ } else { ++ neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; ++ if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) ++ goto err; ++ ++ for (i = 0; i < bs->length; i++) { ++ if (BIO_printf(bp, "%02x%c", bs->data[i], ++ ((i + 1 == bs->length) ? '\n' : ':')) <= 0) ++ goto err; ++ } ++ } ++ ++ } ++ ++ if (!(cflag & X509_FLAG_NO_SIGNAME)) { ++ if (X509_signature_print(bp, ci->signature, NULL) <= 0) ++ goto err; ++#if 0 ++ if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) ++ goto err; ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; ++#endif ++ } ++ ++ if (!(cflag & X509_FLAG_NO_ISSUER)) { ++ if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) ++ goto err; ++ if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) ++ < 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_VALIDITY)) { ++ if (BIO_write(bp, " Validity\n", 17) <= 0) ++ goto err; ++ if (BIO_write(bp, " Not Before: ", 24) <= 0) ++ goto err; ++ if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) ++ goto err; ++ if (BIO_write(bp, "\n Not After : ", 25) <= 0) ++ goto err; ++ if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_SUBJECT)) { ++ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) ++ goto err; ++ if (X509_NAME_print_ex ++ (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_PUBKEY)) { ++ if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) ++ goto err; ++ if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) ++ goto err; ++ if (BIO_puts(bp, "\n") <= 0) ++ goto err; ++ ++ pkey = X509_get_pubkey(x); ++ if (pkey == NULL) { ++ BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ++ ERR_print_errors(bp); ++ } else { ++ EVP_PKEY_print_public(bp, pkey, 16, NULL); ++ EVP_PKEY_free(pkey); ++ } ++ } ++ ++ if (!(cflag & X509_FLAG_NO_IDS)) { ++ if (ci->issuerUID) { ++ if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) ++ goto err; ++ if (!X509_signature_dump(bp, ci->issuerUID, 12)) ++ goto err; ++ } ++ if (ci->subjectUID) { ++ if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) ++ goto err; ++ if (!X509_signature_dump(bp, ci->subjectUID, 12)) ++ goto err; ++ } ++ } ++ ++ if (!(cflag & X509_FLAG_NO_EXTENSIONS)) ++ X509V3_extensions_print(bp, "X509v3 extensions", ++ ci->extensions, cflag, 8); ++ ++ if (!(cflag & X509_FLAG_NO_SIGDUMP)) { ++ if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) ++ goto err; ++ } ++ if (!(cflag & X509_FLAG_NO_AUX)) { ++ if (!X509_CERT_AUX_print(bp, x->aux, 0)) ++ goto err; ++ } ++ ret = 1; ++ err: ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); ++} ++ ++int X509_ocspid_print(BIO *bp, X509 *x) ++{ ++ unsigned char *der = NULL; ++ unsigned char *dertmp; ++ int derlen; ++ int i; ++ unsigned char SHA1md[SHA_DIGEST_LENGTH]; ++ ++ /* ++ * display the hash of the subject as it would appear in OCSP requests ++ */ ++ if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) ++ goto err; ++ derlen = i2d_X509_NAME(x->cert_info->subject, NULL); ++ if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL) ++ goto err; ++ i2d_X509_NAME(x->cert_info->subject, &dertmp); ++ ++ if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) ++ goto err; ++ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { ++ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) ++ goto err; ++ } ++ OPENSSL_free(der); ++ der = NULL; ++ ++ /* ++ * display the hash of the public key as it would appear in OCSP requests ++ */ ++ if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) ++ goto err; ++ ++ if (!EVP_Digest(x->cert_info->key->public_key->data, ++ x->cert_info->key->public_key->length, ++ SHA1md, NULL, EVP_sha1(), NULL)) ++ goto err; ++ for (i = 0; i < SHA_DIGEST_LENGTH; i++) { ++ if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) ++ goto err; ++ } ++ BIO_printf(bp, "\n"); ++ ++ return (1); ++ err: ++ if (der != NULL) ++ OPENSSL_free(der); ++ return (0); ++} ++ ++int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) ++{ ++ const unsigned char *s; ++ int i, n; ++ ++ n = sig->length; ++ s = sig->data; ++ for (i = 0; i < n; i++) { ++ if ((i % 18) == 0) { ++ if (BIO_write(bp, "\n", 1) <= 0) ++ return 0; ++ if (BIO_indent(bp, indent, indent) <= 0) ++ return 0; ++ } ++ if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) ++ return 0; ++ } ++ if (BIO_write(bp, "\n", 1) != 1) ++ return 0; ++ ++ return 1; ++} ++ ++int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) ++{ ++ int sig_nid; ++ if (BIO_puts(bp, " Signature Algorithm: ") <= 0) ++ return 0; ++ if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) ++ return 0; ++ ++ sig_nid = OBJ_obj2nid(sigalg->algorithm); ++ if (sig_nid != NID_undef) { ++ int pkey_nid, dig_nid; ++ const EVP_PKEY_ASN1_METHOD *ameth; ++ if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { ++ ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); ++ if (ameth && ameth->sig_print) ++ return ameth->sig_print(bp, sigalg, sig, 9, 0); ++ } ++ } ++ if (sig) ++ return X509_signature_dump(bp, sig, 9); ++ else if (BIO_puts(bp, "\n") <= 0) ++ return 0; ++ return 1; ++} ++ ++int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) ++{ ++ int i, n; ++ char buf[80]; ++ const char *p; ++ ++ if (v == NULL) ++ return (0); ++ n = 0; ++ p = (const char *)v->data; ++ for (i = 0; i < v->length; i++) { ++ if ((p[i] > '~') || ((p[i] < ' ') && ++ (p[i] != '\n') && (p[i] != '\r'))) ++ buf[n] = '.'; ++ else ++ buf[n] = p[i]; ++ n++; ++ if (n >= 80) { ++ if (BIO_write(bp, buf, n) <= 0) ++ return (0); ++ n = 0; ++ } ++ } ++ if (n > 0) ++ if (BIO_write(bp, buf, n) <= 0) ++ return (0); ++ return (1); ++} ++ ++int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) ++{ ++ if (tm->type == V_ASN1_UTCTIME) ++ return ASN1_UTCTIME_print(bp, tm); ++ if (tm->type == V_ASN1_GENERALIZEDTIME) ++ return ASN1_GENERALIZEDTIME_print(bp, tm); ++ BIO_write(bp, "Bad time value", 14); ++ return (0); ++} ++ ++static const char *mon[12] = { ++ "Jan", "Feb", "Mar", "Apr", "May", "Jun", ++ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" ++}; ++ ++int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) ++{ ++ char *v; ++ int gmt = 0; ++ int i; ++ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; ++ char *f = NULL; ++ int f_len = 0; ++ ++ i = tm->length; ++ v = (char *)tm->data; ++ ++ if (i < 12) ++ goto err; ++ if (v[i - 1] == 'Z') ++ gmt = 1; ++ for (i = 0; i < 12; i++) ++ if ((v[i] > '9') || (v[i] < '0')) ++ goto err; ++ y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 ++ + (v[2] - '0') * 10 + (v[3] - '0'); ++ M = (v[4] - '0') * 10 + (v[5] - '0'); ++ if ((M > 12) || (M < 1)) ++ goto err; ++ d = (v[6] - '0') * 10 + (v[7] - '0'); ++ h = (v[8] - '0') * 10 + (v[9] - '0'); ++ m = (v[10] - '0') * 10 + (v[11] - '0'); ++ if (tm->length >= 14 && ++ (v[12] >= '0') && (v[12] <= '9') && ++ (v[13] >= '0') && (v[13] <= '9')) { ++ s = (v[12] - '0') * 10 + (v[13] - '0'); ++ /* Check for fractions of seconds. */ ++ if (tm->length >= 15 && v[14] == '.') { ++ int l = tm->length; ++ f = &v[14]; /* The decimal point. */ ++ f_len = 1; ++ while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9') ++ ++f_len; ++ } ++ } ++ ++ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", ++ mon[M - 1], d, h, m, s, f_len, f, y, ++ (gmt) ? " GMT" : "") <= 0) ++ return (0); ++ else ++ return (1); ++ err: ++ BIO_write(bp, "Bad time value", 14); ++ return (0); ++} ++ ++int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) ++{ ++ const char *v; ++ int gmt = 0; ++ int i; ++ int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; ++ ++ i = tm->length; ++ v = (const char *)tm->data; ++ ++ if (i < 10) ++ goto err; ++ if (v[i - 1] == 'Z') ++ gmt = 1; ++ for (i = 0; i < 10; i++) ++ if ((v[i] > '9') || (v[i] < '0')) ++ goto err; ++ y = (v[0] - '0') * 10 + (v[1] - '0'); ++ if (y < 50) ++ y += 100; ++ M = (v[2] - '0') * 10 + (v[3] - '0'); ++ if ((M > 12) || (M < 1)) ++ goto err; ++ d = (v[4] - '0') * 10 + (v[5] - '0'); ++ h = (v[6] - '0') * 10 + (v[7] - '0'); ++ m = (v[8] - '0') * 10 + (v[9] - '0'); ++ if (tm->length >= 12 && ++ (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9')) ++ s = (v[10] - '0') * 10 + (v[11] - '0'); ++ ++ if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", ++ mon[M - 1], d, h, m, s, y + 1900, ++ (gmt) ? " GMT" : "") <= 0) ++ return (0); ++ else ++ return (1); ++ err: ++ BIO_write(bp, "Bad time value", 14); ++ return (0); ++} ++ ++int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) ++{ ++ char *s, *c, *b; ++ int ret = 0, l, i; ++ ++ l = 80 - 2 - obase; ++ ++ b = X509_NAME_oneline(name, NULL, 0); ++ if (!b) ++ return 0; ++ if (!*b) { ++ OPENSSL_free(b); ++ return 1; ++ } ++ s = b + 1; /* skip the first slash */ ++ ++ c = s; ++ for (;;) { ++#ifndef CHARSET_EBCDIC ++ if (((*s == '/') && ++ ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') || ++ ((s[2] >= 'A') ++ && (s[2] <= 'Z') ++ && (s[3] == '=')) ++ ))) || (*s == '\0')) ++#else ++ if (((*s == '/') && ++ (isupper(s[1]) && ((s[2] == '=') || ++ (isupper(s[2]) && (s[3] == '=')) ++ ))) || (*s == '\0')) ++#endif ++ { ++ i = s - c; ++ if (BIO_write(bp, c, i) != i) ++ goto err; ++ c = s + 1; /* skip following slash */ ++ if (*s != '\0') { ++ if (BIO_write(bp, ", ", 2) != 2) ++ goto err; ++ } ++ l--; ++ } ++ if (*s == '\0') ++ break; ++ s++; ++ l--; ++ } ++ ++ ret = 1; ++ if (0) { ++ err: ++ X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); ++ } ++ OPENSSL_free(b); ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c +new file mode 100644 +index 0000000..f4b8f94 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c +@@ -0,0 +1,115 @@ ++/* t_x509a.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++/* ++ * X509_CERT_AUX and string set routines ++ */ ++ ++int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) ++{ ++ char oidstr[80], first; ++ int i; ++ if (!aux) ++ return 1; ++ if (aux->trust) { ++ first = 1; ++ BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); ++ for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { ++ if (!first) ++ BIO_puts(out, ", "); ++ else ++ first = 0; ++ OBJ_obj2txt(oidstr, sizeof oidstr, ++ sk_ASN1_OBJECT_value(aux->trust, i), 0); ++ BIO_puts(out, oidstr); ++ } ++ BIO_puts(out, "\n"); ++ } else ++ BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); ++ if (aux->reject) { ++ first = 1; ++ BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); ++ for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { ++ if (!first) ++ BIO_puts(out, ", "); ++ else ++ first = 0; ++ OBJ_obj2txt(oidstr, sizeof oidstr, ++ sk_ASN1_OBJECT_value(aux->reject, i), 0); ++ BIO_puts(out, oidstr); ++ } ++ BIO_puts(out, "\n"); ++ } else ++ BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); ++ if (aux->alias) ++ BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data); ++ if (aux->keyid) { ++ BIO_printf(out, "%*sKey Id: ", indent, ""); ++ for (i = 0; i < aux->keyid->length; i++) ++ BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]); ++ BIO_write(out, "\n", 1); ++ } ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +index c9b6375..d254027 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c +@@ -1,10 +1,60 @@ ++/* tasn_dec.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -14,12 +64,6 @@ + #include + #include + #include +-#include "internal/numbers.h" +-#include "asn1_locl.h" +- +-static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, +- long len, const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx); + + static int asn1_check_eoc(const unsigned char **in, long len); + static int asn1_find_end(const unsigned char **in, long len, char inf); +@@ -47,8 +91,6 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, + const ASN1_ITEM *it, + int tag, int aclass, char opt, + ASN1_TLC *ctx); +-static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, +- int utype, char *free_cont, const ASN1_ITEM *it); + + /* Table to convert tags to bit values, used for MSTRING type */ + static const unsigned long tag2bit[32] = { +@@ -106,15 +148,13 @@ ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, + return NULL; + } + +-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, +- const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx) ++int ASN1_template_d2i(ASN1_VALUE **pval, ++ const unsigned char **in, long len, ++ const ASN1_TEMPLATE *tt) + { +- int rv; +- rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx); +- if (rv <= 0) +- ASN1_item_ex_free(pval, it); +- return rv; ++ ASN1_TLC c; ++ asn1_tlc_clear_nc(&c); ++ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); + } + + /* +@@ -122,22 +162,26 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + * tag mismatch return -1 to handle OPTIONAL + */ + +-static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, +- long len, const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx) ++int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, ++ const ASN1_ITEM *it, ++ int tag, int aclass, char opt, ASN1_TLC *ctx) + { + const ASN1_TEMPLATE *tt, *errtt = NULL; ++ const ASN1_COMPAT_FUNCS *cf; + const ASN1_EXTERN_FUNCS *ef; + const ASN1_AUX *aux = it->funcs; + ASN1_aux_cb *asn1_cb; + const unsigned char *p = NULL, *q; +- unsigned char oclass; ++ unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ ++ unsigned char imphack = 0, oclass; + char seq_eoc, seq_nolen, cst, isopt; + long tmplen; + int i; + int otag; + int ret = 0; +- ASN1_VALUE **pchptr; ++ ASN1_VALUE **pchptr, *ptmpval; ++ int combine = aclass & ASN1_TFLG_COMBINE; ++ aclass &= ~ASN1_TFLG_COMBINE; + if (!pval) + return 0; + if (aux && aux->asn1_cb) +@@ -155,7 +199,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + * template in the template itself. + */ + if ((tag != -1) || opt) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, + ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); + goto err; + } +@@ -164,6 +208,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + } + return asn1_d2i_ex_primitive(pval, in, len, it, + tag, aclass, opt, ctx); ++ break; + + case ASN1_ITYPE_MSTRING: + p = *in; +@@ -171,7 +216,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, + &p, len, -1, 0, 1, ctx); + if (!ret) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + goto err; + } + +@@ -180,7 +225,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + /* If OPTIONAL, assume this is OK */ + if (opt) + return -1; +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); + goto err; + } + /* Check tag matches bit map */ +@@ -188,7 +233,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + /* If OPTIONAL, assume this is OK */ + if (opt) + return -1; +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_WRONG_TAG); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); + goto err; + } + return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); +@@ -198,6 +243,66 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + ef = it->funcs; + return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); + ++ case ASN1_ITYPE_COMPAT: ++ /* we must resort to old style evil hackery */ ++ cf = it->funcs; ++ ++ /* If OPTIONAL see if it is there */ ++ if (opt) { ++ int exptag; ++ p = *in; ++ if (tag == -1) ++ exptag = it->utype; ++ else ++ exptag = tag; ++ /* ++ * Don't care about anything other than presence of expected tag ++ */ ++ ++ ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, ++ &p, len, exptag, aclass, 1, ctx); ++ if (!ret) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ if (ret == -1) ++ return -1; ++ } ++ ++ /* ++ * This is the old style evil hack IMPLICIT handling: since the ++ * underlying code is expecting a tag and class other than the one ++ * present we change the buffer temporarily then change it back ++ * afterwards. This doesn't and never did work for tags > 30. Yes ++ * this is *horrible* but it is only needed for old style d2i which ++ * will hopefully not be around for much longer. FIXME: should copy ++ * the buffer then modify it so the input buffer can be const: we ++ * should *always* copy because the old style d2i might modify the ++ * buffer. ++ */ ++ ++ if (tag != -1) { ++ wp = *(unsigned char **)in; ++ imphack = *wp; ++ if (p == NULL) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ } ++ *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) ++ | it->utype); ++ } ++ ++ ptmpval = cf->asn1_d2i(pval, in, len); ++ ++ if (tag != -1) ++ *wp = imphack; ++ ++ if (ptmpval) ++ return 1; ++ ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ goto err; ++ + case ASN1_ITYPE_CHOICE: + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; +@@ -207,11 +312,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); +- asn1_template_free(pchptr, tt); ++ ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } else if (!ASN1_item_ex_new(pval, it)) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + goto err; + } + /* CHOICE type, try each possibility in turn */ +@@ -228,13 +333,9 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + /* If positive return, read OK, break loop */ + if (ret > 0) + break; +- /* +- * Must be an ASN1 parsing error. +- * Free up any partial choice value +- */ +- asn1_template_free(pchptr, tt); ++ /* Otherwise must be an ASN1 parsing error */ + errtt = tt; +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + goto err; + } + +@@ -246,12 +347,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + ASN1_item_ex_free(pval, it); + return -1; + } +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); + goto err; + } + + asn1_set_choice_selector(pval, i, it); +- + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) + goto auxerr; + *in = p; +@@ -271,7 +371,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, + &p, len, tag, aclass, opt, ctx); + if (!ret) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + goto err; + } else if (ret == -1) + return -1; +@@ -283,12 +383,12 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + else + seq_nolen = seq_eoc; + if (!cst) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); + goto err; + } + + if (!*pval && !ASN1_item_ex_new(pval, it)) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + goto err; + } + +@@ -304,7 +404,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + if (seqtt == NULL) + continue; + pseqval = asn1_get_field_ptr(pval, seqtt); +- asn1_template_free(pseqval, seqtt); ++ ASN1_template_free(pseqval, seqtt); + } + } + +@@ -322,7 +422,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + q = p; + if (asn1_check_eoc(&p, len)) { + if (!seq_eoc) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_UNEXPECTED_EOC); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); + goto err; + } + len -= p - q; +@@ -352,7 +452,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + /* + * OPTIONAL component absent. Free and zero the field. + */ +- asn1_template_free(pseqval, seqtt); ++ ASN1_template_free(pseqval, seqtt); + continue; + } + /* Update length */ +@@ -361,12 +461,12 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + + /* Check for EOC if expecting one */ + if (seq_eoc && !asn1_check_eoc(&p, len)) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MISSING_EOC); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); + goto err; + } + /* Check all data read */ + if (!seq_nolen && len) { +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); + goto err; + } + +@@ -383,10 +483,10 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + if (seqtt->flags & ASN1_TFLG_OPTIONAL) { + ASN1_VALUE **pseqval; + pseqval = asn1_get_field_ptr(pval, seqtt); +- asn1_template_free(pseqval, seqtt); ++ ASN1_template_free(pseqval, seqtt); + } else { + errtt = seqtt; +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_FIELD_MISSING); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); + goto err; + } + } +@@ -402,8 +502,10 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, + return 0; + } + auxerr: +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_AUX_ERROR); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); + err: ++ if (combine == 0) ++ ASN1_item_ex_free(pval, it); + if (errtt) + ERR_add_error_data(4, "Field=", errtt->field_name, + ", Type=", it->sname); +@@ -485,6 +587,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, + return 1; + + err: ++ ASN1_template_free(val, tt); + return 0; + } + +@@ -495,7 +598,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + { + int flags, aclass; + int ret; +- ASN1_VALUE *tval; + const unsigned char *p, *q; + if (!val) + return 0; +@@ -505,15 +607,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + p = *in; + q = p; + +- /* +- * If field is embedded then val needs fixing so it is a pointer to +- * a pointer to a field. +- */ +- if (tt->flags & ASN1_TFLG_EMBED) { +- tval = (ASN1_VALUE *)val; +- val = &tval; +- } +- + if (flags & ASN1_TFLG_SK_MASK) { + /* SET OF, SEQUENCE OF */ + int sktag, skaclass; +@@ -538,7 +631,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + } else if (ret == -1) + return -1; + if (!*val) +- *val = (ASN1_VALUE *)OPENSSL_sk_new_null(); ++ *val = (ASN1_VALUE *)sk_new_null(); + else { + /* + * We've got a valid STACK: free up any items present +@@ -572,18 +665,15 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + break; + } + skfield = NULL; +- if (!asn1_item_embed_d2i(&skfield, &p, len, +- ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { ++ if (!ASN1_item_ex_d2i(&skfield, &p, len, ++ ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, + ERR_R_NESTED_ASN1_ERROR); +- /* |skfield| may be partially allocated despite failure. */ +- ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); + goto err; + } + len -= p - q; + if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); +- ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); + goto err; + } + } +@@ -593,9 +683,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + } + } else if (flags & ASN1_TFLG_IMPTAG) { + /* IMPLICIT tagging */ +- ret = asn1_item_embed_d2i(val, &p, len, +- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, +- ctx); ++ ret = ASN1_item_ex_d2i(val, &p, len, ++ ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ++ ctx); + if (!ret) { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); + goto err; +@@ -603,8 +693,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + return -1; + } else { + /* Nothing special */ +- ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), +- -1, 0, opt, ctx); ++ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), ++ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); + if (!ret) { + ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); + goto err; +@@ -616,6 +706,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, + return 1; + + err: ++ ASN1_template_free(val, tt); + return 0; + } + +@@ -628,7 +719,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, + long plen; + char cst, inf, free_cont = 0; + const unsigned char *p; +- BUF_MEM buf = { 0, NULL, 0, 0 }; ++ BUF_MEM buf = { 0, NULL, 0 }; + const unsigned char *cont = NULL; + long len; + if (!pval) { +@@ -683,7 +774,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, + || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { + /* + * Clear context cache for type OTHER because the auto clear when we +- * have a exact match won't work ++ * have a exact match wont work + */ + if (utype == V_ASN1_OTHER) { + asn1_tlc_clear(ctx); +@@ -746,15 +837,15 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, + *in = p; + ret = 1; + err: +- if (free_cont) ++ if (free_cont && buf.data) + OPENSSL_free(buf.data); + return ret; + } + + /* Translate ASN1 content octets into a structure */ + +-static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, +- int utype, char *free_cont, const ASN1_ITEM *it) ++int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, ++ int utype, char *free_cont, const ASN1_ITEM *it) + { + ASN1_VALUE **opval = NULL; + ASN1_STRING *stmp; +@@ -850,7 +941,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + /* All based on ASN1_STRING and handled the same */ + if (!*pval) { + stmp = ASN1_STRING_type_new(utype); +- if (stmp == NULL) { ++ if (!stmp) { + ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -861,7 +952,8 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + } + /* If we've already allocated a buffer use it */ + if (*free_cont) { +- OPENSSL_free(stmp->data); ++ if (stmp->data) ++ OPENSSL_free(stmp->data); + stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ + stmp->length = len; + *free_cont = 0; +@@ -898,7 +990,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + + static int asn1_find_end(const unsigned char **in, long len, char inf) + { +- uint32_t expected_eoc; ++ int expected_eoc; + long plen; + const unsigned char *p = *in, *q; + /* If not indefinite length constructed just add length */ +@@ -928,15 +1020,10 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) + ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); + return 0; + } +- if (inf) { +- if (expected_eoc == UINT32_MAX) { +- ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); +- return 0; +- } ++ if (inf) + expected_eoc++; +- } else { ++ else + p += plen; +- } + len -= p - q; + } + if (expected_eoc) { +@@ -948,7 +1035,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) + } + + /* +- * This function collects the asn1 data from a constructed string type into ++ * This function collects the asn1 data from a constructred string type into + * a buffer. The values of 'in' and 'len' should refer to the contents of the + * constructed type and 'inf' should be set if it is indefinite length. + */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +index caa4869..081a9d5 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c +@@ -1,20 +1,69 @@ ++/* tasn_enc.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include + #include + #include +-#include "internal/asn1_int.h" +-#include "asn1_locl.h" + + static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +@@ -25,8 +74,6 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt, int tag, int aclass); + static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it, int flags); +-static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, +- const ASN1_ITEM *it); + + /* + * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use +@@ -61,7 +108,7 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, + if (len <= 0) + return len; + buf = OPENSSL_malloc(len); +- if (buf == NULL) ++ if (!buf) + return -1; + p = buf; + ASN1_item_ex_i2d(&val, &p, it, -1, flags); +@@ -81,7 +128,9 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass) + { + const ASN1_TEMPLATE *tt = NULL; ++ unsigned char *p = NULL; + int i, seqcontlen, seqlen, ndef = 1; ++ const ASN1_COMPAT_FUNCS *cf; + const ASN1_EXTERN_FUNCS *ef; + const ASN1_AUX *aux = it->funcs; + ASN1_aux_cb *asn1_cb = 0; +@@ -99,6 +148,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + return asn1_template_ex_i2d(pval, out, it->templates, + tag, aclass); + return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); ++ break; + + case ASN1_ITYPE_MSTRING: + return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); +@@ -124,6 +174,20 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + ef = it->funcs; + return ef->asn1_ex_i2d(pval, out, it, tag, aclass); + ++ case ASN1_ITYPE_COMPAT: ++ /* old style hackery... */ ++ cf = it->funcs; ++ if (out) ++ p = *out; ++ i = cf->asn1_i2d(*pval, out); ++ /* ++ * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so ++ * did the old code. Tags > 30 are very rare anyway. ++ */ ++ if (out && (tag != -1)) ++ *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); ++ return i; ++ + case ASN1_ITYPE_NDEF_SEQUENCE: + /* Use indefinite length constructed if requested */ + if (aclass & ASN1_TFLG_NDEF) +@@ -192,21 +256,17 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + return 0; + } + ++int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, ++ const ASN1_TEMPLATE *tt) ++{ ++ return asn1_template_ex_i2d(pval, out, tt, -1, 0); ++} ++ + static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt, int tag, int iclass) + { + int i, ret, flags, ttag, tclass, ndef; +- ASN1_VALUE *tval; + flags = tt->flags; +- +- /* +- * If field is embedded then val needs fixing so it is a pointer to +- * a pointer to a field. +- */ +- if (flags & ASN1_TFLG_EMBED) { +- tval = (ASN1_VALUE *)pval; +- pval = &tval; +- } + /* + * Work out tag and class to use: tagging may come either from the + * template or the arguments, not both because this would create +@@ -380,10 +440,10 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, + else { + derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) + * sizeof(*derlst)); +- if (derlst == NULL) ++ if (!derlst) + return 0; + tmpdat = OPENSSL_malloc(skcontlen); +- if (tmpdat == NULL) { ++ if (!tmpdat) { + OPENSSL_free(derlst); + return 0; + } +@@ -486,8 +546,8 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, + + /* Produce content octets from a structure */ + +-static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, +- const ASN1_ITEM *it) ++int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, ++ const ASN1_ITEM *it) + { + ASN1_BOOLEAN *tbool = NULL; + ASN1_STRING *strtmp; +@@ -556,6 +616,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, + case V_ASN1_BIT_STRING: + return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, + cout ? &cout : NULL); ++ break; + + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: +@@ -563,6 +624,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, + * These are all have the same content format as ASN1_INTEGER + */ + return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); ++ break; + + case V_ASN1_OCTET_STRING: + case V_ASN1_NUMERICSTRING: +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +index 3c98efb..aeea4ef 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c +@@ -1,42 +1,91 @@ ++/* tasn_fre.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include + #include +-#include "asn1_locl.h" + +-static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, +- int embed); ++static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int combine); + + /* Free up an ASN1 structure */ + + void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) + { +- asn1_item_embed_free(&val, it, 0); ++ asn1_item_combine_free(&val, it, 0); + } + + void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- asn1_item_embed_free(pval, it, 0); ++ asn1_item_combine_free(pval, it, 0); + } + +-static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, +- int embed) ++static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int combine) + { + const ASN1_TEMPLATE *tt = NULL, *seqtt; + const ASN1_EXTERN_FUNCS *ef; ++ const ASN1_COMPAT_FUNCS *cf; + const ASN1_AUX *aux = it->funcs; + ASN1_aux_cb *asn1_cb; + int i; +- + if (!pval) + return; + if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) +@@ -50,13 +99,13 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) +- asn1_template_free(pval, it->templates); ++ ASN1_template_free(pval, it->templates); + else +- asn1_primitive_free(pval, it, embed); ++ ASN1_primitive_free(pval, it); + break; + + case ASN1_ITYPE_MSTRING: +- asn1_primitive_free(pval, it, embed); ++ ASN1_primitive_free(pval, it); + break; + + case ASN1_ITYPE_CHOICE: +@@ -68,19 +117,24 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + ASN1_VALUE **pchval; +- + tt = it->templates + i; + pchval = asn1_get_field_ptr(pval, tt); +- asn1_template_free(pchval, tt); ++ ASN1_template_free(pchval, tt); + } + if (asn1_cb) + asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); +- if (embed == 0) { ++ if (!combine) { + OPENSSL_free(*pval); + *pval = NULL; + } + break; + ++ case ASN1_ITYPE_COMPAT: ++ cf = it->funcs; ++ if (cf && cf->asn1_free) ++ cf->asn1_free(*pval); ++ break; ++ + case ASN1_ITYPE_EXTERN: + ef = it->funcs; + if (ef && ef->asn1_ex_free) +@@ -89,7 +143,7 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + + case ASN1_ITYPE_NDEF_SEQUENCE: + case ASN1_ITYPE_SEQUENCE: +- if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */ ++ if (asn1_do_lock(pval, -1, it) > 0) + return; + if (asn1_cb) { + i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); +@@ -99,23 +153,21 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + asn1_enc_free(pval, it); + /* + * If we free up as normal we will invalidate any ANY DEFINED BY +- * field and we won't be able to determine the type of the field it ++ * field and we wont be able to determine the type of the field it + * defines. So free up in reverse order. + */ +- tt = it->templates + it->tcount; +- for (i = 0; i < it->tcount; i++) { ++ tt = it->templates + it->tcount - 1; ++ for (i = 0; i < it->tcount; tt--, i++) { + ASN1_VALUE **pseqval; +- +- tt--; + seqtt = asn1_do_adb(pval, tt, 0); + if (!seqtt) + continue; + pseqval = asn1_get_field_ptr(pval, seqtt); +- asn1_template_free(pseqval, seqtt); ++ ASN1_template_free(pseqval, seqtt); + } + if (asn1_cb) + asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); +- if (embed == 0) { ++ if (!combine) { + OPENSSL_free(*pval); + *pval = NULL; + } +@@ -123,48 +175,37 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + } + } + +-void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) ++void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) + { +- int embed = tt->flags & ASN1_TFLG_EMBED; +- ASN1_VALUE *tval; +- if (embed) { +- tval = (ASN1_VALUE *)pval; +- pval = &tval; +- } ++ int i; + if (tt->flags & ASN1_TFLG_SK_MASK) { + STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; +- int i; +- + for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { +- ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i); +- +- asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed); ++ ASN1_VALUE *vtmp; ++ vtmp = sk_ASN1_VALUE_value(sk, i); ++ asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0); + } + sk_ASN1_VALUE_free(sk); + *pval = NULL; +- } else { +- asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed); +- } ++ } else ++ asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), ++ tt->flags & ASN1_TFLG_COMBINE); + } + +-void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) ++void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + { + int utype; +- +- /* Special case: if 'it' is a primitive with a free_func, use that. */ + if (it) { +- const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; +- ++ const ASN1_PRIMITIVE_FUNCS *pf; ++ pf = it->funcs; + if (pf && pf->prim_free) { + pf->prim_free(pval, it); + return; + } + } +- +- /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */ ++ /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ + if (!it) { + ASN1_TYPE *typ = (ASN1_TYPE *)*pval; +- + utype = typ->type; + pval = &typ->value.asn1_value; + if (!*pval) +@@ -195,12 +236,13 @@ void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) + break; + + case V_ASN1_ANY: +- asn1_primitive_free(pval, NULL, 0); ++ ASN1_primitive_free(pval, NULL); + OPENSSL_free(*pval); + break; + + default: +- asn1_string_embed_free((ASN1_STRING *)*pval, embed); ++ ASN1_STRING_free((ASN1_STRING *)*pval); ++ *pval = NULL; + break; + } + *pval = NULL; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +index e9b8377..b0c73be 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c +@@ -1,10 +1,60 @@ ++/* tasn_new.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -13,14 +63,10 @@ + #include + #include + #include +-#include "asn1_locl.h" + +-static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, +- int embed); +-static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, +- int embed); ++static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int combine); + static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); +-static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); + static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); + +@@ -36,12 +82,14 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) + + int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + { +- return asn1_item_embed_new(pval, it, 0); ++ return asn1_item_ex_combine_new(pval, it, 0); + } + +-int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) ++static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, ++ int combine) + { + const ASN1_TEMPLATE *tt = NULL; ++ const ASN1_COMPAT_FUNCS *cf; + const ASN1_EXTERN_FUNCS *ef; + const ASN1_AUX *aux = it->funcs; + ASN1_aux_cb *asn1_cb; +@@ -52,8 +100,9 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) + else + asn1_cb = 0; + +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new"); ++#ifdef CRYPTO_MDEBUG ++ if (it->sname) ++ CRYPTO_push_info(it->sname); + #endif + + switch (it->itype) { +@@ -66,16 +115,25 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) + } + break; + ++ case ASN1_ITYPE_COMPAT: ++ cf = it->funcs; ++ if (cf && cf->asn1_new) { ++ *pval = cf->asn1_new(); ++ if (!*pval) ++ goto memerr; ++ } ++ break; ++ + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) { +- if (!asn1_template_new(pval, it->templates)) ++ if (!ASN1_template_new(pval, it->templates)) + goto memerr; +- } else if (!asn1_primitive_new(pval, it, embed)) ++ } else if (!ASN1_primitive_new(pval, it)) + goto memerr; + break; + + case ASN1_ITYPE_MSTRING: +- if (!asn1_primitive_new(pval, it, embed)) ++ if (!ASN1_primitive_new(pval, it)) + goto memerr; + break; + +@@ -85,22 +143,22 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) + if (!i) + goto auxerr; + if (i == 2) { +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_pop(); ++#ifdef CRYPTO_MDEBUG ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif + return 1; + } + } +- if (embed) { +- memset(*pval, 0, it->size); +- } else { +- *pval = OPENSSL_zalloc(it->size); +- if (*pval == NULL) ++ if (!combine) { ++ *pval = OPENSSL_malloc(it->size); ++ if (!*pval) + goto memerr; ++ memset(*pval, 0, it->size); + } + asn1_set_choice_selector(pval, -1, it); + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) +- goto auxerr2; ++ goto auxerr; + break; + + case ASN1_ITYPE_NDEF_SEQUENCE: +@@ -110,52 +168,50 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) + if (!i) + goto auxerr; + if (i == 2) { +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_pop(); ++#ifdef CRYPTO_MDEBUG ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif + return 1; + } + } +- if (embed) { +- memset(*pval, 0, it->size); +- } else { +- *pval = OPENSSL_zalloc(it->size); +- if (*pval == NULL) ++ if (!combine) { ++ *pval = OPENSSL_malloc(it->size); ++ if (!*pval) + goto memerr; ++ memset(*pval, 0, it->size); ++ asn1_do_lock(pval, 0, it); ++ asn1_enc_init(pval, it); + } +- /* 0 : init. lock */ +- if (asn1_do_lock(pval, 0, it) < 0) +- goto memerr2; +- asn1_enc_init(pval, it); + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { + pseqval = asn1_get_field_ptr(pval, tt); +- if (!asn1_template_new(pseqval, tt)) +- goto memerr2; ++ if (!ASN1_template_new(pseqval, tt)) ++ goto memerr; + } + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) +- goto auxerr2; ++ goto auxerr; + break; + } +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_pop(); ++#ifdef CRYPTO_MDEBUG ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif + return 1; + +- memerr2: +- ASN1_item_ex_free(pval, it); + memerr: +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE); +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_pop(); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE); ++#ifdef CRYPTO_MDEBUG ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif + return 0; + +- auxerr2: +- ASN1_item_ex_free(pval, it); + auxerr: +- ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR); +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_pop(); ++ ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR); ++ ASN1_item_ex_free(pval, it); ++#ifdef CRYPTO_MDEBUG ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif + return 0; + +@@ -186,6 +242,7 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) + asn1_primitive_clear(pval, it); + break; + ++ case ASN1_ITYPE_COMPAT: + case ASN1_ITYPE_CHOICE: + case ASN1_ITYPE_SEQUENCE: + case ASN1_ITYPE_NDEF_SEQUENCE: +@@ -194,16 +251,10 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) + } + } + +-static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) ++int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) + { + const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); +- int embed = tt->flags & ASN1_TFLG_EMBED; +- ASN1_VALUE *tval; + int ret; +- if (embed) { +- tval = (ASN1_VALUE *)pval; +- pval = &tval; +- } + if (tt->flags & ASN1_TFLG_OPTIONAL) { + asn1_template_clear(pval, tt); + return 1; +@@ -214,9 +265,9 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) + *pval = NULL; + return 1; + } +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_push(tt->field_name +- ? tt->field_name : "asn1_template_new"); ++#ifdef CRYPTO_MDEBUG ++ if (tt->field_name) ++ CRYPTO_push_info(tt->field_name); + #endif + /* If SET OF or SEQUENCE OF, its a STACK */ + if (tt->flags & ASN1_TFLG_SK_MASK) { +@@ -232,10 +283,11 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) + goto done; + } + /* Otherwise pass it back to the item routine */ +- ret = asn1_item_embed_new(pval, it, embed); ++ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); + done: +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- OPENSSL_mem_debug_pop(); ++#ifdef CRYPTO_MDEBUG ++ if (it->sname) ++ CRYPTO_pop_info(); + #endif + return ret; + } +@@ -254,8 +306,7 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) + * all the old functions. + */ + +-static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, +- int embed) ++int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + { + ASN1_TYPE *typ; + ASN1_STRING *str; +@@ -288,8 +339,8 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + return 1; + + case V_ASN1_ANY: +- typ = OPENSSL_malloc(sizeof(*typ)); +- if (typ == NULL) ++ typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); ++ if (!typ) + return 0; + typ->value.ptr = NULL; + typ->type = -1; +@@ -297,17 +348,10 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + break; + + default: +- if (embed) { +- str = *(ASN1_STRING **)pval; +- memset(str, 0, sizeof(*str)); +- str->type = utype; +- str->flags = ASN1_STRING_FLAG_EMBED; +- } else { +- str = ASN1_STRING_type_new(utype); +- *pval = (ASN1_VALUE *)str; +- } ++ str = ASN1_STRING_type_new(utype); + if (it->itype == ASN1_ITYPE_MSTRING && str) + str->flags |= ASN1_STRING_FLAG_MSTRING; ++ *pval = (ASN1_VALUE *)str; + break; + } + if (*pval) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c +index f53e905..f628cad 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_prn.c +@@ -1,21 +1,70 @@ ++/* tasn_prn.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include + #include +-#include "internal/asn1_int.h" + #include "asn1_locl.h" + + /* +@@ -24,7 +73,7 @@ + + /* ASN1_PCTX routines */ + +-static ASN1_PCTX default_pctx = { ++ASN1_PCTX default_pctx = { + ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ + 0, /* nm_flags */ + 0, /* cert_flags */ +@@ -35,12 +84,16 @@ static ASN1_PCTX default_pctx = { + ASN1_PCTX *ASN1_PCTX_new(void) + { + ASN1_PCTX *ret; +- +- ret = OPENSSL_zalloc(sizeof(*ret)); ++ ret = OPENSSL_malloc(sizeof(ASN1_PCTX)); + if (ret == NULL) { + ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ++ ret->flags = 0; ++ ret->nm_flags = 0; ++ ret->cert_flags = 0; ++ ret->oid_flags = 0; ++ ret->str_flags = 0; + return ret; + } + +@@ -49,7 +102,7 @@ void ASN1_PCTX_free(ASN1_PCTX *p) + OPENSSL_free(p); + } + +-unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p) ++unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p) + { + return p->flags; + } +@@ -59,7 +112,7 @@ void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags) + p->flags = flags; + } + +-unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p) ++unsigned long ASN1_PCTX_get_nm_flags(ASN1_PCTX *p) + { + return p->nm_flags; + } +@@ -69,7 +122,7 @@ void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags) + p->nm_flags = flags; + } + +-unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p) ++unsigned long ASN1_PCTX_get_cert_flags(ASN1_PCTX *p) + { + return p->cert_flags; + } +@@ -79,7 +132,7 @@ void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags) + p->cert_flags = flags; + } + +-unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p) ++unsigned long ASN1_PCTX_get_oid_flags(ASN1_PCTX *p) + { + return p->oid_flags; + } +@@ -89,7 +142,7 @@ void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags) + p->oid_flags = flags; + } + +-unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p) ++unsigned long ASN1_PCTX_get_str_flags(ASN1_PCTX *p) + { + return p->str_flags; + } +@@ -106,7 +159,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const char *fname, const char *sname, + int nohdr, const ASN1_PCTX *pctx); + +-static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, ++int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); + + static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, +@@ -170,7 +223,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + return 0; + break; + } +- /* fall through */ ++ /* fall thru */ + case ASN1_ITYPE_MSTRING: + if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx)) + return 0; +@@ -194,6 +247,10 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + break; + + case ASN1_ITYPE_CHOICE: ++#if 0 ++ if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) ++ return 0; ++#endif + /* CHOICE type, get selector */ + i = asn1_get_choice_selector(fld, it); + /* This should never happen... */ +@@ -261,12 +318,11 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + return 1; + } + +-static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, ++int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) + { + int i, flags; + const char *sname, *fname; +- ASN1_VALUE *tfld; + flags = tt->flags; + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME) + sname = ASN1_ITEM_ptr(tt->item)->sname; +@@ -276,16 +332,6 @@ static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + fname = NULL; + else + fname = tt->field_name; +- +- /* +- * If field is embedded then fld needs fixing so it is a pointer to +- * a pointer to a field. +- */ +- if (flags & ASN1_TFLG_EMBED) { +- tfld = (ASN1_VALUE *)fld; +- fld = &tfld; +- } +- + if (flags & ASN1_TFLG_SK_MASK) { + char *tname; + ASN1_VALUE *skitem; +@@ -331,8 +377,13 @@ static int asn1_print_fsname(BIO *out, int indent, + const char *fname, const char *sname, + const ASN1_PCTX *pctx) + { +- static const char spaces[] = " "; +- static const int nspaces = sizeof(spaces) - 1; ++ static char spaces[] = " "; ++ const int nspaces = sizeof(spaces) - 1; ++ ++#if 0 ++ if (!sname && !fname) ++ return 1; ++#endif + + while (indent > nspaces) { + if (BIO_write(out, spaces, nspaces) != nspaces) +@@ -365,7 +416,8 @@ static int asn1_print_fsname(BIO *out, int indent, + return 1; + } + +-static int asn1_print_boolean(BIO *out, int boolval) ++static int asn1_print_boolean_ctx(BIO *out, int boolval, ++ const ASN1_PCTX *pctx) + { + const char *str; + switch (boolval) { +@@ -389,7 +441,8 @@ static int asn1_print_boolean(BIO *out, int boolval) + + } + +-static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str) ++static int asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, ++ const ASN1_PCTX *pctx) + { + char *s; + int ret = 1; +@@ -402,7 +455,8 @@ static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str) + return ret; + } + +-static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid) ++static int asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, ++ const ASN1_PCTX *pctx) + { + char objbuf[80]; + const char *ln; +@@ -415,7 +469,8 @@ static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid) + return 1; + } + +-static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent) ++static int asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent, ++ const ASN1_PCTX *pctx) + { + if (str->type == V_ASN1_BIT_STRING) { + if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0) +@@ -423,7 +478,7 @@ static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent) + } else if (BIO_puts(out, "\n") <= 0) + return 0; + if ((str->length > 0) +- && BIO_dump_indent(out, (const char *)str->data, str->length, ++ && BIO_dump_indent(out, (char *)str->data, str->length, + indent + 2) <= 0) + return 0; + return 1; +@@ -489,13 +544,13 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, + int boolval = *(int *)fld; + if (boolval == -1) + boolval = it->size; +- ret = asn1_print_boolean(out, boolval); ++ ret = asn1_print_boolean_ctx(out, boolval, pctx); + } + break; + + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: +- ret = asn1_print_integer(out, str); ++ ret = asn1_print_integer_ctx(out, str, pctx); + break; + + case V_ASN1_UTCTIME: +@@ -507,12 +562,12 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, + break; + + case V_ASN1_OBJECT: +- ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld); ++ ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx); + break; + + case V_ASN1_OCTET_STRING: + case V_ASN1_BIT_STRING: +- ret = asn1_print_obstring(out, str, indent); ++ ret = asn1_print_obstring_ctx(out, str, indent, pctx); + needlf = 0; + break; + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c +deleted file mode 100644 +index e1df2cf..0000000 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_scn.c ++++ /dev/null +@@ -1,65 +0,0 @@ +-/* +- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include +-#include +-#include "asn1_locl.h" +- +-/* +- * General ASN1 structure recursive scanner: iterate through all fields +- * passing details to a callback. +- */ +- +-ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) +-{ +- ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret)); +- +- if (ret == NULL) { +- ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- ret->scan_cb = scan_cb; +- return ret; +-} +- +-void ASN1_SCTX_free(ASN1_SCTX *p) +-{ +- OPENSSL_free(p); +-} +- +-const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p) +-{ +- return p->it; +-} +- +-const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p) +-{ +- return p->tt; +-} +- +-unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p) +-{ +- return p->flags; +-} +- +-void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data) +-{ +- p->app_data = data; +-} +- +-void *ASN1_SCTX_get_app_data(ASN1_SCTX *p) +-{ +- return p->app_data; +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +index 98d9879..740e86d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c +@@ -1,50 +1,115 @@ ++/* tasn_typ.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + #include + #include + #include + + /* Declarations for string types */ + +-#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \ +- IMPLEMENT_ASN1_TYPE(sname) \ +- IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \ +-sname *sname##_new(void) \ +-{ \ +- return ASN1_STRING_type_new(V_##sname); \ +-} \ +-void sname##_free(sname *x) \ +-{ \ +- ASN1_STRING_free(x); \ +-} +- +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING) +-IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_INTEGER) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING) + + IMPLEMENT_ASN1_TYPE(ASN1_NULL) + IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL) + + IMPLEMENT_ASN1_TYPE(ASN1_OBJECT) + ++IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_T61STRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) ++ ++IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING) ++IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING) ++ + IMPLEMENT_ASN1_TYPE(ASN1_ANY) + + /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */ +diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c +index f79d7d6..e14889f 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c +@@ -1,20 +1,68 @@ ++/* tasn_utl.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include + #include + #include + #include + #include +-#include "asn1_locl.h" + + /* Utility functions for manipulating fields and offsets */ + +@@ -46,19 +94,16 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, + } + + /* +- * Do atomic reference counting. The value 'op' decides what to do. +- * If it is +1 then the count is incremented. +- * If |op| is 0, lock is initialised and count is set to 1. +- * If |op| is -1, count is decremented and the return value is the current +- * reference count or 0 if no reference count is active. +- * It returns -1 on initialisation error. +- * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects ++ * Do reference counting. The value 'op' decides what to do. if it is +1 ++ * then the count is incremented. If op is 0 count is set to 1. If op is -1 ++ * count is decremented and the return value is the current refrence count or ++ * 0 if no reference count exists. + */ ++ + int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) + { + const ASN1_AUX *aux; + int *lck, ret; +- CRYPTO_RWLOCK **lock; + if ((it->itype != ASN1_ITYPE_SEQUENCE) + && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) + return 0; +@@ -66,26 +111,18 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) + if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) + return 0; + lck = offset2ptr(*pval, aux->ref_offset); +- lock = offset2ptr(*pval, aux->ref_lock); + if (op == 0) { + *lck = 1; +- *lock = CRYPTO_THREAD_lock_new(); +- if (*lock == NULL) { +- ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE); +- return -1; +- } + return 1; + } +- if (CRYPTO_atomic_add(lck, op, &ret, *lock) < 0) +- return -1; /* failed */ ++ ret = CRYPTO_add(lck, op, aux->ref_lock); + #ifdef REF_PRINT +- fprintf(stderr, "%p:%4d:%s\n", it, *lck, it->sname); ++ fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); ++#endif ++#ifdef REF_CHECK ++ if (ret < 0) ++ fprintf(stderr, "%s, bad reference count\n", it->sname); + #endif +- REF_ASSERT_ISNT(ret < 0); +- if (ret == 0) { +- CRYPTO_THREAD_lock_free(*lock); +- *lock = NULL; +- } + return ret; + } + +@@ -116,7 +153,8 @@ void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) + ASN1_ENCODING *enc; + enc = asn1_get_enc_ptr(pval, it); + if (enc) { +- OPENSSL_free(enc->enc); ++ if (enc->enc) ++ OPENSSL_free(enc->enc); + enc->enc = NULL; + enc->len = 0; + enc->modified = 1; +@@ -131,9 +169,10 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + if (!enc) + return 1; + +- OPENSSL_free(enc->enc); ++ if (enc->enc) ++ OPENSSL_free(enc->enc); + enc->enc = OPENSSL_malloc(inlen); +- if (enc->enc == NULL) ++ if (!enc->enc) + return 0; + memcpy(enc->enc, in, inlen); + enc->len = inlen; +@@ -162,6 +201,8 @@ int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, + ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) + { + ASN1_VALUE **pvaltmp; ++ if (tt->flags & ASN1_TFLG_COMBINE) ++ return pval; + pvaltmp = offset2ptr(*pval, tt->offset); + /* + * NOTE for BOOLEAN types the field is just a plain int so we can't +@@ -208,12 +249,6 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + else + selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); + +- /* Let application callback translate value */ +- if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) { +- ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); +- return NULL; +- } +- + /* + * Try to find matching entry in table Maybe should check application + * types first to allow application override? Might also be useful to +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +index 72378db..fd7d16d 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c +@@ -1,17 +1,66 @@ ++/* x_algor.c */ + /* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include + #include +-#include "internal/evp_int.h" + + ASN1_SEQUENCE(X509_ALGOR) = { + ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), +@@ -26,6 +75,9 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS) + IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) + ++IMPLEMENT_STACK_OF(X509_ALGOR) ++IMPLEMENT_ASN1_SET_OF(X509_ALGOR) ++ + int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) + { + if (!alg) +@@ -37,21 +89,24 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) + return 0; + } + if (alg) { +- ASN1_OBJECT_free(alg->algorithm); ++ if (alg->algorithm) ++ ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = aobj; + } + if (ptype == 0) + return 1; + if (ptype == V_ASN1_UNDEF) { +- ASN1_TYPE_free(alg->parameter); +- alg->parameter = NULL; ++ if (alg->parameter) { ++ ASN1_TYPE_free(alg->parameter); ++ alg->parameter = NULL; ++ } + } else + ASN1_TYPE_set(alg->parameter, ptype, pval); + return 1; + } + +-void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, +- const void **ppval, const X509_ALGOR *algor) ++void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, ++ X509_ALGOR *algor) + { + if (paobj) + *paobj = algor->algorithm; +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c +new file mode 100644 +index 0000000..93ef53b +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c +@@ -0,0 +1,124 @@ ++/* crypto/asn1/x_attrib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++/*- ++ * X509_ATTRIBUTE: this has the following form: ++ * ++ * typedef struct x509_attributes_st ++ * { ++ * ASN1_OBJECT *object; ++ * int single; ++ * union { ++ * char *ptr; ++ * STACK_OF(ASN1_TYPE) *set; ++ * ASN1_TYPE *single; ++ * } value; ++ * } X509_ATTRIBUTE; ++ * ++ * this needs some extra thought because the CHOICE type is ++ * merged with the main structure and because the value can ++ * be anything at all we *must* try the SET OF first because ++ * the ASN1_ANY type will swallow anything including the whole ++ * SET OF structure. ++ */ ++ ++ASN1_CHOICE(X509_ATTRIBUTE_SET) = { ++ ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), ++ ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) ++} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single) ++ ++ASN1_SEQUENCE(X509_ATTRIBUTE) = { ++ ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), ++ /* CHOICE type merged with parent */ ++ ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) ++} ASN1_SEQUENCE_END(X509_ATTRIBUTE) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) ++ ++X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) ++{ ++ X509_ATTRIBUTE *ret = NULL; ++ ASN1_TYPE *val = NULL; ++ ++ if ((ret = X509_ATTRIBUTE_new()) == NULL) ++ return (NULL); ++ ret->object = OBJ_nid2obj(nid); ++ ret->single = 0; ++ if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) ++ goto err; ++ if ((val = ASN1_TYPE_new()) == NULL) ++ goto err; ++ if (!sk_ASN1_TYPE_push(ret->value.set, val)) ++ goto err; ++ ++ ASN1_TYPE_set(val, atrtype, value); ++ return (ret); ++ err: ++ if (ret != NULL) ++ X509_ATTRIBUTE_free(ret); ++ if (val != NULL) ++ ASN1_TYPE_free(val); ++ return (NULL); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c +index da57e77..c644199 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c +@@ -1,14 +1,64 @@ ++/* x_bignum.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -22,15 +72,12 @@ + #define BN_SENSITIVE 1 + + static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +-static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it); + static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); + + static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it); + static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it); +-static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, +- int utype, char *free_cont, const ASN1_ITEM *it); + static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, + int indent, const ASN1_PCTX *pctx); + +@@ -44,37 +91,18 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = { + bn_print + }; + +-static ASN1_PRIMITIVE_FUNCS cbignum_pf = { +- NULL, 0, +- bn_secure_new, +- bn_free, +- 0, +- bn_secure_c2i, +- bn_i2c, +- bn_print +-}; +- + ASN1_ITEM_start(BIGNUM) + ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" + ASN1_ITEM_end(BIGNUM) + + ASN1_ITEM_start(CBIGNUM) +- ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM" ++ ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" + ASN1_ITEM_end(CBIGNUM) + + static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) + { + *pval = (ASN1_VALUE *)BN_new(); +- if (*pval != NULL) +- return 1; +- else +- return 0; +-} +- +-static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +-{ +- *pval = (ASN1_VALUE *)BN_secure_new(); +- if (*pval != NULL) ++ if (*pval) + return 1; + else + return 0; +@@ -127,14 +155,6 @@ static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + return 1; + } + +-static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, +- int utype, char *free_cont, const ASN1_ITEM *it) +-{ +- if (!*pval) +- bn_secure_new(pval, it); +- return bn_c2i(pval, cont, len, utype, free_cont, it); +-} +- + static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, + int indent, const ASN1_PCTX *pctx) + { +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +new file mode 100644 +index 0000000..c78ded8 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c +@@ -0,0 +1,518 @@ ++/* crypto/asn1/x_crl.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include "asn1_locl.h" ++#include ++#include ++ ++static int X509_REVOKED_cmp(const X509_REVOKED *const *a, ++ const X509_REVOKED *const *b); ++static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); ++ ++ASN1_SEQUENCE(X509_REVOKED) = { ++ ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), ++ ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) ++} ASN1_SEQUENCE_END(X509_REVOKED) ++ ++static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); ++static int def_crl_lookup(X509_CRL *crl, ++ X509_REVOKED **ret, ASN1_INTEGER *serial, ++ X509_NAME *issuer); ++ ++static X509_CRL_METHOD int_crl_meth = { ++ 0, ++ 0, 0, ++ def_crl_lookup, ++ def_crl_verify ++}; ++ ++static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; ++ ++/* ++ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache ++ * the original encoding the signature wont be affected by reordering of the ++ * revoked field. ++ */ ++static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; ++ ++ if (!a || !a->revoked) ++ return 1; ++ switch (operation) { ++ /* ++ * Just set cmp function here. We don't sort because that would ++ * affect the output of X509_CRL_print(). ++ */ ++ case ASN1_OP_D2I_POST: ++ (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); ++ break; ++ } ++ return 1; ++} ++ ++ ++ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { ++ ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), ++ ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), ++ ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), ++ ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), ++ ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) ++} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) ++ ++/* ++ * Set CRL entry issuer according to CRL certificate issuer extension. Check ++ * for unhandled critical CRL entry extensions. ++ */ ++ ++static int crl_set_issuers(X509_CRL *crl) ++{ ++ ++ int i, j; ++ GENERAL_NAMES *gens, *gtmp; ++ STACK_OF(X509_REVOKED) *revoked; ++ ++ revoked = X509_CRL_get_REVOKED(crl); ++ ++ gens = NULL; ++ for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { ++ X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); ++ STACK_OF(X509_EXTENSION) *exts; ++ ASN1_ENUMERATED *reason; ++ X509_EXTENSION *ext; ++ gtmp = X509_REVOKED_get_ext_d2i(rev, ++ NID_certificate_issuer, &j, NULL); ++ if (!gtmp && (j != -1)) { ++ crl->flags |= EXFLAG_INVALID; ++ return 1; ++ } ++ ++ if (gtmp) { ++ gens = gtmp; ++ if (!crl->issuers) { ++ crl->issuers = sk_GENERAL_NAMES_new_null(); ++ if (!crl->issuers) ++ return 0; ++ } ++ if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) ++ return 0; ++ } ++ rev->issuer = gens; ++ ++ reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL); ++ if (!reason && (j != -1)) { ++ crl->flags |= EXFLAG_INVALID; ++ return 1; ++ } ++ ++ if (reason) { ++ rev->reason = ASN1_ENUMERATED_get(reason); ++ ASN1_ENUMERATED_free(reason); ++ } else ++ rev->reason = CRL_REASON_NONE; ++ ++ /* Check for critical CRL entry extensions */ ++ ++ exts = rev->extensions; ++ ++ for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { ++ ext = sk_X509_EXTENSION_value(exts, j); ++ if (ext->critical > 0) { ++ if (OBJ_obj2nid(ext->object) == NID_certificate_issuer) ++ continue; ++ crl->flags |= EXFLAG_CRITICAL; ++ break; ++ } ++ } ++ ++ } ++ ++ return 1; ++ ++} ++ ++/* ++ * The X509_CRL structure needs a bit of customisation. Cache some extensions ++ * and hash of the whole CRL. ++ */ ++static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ X509_CRL *crl = (X509_CRL *)*pval; ++ STACK_OF(X509_EXTENSION) *exts; ++ X509_EXTENSION *ext; ++ int idx; ++ ++ switch (operation) { ++ case ASN1_OP_NEW_POST: ++ crl->idp = NULL; ++ crl->akid = NULL; ++ crl->flags = 0; ++ crl->idp_flags = 0; ++ crl->idp_reasons = CRLDP_ALL_REASONS; ++ crl->meth = default_crl_method; ++ crl->meth_data = NULL; ++ crl->issuers = NULL; ++ crl->crl_number = NULL; ++ crl->base_crl_number = NULL; ++ break; ++ ++ case ASN1_OP_D2I_POST: ++#ifndef OPENSSL_NO_SHA ++ X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); ++#endif ++ crl->idp = X509_CRL_get_ext_d2i(crl, ++ NID_issuing_distribution_point, NULL, ++ NULL); ++ if (crl->idp) ++ setup_idp(crl, crl->idp); ++ ++ crl->akid = X509_CRL_get_ext_d2i(crl, ++ NID_authority_key_identifier, NULL, ++ NULL); ++ ++ crl->crl_number = X509_CRL_get_ext_d2i(crl, ++ NID_crl_number, NULL, NULL); ++ ++ crl->base_crl_number = X509_CRL_get_ext_d2i(crl, ++ NID_delta_crl, NULL, ++ NULL); ++ /* Delta CRLs must have CRL number */ ++ if (crl->base_crl_number && !crl->crl_number) ++ crl->flags |= EXFLAG_INVALID; ++ ++ /* ++ * See if we have any unhandled critical CRL extensions and indicate ++ * this in a flag. We only currently handle IDP so anything else ++ * critical sets the flag. This code accesses the X509_CRL structure ++ * directly: applications shouldn't do this. ++ */ ++ ++ exts = crl->crl->extensions; ++ ++ for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { ++ int nid; ++ ++ ext = sk_X509_EXTENSION_value(exts, idx); ++ nid = OBJ_obj2nid(ext->object); ++ if (nid == NID_freshest_crl) ++ crl->flags |= EXFLAG_FRESHEST; ++ if (ext->critical > 0) { ++ /* We handle IDP and deltas */ ++ if ((nid == NID_issuing_distribution_point) ++ || (nid == NID_authority_key_identifier) ++ || (nid == NID_delta_crl)) ++ continue; ++ crl->flags |= EXFLAG_CRITICAL; ++ break; ++ } ++ } ++ ++ if (!crl_set_issuers(crl)) ++ return 0; ++ ++ if (crl->meth->crl_init) { ++ if (crl->meth->crl_init(crl) == 0) ++ return 0; ++ } ++ break; ++ ++ case ASN1_OP_FREE_POST: ++ if (crl->meth->crl_free) { ++ if (!crl->meth->crl_free(crl)) ++ return 0; ++ } ++ if (crl->akid) ++ AUTHORITY_KEYID_free(crl->akid); ++ if (crl->idp) ++ ISSUING_DIST_POINT_free(crl->idp); ++ ASN1_INTEGER_free(crl->crl_number); ++ ASN1_INTEGER_free(crl->base_crl_number); ++ sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); ++ break; ++ } ++ return 1; ++} ++ ++/* Convert IDP into a more convenient form */ ++ ++static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) ++{ ++ int idp_only = 0; ++ /* Set various flags according to IDP */ ++ crl->idp_flags |= IDP_PRESENT; ++ if (idp->onlyuser > 0) { ++ idp_only++; ++ crl->idp_flags |= IDP_ONLYUSER; ++ } ++ if (idp->onlyCA > 0) { ++ idp_only++; ++ crl->idp_flags |= IDP_ONLYCA; ++ } ++ if (idp->onlyattr > 0) { ++ idp_only++; ++ crl->idp_flags |= IDP_ONLYATTR; ++ } ++ ++ if (idp_only > 1) ++ crl->idp_flags |= IDP_INVALID; ++ ++ if (idp->indirectCRL > 0) ++ crl->idp_flags |= IDP_INDIRECT; ++ ++ if (idp->onlysomereasons) { ++ crl->idp_flags |= IDP_REASONS; ++ if (idp->onlysomereasons->length > 0) ++ crl->idp_reasons = idp->onlysomereasons->data[0]; ++ if (idp->onlysomereasons->length > 1) ++ crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8); ++ crl->idp_reasons &= CRLDP_ALL_REASONS; ++ } ++ ++ DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); ++} ++ ++ASN1_SEQUENCE_ref(X509_CRL, crl_cb, CRYPTO_LOCK_X509_CRL) = { ++ ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), ++ ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) ++} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) ++ ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) ++ ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) ++ ++static int X509_REVOKED_cmp(const X509_REVOKED *const *a, ++ const X509_REVOKED *const *b) ++{ ++ return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber, ++ (ASN1_STRING *)(*b)->serialNumber)); ++} ++ ++int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) ++{ ++ X509_CRL_INFO *inf; ++ inf = crl->crl; ++ if (!inf->revoked) ++ inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); ++ if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { ++ ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ inf->enc.modified = 1; ++ return 1; ++} ++ ++int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) ++{ ++ if (crl->meth->crl_verify) ++ return crl->meth->crl_verify(crl, r); ++ return 0; ++} ++ ++int X509_CRL_get0_by_serial(X509_CRL *crl, ++ X509_REVOKED **ret, ASN1_INTEGER *serial) ++{ ++ if (crl->meth->crl_lookup) ++ return crl->meth->crl_lookup(crl, ret, serial, NULL); ++ return 0; ++} ++ ++int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) ++{ ++ if (crl->meth->crl_lookup) ++ return crl->meth->crl_lookup(crl, ret, ++ X509_get_serialNumber(x), ++ X509_get_issuer_name(x)); ++ return 0; ++} ++ ++static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) ++{ ++ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), ++ crl->sig_alg, crl->signature, crl->crl, r)); ++} ++ ++static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, ++ X509_REVOKED *rev) ++{ ++ int i; ++ ++ if (!rev->issuer) { ++ if (!nm) ++ return 1; ++ if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) ++ return 1; ++ return 0; ++ } ++ ++ if (!nm) ++ nm = X509_CRL_get_issuer(crl); ++ ++ for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { ++ GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); ++ if (gen->type != GEN_DIRNAME) ++ continue; ++ if (!X509_NAME_cmp(nm, gen->d.directoryName)) ++ return 1; ++ } ++ return 0; ++ ++} ++ ++static int def_crl_lookup(X509_CRL *crl, ++ X509_REVOKED **ret, ASN1_INTEGER *serial, ++ X509_NAME *issuer) ++{ ++ X509_REVOKED rtmp, *rev; ++ int idx; ++ rtmp.serialNumber = serial; ++ /* ++ * Sort revoked into serial number order if not already sorted. Do this ++ * under a lock to avoid race condition. ++ */ ++ if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); ++ sk_X509_REVOKED_sort(crl->crl->revoked); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); ++ } ++ idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); ++ if (idx < 0) ++ return 0; ++ /* Need to look for matching name */ ++ for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) { ++ rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); ++ if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) ++ return 0; ++ if (crl_revoked_issuer_match(crl, issuer, rev)) { ++ if (ret) ++ *ret = rev; ++ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) ++ return 2; ++ return 1; ++ } ++ } ++ return 0; ++} ++ ++void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) ++{ ++ if (meth == NULL) ++ default_crl_method = &int_crl_meth; ++ else ++ default_crl_method = meth; ++} ++ ++X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), ++ int (*crl_free) (X509_CRL *crl), ++ int (*crl_lookup) (X509_CRL *crl, ++ X509_REVOKED **ret, ++ ASN1_INTEGER *ser, ++ X509_NAME *issuer), ++ int (*crl_verify) (X509_CRL *crl, ++ EVP_PKEY *pk)) ++{ ++ X509_CRL_METHOD *m; ++ m = OPENSSL_malloc(sizeof(X509_CRL_METHOD)); ++ if (!m) ++ return NULL; ++ m->crl_init = crl_init; ++ m->crl_free = crl_free; ++ m->crl_lookup = crl_lookup; ++ m->crl_verify = crl_verify; ++ m->flags = X509_CRL_METHOD_DYNAMIC; ++ return m; ++} ++ ++void X509_CRL_METHOD_free(X509_CRL_METHOD *m) ++{ ++ if (!(m->flags & X509_CRL_METHOD_DYNAMIC)) ++ return; ++ OPENSSL_free(m); ++} ++ ++void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) ++{ ++ crl->meth_data = dat; ++} ++ ++void *X509_CRL_get_meth_data(X509_CRL *crl) ++{ ++ return crl->meth_data; ++} ++ ++IMPLEMENT_STACK_OF(X509_REVOKED) ++ ++IMPLEMENT_ASN1_SET_OF(X509_REVOKED) ++ ++IMPLEMENT_STACK_OF(X509_CRL) ++ ++IMPLEMENT_ASN1_SET_OF(X509_CRL) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c +new file mode 100644 +index 0000000..00a9580 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c +@@ -0,0 +1,77 @@ ++/* x_exten.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++ ++ASN1_SEQUENCE(X509_EXTENSION) = { ++ ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), ++ ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), ++ ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) ++} ASN1_SEQUENCE_END(X509_EXTENSION) ++ ++ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) ++ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) ++IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c +index 8d99f07..067fd72 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_info.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_info.c +@@ -1,39 +1,117 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/x_info.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + + X509_INFO *X509_INFO_new(void) + { +- X509_INFO *ret; ++ X509_INFO *ret = NULL; + +- ret = OPENSSL_zalloc(sizeof(*ret)); ++ ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); + if (ret == NULL) { + ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; ++ return (NULL); + } + +- return ret; ++ ret->enc_cipher.cipher = NULL; ++ ret->enc_len = 0; ++ ret->enc_data = NULL; ++ ++ ret->references = 1; ++ ret->x509 = NULL; ++ ret->crl = NULL; ++ ret->x_pkey = NULL; ++ return (ret); + } + + void X509_INFO_free(X509_INFO *x) + { ++ int i; ++ + if (x == NULL) + return; + +- X509_free(x->x509); +- X509_CRL_free(x->crl); +- X509_PKEY_free(x->x_pkey); +- OPENSSL_free(x->enc_data); ++ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO); ++#ifdef REF_PRINT ++ REF_PRINT("X509_INFO", x); ++#endif ++ if (i > 0) ++ return; ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "X509_INFO_free, bad reference count\n"); ++ abort(); ++ } ++#endif ++ ++ if (x->x509 != NULL) ++ X509_free(x->x509); ++ if (x->crl != NULL) ++ X509_CRL_free(x->crl); ++ if (x->x_pkey != NULL) ++ X509_PKEY_free(x->x_pkey); ++ if (x->enc_data != NULL) ++ OPENSSL_free(x->enc_data); + OPENSSL_free(x); + } ++ ++IMPLEMENT_STACK_OF(X509_INFO) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +index c284471..3aed44a 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_long.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_long.c +@@ -1,14 +1,64 @@ ++/* x_long.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -76,7 +126,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + * set. + */ + if (ltmp < 0) +- utmp = 0 - (unsigned long)ltmp - 1; ++ utmp = -ltmp - 1; + else + utmp = ltmp; + clen = BN_num_bits_word(utmp); +@@ -128,8 +178,8 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + } + ltmp = (long)utmp; + if (neg) { ++ ltmp++; + ltmp = -ltmp; +- ltmp--; + } + if (ltmp == it->size) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +new file mode 100644 +index 0000000..26378fd +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_name.c +@@ -0,0 +1,536 @@ ++/* crypto/asn1/x_name.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++#include ++#include "asn1_locl.h" ++ ++typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; ++DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) ++ ++/* ++ * Maximum length of X509_NAME: much larger than anything we should ++ * ever see in practice. ++ */ ++ ++#define X509_NAME_MAX (1024 * 1024) ++ ++static int x509_name_ex_d2i(ASN1_VALUE **val, ++ const unsigned char **in, long len, ++ const ASN1_ITEM *it, ++ int tag, int aclass, char opt, ASN1_TLC *ctx); ++ ++static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, ++ const ASN1_ITEM *it, int tag, int aclass); ++static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); ++static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); ++ ++static int x509_name_encode(X509_NAME *a); ++static int x509_name_canon(X509_NAME *a); ++static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in); ++static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname, ++ unsigned char **in); ++ ++static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, ++ int indent, ++ const char *fname, const ASN1_PCTX *pctx); ++ ++ASN1_SEQUENCE(X509_NAME_ENTRY) = { ++ ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), ++ ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) ++} ASN1_SEQUENCE_END(X509_NAME_ENTRY) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) ++ ++/* ++ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so ++ * declare two template wrappers for this ++ */ ++ ++ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) ++ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) ++ ++ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) ++ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) ++ ++/* ++ * Normally that's where it would end: we'd have two nested STACK structures ++ * representing the ASN1. Unfortunately X509_NAME uses a completely different ++ * form and caches encodings so we have to process the internal form and ++ * convert to the external form. ++ */ ++ ++const ASN1_EXTERN_FUNCS x509_name_ff = { ++ NULL, ++ x509_name_ex_new, ++ x509_name_ex_free, ++ 0, /* Default clear behaviour is OK */ ++ x509_name_ex_d2i, ++ x509_name_ex_i2d, ++ x509_name_ex_print ++}; ++ ++IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) ++ ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) ++ ++static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) ++{ ++ X509_NAME *ret = NULL; ++ ret = OPENSSL_malloc(sizeof(X509_NAME)); ++ if (!ret) ++ goto memerr; ++ if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) ++ goto memerr; ++ if ((ret->bytes = BUF_MEM_new()) == NULL) ++ goto memerr; ++ ret->canon_enc = NULL; ++ ret->canon_enclen = 0; ++ ret->modified = 1; ++ *val = (ASN1_VALUE *)ret; ++ return 1; ++ ++ memerr: ++ ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); ++ if (ret) { ++ if (ret->entries) ++ sk_X509_NAME_ENTRY_free(ret->entries); ++ OPENSSL_free(ret); ++ } ++ return 0; ++} ++ ++static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) ++{ ++ X509_NAME *a; ++ if (!pval || !*pval) ++ return; ++ a = (X509_NAME *)*pval; ++ ++ BUF_MEM_free(a->bytes); ++ sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); ++ if (a->canon_enc) ++ OPENSSL_free(a->canon_enc); ++ OPENSSL_free(a); ++ *pval = NULL; ++} ++ ++static int x509_name_ex_d2i(ASN1_VALUE **val, ++ const unsigned char **in, long len, ++ const ASN1_ITEM *it, int tag, int aclass, ++ char opt, ASN1_TLC *ctx) ++{ ++ const unsigned char *p = *in, *q; ++ union { ++ STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; ++ ASN1_VALUE *a; ++ } intname = { ++ NULL ++ }; ++ union { ++ X509_NAME *x; ++ ASN1_VALUE *a; ++ } nm = { ++ NULL ++ }; ++ int i, j, ret; ++ STACK_OF(X509_NAME_ENTRY) *entries; ++ X509_NAME_ENTRY *entry; ++ if (len > X509_NAME_MAX) ++ len = X509_NAME_MAX; ++ q = p; ++ ++ /* Get internal representation of Name */ ++ ret = ASN1_item_ex_d2i(&intname.a, ++ &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), ++ tag, aclass, opt, ctx); ++ ++ if (ret <= 0) ++ return ret; ++ ++ if (*val) ++ x509_name_ex_free(val, NULL); ++ if (!x509_name_ex_new(&nm.a, NULL)) ++ goto err; ++ /* We've decoded it: now cache encoding */ ++ if (!BUF_MEM_grow(nm.x->bytes, p - q)) ++ goto err; ++ memcpy(nm.x->bytes->data, q, p - q); ++ ++ /* Convert internal representation to X509_NAME structure */ ++ for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { ++ entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); ++ for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { ++ entry = sk_X509_NAME_ENTRY_value(entries, j); ++ entry->set = i; ++ if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) ++ goto err; ++ } ++ sk_X509_NAME_ENTRY_free(entries); ++ } ++ sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); ++ ret = x509_name_canon(nm.x); ++ if (!ret) ++ goto err; ++ nm.x->modified = 0; ++ *val = nm.a; ++ *in = p; ++ return ret; ++ err: ++ if (nm.x != NULL) ++ X509_NAME_free(nm.x); ++ ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); ++ return 0; ++} ++ ++static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, ++ const ASN1_ITEM *it, int tag, int aclass) ++{ ++ int ret; ++ X509_NAME *a = (X509_NAME *)*val; ++ if (a->modified) { ++ ret = x509_name_encode(a); ++ if (ret < 0) ++ return ret; ++ ret = x509_name_canon(a); ++ if (ret < 0) ++ return ret; ++ } ++ ret = a->bytes->length; ++ if (out != NULL) { ++ memcpy(*out, a->bytes->data, ret); ++ *out += ret; ++ } ++ return ret; ++} ++ ++static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) ++{ ++ sk_X509_NAME_ENTRY_free(ne); ++} ++ ++static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) ++{ ++ sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); ++} ++ ++static int x509_name_encode(X509_NAME *a) ++{ ++ union { ++ STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; ++ ASN1_VALUE *a; ++ } intname = { ++ NULL ++ }; ++ int len; ++ unsigned char *p; ++ STACK_OF(X509_NAME_ENTRY) *entries = NULL; ++ X509_NAME_ENTRY *entry; ++ int i, set = -1; ++ intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); ++ if (!intname.s) ++ goto memerr; ++ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { ++ entry = sk_X509_NAME_ENTRY_value(a->entries, i); ++ if (entry->set != set) { ++ entries = sk_X509_NAME_ENTRY_new_null(); ++ if (!entries) ++ goto memerr; ++ if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) ++ goto memerr; ++ set = entry->set; ++ } ++ if (!sk_X509_NAME_ENTRY_push(entries, entry)) ++ goto memerr; ++ } ++ len = ASN1_item_ex_i2d(&intname.a, NULL, ++ ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); ++ if (!BUF_MEM_grow(a->bytes, len)) ++ goto memerr; ++ p = (unsigned char *)a->bytes->data; ++ ASN1_item_ex_i2d(&intname.a, ++ &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); ++ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, ++ local_sk_X509_NAME_ENTRY_free); ++ a->modified = 0; ++ return len; ++ memerr: ++ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, ++ local_sk_X509_NAME_ENTRY_free); ++ ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); ++ return -1; ++} ++ ++static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, ++ int indent, ++ const char *fname, const ASN1_PCTX *pctx) ++{ ++ if (X509_NAME_print_ex(out, (X509_NAME *)*pval, ++ indent, pctx->nm_flags) <= 0) ++ return 0; ++ return 2; ++} ++ ++/* ++ * This function generates the canonical encoding of the Name structure. In ++ * it all strings are converted to UTF8, leading, trailing and multiple ++ * spaces collapsed, converted to lower case and the leading SEQUENCE header ++ * removed. In future we could also normalize the UTF8 too. By doing this ++ * comparison of Name structures can be rapidly perfomed by just using ++ * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name ++ * constraints of type dirName can also be checked with a simple memcmp(). ++ */ ++ ++static int x509_name_canon(X509_NAME *a) ++{ ++ unsigned char *p; ++ STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; ++ STACK_OF(X509_NAME_ENTRY) *entries = NULL; ++ X509_NAME_ENTRY *entry, *tmpentry = NULL; ++ int i, set = -1, ret = 0; ++ ++ if (a->canon_enc) { ++ OPENSSL_free(a->canon_enc); ++ a->canon_enc = NULL; ++ } ++ /* Special case: empty X509_NAME => null encoding */ ++ if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { ++ a->canon_enclen = 0; ++ return 1; ++ } ++ intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); ++ if (!intname) ++ goto err; ++ for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { ++ entry = sk_X509_NAME_ENTRY_value(a->entries, i); ++ if (entry->set != set) { ++ entries = sk_X509_NAME_ENTRY_new_null(); ++ if (!entries) ++ goto err; ++ if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) ++ goto err; ++ set = entry->set; ++ } ++ tmpentry = X509_NAME_ENTRY_new(); ++ if (!tmpentry) ++ goto err; ++ tmpentry->object = OBJ_dup(entry->object); ++ if (!asn1_string_canon(tmpentry->value, entry->value)) ++ goto err; ++ if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) ++ goto err; ++ tmpentry = NULL; ++ } ++ ++ /* Finally generate encoding */ ++ ++ a->canon_enclen = i2d_name_canon(intname, NULL); ++ ++ p = OPENSSL_malloc(a->canon_enclen); ++ ++ if (!p) ++ goto err; ++ ++ a->canon_enc = p; ++ ++ i2d_name_canon(intname, &p); ++ ++ ret = 1; ++ ++ err: ++ ++ if (tmpentry) ++ X509_NAME_ENTRY_free(tmpentry); ++ if (intname) ++ sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, ++ local_sk_X509_NAME_ENTRY_pop_free); ++ return ret; ++} ++ ++/* Bitmap of all the types of string that will be canonicalized. */ ++ ++#define ASN1_MASK_CANON \ ++ (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ ++ | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ ++ | B_ASN1_VISIBLESTRING) ++ ++static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) ++{ ++ unsigned char *to, *from; ++ int len, i; ++ ++ /* If type not in bitmask just copy string across */ ++ if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) { ++ if (!ASN1_STRING_copy(out, in)) ++ return 0; ++ return 1; ++ } ++ ++ out->type = V_ASN1_UTF8STRING; ++ out->length = ASN1_STRING_to_UTF8(&out->data, in); ++ if (out->length == -1) ++ return 0; ++ ++ to = out->data; ++ from = to; ++ ++ len = out->length; ++ ++ /* ++ * Convert string in place to canonical form. Ultimately we may need to ++ * handle a wider range of characters but for now ignore anything with ++ * MSB set and rely on the isspace() and tolower() functions. ++ */ ++ ++ /* Ignore leading spaces */ ++ while ((len > 0) && !(*from & 0x80) && isspace(*from)) { ++ from++; ++ len--; ++ } ++ ++ to = from + len - 1; ++ ++ /* Ignore trailing spaces */ ++ while ((len > 0) && !(*to & 0x80) && isspace(*to)) { ++ to--; ++ len--; ++ } ++ ++ to = out->data; ++ ++ i = 0; ++ while (i < len) { ++ /* If MSB set just copy across */ ++ if (*from & 0x80) { ++ *to++ = *from++; ++ i++; ++ } ++ /* Collapse multiple spaces */ ++ else if (isspace(*from)) { ++ /* Copy one space across */ ++ *to++ = ' '; ++ /* ++ * Ignore subsequent spaces. Note: don't need to check len here ++ * because we know the last character is a non-space so we can't ++ * overflow. ++ */ ++ do { ++ from++; ++ i++; ++ } ++ while (!(*from & 0x80) && isspace(*from)); ++ } else { ++ *to++ = tolower(*from); ++ from++; ++ i++; ++ } ++ } ++ ++ out->length = to - out->data; ++ ++ return 1; ++ ++} ++ ++static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, ++ unsigned char **in) ++{ ++ int i, len, ltmp; ++ ASN1_VALUE *v; ++ STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; ++ ++ len = 0; ++ for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { ++ v = sk_ASN1_VALUE_value(intname, i); ++ ltmp = ASN1_item_ex_i2d(&v, in, ++ ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); ++ if (ltmp < 0) ++ return ltmp; ++ len += ltmp; ++ } ++ return len; ++} ++ ++int X509_NAME_set(X509_NAME **xn, X509_NAME *name) ++{ ++ X509_NAME *in; ++ ++ if (!xn || !name) ++ return (0); ++ ++ if (*xn != name) { ++ in = X509_NAME_dup(name); ++ if (in != NULL) { ++ X509_NAME_free(*xn); ++ *xn = in; ++ } ++ } ++ return (*xn != NULL); ++} ++ ++IMPLEMENT_STACK_OF(X509_NAME_ENTRY) ++ ++IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c b/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c +new file mode 100644 +index 0000000..5aa0ed5 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_nx509.c +@@ -0,0 +1,72 @@ ++/* x_nx509.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include ++#include ++ ++/* Old netscape certificate wrapper format */ ++ ++ASN1_SEQUENCE(NETSCAPE_X509) = { ++ ASN1_SIMPLE(NETSCAPE_X509, header, ASN1_OCTET_STRING), ++ ASN1_OPT(NETSCAPE_X509, cert, X509) ++} ASN1_SEQUENCE_END(NETSCAPE_X509) ++ ++IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c +index 593049f..2da23e4 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c +@@ -1,47 +1,153 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/x_pkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include ++#include + #include + +-X509_PKEY *X509_PKEY_new(void) ++/* need to implement */ ++int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) + { +- X509_PKEY *ret = NULL; ++ return (0); ++} + +- ret = OPENSSL_zalloc(sizeof(*ret)); +- if (ret == NULL) +- goto err; ++X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length) ++{ ++ int i; ++ M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new); + +- ret->enc_algor = X509_ALGOR_new(); +- ret->enc_pkey = ASN1_OCTET_STRING_new(); +- if (ret->enc_algor == NULL || ret->enc_pkey == NULL) ++ M_ASN1_D2I_Init(); ++ M_ASN1_D2I_start_sequence(); ++ M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR); ++ M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey, d2i_ASN1_OCTET_STRING); ++ ++ ret->cipher.cipher = ++ EVP_get_cipherbyname(OBJ_nid2ln ++ (OBJ_obj2nid(ret->enc_algor->algorithm))); ++ if (ret->cipher.cipher == NULL) { ++ c.error = ASN1_R_UNSUPPORTED_CIPHER; ++ c.line = __LINE__; + goto err; ++ } ++ if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) { ++ i = ret->enc_algor->parameter->value.octet_string->length; ++ if (i > EVP_MAX_IV_LENGTH) { ++ c.error = ASN1_R_IV_TOO_LARGE; ++ c.line = __LINE__; ++ goto err; ++ } ++ memcpy(ret->cipher.iv, ++ ret->enc_algor->parameter->value.octet_string->data, i); ++ } else ++ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); ++ M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY); ++} + +- return ret; +-err: +- X509_PKEY_free(ret); +- ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; ++X509_PKEY *X509_PKEY_new(void) ++{ ++ X509_PKEY *ret = NULL; ++ ASN1_CTX c; ++ ++ M_ASN1_New_Malloc(ret, X509_PKEY); ++ ret->version = 0; ++ M_ASN1_New(ret->enc_algor, X509_ALGOR_new); ++ M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new); ++ ret->dec_pkey = NULL; ++ ret->key_length = 0; ++ ret->key_data = NULL; ++ ret->key_free = 0; ++ ret->cipher.cipher = NULL; ++ memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); ++ ret->references = 1; ++ return (ret); ++ M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); + } + + void X509_PKEY_free(X509_PKEY *x) + { ++ int i; ++ + if (x == NULL) + return; + +- X509_ALGOR_free(x->enc_algor); +- ASN1_OCTET_STRING_free(x->enc_pkey); +- EVP_PKEY_free(x->dec_pkey); +- if (x->key_free) ++ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY); ++#ifdef REF_PRINT ++ REF_PRINT("X509_PKEY", x); ++#endif ++ if (i > 0) ++ return; ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "X509_PKEY_free, bad reference count\n"); ++ abort(); ++ } ++#endif ++ ++ if (x->enc_algor != NULL) ++ X509_ALGOR_free(x->enc_algor); ++ if (x->enc_pkey != NULL) ++ M_ASN1_OCTET_STRING_free(x->enc_pkey); ++ if (x->dec_pkey != NULL) ++ EVP_PKEY_free(x->dec_pkey); ++ if ((x->key_data != NULL) && (x->key_free)) + OPENSSL_free(x->key_data); + OPENSSL_free(x); + } +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +new file mode 100644 +index 0000000..6c57a79 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c +@@ -0,0 +1,374 @@ ++/* crypto/asn1/x_pubkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include "asn1_locl.h" ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++ ++/* Minor tweak to operation: free up EVP_PKEY */ ++static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ if (operation == ASN1_OP_FREE_POST) { ++ X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; ++ EVP_PKEY_free(pubkey->pkey); ++ } ++ return 1; ++} ++ ++ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { ++ ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), ++ ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) ++} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) ++ ++int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) ++{ ++ X509_PUBKEY *pk = NULL; ++ ++ if (x == NULL) ++ return (0); ++ ++ if ((pk = X509_PUBKEY_new()) == NULL) ++ goto error; ++ ++ if (pkey->ameth) { ++ if (pkey->ameth->pub_encode) { ++ if (!pkey->ameth->pub_encode(pk, pkey)) { ++ X509err(X509_F_X509_PUBKEY_SET, ++ X509_R_PUBLIC_KEY_ENCODE_ERROR); ++ goto error; ++ } ++ } else { ++ X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED); ++ goto error; ++ } ++ } else { ++ X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM); ++ goto error; ++ } ++ ++ if (*x != NULL) ++ X509_PUBKEY_free(*x); ++ ++ *x = pk; ++ ++ return 1; ++ error: ++ if (pk != NULL) ++ X509_PUBKEY_free(pk); ++ return 0; ++} ++ ++EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) ++{ ++ EVP_PKEY *ret = NULL; ++ ++ if (key == NULL) ++ goto error; ++ ++ if (key->pkey != NULL) { ++ CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ return key->pkey; ++ } ++ ++ if (key->public_key == NULL) ++ goto error; ++ ++ if ((ret = EVP_PKEY_new()) == NULL) { ++ X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE); ++ goto error; ++ } ++ ++ if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { ++ X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM); ++ goto error; ++ } ++ ++ if (ret->ameth->pub_decode) { ++ if (!ret->ameth->pub_decode(ret, key)) { ++ X509err(X509_F_X509_PUBKEY_GET, X509_R_PUBLIC_KEY_DECODE_ERROR); ++ goto error; ++ } ++ } else { ++ X509err(X509_F_X509_PUBKEY_GET, X509_R_METHOD_NOT_SUPPORTED); ++ goto error; ++ } ++ ++ /* Check to see if another thread set key->pkey first */ ++ CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); ++ if (key->pkey) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ EVP_PKEY_free(ret); ++ ret = key->pkey; ++ } else { ++ key->pkey = ret; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); ++ } ++ CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ ++ return ret; ++ ++ error: ++ if (ret != NULL) ++ EVP_PKEY_free(ret); ++ return (NULL); ++} ++ ++/* ++ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or ++ * decode as X509_PUBKEY ++ */ ++ ++EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) ++{ ++ X509_PUBKEY *xpk; ++ EVP_PKEY *pktmp; ++ const unsigned char *q; ++ q = *pp; ++ xpk = d2i_X509_PUBKEY(NULL, &q, length); ++ if (!xpk) ++ return NULL; ++ pktmp = X509_PUBKEY_get(xpk); ++ X509_PUBKEY_free(xpk); ++ if (!pktmp) ++ return NULL; ++ *pp = q; ++ if (a) { ++ EVP_PKEY_free(*a); ++ *a = pktmp; ++ } ++ return pktmp; ++} ++ ++int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) ++{ ++ X509_PUBKEY *xpk = NULL; ++ int ret; ++ if (!a) ++ return 0; ++ if (!X509_PUBKEY_set(&xpk, a)) ++ return 0; ++ ret = i2d_X509_PUBKEY(xpk, pp); ++ X509_PUBKEY_free(xpk); ++ return ret; ++} ++ ++/* ++ * The following are equivalents but which return RSA and DSA keys ++ */ ++#ifndef OPENSSL_NO_RSA ++RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) ++{ ++ EVP_PKEY *pkey; ++ RSA *key; ++ const unsigned char *q; ++ q = *pp; ++ pkey = d2i_PUBKEY(NULL, &q, length); ++ if (!pkey) ++ return NULL; ++ key = EVP_PKEY_get1_RSA(pkey); ++ EVP_PKEY_free(pkey); ++ if (!key) ++ return NULL; ++ *pp = q; ++ if (a) { ++ RSA_free(*a); ++ *a = key; ++ } ++ return key; ++} ++ ++int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) ++{ ++ EVP_PKEY *pktmp; ++ int ret; ++ if (!a) ++ return 0; ++ pktmp = EVP_PKEY_new(); ++ if (!pktmp) { ++ ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ EVP_PKEY_set1_RSA(pktmp, a); ++ ret = i2d_PUBKEY(pktmp, pp); ++ EVP_PKEY_free(pktmp); ++ return ret; ++} ++#endif ++ ++#ifndef OPENSSL_NO_DSA ++DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) ++{ ++ EVP_PKEY *pkey; ++ DSA *key; ++ const unsigned char *q; ++ q = *pp; ++ pkey = d2i_PUBKEY(NULL, &q, length); ++ if (!pkey) ++ return NULL; ++ key = EVP_PKEY_get1_DSA(pkey); ++ EVP_PKEY_free(pkey); ++ if (!key) ++ return NULL; ++ *pp = q; ++ if (a) { ++ DSA_free(*a); ++ *a = key; ++ } ++ return key; ++} ++ ++int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) ++{ ++ EVP_PKEY *pktmp; ++ int ret; ++ if (!a) ++ return 0; ++ pktmp = EVP_PKEY_new(); ++ if (!pktmp) { ++ ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ EVP_PKEY_set1_DSA(pktmp, a); ++ ret = i2d_PUBKEY(pktmp, pp); ++ EVP_PKEY_free(pktmp); ++ return ret; ++} ++#endif ++ ++#ifndef OPENSSL_NO_EC ++EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) ++{ ++ EVP_PKEY *pkey; ++ EC_KEY *key; ++ const unsigned char *q; ++ q = *pp; ++ pkey = d2i_PUBKEY(NULL, &q, length); ++ if (!pkey) ++ return (NULL); ++ key = EVP_PKEY_get1_EC_KEY(pkey); ++ EVP_PKEY_free(pkey); ++ if (!key) ++ return (NULL); ++ *pp = q; ++ if (a) { ++ EC_KEY_free(*a); ++ *a = key; ++ } ++ return (key); ++} ++ ++int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) ++{ ++ EVP_PKEY *pktmp; ++ int ret; ++ if (!a) ++ return (0); ++ if ((pktmp = EVP_PKEY_new()) == NULL) { ++ ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ EVP_PKEY_set1_EC_KEY(pktmp, a); ++ ret = i2d_PUBKEY(pktmp, pp); ++ EVP_PKEY_free(pktmp); ++ return (ret); ++} ++#endif ++ ++int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, ++ int ptype, void *pval, ++ unsigned char *penc, int penclen) ++{ ++ if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) ++ return 0; ++ if (penc) { ++ if (pub->public_key->data) ++ OPENSSL_free(pub->public_key->data); ++ pub->public_key->data = penc; ++ pub->public_key->length = penclen; ++ /* Set number of unused bits to zero */ ++ pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); ++ pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; ++ } ++ return 1; ++} ++ ++int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, ++ const unsigned char **pk, int *ppklen, ++ X509_ALGOR **pa, X509_PUBKEY *pub) ++{ ++ if (ppkalg) ++ *ppkalg = pub->algor->algorithm; ++ if (pk) { ++ *pk = pub->public_key->data; ++ *ppklen = pub->public_key->length; ++ } ++ if (pa) ++ *pa = pub->algor; ++ return 1; ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +new file mode 100644 +index 0000000..ae293aa +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_req.c +@@ -0,0 +1,116 @@ ++/* crypto/asn1/x_req.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++ ++/*- ++ * X509_REQ_INFO is handled in an unusual way to get round ++ * invalid encodings. Some broken certificate requests don't ++ * encode the attributes field if it is empty. This is in ++ * violation of PKCS#10 but we need to tolerate it. We do ++ * this by making the attributes field OPTIONAL then using ++ * the callback to initialise it to an empty STACK. ++ * ++ * This means that the field will be correctly encoded unless ++ * we NULL out the field. ++ * ++ * As a result we no longer need the req_kludge field because ++ * the information is now contained in the attributes field: ++ * 1. If it is NULL then it's the invalid omission. ++ * 2. If it is empty it is the correct encoding. ++ * 3. If it is not empty then some attributes are present. ++ * ++ */ ++ ++static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; ++ ++ if (operation == ASN1_OP_NEW_POST) { ++ rinf->attributes = sk_X509_ATTRIBUTE_new_null(); ++ if (!rinf->attributes) ++ return 0; ++ } ++ return 1; ++} ++ ++ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { ++ ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), ++ ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), ++ /* This isn't really OPTIONAL but it gets round invalid ++ * encodings ++ */ ++ ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) ++} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) ++ ++ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = { ++ ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), ++ ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) ++} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) ++ ++IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c +index e465cf2..dd33720 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c +@@ -1,17 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/x_sig.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + + ASN1_SEQUENCE(X509_SIG) = { + ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), +@@ -19,21 +67,3 @@ ASN1_SEQUENCE(X509_SIG) = { + } ASN1_SEQUENCE_END(X509_SIG) + + IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) +- +-void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, +- const ASN1_OCTET_STRING **pdigest) +-{ +- if (palg) +- *palg = sig->algor; +- if (pdigest) +- *pdigest = sig->digest; +-} +- +-void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, +- ASN1_OCTET_STRING **pdigest) +-{ +- if (palg) +- *palg = sig->algor; +- if (pdigest) +- *pdigest = sig->digest; +-} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c +index c45400b..1df6b87 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/x_spki.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* +@@ -13,7 +62,7 @@ + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -26,7 +75,7 @@ IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) + + ASN1_SEQUENCE(NETSCAPE_SPKI) = { + ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), +- ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR), ++ ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), + ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) + } ASN1_SEQUENCE_END(NETSCAPE_SPKI) + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c +index d1f1d3b..ee75a1e 100644 +--- a/Cryptlib/OpenSSL/crypto/asn1/x_val.c ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_val.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/x_val.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +new file mode 100644 +index 0000000..aada4a8 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c +@@ -0,0 +1,289 @@ ++/* crypto/asn1/x_x509.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++ ++ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { ++ ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), ++ ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), ++ ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), ++ ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), ++ ASN1_SIMPLE(X509_CINF, validity, X509_VAL), ++ ASN1_SIMPLE(X509_CINF, subject, X509_NAME), ++ ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), ++ ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), ++ ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), ++ ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) ++} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) ++/* X509 top level structure needs a bit of customisation */ ++ ++extern void policy_cache_free(X509_POLICY_CACHE *cache); ++ ++static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ X509 *ret = (X509 *)*pval; ++ ++ switch (operation) { ++ ++ case ASN1_OP_NEW_POST: ++ ret->valid = 0; ++ ret->name = NULL; ++ ret->ex_flags = 0; ++ ret->ex_pathlen = -1; ++ ret->skid = NULL; ++ ret->akid = NULL; ++#ifndef OPENSSL_NO_RFC3779 ++ ret->rfc3779_addr = NULL; ++ ret->rfc3779_asid = NULL; ++#endif ++ ret->aux = NULL; ++ ret->crldp = NULL; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); ++ break; ++ ++ case ASN1_OP_D2I_POST: ++ if (ret->name != NULL) ++ OPENSSL_free(ret->name); ++ ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); ++ break; ++ ++ case ASN1_OP_FREE_POST: ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); ++ X509_CERT_AUX_free(ret->aux); ++ ASN1_OCTET_STRING_free(ret->skid); ++ AUTHORITY_KEYID_free(ret->akid); ++ CRL_DIST_POINTS_free(ret->crldp); ++ policy_cache_free(ret->policy_cache); ++ GENERAL_NAMES_free(ret->altname); ++ NAME_CONSTRAINTS_free(ret->nc); ++#ifndef OPENSSL_NO_RFC3779 ++ sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ++ ASIdentifiers_free(ret->rfc3779_asid); ++#endif ++ ++ if (ret->name != NULL) ++ OPENSSL_free(ret->name); ++ break; ++ ++ } ++ ++ return 1; ++ ++} ++ ++ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { ++ ASN1_SIMPLE(X509, cert_info, X509_CINF), ++ ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), ++ ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) ++} ASN1_SEQUENCE_END_ref(X509, X509) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509) ++ ++IMPLEMENT_ASN1_DUP_FUNCTION(X509) ++ ++int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, ++ new_func, dup_func, free_func); ++} ++ ++int X509_set_ex_data(X509 *r, int idx, void *arg) ++{ ++ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); ++} ++ ++void *X509_get_ex_data(X509 *r, int idx) ++{ ++ return (CRYPTO_get_ex_data(&r->ex_data, idx)); ++} ++ ++/* ++ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with ++ * extra info tagged on the end. Since these functions set how a certificate ++ * is trusted they should only be used when the certificate comes from a ++ * reliable source such as local storage. ++ */ ++ ++X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) ++{ ++ const unsigned char *q; ++ X509 *ret; ++ int freeret = 0; ++ ++ /* Save start position */ ++ q = *pp; ++ ++ if (!a || *a == NULL) { ++ freeret = 1; ++ } ++ ret = d2i_X509(a, &q, length); ++ /* If certificate unreadable then forget it */ ++ if (!ret) ++ return NULL; ++ /* update length */ ++ length -= q - *pp; ++ if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) ++ goto err; ++ *pp = q; ++ return ret; ++ err: ++ if (freeret) { ++ X509_free(ret); ++ if (a) ++ *a = NULL; ++ } ++ return NULL; ++} ++ ++/* ++ * Serialize trusted certificate to *pp or just return the required buffer ++ * length if pp == NULL. We ultimately want to avoid modifying *pp in the ++ * error path, but that depends on similar hygiene in lower-level functions. ++ * Here we avoid compounding the problem. ++ */ ++static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) ++{ ++ int length, tmplen; ++ unsigned char *start = pp != NULL ? *pp : NULL; ++ ++ OPENSSL_assert(pp == NULL || *pp != NULL); ++ ++ /* ++ * This might perturb *pp on error, but fixing that belongs in i2d_X509() ++ * not here. It should be that if a == NULL length is zero, but we check ++ * both just in case. ++ */ ++ length = i2d_X509(a, pp); ++ if (length <= 0 || a == NULL) ++ return length; ++ ++ tmplen = i2d_X509_CERT_AUX(a->aux, pp); ++ if (tmplen < 0) { ++ if (start != NULL) ++ *pp = start; ++ return tmplen; ++ } ++ length += tmplen; ++ ++ return length; ++} ++ ++/* ++ * Serialize trusted certificate to *pp, or just return the required buffer ++ * length if pp == NULL. ++ * ++ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since ++ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do ++ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the ++ * allocated buffer. ++ */ ++int i2d_X509_AUX(X509 *a, unsigned char **pp) ++{ ++ int length; ++ unsigned char *tmp; ++ ++ /* Buffer provided by caller */ ++ if (pp == NULL || *pp != NULL) ++ return i2d_x509_aux_internal(a, pp); ++ ++ /* Obtain the combined length */ ++ if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) ++ return length; ++ ++ /* Allocate requisite combined storage */ ++ *pp = tmp = OPENSSL_malloc(length); ++ if (tmp == NULL) ++ return -1; /* Push error onto error stack? */ ++ ++ /* Encode, but keep *pp at the originally malloced pointer */ ++ length = i2d_x509_aux_internal(a, &tmp); ++ if (length <= 0) { ++ OPENSSL_free(*pp); ++ *pp = NULL; ++ } ++ return length; ++} ++ ++int i2d_re_X509_tbs(X509 *x, unsigned char **pp) ++{ ++ x->cert_info->enc.modified = 1; ++ return i2d_X509_CINF(x->cert_info, pp); ++} ++ ++void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, ++ const X509 *x) ++{ ++ if (psig) ++ *psig = x->signature; ++ if (palg) ++ *palg = x->sig_alg; ++} ++ ++int X509_get_signature_nid(const X509 *x) ++{ ++ return OBJ_obj2nid(x->sig_alg->algorithm); ++} +diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c +new file mode 100644 +index 0000000..ad93592 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c +@@ -0,0 +1,196 @@ ++/* a_x509a.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++/* ++ * X509_CERT_AUX routines. These are used to encode additional user ++ * modifiable data about a certificate. This data is appended to the X509 ++ * encoding when the *_X509_AUX routines are used. This means that the ++ * "traditional" X509 routines will simply ignore the extra data. ++ */ ++ ++static X509_CERT_AUX *aux_get(X509 *x); ++ ++ASN1_SEQUENCE(X509_CERT_AUX) = { ++ ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), ++ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), ++ ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), ++ ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), ++ ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) ++} ASN1_SEQUENCE_END(X509_CERT_AUX) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) ++ ++static X509_CERT_AUX *aux_get(X509 *x) ++{ ++ if (!x) ++ return NULL; ++ if (!x->aux && !(x->aux = X509_CERT_AUX_new())) ++ return NULL; ++ return x->aux; ++} ++ ++int X509_alias_set1(X509 *x, unsigned char *name, int len) ++{ ++ X509_CERT_AUX *aux; ++ if (!name) { ++ if (!x || !x->aux || !x->aux->alias) ++ return 1; ++ ASN1_UTF8STRING_free(x->aux->alias); ++ x->aux->alias = NULL; ++ return 1; ++ } ++ if (!(aux = aux_get(x))) ++ return 0; ++ if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) ++ return 0; ++ return ASN1_STRING_set(aux->alias, name, len); ++} ++ ++int X509_keyid_set1(X509 *x, unsigned char *id, int len) ++{ ++ X509_CERT_AUX *aux; ++ if (!id) { ++ if (!x || !x->aux || !x->aux->keyid) ++ return 1; ++ ASN1_OCTET_STRING_free(x->aux->keyid); ++ x->aux->keyid = NULL; ++ return 1; ++ } ++ if (!(aux = aux_get(x))) ++ return 0; ++ if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) ++ return 0; ++ return ASN1_STRING_set(aux->keyid, id, len); ++} ++ ++unsigned char *X509_alias_get0(X509 *x, int *len) ++{ ++ if (!x->aux || !x->aux->alias) ++ return NULL; ++ if (len) ++ *len = x->aux->alias->length; ++ return x->aux->alias->data; ++} ++ ++unsigned char *X509_keyid_get0(X509 *x, int *len) ++{ ++ if (!x->aux || !x->aux->keyid) ++ return NULL; ++ if (len) ++ *len = x->aux->keyid->length; ++ return x->aux->keyid->data; ++} ++ ++int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) ++{ ++ X509_CERT_AUX *aux; ++ ASN1_OBJECT *objtmp; ++ if (!(objtmp = OBJ_dup(obj))) ++ return 0; ++ if (!(aux = aux_get(x))) ++ return 0; ++ if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null())) ++ return 0; ++ return sk_ASN1_OBJECT_push(aux->trust, objtmp); ++} ++ ++int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) ++{ ++ X509_CERT_AUX *aux; ++ ASN1_OBJECT *objtmp; ++ if (!(objtmp = OBJ_dup(obj))) ++ return 0; ++ if (!(aux = aux_get(x))) ++ goto err; ++ if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) ++ goto err; ++ return sk_ASN1_OBJECT_push(aux->reject, objtmp); ++ err: ++ ASN1_OBJECT_free(objtmp); ++ return 0; ++} ++ ++void X509_trust_clear(X509 *x) ++{ ++ if (x->aux && x->aux->trust) { ++ sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); ++ x->aux->trust = NULL; ++ } ++} ++ ++void X509_reject_clear(X509 *x) ++{ ++ if (x->aux && x->aux->reject) { ++ sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); ++ x->aux->reject = NULL; ++ } ++} ++ ++ASN1_SEQUENCE(X509_CERT_PAIR) = { ++ ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0), ++ ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1) ++} ASN1_SEQUENCE_END(X509_CERT_PAIR) ++ ++IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR) +diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_null.c b/Cryptlib/OpenSSL/crypto/async/arch/async_null.c +deleted file mode 100644 +index 3eaf170..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/arch/async_null.c ++++ /dev/null +@@ -1,23 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* This must be the first #include file */ +-#include "../async_locl.h" +- +-#ifdef ASYNC_NULL +-int ASYNC_is_capable(void) +-{ +- return 0; +-} +- +-void async_local_cleanup(void) +-{ +-} +-#endif +- +diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_null.h b/Cryptlib/OpenSSL/crypto/async/arch/async_null.h +deleted file mode 100644 +index aef40b5..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/arch/async_null.h ++++ /dev/null +@@ -1,30 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-/* +- * If we haven't managed to detect any other async architecture then we default +- * to NULL. +- */ +-#ifndef ASYNC_ARCH +-# define ASYNC_NULL +-# define ASYNC_ARCH +- +-typedef struct async_fibre_st { +- int dummy; +-} async_fibre; +- +- +-# define async_fibre_swapcontext(o,n,r) 0 +-# define async_fibre_makecontext(c) 0 +-# define async_fibre_free(f) +-# define async_fibre_init_dispatcher(f) +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.c b/Cryptlib/OpenSSL/crypto/async/arch/async_posix.c +deleted file mode 100644 +index 02c342d..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.c ++++ /dev/null +@@ -1,58 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* This must be the first #include file */ +-#include "../async_locl.h" +- +-#ifdef ASYNC_POSIX +- +-# include +-# include +- +-#define STACKSIZE 32768 +- +-int ASYNC_is_capable(void) +-{ +- ucontext_t ctx; +- +- /* +- * Some platforms provide getcontext() but it does not work (notably +- * MacOSX PPC64). Check for a working getcontext(); +- */ +- return getcontext(&ctx) == 0; +-} +- +-void async_local_cleanup(void) +-{ +-} +- +-int async_fibre_makecontext(async_fibre *fibre) +-{ +- fibre->env_init = 0; +- if (getcontext(&fibre->fibre) == 0) { +- fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE); +- if (fibre->fibre.uc_stack.ss_sp != NULL) { +- fibre->fibre.uc_stack.ss_size = STACKSIZE; +- fibre->fibre.uc_link = NULL; +- makecontext(&fibre->fibre, async_start_func, 0); +- return 1; +- } +- } else { +- fibre->fibre.uc_stack.ss_sp = NULL; +- } +- return 0; +-} +- +-void async_fibre_free(async_fibre *fibre) +-{ +- OPENSSL_free(fibre->fibre.uc_stack.ss_sp); +- fibre->fibre.uc_stack.ss_sp = NULL; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.h b/Cryptlib/OpenSSL/crypto/async/arch/async_posix.h +deleted file mode 100644 +index 3c61f7f..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/arch/async_posix.h ++++ /dev/null +@@ -1,58 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H +-#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H +-#include +- +-#if (defined(OPENSSL_SYS_UNIX) || defined(OPENSSL_SYS_CYGWIN)) \ +- && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \ +- && !defined(__ANDROID__) && !defined(__OpenBSD__) +- +-# include +- +-# if _POSIX_VERSION >= 200112L +- +-# include +- +-# define ASYNC_POSIX +-# define ASYNC_ARCH +- +-# include +-# include +-# include "e_os.h" +- +-typedef struct async_fibre_st { +- ucontext_t fibre; +- jmp_buf env; +- int env_init; +-} async_fibre; +- +-static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r) +-{ +- o->env_init = 1; +- +- if (!r || !_setjmp(o->env)) { +- if (n->env_init) +- _longjmp(n->env, 1); +- else +- setcontext(&n->fibre); +- } +- +- return 1; +-} +- +-# define async_fibre_init_dispatcher(d) +- +-int async_fibre_makecontext(async_fibre *fibre); +-void async_fibre_free(async_fibre *fibre); +- +-# endif +-#endif +-#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */ +diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_win.c b/Cryptlib/OpenSSL/crypto/async/arch/async_win.c +deleted file mode 100644 +index 077d56c..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/arch/async_win.c ++++ /dev/null +@@ -1,55 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* This must be the first #include file */ +-#include "../async_locl.h" +- +-#ifdef ASYNC_WIN +- +-# include +-# include "internal/cryptlib.h" +- +-int ASYNC_is_capable(void) +-{ +- return 1; +-} +- +-void async_local_cleanup(void) +-{ +- async_ctx *ctx = async_get_ctx(); +- if (ctx != NULL) { +- async_fibre *fibre = &ctx->dispatcher; +- if (fibre != NULL && fibre->fibre != NULL && fibre->converted) { +- ConvertFiberToThread(); +- fibre->fibre = NULL; +- } +- } +-} +- +-int async_fibre_init_dispatcher(async_fibre *fibre) +-{ +- fibre->fibre = ConvertThreadToFiber(NULL); +- if (fibre->fibre == NULL) { +- fibre->converted = 0; +- fibre->fibre = GetCurrentFiber(); +- if (fibre->fibre == NULL) +- return 0; +- } else { +- fibre->converted = 1; +- } +- +- return 1; +-} +- +-VOID CALLBACK async_start_func_win(PVOID unused) +-{ +- async_start_func(); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/async/arch/async_win.h b/Cryptlib/OpenSSL/crypto/async/arch/async_win.h +deleted file mode 100644 +index 61cfdd7..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/arch/async_win.h ++++ /dev/null +@@ -1,36 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * This is the same detection used in cryptlib to set up the thread local +- * storage that we depend on, so just copy that +- */ +-#if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC) +-#include +-# define ASYNC_WIN +-# define ASYNC_ARCH +- +-# include +-# include "internal/cryptlib.h" +- +-typedef struct async_fibre_st { +- LPVOID fibre; +- int converted; +-} async_fibre; +- +-# define async_fibre_swapcontext(o,n,r) \ +- (SwitchToFiber((n)->fibre), 1) +-# define async_fibre_makecontext(c) \ +- ((c)->fibre = CreateFiber(0, async_start_func_win, 0)) +-# define async_fibre_free(f) (DeleteFiber((f)->fibre)) +- +-int async_fibre_init_dispatcher(async_fibre *fibre); +-VOID CALLBACK async_start_func_win(PVOID unused); +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/async/async.c b/Cryptlib/OpenSSL/crypto/async/async.c +deleted file mode 100644 +index 8c699af..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/async.c ++++ /dev/null +@@ -1,433 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * Without this we start getting longjmp crashes because it thinks we're jumping +- * up the stack when in fact we are jumping to an entirely different stack. The +- * cost of this is not having certain buffer overrun/underrun checks etc for +- * this source file :-( +- */ +-#undef _FORTIFY_SOURCE +- +-/* This must be the first #include file */ +-#include "async_locl.h" +- +-#include +-#include +-#include +- +-#define ASYNC_JOB_RUNNING 0 +-#define ASYNC_JOB_PAUSING 1 +-#define ASYNC_JOB_PAUSED 2 +-#define ASYNC_JOB_STOPPING 3 +- +-static CRYPTO_THREAD_LOCAL ctxkey; +-static CRYPTO_THREAD_LOCAL poolkey; +- +-static void async_free_pool_internal(async_pool *pool); +- +-static async_ctx *async_ctx_new(void) +-{ +- async_ctx *nctx = NULL; +- +- nctx = OPENSSL_malloc(sizeof (async_ctx)); +- if (nctx == NULL) { +- ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- async_fibre_init_dispatcher(&nctx->dispatcher); +- nctx->currjob = NULL; +- nctx->blocked = 0; +- if (!CRYPTO_THREAD_set_local(&ctxkey, nctx)) +- goto err; +- +- return nctx; +-err: +- OPENSSL_free(nctx); +- +- return NULL; +-} +- +-async_ctx *async_get_ctx(void) +-{ +- if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) +- return NULL; +- +- return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey); +-} +- +-static int async_ctx_free(void) +-{ +- async_ctx *ctx; +- +- ctx = async_get_ctx(); +- +- if (!CRYPTO_THREAD_set_local(&ctxkey, NULL)) +- return 0; +- +- OPENSSL_free(ctx); +- +- return 1; +-} +- +-static ASYNC_JOB *async_job_new(void) +-{ +- ASYNC_JOB *job = NULL; +- +- job = OPENSSL_zalloc(sizeof (ASYNC_JOB)); +- if (job == NULL) { +- ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- job->status = ASYNC_JOB_RUNNING; +- +- return job; +-} +- +-static void async_job_free(ASYNC_JOB *job) +-{ +- if (job != NULL) { +- OPENSSL_free(job->funcargs); +- async_fibre_free(&job->fibrectx); +- OPENSSL_free(job); +- } +-} +- +-static ASYNC_JOB *async_get_pool_job(void) { +- ASYNC_JOB *job; +- async_pool *pool; +- +- pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); +- if (pool == NULL) { +- /* +- * Pool has not been initialised, so init with the defaults, i.e. +- * no max size and no pre-created jobs +- */ +- if (ASYNC_init_thread(0, 0) == 0) +- return NULL; +- pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); +- } +- +- job = sk_ASYNC_JOB_pop(pool->jobs); +- if (job == NULL) { +- /* Pool is empty */ +- if ((pool->max_size != 0) && (pool->curr_size >= pool->max_size)) +- return NULL; +- +- job = async_job_new(); +- if (job != NULL) { +- if (! async_fibre_makecontext(&job->fibrectx)) { +- async_job_free(job); +- return NULL; +- } +- pool->curr_size++; +- } +- } +- return job; +-} +- +-static void async_release_job(ASYNC_JOB *job) { +- async_pool *pool; +- +- pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey); +- OPENSSL_free(job->funcargs); +- job->funcargs = NULL; +- sk_ASYNC_JOB_push(pool->jobs, job); +-} +- +-void async_start_func(void) +-{ +- ASYNC_JOB *job; +- async_ctx *ctx = async_get_ctx(); +- +- while (1) { +- /* Run the job */ +- job = ctx->currjob; +- job->ret = job->func(job->funcargs); +- +- /* Stop the job */ +- job->status = ASYNC_JOB_STOPPING; +- if (!async_fibre_swapcontext(&job->fibrectx, +- &ctx->dispatcher, 1)) { +- /* +- * Should not happen. Getting here will close the thread...can't do +- * much about it +- */ +- ASYNCerr(ASYNC_F_ASYNC_START_FUNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT); +- } +- } +-} +- +-int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret, +- int (*func)(void *), void *args, size_t size) +-{ +- async_ctx *ctx = async_get_ctx(); +- if (ctx == NULL) +- ctx = async_ctx_new(); +- if (ctx == NULL) { +- return ASYNC_ERR; +- } +- +- if (*job) { +- ctx->currjob = *job; +- } +- +- for (;;) { +- if (ctx->currjob != NULL) { +- if (ctx->currjob->status == ASYNC_JOB_STOPPING) { +- *ret = ctx->currjob->ret; +- ctx->currjob->waitctx = NULL; +- async_release_job(ctx->currjob); +- ctx->currjob = NULL; +- *job = NULL; +- return ASYNC_FINISH; +- } +- +- if (ctx->currjob->status == ASYNC_JOB_PAUSING) { +- *job = ctx->currjob; +- ctx->currjob->status = ASYNC_JOB_PAUSED; +- ctx->currjob = NULL; +- return ASYNC_PAUSE; +- } +- +- if (ctx->currjob->status == ASYNC_JOB_PAUSED) { +- ctx->currjob = *job; +- /* Resume previous job */ +- if (!async_fibre_swapcontext(&ctx->dispatcher, +- &ctx->currjob->fibrectx, 1)) { +- ASYNCerr(ASYNC_F_ASYNC_START_JOB, +- ASYNC_R_FAILED_TO_SWAP_CONTEXT); +- goto err; +- } +- continue; +- } +- +- /* Should not happen */ +- ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_INTERNAL_ERROR); +- async_release_job(ctx->currjob); +- ctx->currjob = NULL; +- *job = NULL; +- return ASYNC_ERR; +- } +- +- /* Start a new job */ +- if ((ctx->currjob = async_get_pool_job()) == NULL) { +- return ASYNC_NO_JOBS; +- } +- +- if (args != NULL) { +- ctx->currjob->funcargs = OPENSSL_malloc(size); +- if (ctx->currjob->funcargs == NULL) { +- ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_MALLOC_FAILURE); +- async_release_job(ctx->currjob); +- ctx->currjob = NULL; +- return ASYNC_ERR; +- } +- memcpy(ctx->currjob->funcargs, args, size); +- } else { +- ctx->currjob->funcargs = NULL; +- } +- +- ctx->currjob->func = func; +- ctx->currjob->waitctx = wctx; +- if (!async_fibre_swapcontext(&ctx->dispatcher, +- &ctx->currjob->fibrectx, 1)) { +- ASYNCerr(ASYNC_F_ASYNC_START_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT); +- goto err; +- } +- } +- +-err: +- async_release_job(ctx->currjob); +- ctx->currjob = NULL; +- *job = NULL; +- return ASYNC_ERR; +-} +- +-int ASYNC_pause_job(void) +-{ +- ASYNC_JOB *job; +- async_ctx *ctx = async_get_ctx(); +- +- if (ctx == NULL +- || ctx->currjob == NULL +- || ctx->blocked) { +- /* +- * Could be we've deliberately not been started within a job so this is +- * counted as success. +- */ +- return 1; +- } +- +- job = ctx->currjob; +- job->status = ASYNC_JOB_PAUSING; +- +- if (!async_fibre_swapcontext(&job->fibrectx, +- &ctx->dispatcher, 1)) { +- ASYNCerr(ASYNC_F_ASYNC_PAUSE_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT); +- return 0; +- } +- /* Reset counts of added and deleted fds */ +- async_wait_ctx_reset_counts(job->waitctx); +- +- return 1; +-} +- +-static void async_empty_pool(async_pool *pool) +-{ +- ASYNC_JOB *job; +- +- if (!pool || !pool->jobs) +- return; +- +- do { +- job = sk_ASYNC_JOB_pop(pool->jobs); +- async_job_free(job); +- } while (job); +-} +- +-int async_init(void) +-{ +- if (!CRYPTO_THREAD_init_local(&ctxkey, NULL)) +- return 0; +- +- if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) { +- CRYPTO_THREAD_cleanup_local(&ctxkey); +- return 0; +- } +- +- return 1; +-} +- +-void async_deinit(void) +-{ +- CRYPTO_THREAD_cleanup_local(&ctxkey); +- CRYPTO_THREAD_cleanup_local(&poolkey); +-} +- +-int ASYNC_init_thread(size_t max_size, size_t init_size) +-{ +- async_pool *pool; +- size_t curr_size = 0; +- +- if (init_size > max_size) { +- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_INVALID_POOL_SIZE); +- return 0; +- } +- +- if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) { +- return 0; +- } +- if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) { +- return 0; +- } +- +- pool = OPENSSL_zalloc(sizeof *pool); +- if (pool == NULL) { +- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- pool->jobs = sk_ASYNC_JOB_new_null(); +- if (pool->jobs == NULL) { +- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(pool); +- return 0; +- } +- +- pool->max_size = max_size; +- +- /* Pre-create jobs as required */ +- while (init_size--) { +- ASYNC_JOB *job; +- job = async_job_new(); +- if (job == NULL || !async_fibre_makecontext(&job->fibrectx)) { +- /* +- * Not actually fatal because we already created the pool, just +- * skip creation of any more jobs +- */ +- async_job_free(job); +- break; +- } +- job->funcargs = NULL; +- sk_ASYNC_JOB_push(pool->jobs, job); +- curr_size++; +- } +- pool->curr_size = curr_size; +- if (!CRYPTO_THREAD_set_local(&poolkey, pool)) { +- ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_FAILED_TO_SET_POOL); +- goto err; +- } +- +- return 1; +-err: +- async_free_pool_internal(pool); +- return 0; +-} +- +-static void async_free_pool_internal(async_pool *pool) +-{ +- if (pool == NULL) +- return; +- +- async_empty_pool(pool); +- sk_ASYNC_JOB_free(pool->jobs); +- OPENSSL_free(pool); +- CRYPTO_THREAD_set_local(&poolkey, NULL); +- async_local_cleanup(); +- async_ctx_free(); +-} +- +-void ASYNC_cleanup_thread(void) +-{ +- async_free_pool_internal((async_pool *)CRYPTO_THREAD_get_local(&poolkey)); +-} +- +-ASYNC_JOB *ASYNC_get_current_job(void) +-{ +- async_ctx *ctx; +- +- ctx = async_get_ctx(); +- if (ctx == NULL) +- return NULL; +- +- return ctx->currjob; +-} +- +-ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job) +-{ +- return job->waitctx; +-} +- +-void ASYNC_block_pause(void) +-{ +- async_ctx *ctx = async_get_ctx(); +- if (ctx == NULL || ctx->currjob == NULL) { +- /* +- * We're not in a job anyway so ignore this +- */ +- return; +- } +- ctx->blocked++; +-} +- +-void ASYNC_unblock_pause(void) +-{ +- async_ctx *ctx = async_get_ctx(); +- if (ctx == NULL || ctx->currjob == NULL) { +- /* +- * We're not in a job anyway so ignore this +- */ +- return; +- } +- if (ctx->blocked > 0) +- ctx->blocked--; +-} +diff --git a/Cryptlib/OpenSSL/crypto/async/async_err.c b/Cryptlib/OpenSSL/crypto/async/async_err.c +deleted file mode 100644 +index ae97e96..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/async_err.c ++++ /dev/null +@@ -1,51 +0,0 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASYNC,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASYNC,0,reason) +- +-static ERR_STRING_DATA ASYNC_str_functs[] = { +- {ERR_FUNC(ASYNC_F_ASYNC_CTX_NEW), "async_ctx_new"}, +- {ERR_FUNC(ASYNC_F_ASYNC_INIT_THREAD), "ASYNC_init_thread"}, +- {ERR_FUNC(ASYNC_F_ASYNC_JOB_NEW), "async_job_new"}, +- {ERR_FUNC(ASYNC_F_ASYNC_PAUSE_JOB), "ASYNC_pause_job"}, +- {ERR_FUNC(ASYNC_F_ASYNC_START_FUNC), "async_start_func"}, +- {ERR_FUNC(ASYNC_F_ASYNC_START_JOB), "ASYNC_start_job"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA ASYNC_str_reasons[] = { +- {ERR_REASON(ASYNC_R_FAILED_TO_SET_POOL), "failed to set pool"}, +- {ERR_REASON(ASYNC_R_FAILED_TO_SWAP_CONTEXT), "failed to swap context"}, +- {ERR_REASON(ASYNC_R_INIT_FAILED), "init failed"}, +- {ERR_REASON(ASYNC_R_INVALID_POOL_SIZE), "invalid pool size"}, +- {0, NULL} +-}; +- +-#endif +- +-int ERR_load_ASYNC_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) { +- ERR_load_strings(0, ASYNC_str_functs); +- ERR_load_strings(0, ASYNC_str_reasons); +- } +-#endif +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/async/async_locl.h b/Cryptlib/OpenSSL/crypto/async/async_locl.h +deleted file mode 100644 +index f0ac05a..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/async_locl.h ++++ /dev/null +@@ -1,77 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * Must do this before including any header files, because on MacOS/X +- * includes which includes +- */ +-#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE) +-# define _XOPEN_SOURCE /* Otherwise incomplete ucontext_t structure */ +-# pragma GCC diagnostic ignored "-Wdeprecated-declarations" +-#endif +- +-#if defined(_WIN32) +-# include +-#endif +- +-#include +-#include +- +-typedef struct async_ctx_st async_ctx; +-typedef struct async_pool_st async_pool; +- +-#include "arch/async_win.h" +-#include "arch/async_posix.h" +-#include "arch/async_null.h" +- +-struct async_ctx_st { +- async_fibre dispatcher; +- ASYNC_JOB *currjob; +- unsigned int blocked; +-}; +- +-struct async_job_st { +- async_fibre fibrectx; +- int (*func) (void *); +- void *funcargs; +- int ret; +- int status; +- ASYNC_WAIT_CTX *waitctx; +-}; +- +-struct fd_lookup_st { +- const void *key; +- OSSL_ASYNC_FD fd; +- void *custom_data; +- void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *); +- int add; +- int del; +- struct fd_lookup_st *next; +-}; +- +-struct async_wait_ctx_st { +- struct fd_lookup_st *fds; +- size_t numadd; +- size_t numdel; +-}; +- +-DEFINE_STACK_OF(ASYNC_JOB) +- +-struct async_pool_st { +- STACK_OF(ASYNC_JOB) *jobs; +- size_t curr_size; +- size_t max_size; +-}; +- +-void async_local_cleanup(void); +-void async_start_func(void); +-async_ctx *async_get_ctx(void); +- +-void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx); +- +diff --git a/Cryptlib/OpenSSL/crypto/async/async_wait.c b/Cryptlib/OpenSSL/crypto/async/async_wait.c +deleted file mode 100644 +index e115985..0000000 +--- a/Cryptlib/OpenSSL/crypto/async/async_wait.c ++++ /dev/null +@@ -1,211 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* This must be the first #include file */ +-#include "async_locl.h" +- +-#include +- +-ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void) +-{ +- return OPENSSL_zalloc(sizeof(ASYNC_WAIT_CTX)); +-} +- +-void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx) +-{ +- struct fd_lookup_st *curr; +- struct fd_lookup_st *next; +- +- if (ctx == NULL) +- return; +- +- curr = ctx->fds; +- while (curr != NULL) { +- if (!curr->del) { +- /* Only try and cleanup if it hasn't been marked deleted */ +- if (curr->cleanup != NULL) +- curr->cleanup(ctx, curr->key, curr->fd, curr->custom_data); +- } +- /* Always free the fd_lookup_st */ +- next = curr->next; +- OPENSSL_free(curr); +- curr = next; +- } +- +- OPENSSL_free(ctx); +-} +-int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key, +- OSSL_ASYNC_FD fd, void *custom_data, +- void (*cleanup)(ASYNC_WAIT_CTX *, const void *, +- OSSL_ASYNC_FD, void *)) +-{ +- struct fd_lookup_st *fdlookup; +- +- fdlookup = OPENSSL_zalloc(sizeof *fdlookup); +- if (fdlookup == NULL) +- return 0; +- +- fdlookup->key = key; +- fdlookup->fd = fd; +- fdlookup->custom_data = custom_data; +- fdlookup->cleanup = cleanup; +- fdlookup->add = 1; +- fdlookup->next = ctx->fds; +- ctx->fds = fdlookup; +- ctx->numadd++; +- return 1; +-} +- +-int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key, +- OSSL_ASYNC_FD *fd, void **custom_data) +-{ +- struct fd_lookup_st *curr; +- +- curr = ctx->fds; +- while (curr != NULL) { +- if (curr->del) { +- /* This one has been marked deleted so do nothing */ +- curr = curr->next; +- continue; +- } +- if (curr->key == key) { +- *fd = curr->fd; +- *custom_data = curr->custom_data; +- return 1; +- } +- curr = curr->next; +- } +- return 0; +-} +- +-int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd, +- size_t *numfds) +-{ +- struct fd_lookup_st *curr; +- +- curr = ctx->fds; +- *numfds = 0; +- while (curr != NULL) { +- if (curr->del) { +- /* This one has been marked deleted so do nothing */ +- curr = curr->next; +- continue; +- } +- if (fd != NULL) { +- *fd = curr->fd; +- fd++; +- } +- (*numfds)++; +- curr = curr->next; +- } +- return 1; +-} +- +-int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd, +- size_t *numaddfds, OSSL_ASYNC_FD *delfd, +- size_t *numdelfds) +-{ +- struct fd_lookup_st *curr; +- +- *numaddfds = ctx->numadd; +- *numdelfds = ctx->numdel; +- if (addfd == NULL && delfd == NULL) +- return 1; +- +- curr = ctx->fds; +- +- while (curr != NULL) { +- /* We ignore fds that have been marked as both added and deleted */ +- if (curr->del && !curr->add && (delfd != NULL)) { +- *delfd = curr->fd; +- delfd++; +- } +- if (curr->add && !curr->del && (addfd != NULL)) { +- *addfd = curr->fd; +- addfd++; +- } +- curr = curr->next; +- } +- +- return 1; +-} +- +-int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key) +-{ +- struct fd_lookup_st *curr, *prev; +- +- curr = ctx->fds; +- prev = NULL; +- while (curr != NULL) { +- if (curr->del == 1) { +- /* This one has been marked deleted already so do nothing */ +- curr = curr->next; +- continue; +- } +- if (curr->key == key) { +- /* If fd has just been added, remove it from the list */ +- if (curr->add == 1) { +- if (ctx->fds == curr) { +- ctx->fds = curr->next; +- } else { +- prev->next = curr->next; +- } +- +- /* It is responsibility of the caller to cleanup before calling +- * ASYNC_WAIT_CTX_clear_fd +- */ +- OPENSSL_free(curr); +- ctx->numadd--; +- return 1; +- } +- +- /* +- * Mark it as deleted. We don't call cleanup if explicitly asked +- * to clear an fd. We assume the caller is going to do that (if +- * appropriate). +- */ +- curr->del = 1; +- ctx->numdel++; +- return 1; +- } +- prev = curr; +- curr = curr->next; +- } +- return 0; +-} +- +-void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx) +-{ +- struct fd_lookup_st *curr, *prev = NULL; +- +- ctx->numadd = 0; +- ctx->numdel = 0; +- +- curr = ctx->fds; +- +- while (curr != NULL) { +- if (curr->del) { +- if (prev == NULL) +- ctx->fds = curr->next; +- else +- prev->next = curr->next; +- OPENSSL_free(curr); +- if (prev == NULL) +- curr = ctx->fds; +- else +- curr = prev->next; +- continue; +- } +- if (curr->add) { +- curr->add = 0; +- } +- prev = curr; +- curr = curr->next; +- } +-} +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_addr.c b/Cryptlib/OpenSSL/crypto/bio/b_addr.c +deleted file mode 100644 +index 0f1900d..0000000 +--- a/Cryptlib/OpenSSL/crypto/bio/b_addr.c ++++ /dev/null +@@ -1,897 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#include "bio_lcl.h" +-#include +- +-#ifndef OPENSSL_NO_SOCK +-#include +-#include +-#include +-#include +- +-#ifdef _HPUX_SOURCE +-static const char *ossl_hstrerror(int herr) +-{ +- switch (herr) { +- case -1: +- return strerror(errno); +- case 0: +- return "No error"; +- case HOST_NOT_FOUND: +- return "Host not found"; +- case NO_DATA: /* NO_ADDRESS is a synonym */ +- return "No data"; +- case NO_RECOVERY: +- return "Non recoverable error"; +- case TRY_AGAIN: +- return "Try again"; +- default: +- break; +- } +- return "unknown error"; +-} +-# define hstrerror(e) ossl_hstrerror(e) +-#endif +- +-CRYPTO_RWLOCK *bio_lookup_lock; +-static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT; +- +-/* +- * Throughout this file and bio_lcl.h, the existence of the macro +- * AI_PASSIVE is used to detect the availability of struct addrinfo, +- * getnameinfo() and getaddrinfo(). If that macro doesn't exist, +- * we use our own implementation instead, using gethostbyname, +- * getservbyname and a few other. +- */ +- +-/********************************************************************** +- * +- * Address structure +- * +- */ +- +-BIO_ADDR *BIO_ADDR_new(void) +-{ +- BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret)); +- +- if (ret == NULL) { +- BIOerr(BIO_F_BIO_ADDR_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->sa.sa_family = AF_UNSPEC; +- return ret; +-} +- +-void BIO_ADDR_free(BIO_ADDR *ap) +-{ +- OPENSSL_free(ap); +-} +- +-void BIO_ADDR_clear(BIO_ADDR *ap) +-{ +- memset(ap, 0, sizeof(*ap)); +- ap->sa.sa_family = AF_UNSPEC; +-} +- +-/* +- * BIO_ADDR_make - non-public routine to fill a BIO_ADDR with the contents +- * of a struct sockaddr. +- */ +-int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa) +-{ +- if (sa->sa_family == AF_INET) { +- ap->s_in = *(const struct sockaddr_in *)sa; +- return 1; +- } +-#ifdef AF_INET6 +- if (sa->sa_family == AF_INET6) { +- ap->s_in6 = *(const struct sockaddr_in6 *)sa; +- return 1; +- } +-#endif +-#ifdef AF_UNIX +- if (ap->sa.sa_family == AF_UNIX) { +- ap->s_un = *(const struct sockaddr_un *)sa; +- return 1; +- } +-#endif +- +- return 0; +-} +- +-int BIO_ADDR_rawmake(BIO_ADDR *ap, int family, +- const void *where, size_t wherelen, +- unsigned short port) +-{ +-#ifdef AF_UNIX +- if (family == AF_UNIX) { +- if (wherelen + 1 > sizeof(ap->s_un.sun_path)) +- return 0; +- memset(&ap->s_un, 0, sizeof(ap->s_un)); +- ap->s_un.sun_family = family; +- strncpy(ap->s_un.sun_path, where, sizeof(ap->s_un.sun_path) - 1); +- return 1; +- } +-#endif +- if (family == AF_INET) { +- if (wherelen != sizeof(struct in_addr)) +- return 0; +- memset(&ap->s_in, 0, sizeof(ap->s_in)); +- ap->s_in.sin_family = family; +- ap->s_in.sin_port = port; +- ap->s_in.sin_addr = *(struct in_addr *)where; +- return 1; +- } +-#ifdef AF_INET6 +- if (family == AF_INET6) { +- if (wherelen != sizeof(struct in6_addr)) +- return 0; +- memset(&ap->s_in6, 0, sizeof(ap->s_in6)); +- ap->s_in6.sin6_family = family; +- ap->s_in6.sin6_port = port; +- ap->s_in6.sin6_addr = *(struct in6_addr *)where; +- return 1; +- } +-#endif +- +- return 0; +-} +- +-int BIO_ADDR_family(const BIO_ADDR *ap) +-{ +- return ap->sa.sa_family; +-} +- +-int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l) +-{ +- size_t len = 0; +- const void *addrptr = NULL; +- +- if (ap->sa.sa_family == AF_INET) { +- len = sizeof(ap->s_in.sin_addr); +- addrptr = &ap->s_in.sin_addr; +- } +-#ifdef AF_INET6 +- else if (ap->sa.sa_family == AF_INET6) { +- len = sizeof(ap->s_in6.sin6_addr); +- addrptr = &ap->s_in6.sin6_addr; +- } +-#endif +-#ifdef AF_UNIX +- else if (ap->sa.sa_family == AF_UNIX) { +- len = strlen(ap->s_un.sun_path); +- addrptr = &ap->s_un.sun_path; +- } +-#endif +- +- if (addrptr == NULL) +- return 0; +- +- if (p != NULL) { +- memcpy(p, addrptr, len); +- } +- if (l != NULL) +- *l = len; +- +- return 1; +-} +- +-unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap) +-{ +- if (ap->sa.sa_family == AF_INET) +- return ap->s_in.sin_port; +-#ifdef AF_INET6 +- if (ap->sa.sa_family == AF_INET6) +- return ap->s_in6.sin6_port; +-#endif +- return 0; +-} +- +-/*- +- * addr_strings - helper function to get host and service names +- * @ap: the BIO_ADDR that has the input info +- * @numeric: 0 if actual names should be returned, 1 if the numeric +- * representation should be returned. +- * @hostname: a pointer to a pointer to a memory area to store the +- * host name or numeric representation. Unused if NULL. +- * @service: a pointer to a pointer to a memory area to store the +- * service name or numeric representation. Unused if NULL. +- * +- * The return value is 0 on failure, with the error code in the error +- * stack, and 1 on success. +- */ +-static int addr_strings(const BIO_ADDR *ap, int numeric, +- char **hostname, char **service) +-{ +- if (BIO_sock_init() != 1) +- return 0; +- +- if (1) { +-#ifdef AI_PASSIVE +- int ret = 0; +- char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = ""; +- int flags = 0; +- +- if (numeric) +- flags |= NI_NUMERICHOST | NI_NUMERICSERV; +- +- if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap), +- BIO_ADDR_sockaddr_size(ap), +- host, sizeof(host), serv, sizeof(serv), +- flags)) != 0) { +-# ifdef EAI_SYSTEM +- if (ret == EAI_SYSTEM) { +- SYSerr(SYS_F_GETNAMEINFO, get_last_socket_error()); +- BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB); +- } else +-# endif +- { +- BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB); +- ERR_add_error_data(1, gai_strerror(ret)); +- } +- return 0; +- } +- +- /* VMS getnameinfo() has a bug, it doesn't fill in serv, which +- * leaves it with whatever garbage that happens to be there. +- * However, we initialise serv with the empty string (serv[0] +- * is therefore NUL), so it gets real easy to detect when things +- * didn't go the way one might expect. +- */ +- if (serv[0] == '\0') { +- BIO_snprintf(serv, sizeof(serv), "%d", +- ntohs(BIO_ADDR_rawport(ap))); +- } +- +- if (hostname != NULL) +- *hostname = OPENSSL_strdup(host); +- if (service != NULL) +- *service = OPENSSL_strdup(serv); +- } else { +-#endif +- if (hostname != NULL) +- *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr)); +- if (service != NULL) { +- char serv[6]; /* port is 16 bits => max 5 decimal digits */ +- BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port)); +- *service = OPENSSL_strdup(serv); +- } +- } +- +- if ((hostname != NULL && *hostname == NULL) +- || (service != NULL && *service == NULL)) { +- if (hostname != NULL) { +- OPENSSL_free(*hostname); +- *hostname = NULL; +- } +- if (service != NULL) { +- OPENSSL_free(*service); +- *service = NULL; +- } +- BIOerr(BIO_F_ADDR_STRINGS, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- return 1; +-} +- +-char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric) +-{ +- char *hostname = NULL; +- +- if (addr_strings(ap, numeric, &hostname, NULL)) +- return hostname; +- +- return NULL; +-} +- +-char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric) +-{ +- char *service = NULL; +- +- if (addr_strings(ap, numeric, NULL, &service)) +- return service; +- +- return NULL; +-} +- +-char *BIO_ADDR_path_string(const BIO_ADDR *ap) +-{ +-#ifdef AF_UNIX +- if (ap->sa.sa_family == AF_UNIX) +- return OPENSSL_strdup(ap->s_un.sun_path); +-#endif +- return NULL; +-} +- +-/* +- * BIO_ADDR_sockaddr - non-public routine to return the struct sockaddr +- * for a given BIO_ADDR. In reality, this is simply a type safe cast. +- * The returned struct sockaddr is const, so it can't be tampered with. +- */ +-const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap) +-{ +- return &(ap->sa); +-} +- +-/* +- * BIO_ADDR_sockaddr_noconst - non-public function that does the same +- * as BIO_ADDR_sockaddr, but returns a non-const. USE WITH CARE, as +- * it allows you to tamper with the data (and thereby the contents +- * of the input BIO_ADDR). +- */ +-struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap) +-{ +- return &(ap->sa); +-} +- +-/* +- * BIO_ADDR_sockaddr_size - non-public function that returns the size +- * of the struct sockaddr the BIO_ADDR is using. If the protocol family +- * isn't set or is something other than AF_INET, AF_INET6 or AF_UNIX, +- * the size of the BIO_ADDR type is returned. +- */ +-socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap) +-{ +- if (ap->sa.sa_family == AF_INET) +- return sizeof(ap->s_in); +-#ifdef AF_INET6 +- if (ap->sa.sa_family == AF_INET6) +- return sizeof(ap->s_in6); +-#endif +-#ifdef AF_UNIX +- if (ap->sa.sa_family == AF_UNIX) +- return sizeof(ap->s_un); +-#endif +- return sizeof(*ap); +-} +- +-/********************************************************************** +- * +- * Address info database +- * +- */ +- +-const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai) +-{ +- if (bai != NULL) +- return bai->bai_next; +- return NULL; +-} +- +-int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai) +-{ +- if (bai != NULL) +- return bai->bai_family; +- return 0; +-} +- +-int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai) +-{ +- if (bai != NULL) +- return bai->bai_socktype; +- return 0; +-} +- +-int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai) +-{ +- if (bai != NULL) { +- if (bai->bai_protocol != 0) +- return bai->bai_protocol; +- +-#ifdef AF_UNIX +- if (bai->bai_family == AF_UNIX) +- return 0; +-#endif +- +- switch (bai->bai_socktype) { +- case SOCK_STREAM: +- return IPPROTO_TCP; +- case SOCK_DGRAM: +- return IPPROTO_UDP; +- default: +- break; +- } +- } +- return 0; +-} +- +-/* +- * BIO_ADDRINFO_sockaddr_size - non-public function that returns the size +- * of the struct sockaddr inside the BIO_ADDRINFO. +- */ +-socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai) +-{ +- if (bai != NULL) +- return bai->bai_addrlen; +- return 0; +-} +- +-/* +- * BIO_ADDRINFO_sockaddr - non-public function that returns bai_addr +- * as the struct sockaddr it is. +- */ +-const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai) +-{ +- if (bai != NULL) +- return bai->bai_addr; +- return NULL; +-} +- +-const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai) +-{ +- if (bai != NULL) +- return (BIO_ADDR *)bai->bai_addr; +- return NULL; +-} +- +-void BIO_ADDRINFO_free(BIO_ADDRINFO *bai) +-{ +- if (bai == NULL) +- return; +- +-#ifdef AI_PASSIVE +-# ifdef AF_UNIX +-# define _cond bai->bai_family != AF_UNIX +-# else +-# define _cond 1 +-# endif +- if (_cond) { +- freeaddrinfo(bai); +- return; +- } +-#endif +- +- /* Free manually when we know that addrinfo_wrap() was used. +- * See further comment above addrinfo_wrap() +- */ +- while (bai != NULL) { +- BIO_ADDRINFO *next = bai->bai_next; +- OPENSSL_free(bai->bai_addr); +- OPENSSL_free(bai); +- bai = next; +- } +-} +- +-/********************************************************************** +- * +- * Service functions +- * +- */ +- +-/*- +- * The specs in hostserv can take these forms: +- * +- * host:service => *host = "host", *service = "service" +- * host:* => *host = "host", *service = NULL +- * host: => *host = "host", *service = NULL +- * :service => *host = NULL, *service = "service" +- * *:service => *host = NULL, *service = "service" +- * +- * in case no : is present in the string, the result depends on +- * hostserv_prio, as follows: +- * +- * when hostserv_prio == BIO_PARSE_PRIO_HOST +- * host => *host = "host", *service untouched +- * +- * when hostserv_prio == BIO_PARSE_PRIO_SERV +- * service => *host untouched, *service = "service" +- * +- */ +-int BIO_parse_hostserv(const char *hostserv, char **host, char **service, +- enum BIO_hostserv_priorities hostserv_prio) +-{ +- const char *h = NULL; size_t hl = 0; +- const char *p = NULL; size_t pl = 0; +- +- if (*hostserv == '[') { +- if ((p = strchr(hostserv, ']')) == NULL) +- goto spec_err; +- h = hostserv + 1; +- hl = p - h; +- p++; +- if (*p == '\0') +- p = NULL; +- else if (*p != ':') +- goto spec_err; +- else { +- p++; +- pl = strlen(p); +- } +- } else { +- const char *p2 = strrchr(hostserv, ':'); +- p = strchr(hostserv, ':'); +- +- /*- +- * Check for more than one colon. There are three possible +- * interpretations: +- * 1. IPv6 address with port number, last colon being separator. +- * 2. IPv6 address only. +- * 3. IPv6 address only if hostserv_prio == BIO_PARSE_PRIO_HOST, +- * IPv6 address and port number if hostserv_prio == BIO_PARSE_PRIO_SERV +- * Because of this ambiguity, we currently choose to make it an +- * error. +- */ +- if (p != p2) +- goto amb_err; +- +- if (p != NULL) { +- h = hostserv; +- hl = p - h; +- p++; +- pl = strlen(p); +- } else if (hostserv_prio == BIO_PARSE_PRIO_HOST) { +- h = hostserv; +- hl = strlen(h); +- } else { +- p = hostserv; +- pl = strlen(p); +- } +- } +- +- if (p != NULL && strchr(p, ':')) +- goto spec_err; +- +- if (h != NULL && host != NULL) { +- if (hl == 0 +- || (hl == 1 && h[0] == '*')) { +- *host = NULL; +- } else { +- *host = OPENSSL_strndup(h, hl); +- if (*host == NULL) +- goto memerr; +- } +- } +- if (p != NULL && service != NULL) { +- if (pl == 0 +- || (pl == 1 && p[0] == '*')) { +- *service = NULL; +- } else { +- *service = OPENSSL_strndup(p, pl); +- if (*service == NULL) +- goto memerr; +- } +- } +- +- return 1; +- amb_err: +- BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_AMBIGUOUS_HOST_OR_SERVICE); +- return 0; +- spec_err: +- BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_MALFORMED_HOST_OR_SERVICE); +- return 0; +- memerr: +- BIOerr(BIO_F_BIO_PARSE_HOSTSERV, ERR_R_MALLOC_FAILURE); +- return 0; +-} +- +-/* addrinfo_wrap is used to build our own addrinfo "chain". +- * (it has only one entry, so calling it a chain may be a stretch) +- * It should ONLY be called when getaddrinfo() and friends +- * aren't available, OR when dealing with a non IP protocol +- * family, such as AF_UNIX +- * +- * the return value is 1 on success, or 0 on failure, which +- * only happens if a memory allocation error occurred. +- */ +-static int addrinfo_wrap(int family, int socktype, +- const void *where, size_t wherelen, +- unsigned short port, +- BIO_ADDRINFO **bai) +-{ +- OPENSSL_assert(bai != NULL); +- +- *bai = OPENSSL_zalloc(sizeof(**bai)); +- if (*bai == NULL) +- return 0; +- +- (*bai)->bai_family = family; +- (*bai)->bai_socktype = socktype; +- if (socktype == SOCK_STREAM) +- (*bai)->bai_protocol = IPPROTO_TCP; +- if (socktype == SOCK_DGRAM) +- (*bai)->bai_protocol = IPPROTO_UDP; +-#ifdef AF_UNIX +- if (family == AF_UNIX) +- (*bai)->bai_protocol = 0; +-#endif +- { +- /* Magic: We know that BIO_ADDR_sockaddr_noconst is really +- just an advanced cast of BIO_ADDR* to struct sockaddr * +- by the power of union, so while it may seem that we're +- creating a memory leak here, we are not. It will be +- all right. */ +- BIO_ADDR *addr = BIO_ADDR_new(); +- if (addr != NULL) { +- BIO_ADDR_rawmake(addr, family, where, wherelen, port); +- (*bai)->bai_addr = BIO_ADDR_sockaddr_noconst(addr); +- } +- } +- (*bai)->bai_next = NULL; +- if ((*bai)->bai_addr == NULL) { +- BIO_ADDRINFO_free(*bai); +- *bai = NULL; +- return 0; +- } +- return 1; +-} +- +-DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init) +-{ +- OPENSSL_init_crypto(0, NULL); +- bio_lookup_lock = CRYPTO_THREAD_lock_new(); +- return bio_lookup_lock != NULL; +-} +- +-/*- +- * BIO_lookup - look up the node and service you want to connect to. +- * @node: the node you want to connect to. +- * @service: the service you want to connect to. +- * @lookup_type: declare intent with the result, client or server. +- * @family: the address family you want to use. Use AF_UNSPEC for any, or +- * AF_INET, AF_INET6 or AF_UNIX. +- * @socktype: The socket type you want to use. Can be SOCK_STREAM, SOCK_DGRAM +- * or 0 for all. +- * @res: Storage place for the resulting list of returned addresses +- * +- * This will do a lookup of the node and service that you want to connect to. +- * It returns a linked list of different addresses you can try to connect to. +- * +- * When no longer needed you should call BIO_ADDRINFO_free() to free the result. +- * +- * The return value is 1 on success or 0 in case of error. +- */ +-int BIO_lookup(const char *host, const char *service, +- enum BIO_lookup_type lookup_type, +- int family, int socktype, BIO_ADDRINFO **res) +-{ +- int ret = 0; /* Assume failure */ +- +- switch(family) { +- case AF_INET: +-#ifdef AF_INET6 +- case AF_INET6: +-#endif +-#ifdef AF_UNIX +- case AF_UNIX: +-#endif +-#ifdef AF_UNSPEC +- case AF_UNSPEC: +-#endif +- break; +- default: +- BIOerr(BIO_F_BIO_LOOKUP, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY); +- return 0; +- } +- +-#ifdef AF_UNIX +- if (family == AF_UNIX) { +- if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res)) +- return 1; +- else +- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); +- return 0; +- } +-#endif +- +- if (BIO_sock_init() != 1) +- return 0; +- +- if (1) { +- int gai_ret = 0; +-#ifdef AI_PASSIVE +- struct addrinfo hints; +- memset(&hints, 0, sizeof hints); +- +- hints.ai_family = family; +- hints.ai_socktype = socktype; +- +- if (lookup_type == BIO_LOOKUP_SERVER) +- hints.ai_flags |= AI_PASSIVE; +- +- /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to +- * macro magic in bio_lcl.h +- */ +- switch ((gai_ret = getaddrinfo(host, service, &hints, res))) { +-# ifdef EAI_SYSTEM +- case EAI_SYSTEM: +- SYSerr(SYS_F_GETADDRINFO, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); +- break; +-# endif +- case 0: +- ret = 1; /* Success */ +- break; +- default: +- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); +- ERR_add_error_data(1, gai_strerror(gai_ret)); +- break; +- } +- } else { +-#endif +- const struct hostent *he; +-/* +- * Because struct hostent is defined for 32-bit pointers only with +- * VMS C, we need to make sure that '&he_fallback_address' and +- * '&he_fallback_addresses' are 32-bit pointers +- */ +-#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +-# pragma pointer_size save +-# pragma pointer_size 32 +-#endif +- /* Windows doesn't seem to have in_addr_t */ +-#ifdef OPENSSL_SYS_WINDOWS +- static uint32_t he_fallback_address; +- static const char *he_fallback_addresses[] = +- { (char *)&he_fallback_address, NULL }; +-#else +- static in_addr_t he_fallback_address; +- static const char *he_fallback_addresses[] = +- { (char *)&he_fallback_address, NULL }; +-#endif +- static const struct hostent he_fallback = +- { NULL, NULL, AF_INET, sizeof(he_fallback_address), +- (char **)&he_fallback_addresses }; +-#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +-# pragma pointer_size restore +-#endif +- +- struct servent *se; +- /* Apparently, on WIN64, s_proto and s_port have traded places... */ +-#ifdef _WIN64 +- struct servent se_fallback = { NULL, NULL, NULL, 0 }; +-#else +- struct servent se_fallback = { NULL, NULL, 0, NULL }; +-#endif +- +- if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) { +- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); +- ret = 0; +- goto err; +- } +- +- CRYPTO_THREAD_write_lock(bio_lookup_lock); +- he_fallback_address = INADDR_ANY; +- if (host == NULL) { +- he = &he_fallback; +- switch(lookup_type) { +- case BIO_LOOKUP_CLIENT: +- he_fallback_address = INADDR_LOOPBACK; +- break; +- case BIO_LOOKUP_SERVER: +- he_fallback_address = INADDR_ANY; +- break; +- default: +- OPENSSL_assert(("We forgot to handle a lookup type!" == 0)); +- break; +- } +- } else { +- he = gethostbyname(host); +- +- if (he == NULL) { +-#ifndef OPENSSL_SYS_WINDOWS +- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); +- ERR_add_error_data(1, hstrerror(h_errno)); +-#else +- SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError()); +-#endif +- ret = 0; +- goto err; +- } +- } +- +- if (service == NULL) { +- se_fallback.s_port = 0; +- se_fallback.s_proto = NULL; +- se = &se_fallback; +- } else { +- char *endp = NULL; +- long portnum = strtol(service, &endp, 10); +- +-/* +- * Because struct servent is defined for 32-bit pointers only with +- * VMS C, we need to make sure that 'proto' is a 32-bit pointer. +- */ +-#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +-# pragma pointer_size save +-# pragma pointer_size 32 +-#endif +- char *proto = NULL; +-#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +-# pragma pointer_size restore +-#endif +- +- switch (socktype) { +- case SOCK_STREAM: +- proto = "tcp"; +- break; +- case SOCK_DGRAM: +- proto = "udp"; +- break; +- } +- +- if (endp != service && *endp == '\0' +- && portnum > 0 && portnum < 65536) { +- se_fallback.s_port = htons(portnum); +- se_fallback.s_proto = proto; +- se = &se_fallback; +- } else if (endp == service) { +- se = getservbyname(service, proto); +- +- if (se == NULL) { +-#ifndef OPENSSL_SYS_WINDOWS +- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_SYS_LIB); +- ERR_add_error_data(1, hstrerror(h_errno)); +-#else +- SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError()); +-#endif +- goto err; +- } +- } else { +- BIOerr(BIO_F_BIO_LOOKUP, BIO_R_MALFORMED_HOST_OR_SERVICE); +- goto err; +- } +- } +- +- *res = NULL; +- +- { +-/* +- * Because hostent::h_addr_list is an array of 32-bit pointers with VMS C, +- * we must make sure our iterator designates the same element type, hence +- * the pointer size dance. +- */ +-#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +-# pragma pointer_size save +-# pragma pointer_size 32 +-#endif +- char **addrlistp; +-#if defined(OPENSSL_SYS_VMS) && defined(__DECC) +-# pragma pointer_size restore +-#endif +- size_t addresses; +- BIO_ADDRINFO *tmp_bai = NULL; +- +- /* The easiest way to create a linked list from an +- array is to start from the back */ +- for(addrlistp = he->h_addr_list; *addrlistp != NULL; +- addrlistp++) +- ; +- +- for(addresses = addrlistp - he->h_addr_list; +- addrlistp--, addresses-- > 0; ) { +- if (!addrinfo_wrap(he->h_addrtype, socktype, +- *addrlistp, he->h_length, +- se->s_port, &tmp_bai)) +- goto addrinfo_malloc_err; +- tmp_bai->bai_next = *res; +- *res = tmp_bai; +- continue; +- addrinfo_malloc_err: +- BIO_ADDRINFO_free(*res); +- *res = NULL; +- BIOerr(BIO_F_BIO_LOOKUP, ERR_R_MALLOC_FAILURE); +- ret = 0; +- goto err; +- } +- +- ret = 1; +- } +- err: +- CRYPTO_THREAD_unlock(bio_lookup_lock); +- } +- +- return ret; +-} +- +-#endif /* OPENSSL_NO_SOCK */ +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +index a27954f..ccf0e28 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/b_dump.c ++++ b/Cryptlib/OpenSSL/crypto/bio/b_dump.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/b_dump.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* +@@ -12,6 +61,7 @@ + */ + + #include ++#include "cryptlib.h" + #include "bio_lcl.h" + + #define TRUNCATE +@@ -54,20 +104,20 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + if ((rows * dump_width) < len) + rows++; + for (i = 0; i < rows; i++) { +- OPENSSL_strlcpy(buf, str, sizeof buf); ++ BUF_strlcpy(buf, str, sizeof buf); + BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width); +- OPENSSL_strlcat(buf, tmp, sizeof buf); ++ BUF_strlcat(buf, tmp, sizeof buf); + for (j = 0; j < dump_width; j++) { + if (((i * dump_width) + j) >= len) { +- OPENSSL_strlcat(buf, " ", sizeof buf); ++ BUF_strlcat(buf, " ", sizeof buf); + } else { + ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; + BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch, + j == 7 ? '-' : ' '); +- OPENSSL_strlcat(buf, tmp, sizeof buf); ++ BUF_strlcat(buf, tmp, sizeof buf); + } + } +- OPENSSL_strlcat(buf, " ", sizeof buf); ++ BUF_strlcat(buf, " ", sizeof buf); + for (j = 0; j < dump_width; j++) { + if (((i * dump_width) + j) >= len) + break; +@@ -81,9 +131,9 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + ? os_toebcdic[ch] + : '.'); + #endif +- OPENSSL_strlcat(buf, tmp, sizeof buf); ++ BUF_strlcat(buf, tmp, sizeof buf); + } +- OPENSSL_strlcat(buf, "\n", sizeof buf); ++ BUF_strlcat(buf, "\n", sizeof buf); + /* + * if this is the last call then update the ddt_dump thing so that we + * will move the selection point in the debug window +@@ -100,7 +150,7 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u), + return (ret); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + static int write_fp(const void *data, size_t len, void *fp) + { + return UP_fwrite(data, len, 1, fp); +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c +index f33caa2..fea7386 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/b_print.c ++++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c +@@ -1,17 +1,78 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/b_print.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++/* disable assert() unless BIO_DEBUG has been defined */ ++#ifndef BIO_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++ ++/* ++ * Stolen from tjh's ssl/ssl_trc.c stuff. + */ + + #include + #include + #include +-#include "internal/numbers.h" +-#include "internal/cryptlib.h" ++#include ++#include ++#include "cryptlib.h" + #ifndef NO_SYS_TYPES_H + # include + #endif +@@ -24,6 +85,8 @@ + # endif + #endif + ++/***************************************************************************/ ++ + /* + * Copyright Patrick Powell 1995 + * This code is based on code written by Patrick Powell +@@ -31,6 +94,21 @@ + * on all source code distributions. + */ + ++/*- ++ * This code contains numerious changes and enhancements which were ++ * made by lots of contributors over the last years to Patrick Powell's ++ * original code: ++ * ++ * o Patrick Powell (1995) ++ * o Brandon Long (1996, for Mutt) ++ * o Thomas Roessler (1998, for Mutt) ++ * o Michael Elkins (1998, for Mutt) ++ * o Andrew Tridgell (1998, for Samba) ++ * o Luke Mewburn (1999, for LukemFTP) ++ * o Ralf S. Engelschall (1999, for Pth) ++ * o ... (for OpenSSL) ++ */ ++ + #ifdef HAVE_LONG_DOUBLE + # define LDOUBLE long double + #else +@@ -53,7 +131,7 @@ static int fmtint(char **, char **, size_t *, size_t *, + LLONG, int, int, int, int); + #ifndef OPENSSL_SYS_UEFI + static int fmtfp(char **, char **, size_t *, size_t *, +- LDOUBLE, int, int, int, int); ++ LDOUBLE, int, int, int); + #endif + static int doapr_outch(char **, char **, size_t *, size_t *, int); + static int _dopr(char **sbuffer, char **buffer, +@@ -71,19 +149,12 @@ static int _dopr(char **sbuffer, char **buffer, + #define DP_S_DONE 7 + + /* format flags - Bits */ +-/* left-aligned padding */ + #define DP_F_MINUS (1 << 0) +-/* print an explicit '+' for a value with positive sign */ + #define DP_F_PLUS (1 << 1) +-/* print an explicit ' ' for a value with positive sign */ + #define DP_F_SPACE (1 << 2) +-/* print 0/0x prefix for octal/hex and decimal point for floating point */ + #define DP_F_NUM (1 << 3) +-/* print leading zeroes */ + #define DP_F_ZERO (1 << 4) +-/* print HEX in UPPPERcase */ + #define DP_F_UP (1 << 5) +-/* treat value as unsigned */ + #define DP_F_UNSIGNED (1 << 6) + + /* conversion flags */ +@@ -92,11 +163,6 @@ static int _dopr(char **sbuffer, char **buffer, + #define DP_C_LDOUBLE 3 + #define DP_C_LLONG 4 + +-/* Floating point formats */ +-#define F_FORMAT 0 +-#define E_FORMAT 1 +-#define G_FORMAT 2 +- + /* some handy macros */ + #define char_to_int(p) (p - '0') + #define OSSL_MAX(p,q) ((p >= q) ? p : q) +@@ -280,7 +346,7 @@ _dopr(char **sbuffer, + else + fvalue = va_arg(args, double); + if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, +- flags, F_FORMAT)) ++ flags)) + return 0; + break; + case 'E': +@@ -290,9 +356,6 @@ _dopr(char **sbuffer, + fvalue = va_arg(args, LDOUBLE); + else + fvalue = va_arg(args, double); +- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, +- flags, E_FORMAT)) +- return 0; + break; + case 'G': + flags |= DP_F_UP; +@@ -301,9 +364,6 @@ _dopr(char **sbuffer, + fvalue = va_arg(args, LDOUBLE); + else + fvalue = va_arg(args, double); +- if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, +- flags, G_FORMAT)) +- return 0; + break; + #endif + case 'c': +@@ -324,7 +384,7 @@ _dopr(char **sbuffer, + return 0; + break; + case 'p': +- value = (size_t)va_arg(args, void *); ++ value = (long)va_arg(args, void *); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, + value, 16, min, max, flags | DP_F_NUM)) + return 0; +@@ -399,37 +459,28 @@ fmtstr(char **sbuffer, + if (value == 0) + value = ""; + +- strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max); ++ strln = strlen(value); ++ if (strln > INT_MAX) ++ strln = INT_MAX; + + padlen = min - strln; + if (min < 0 || padlen < 0) + padlen = 0; +- if (max >= 0) { +- /* +- * Calculate the maximum output including padding. +- * Make sure max doesn't overflow into negativity +- */ +- if (max < INT_MAX - padlen) +- max += padlen; +- else +- max = INT_MAX; +- } + if (flags & DP_F_MINUS) + padlen = -padlen; + +- while ((padlen > 0) && (max < 0 || cnt < max)) { ++ while ((padlen > 0) && (cnt < max)) { + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; + --padlen; + ++cnt; + } +- while (strln > 0 && (max < 0 || cnt < max)) { ++ while (*value && (cnt < max)) { + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) + return 0; +- --strln; + ++cnt; + } +- while ((padlen < 0) && (max < 0 || cnt < max)) { ++ while ((padlen < 0) && (cnt < max)) { + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; + ++padlen; +@@ -459,7 +510,7 @@ fmtint(char **sbuffer, + if (!(flags & DP_F_UNSIGNED)) { + if (value < 0) { + signvalue = '-'; +- uvalue = 0 - (unsigned LLONG)value; ++ uvalue = -value; + } else if (flags & DP_F_PLUS) + signvalue = '+'; + else if (flags & DP_F_SPACE) +@@ -571,28 +622,23 @@ static int + fmtfp(char **sbuffer, + char **buffer, + size_t *currlen, +- size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style) ++ size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags) + { + int signvalue = 0; + LDOUBLE ufvalue; +- LDOUBLE tmpvalue; + char iconvert[20]; + char fconvert[20]; +- char econvert[20]; + int iplace = 0; + int fplace = 0; +- int eplace = 0; + int padlen = 0; + int zpadlen = 0; +- long exp = 0; +- unsigned long intpart; +- unsigned long fracpart; +- unsigned long max10; +- int realstyle; ++ long intpart; ++ long fracpart; ++ long max10; + + if (max < 0) + max = 6; +- ++ ufvalue = abs_val(fvalue); + if (fvalue < 0) + signvalue = '-'; + else if (flags & DP_F_PLUS) +@@ -600,73 +646,7 @@ fmtfp(char **sbuffer, + else if (flags & DP_F_SPACE) + signvalue = ' '; + +- /* +- * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT +- * depending on the number to be printed. Work out which one it is and use +- * that from here on. +- */ +- if (style == G_FORMAT) { +- if (fvalue == 0.0) { +- realstyle = F_FORMAT; +- } else if (fvalue < 0.0001) { +- realstyle = E_FORMAT; +- } else if ((max == 0 && fvalue >= 10) +- || (max > 0 && fvalue >= pow_10(max))) { +- realstyle = E_FORMAT; +- } else { +- realstyle = F_FORMAT; +- } +- } else { +- realstyle = style; +- } +- +- if (style != F_FORMAT) { +- tmpvalue = fvalue; +- /* Calculate the exponent */ +- if (fvalue != 0.0) { +- while (tmpvalue < 1) { +- tmpvalue *= 10; +- exp--; +- } +- while (tmpvalue > 10) { +- tmpvalue /= 10; +- exp++; +- } +- } +- if (style == G_FORMAT) { +- /* +- * In G_FORMAT the "precision" represents significant digits. We +- * always have at least 1 significant digit. +- */ +- if (max == 0) +- max = 1; +- /* Now convert significant digits to decimal places */ +- if (realstyle == F_FORMAT) { +- max -= (exp + 1); +- if (max < 0) { +- /* +- * Should not happen. If we're in F_FORMAT then exp < max? +- */ +- return 0; +- } +- } else { +- /* +- * In E_FORMAT there is always one significant digit in front +- * of the decimal point, so: +- * significant digits == 1 + decimal places +- */ +- max--; +- } +- } +- if (realstyle == E_FORMAT) +- fvalue = tmpvalue; +- } +- ufvalue = abs_val(fvalue); +- if (ufvalue > ULONG_MAX) { +- /* Number too big */ +- return 0; +- } +- intpart = (unsigned long)ufvalue; ++ intpart = (long)ufvalue; + + /* + * sorry, we only support 9 digits past the decimal because of our +@@ -697,51 +677,16 @@ fmtfp(char **sbuffer, + iconvert[iplace] = 0; + + /* convert fractional part */ +- while (fplace < max) { +- if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) { +- /* We strip trailing zeros in G_FORMAT */ +- max--; +- fracpart = fracpart / 10; +- if (fplace < max) +- continue; +- break; +- } ++ do { + fconvert[fplace++] = "0123456789"[fracpart % 10]; + fracpart = (fracpart / 10); +- } +- ++ } while (fplace < max); + if (fplace == sizeof fconvert) + fplace--; + fconvert[fplace] = 0; + +- /* convert exponent part */ +- if (realstyle == E_FORMAT) { +- int tmpexp; +- if (exp < 0) +- tmpexp = -exp; +- else +- tmpexp = exp; +- +- do { +- econvert[eplace++] = "0123456789"[tmpexp % 10]; +- tmpexp = (tmpexp / 10); +- } while (tmpexp > 0 && eplace < (int)sizeof(econvert)); +- /* Exponent is huge!! Too big to print */ +- if (tmpexp > 0) +- return 0; +- /* Add a leading 0 for single digit exponents */ +- if (eplace == 1) +- econvert[eplace++] = '0'; +- } +- +- /* +- * -1 for decimal point (if we have one, i.e. max > 0), +- * another -1 if we are printing a sign +- */ +- padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0); +- /* Take some off for exponent prefix "+e" and exponent */ +- if (realstyle == E_FORMAT) +- padlen -= 2 + eplace; ++ /* -1 for decimal point, another -1 if we are printing a sign */ ++ padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); + zpadlen = max - fplace; + if (zpadlen < 0) + zpadlen = 0; +@@ -795,28 +740,6 @@ fmtfp(char **sbuffer, + return 0; + --zpadlen; + } +- if (realstyle == E_FORMAT) { +- char ech; +- +- if ((flags & DP_F_UP) == 0) +- ech = 'e'; +- else +- ech = 'E'; +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech)) +- return 0; +- if (exp < 0) { +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-')) +- return 0; +- } else { +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+')) +- return 0; +- } +- while (eplace > 0) { +- if (!doapr_outch(sbuffer, buffer, currlen, maxlen, +- econvert[--eplace])) +- return 0; +- } +- } + + while (padlen < 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) +@@ -834,10 +757,10 @@ doapr_outch(char **sbuffer, + char **buffer, size_t *currlen, size_t *maxlen, int c) + { + /* If we haven't at least one buffer, someone has doe a big booboo */ +- OPENSSL_assert(*sbuffer != NULL || buffer != NULL); ++ assert(*sbuffer != NULL || buffer != NULL); + + /* |currlen| must always be <= |*maxlen| */ +- OPENSSL_assert(*currlen <= *maxlen); ++ assert(*currlen <= *maxlen); + + if (buffer && *currlen == *maxlen) { + if (*maxlen > INT_MAX - BUFFER_INC) +@@ -849,7 +772,7 @@ doapr_outch(char **sbuffer, + if (*buffer == NULL) + return 0; + if (*currlen > 0) { +- OPENSSL_assert(*sbuffer != NULL); ++ assert(*sbuffer != NULL); + memcpy(*buffer, *sbuffer, *currlen); + } + *sbuffer = NULL; +@@ -900,6 +823,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args) + int ignored; + + dynbuf = NULL; ++ CRYPTO_push_info("doapr()"); + if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, + args)) { + OPENSSL_free(dynbuf); +@@ -911,6 +835,7 @@ int BIO_vprintf(BIO *bio, const char *format, va_list args) + } else { + ret = BIO_write(bio, hugebuf, (int)retlen); + } ++ CRYPTO_pop_info(); + return (ret); + } + +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_sock.c b/Cryptlib/OpenSSL/crypto/bio/b_sock.c +index ac2c2d1..5bad0a2 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/b_sock.c ++++ b/Cryptlib/OpenSSL/crypto/bio/b_sock.c +@@ -1,21 +1,76 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/b_sock.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include +-#include "bio_lcl.h" +-#if defined(NETWARE_CLIB) +-# include ++#define USE_SOCKETS ++#include "cryptlib.h" ++#include ++#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) ++# include ++# if defined(NETWARE_CLIB) ++# include + NETDB_DEFINE_CONTEXT ++# endif + #endif + #ifndef OPENSSL_NO_SOCK ++# include + # define SOCKET_PROTOCOL IPPROTO_TCP + # ifdef SO_MAXCONN + # define MAX_LISTEN SO_MAXCONN +@@ -24,93 +79,294 @@ NETDB_DEFINE_CONTEXT + # else + # define MAX_LISTEN 32 + # endif +-# if defined(OPENSSL_SYS_WINDOWS) ++# if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) + static int wsa_init_done = 0; + # endif + +-# if OPENSSL_API_COMPAT < 0x10100000L ++/* ++ * WSAAPI specifier is required to make indirect calls to run-time ++ * linked WinSock 2 functions used in this module, to be specific ++ * [get|free]addrinfo and getnameinfo. This is because WinSock uses ++ * uses non-C calling convention, __stdcall vs. __cdecl, on x86 ++ * Windows. On non-WinSock platforms WSAAPI needs to be void. ++ */ ++# ifndef WSAAPI ++# define WSAAPI ++# endif ++ ++# if 0 ++static unsigned long BIO_ghbn_hits = 0L; ++static unsigned long BIO_ghbn_miss = 0L; ++ ++# define GHBN_NUM 4 ++static struct ghbn_cache_st { ++ char name[129]; ++ struct hostent *ent; ++ unsigned long order; ++} ghbn_cache[GHBN_NUM]; ++# endif ++ ++static int get_ip(const char *str, unsigned char *ip); ++# if 0 ++static void ghbn_free(struct hostent *a); ++static struct hostent *ghbn_dup(struct hostent *a); ++# endif + int BIO_get_host_ip(const char *str, unsigned char *ip) + { +- BIO_ADDRINFO *res = NULL; +- int ret = 0; ++ int i; ++ int err = 1; ++ int locked = 0; ++ struct hostent *he; + ++ i = get_ip(str, ip); ++ if (i < 0) { ++ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_INVALID_IP_ADDRESS); ++ goto err; ++ } ++ ++ /* ++ * At this point, we have something that is most probably correct in some ++ * way, so let's init the socket. ++ */ + if (BIO_sock_init() != 1) + return 0; /* don't generate another error code here */ + +- if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { +- size_t l; +- +- if (BIO_ADDRINFO_family(res) != AF_INET) { +- BIOerr(BIO_F_BIO_GET_HOST_IP, +- BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); +- } else { +- BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l); +- /* Because only AF_INET addresses will reach this far, +- we can assert that l should be 4 */ +- OPENSSL_assert(l == 4); ++ /* ++ * If the string actually contained an IP address, we need not do ++ * anything more ++ */ ++ if (i > 0) ++ return (1); ++ ++ /* do a gethostbyname */ ++ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); ++ locked = 1; ++ he = BIO_gethostbyname(str); ++ if (he == NULL) { ++ BIOerr(BIO_F_BIO_GET_HOST_IP, BIO_R_BAD_HOSTNAME_LOOKUP); ++ goto err; ++ } + +- BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l); +- ret = 1; +- } +- BIO_ADDRINFO_free(res); +- } else { +- ERR_add_error_data(2, "host=", str); ++ /* cast to short because of win16 winsock definition */ ++ if ((short)he->h_addrtype != AF_INET) { ++ BIOerr(BIO_F_BIO_GET_HOST_IP, ++ BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); ++ goto err; + } ++ for (i = 0; i < 4; i++) ++ ip[i] = he->h_addr_list[0][i]; ++ err = 0; + +- return ret; ++ err: ++ if (locked) ++ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); ++ if (err) { ++ ERR_add_error_data(2, "host=", str); ++ return 0; ++ } else ++ return 1; + } + + int BIO_get_port(const char *str, unsigned short *port_ptr) + { +- BIO_ADDRINFO *res = NULL; +- int ret = 0; ++ int i; ++ struct servent *s; + + if (str == NULL) { + BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED); + return (0); + } +- +- if (BIO_sock_init() != 1) +- return 0; /* don't generate another error code here */ +- +- if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) { +- if (BIO_ADDRINFO_family(res) != AF_INET) { +- BIOerr(BIO_F_BIO_GET_PORT, +- BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET); +- } else { +- *port_ptr = ntohs(BIO_ADDR_rawport(BIO_ADDRINFO_address(res))); +- ret = 1; ++ i = atoi(str); ++ if (i != 0) ++ *port_ptr = (unsigned short)i; ++ else { ++ CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME); ++ /* ++ * Note: under VMS with SOCKETSHR, it seems like the first parameter ++ * is 'char *', instead of 'const char *' ++ */ ++# ifndef CONST_STRICT ++ s = getservbyname((char *)str, "tcp"); ++# else ++ s = getservbyname(str, "tcp"); ++# endif ++ if (s != NULL) ++ *port_ptr = ntohs((unsigned short)s->s_port); ++ CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); ++ if (s == NULL) { ++ if (strcmp(str, "http") == 0) ++ *port_ptr = 80; ++ else if (strcmp(str, "telnet") == 0) ++ *port_ptr = 23; ++ else if (strcmp(str, "socks") == 0) ++ *port_ptr = 1080; ++ else if (strcmp(str, "https") == 0) ++ *port_ptr = 443; ++ else if (strcmp(str, "ssl") == 0) ++ *port_ptr = 443; ++ else if (strcmp(str, "ftp") == 0) ++ *port_ptr = 21; ++ else if (strcmp(str, "gopher") == 0) ++ *port_ptr = 70; ++# if 0 ++ else if (strcmp(str, "wais") == 0) ++ *port_ptr = 21; ++# endif ++ else { ++ SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error()); ++ ERR_add_error_data(3, "service='", str, "'"); ++ return (0); ++ } + } +- BIO_ADDRINFO_free(res); +- } else { +- ERR_add_error_data(2, "host=", str); + } +- +- return ret; ++ return (1); + } +-# endif + + int BIO_sock_error(int sock) + { +- int j = 0, i; +- socklen_t size = sizeof(j); ++ int j, i; ++ union { ++ size_t s; ++ int i; ++ } size; ++ ++# if defined(OPENSSL_SYS_BEOS_R5) ++ return 0; ++# endif + ++ /* heuristic way to adapt for platforms that expect 64-bit optlen */ ++ size.s = 0, size.i = sizeof(j); + /* + * Note: under Windows the third parameter is of type (char *) whereas + * under other systems it is (void *) if you don't have a cast it will + * choke the compiler: if you do have a cast then you can either go for + * (char *) or (void *). + */ +- i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size); ++ i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, (void *)&size); + if (i < 0) +- return (get_last_socket_error()); ++ return (1); + else + return (j); + } + +-# if OPENSSL_API_COMPAT < 0x10100000L ++# if 0 ++long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) ++{ ++ int i; ++ char **p; ++ ++ switch (cmd) { ++ case BIO_GHBN_CTRL_HITS: ++ return (BIO_ghbn_hits); ++ /* break; */ ++ case BIO_GHBN_CTRL_MISSES: ++ return (BIO_ghbn_miss); ++ /* break; */ ++ case BIO_GHBN_CTRL_CACHE_SIZE: ++ return (GHBN_NUM); ++ /* break; */ ++ case BIO_GHBN_CTRL_GET_ENTRY: ++ if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) { ++ p = (char **)parg; ++ if (p == NULL) ++ return (0); ++ *p = ghbn_cache[iarg].name; ++ ghbn_cache[iarg].name[128] = '\0'; ++ return (1); ++ } ++ return (0); ++ /* break; */ ++ case BIO_GHBN_CTRL_FLUSH: ++ for (i = 0; i < GHBN_NUM; i++) ++ ghbn_cache[i].order = 0; ++ break; ++ default: ++ return (0); ++ } ++ return (1); ++} ++# endif ++ ++# if 0 ++static struct hostent *ghbn_dup(struct hostent *a) ++{ ++ struct hostent *ret; ++ int i, j; ++ ++ MemCheck_off(); ++ ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent)); ++ if (ret == NULL) ++ return (NULL); ++ memset(ret, 0, sizeof(struct hostent)); ++ ++ for (i = 0; a->h_aliases[i] != NULL; i++) ; ++ i++; ++ ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *)); ++ if (ret->h_aliases == NULL) ++ goto err; ++ memset(ret->h_aliases, 0, i * sizeof(char *)); ++ ++ for (i = 0; a->h_addr_list[i] != NULL; i++) ; ++ i++; ++ ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *)); ++ if (ret->h_addr_list == NULL) ++ goto err; ++ memset(ret->h_addr_list, 0, i * sizeof(char *)); ++ ++ j = strlen(a->h_name) + 1; ++ if ((ret->h_name = OPENSSL_malloc(j)) == NULL) ++ goto err; ++ memcpy((char *)ret->h_name, a->h_name, j); ++ for (i = 0; a->h_aliases[i] != NULL; i++) { ++ j = strlen(a->h_aliases[i]) + 1; ++ if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL) ++ goto err; ++ memcpy(ret->h_aliases[i], a->h_aliases[i], j); ++ } ++ ret->h_length = a->h_length; ++ ret->h_addrtype = a->h_addrtype; ++ for (i = 0; a->h_addr_list[i] != NULL; i++) { ++ if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL) ++ goto err; ++ memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length); ++ } ++ if (0) { ++ err: ++ if (ret != NULL) ++ ghbn_free(ret); ++ ret = NULL; ++ } ++ MemCheck_on(); ++ return (ret); ++} ++ ++static void ghbn_free(struct hostent *a) ++{ ++ int i; ++ ++ if (a == NULL) ++ return; ++ ++ if (a->h_aliases != NULL) { ++ for (i = 0; a->h_aliases[i] != NULL; i++) ++ OPENSSL_free(a->h_aliases[i]); ++ OPENSSL_free(a->h_aliases); ++ } ++ if (a->h_addr_list != NULL) { ++ for (i = 0; a->h_addr_list[i] != NULL; i++) ++ OPENSSL_free(a->h_addr_list[i]); ++ OPENSSL_free(a->h_addr_list); ++ } ++ if (a->h_name != NULL) ++ OPENSSL_free(a->h_name); ++ OPENSSL_free(a); ++} ++ ++# endif ++ + struct hostent *BIO_gethostbyname(const char *name) + { ++# if 1 + /* + * Caching gethostbyname() results forever is wrong, so we have to let + * the true gethostbyname() worry about this +@@ -120,8 +376,83 @@ struct hostent *BIO_gethostbyname(const char *name) + # else + return gethostbyname(name); + # endif +-} ++# else ++ struct hostent *ret; ++ int i, lowi = 0, j; ++ unsigned long low = (unsigned long)-1; ++ ++# if 0 ++ /* ++ * It doesn't make sense to use locking here: The function interface is ++ * not thread-safe, because threads can never be sure when some other ++ * thread destroys the data they were given a pointer to. ++ */ ++ CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); ++# endif ++ j = strlen(name); ++ if (j < 128) { ++ for (i = 0; i < GHBN_NUM; i++) { ++ if (low > ghbn_cache[i].order) { ++ low = ghbn_cache[i].order; ++ lowi = i; ++ } ++ if (ghbn_cache[i].order > 0) { ++ if (strncmp(name, ghbn_cache[i].name, 128) == 0) ++ break; ++ } ++ } ++ } else ++ i = GHBN_NUM; ++ ++ if (i == GHBN_NUM) { /* no hit */ ++ BIO_ghbn_miss++; ++ /* ++ * Note: under VMS with SOCKETSHR, it seems like the first parameter ++ * is 'char *', instead of 'const char *' ++ */ ++# ifndef CONST_STRICT ++ ret = gethostbyname((char *)name); ++# else ++ ret = gethostbyname(name); ++# endif ++ ++ if (ret == NULL) ++ goto end; ++ if (j > 128) { /* too big to cache */ ++# if 0 ++ /* ++ * If we were trying to make this function thread-safe (which is ++ * bound to fail), we'd have to give up in this case (or allocate ++ * more memory). ++ */ ++ ret = NULL; ++# endif ++ goto end; ++ } ++ ++ /* else add to cache */ ++ if (ghbn_cache[lowi].ent != NULL) ++ ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */ ++ ghbn_cache[lowi].name[0] = '\0'; ++ ++ if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) { ++ BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ strncpy(ghbn_cache[lowi].name, name, 128); ++ ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits; ++ } else { ++ BIO_ghbn_hits++; ++ ret = ghbn_cache[i].ent; ++ ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits; ++ } ++ end: ++# if 0 ++ CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); ++# endif ++ return (ret); + # endif ++} + + int BIO_sock_init(void) + { +@@ -135,7 +466,7 @@ int BIO_sock_init(void) + memset(&wsa_state, 0, sizeof(wsa_state)); + /* + * Not making wsa_state available to the rest of the code is formally +- * wrong. But the structures we use are [believed to be] invariable ++ * wrong. But the structures we use are [beleived to be] invariable + * among Winsock DLLs, while API availability is [expected to be] + * probed at run-time with DSO_global_lookup. + */ +@@ -154,12 +485,38 @@ int BIO_sock_init(void) + return (-1); + # endif + ++# if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) ++ WORD wVerReq; ++ WSADATA wsaData; ++ int err; ++ ++ if (!wsa_init_done) { ++ wsa_init_done = 1; ++ wVerReq = MAKEWORD(2, 0); ++ err = WSAStartup(wVerReq, &wsaData); ++ if (err != 0) { ++ SYSerr(SYS_F_WSASTARTUP, err); ++ BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); ++ return (-1); ++ } ++ } ++# endif ++ + return (1); + } + +-void bio_sock_cleanup_int(void) ++void BIO_sock_cleanup(void) + { + # ifdef OPENSSL_SYS_WINDOWS ++ if (wsa_init_done) { ++ wsa_init_done = 0; ++# if 0 /* this call is claimed to be non-present in ++ * Winsock2 */ ++ WSACancelBlockingCall(); ++# endif ++ WSACleanup(); ++ } ++# elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) + if (wsa_init_done) { + wsa_init_done = 0; + WSACleanup(); +@@ -208,83 +565,369 @@ int BIO_socket_ioctl(int fd, long type, void *arg) + } + # endif /* __VMS_VER */ + +-# if OPENSSL_API_COMPAT < 0x10100000L +-int BIO_get_accept_socket(char *host, int bind_mode) ++/* ++ * The reason I have implemented this instead of using sscanf is because ++ * Visual C 1.52c gives an unresolved external when linking a DLL :-( ++ */ ++static int get_ip(const char *str, unsigned char ip[4]) + { +- int s = INVALID_SOCKET; +- char *h = NULL, *p = NULL; +- BIO_ADDRINFO *res = NULL; ++ unsigned int tmp[4]; ++ int num = 0, c, ok = 0; ++ ++ tmp[0] = tmp[1] = tmp[2] = tmp[3] = 0; ++ ++ for (;;) { ++ c = *(str++); ++ if ((c >= '0') && (c <= '9')) { ++ ok = 1; ++ tmp[num] = tmp[num] * 10 + c - '0'; ++ if (tmp[num] > 255) ++ return (0); ++ } else if (c == '.') { ++ if (!ok) ++ return (-1); ++ if (num == 3) ++ return (0); ++ num++; ++ ok = 0; ++ } else if (c == '\0' && (num == 3) && ok) ++ break; ++ else ++ return (0); ++ } ++ ip[0] = tmp[0]; ++ ip[1] = tmp[1]; ++ ip[2] = tmp[2]; ++ ip[3] = tmp[3]; ++ return (1); ++} + +- if (!BIO_parse_hostserv(host, &h, &p, BIO_PARSE_PRIO_SERV)) +- return INVALID_SOCKET; ++int BIO_get_accept_socket(char *host, int bind_mode) ++{ ++ int ret = 0; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } server, client; ++ int s = INVALID_SOCKET, cs, addrlen; ++ unsigned char ip[4]; ++ unsigned short port; ++ char *str = NULL, *e; ++ char *h, *p; ++ unsigned long l; ++ int err_num; + + if (BIO_sock_init() != 1) +- return INVALID_SOCKET; ++ return (INVALID_SOCKET); ++ ++ if ((str = BUF_strdup(host)) == NULL) ++ return (INVALID_SOCKET); ++ ++ h = p = NULL; ++ h = str; ++ for (e = str; *e; e++) { ++ if (*e == ':') { ++ p = e; ++ } else if (*e == '/') { ++ *e = '\0'; ++ break; ++ } ++ } ++ if (p) ++ *p++ = '\0'; /* points at last ':', '::port' is special ++ * [see below] */ ++ else ++ p = h, h = NULL; ++ ++# ifdef EAI_FAMILY ++ do { ++ static union { ++ void *p; ++ int (WSAAPI *f) (const char *, const char *, ++ const struct addrinfo *, struct addrinfo **); ++ } p_getaddrinfo = { ++ NULL ++ }; ++ static union { ++ void *p; ++ void (WSAAPI *f) (struct addrinfo *); ++ } p_freeaddrinfo = { ++ NULL ++ }; ++ struct addrinfo *res, hint; ++ ++ if (p_getaddrinfo.p == NULL) { ++ if ((p_getaddrinfo.p = DSO_global_lookup("getaddrinfo")) == NULL ++ || (p_freeaddrinfo.p = ++ DSO_global_lookup("freeaddrinfo")) == NULL) ++ p_getaddrinfo.p = (void *)-1; ++ } ++ if (p_getaddrinfo.p == (void *)-1) ++ break; + +- if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0) +- goto err; ++ /* ++ * '::port' enforces IPv6 wildcard listener. Some OSes, e.g. Solaris, ++ * default to IPv6 without any hint. Also note that commonly IPv6 ++ * wildchard socket can service IPv4 connections just as well... ++ */ ++ memset(&hint, 0, sizeof(hint)); ++ hint.ai_flags = AI_PASSIVE; ++ if (h) { ++ if (strchr(h, ':')) { ++ if (h[1] == '\0') ++ h = NULL; ++# if OPENSSL_USE_IPV6 ++ hint.ai_family = AF_INET6; ++# else ++ h = NULL; ++# endif ++ } else if (h[0] == '*' && h[1] == '\0') { ++ hint.ai_family = AF_INET; ++ h = NULL; ++ } ++ } + +- if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res), +- BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) { +- s = INVALID_SOCKET; ++ if ((*p_getaddrinfo.f) (h, p, &hint, &res)) ++ break; ++ ++ addrlen = res->ai_addrlen <= sizeof(server) ? ++ res->ai_addrlen : sizeof(server); ++ memcpy(&server, res->ai_addr, addrlen); ++ ++ (*p_freeaddrinfo.f) (res); ++ goto again; ++ } while (0); ++# endif ++ ++ if (!BIO_get_port(p, &port)) + goto err; ++ ++ memset((char *)&server, 0, sizeof(server)); ++ server.sa_in.sin_family = AF_INET; ++ server.sa_in.sin_port = htons(port); ++ addrlen = sizeof(server.sa_in); ++ ++ if (h == NULL || strcmp(h, "*") == 0) ++ server.sa_in.sin_addr.s_addr = INADDR_ANY; ++ else { ++ if (!BIO_get_host_ip(h, &(ip[0]))) ++ goto err; ++ l = (unsigned long) ++ ((unsigned long)ip[0] << 24L) | ++ ((unsigned long)ip[1] << 16L) | ++ ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]); ++ server.sa_in.sin_addr.s_addr = htonl(l); + } + +- if (!BIO_listen(s, BIO_ADDRINFO_address(res), +- bind_mode ? BIO_SOCK_REUSEADDR : 0)) { +- BIO_closesocket(s); +- s = INVALID_SOCKET; ++ again: ++ s = socket(server.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); ++ if (s == INVALID_SOCKET) { ++ SYSerr(SYS_F_SOCKET, get_last_socket_error()); ++ ERR_add_error_data(3, "port='", host, "'"); ++ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET); ++ goto err; + } ++# ifdef SO_REUSEADDR ++ if (bind_mode == BIO_BIND_REUSEADDR) { ++ int i = 1; + ++ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char *)&i, sizeof(i)); ++ bind_mode = BIO_BIND_NORMAL; ++ } ++# endif ++ if (bind(s, &server.sa, addrlen) == -1) { ++# ifdef SO_REUSEADDR ++ err_num = get_last_socket_error(); ++ if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && ++# ifdef OPENSSL_SYS_WINDOWS ++ /* ++ * Some versions of Windows define EADDRINUSE to a dummy value. ++ */ ++ (err_num == WSAEADDRINUSE)) ++# else ++ (err_num == EADDRINUSE)) ++# endif ++ { ++ client = server; ++ if (h == NULL || strcmp(h, "*") == 0) { ++# if OPENSSL_USE_IPV6 ++ if (client.sa.sa_family == AF_INET6) { ++ memset(&client.sa_in6.sin6_addr, 0, ++ sizeof(client.sa_in6.sin6_addr)); ++ client.sa_in6.sin6_addr.s6_addr[15] = 1; ++ } else ++# endif ++ if (client.sa.sa_family == AF_INET) { ++ client.sa_in.sin_addr.s_addr = htonl(0x7F000001); ++ } else ++ goto err; ++ } ++ cs = socket(client.sa.sa_family, SOCK_STREAM, SOCKET_PROTOCOL); ++ if (cs != INVALID_SOCKET) { ++ int ii; ++ ii = connect(cs, &client.sa, addrlen); ++ closesocket(cs); ++ if (ii == INVALID_SOCKET) { ++ bind_mode = BIO_BIND_REUSEADDR; ++ closesocket(s); ++ goto again; ++ } ++ /* else error */ ++ } ++ /* else error */ ++ } ++# endif ++ SYSerr(SYS_F_BIND, err_num); ++ ERR_add_error_data(3, "port='", host, "'"); ++ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_BIND_SOCKET); ++ goto err; ++ } ++ if (listen(s, MAX_LISTEN) == -1) { ++ SYSerr(SYS_F_BIND, get_last_socket_error()); ++ ERR_add_error_data(3, "port='", host, "'"); ++ BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET, BIO_R_UNABLE_TO_LISTEN_SOCKET); ++ goto err; ++ } ++ ret = 1; + err: +- BIO_ADDRINFO_free(res); +- OPENSSL_free(h); +- OPENSSL_free(p); +- +- return s; ++ if (str != NULL) ++ OPENSSL_free(str); ++ if ((ret == 0) && (s != INVALID_SOCKET)) { ++ closesocket(s); ++ s = INVALID_SOCKET; ++ } ++ return (s); + } + +-int BIO_accept(int sock, char **ip_port) ++int BIO_accept(int sock, char **addr) + { +- BIO_ADDR res; +- int ret = -1; ++ int ret = INVALID_SOCKET; ++ unsigned long l; ++ unsigned short port; ++ char *p; + +- ret = BIO_accept_ex(sock, &res, 0); +- if (ret == (int)INVALID_SOCKET) { +- if (BIO_sock_should_retry(ret)) { +- ret = -2; +- goto end; +- } ++ struct { ++ /* ++ * As for following union. Trouble is that there are platforms ++ * that have socklen_t and there are platforms that don't, on ++ * some platforms socklen_t is int and on some size_t. So what ++ * one can do? One can cook #ifdef spaghetti, which is nothing ++ * but masochistic. Or one can do union between int and size_t. ++ * One naturally does it primarily for 64-bit platforms where ++ * sizeof(int) != sizeof(size_t). But would it work? Note that ++ * if size_t member is initialized to 0, then later int member ++ * assignment naturally does the job on little-endian platforms ++ * regardless accept's expectations! What about big-endians? ++ * If accept expects int*, then it works, and if size_t*, then ++ * length value would appear as unreasonably large. But this ++ * won't prevent it from filling in the address structure. The ++ * trouble of course would be if accept returns more data than ++ * actual buffer can accomodate and overwrite stack... That's ++ * where early OPENSSL_assert comes into picture. Besides, the ++ * only 64-bit big-endian platform found so far that expects ++ * size_t* is HP-UX, where stack grows towards higher address. ++ * ++ */ ++ union { ++ size_t s; ++ int i; ++ } len; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } from; ++ } sa; ++ ++ sa.len.s = 0; ++ sa.len.i = sizeof(sa.from); ++ memset(&sa.from, 0, sizeof(sa.from)); ++ ret = accept(sock, &sa.from.sa, (void *)&sa.len); ++ if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { ++ OPENSSL_assert(sa.len.s <= sizeof(sa.from)); ++ sa.len.i = (int)sa.len.s; ++ /* use sa.len.i from this point */ ++ } ++ if (ret == INVALID_SOCKET) { ++ if (BIO_sock_should_retry(ret)) ++ return -2; + SYSerr(SYS_F_ACCEPT, get_last_socket_error()); + BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR); + goto end; + } + +- if (ip_port != NULL) { +- char *host = BIO_ADDR_hostname_string(&res, 1); +- char *port = BIO_ADDR_service_string(&res, 1); +- if (host != NULL && port != NULL) +- *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2); +- else +- *ip_port = NULL; ++ if (addr == NULL) ++ goto end; + +- if (*ip_port == NULL) { +- BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); +- BIO_closesocket(ret); +- ret = (int)INVALID_SOCKET; ++# ifdef EAI_FAMILY ++ do { ++ char h[NI_MAXHOST], s[NI_MAXSERV]; ++ size_t nl; ++ static union { ++ void *p; ++ int (WSAAPI *f) (const struct sockaddr *, size_t /* socklen_t */ , ++ char *, size_t, char *, size_t, int); ++ } p_getnameinfo = { ++ NULL ++ }; ++ /* ++ * 2nd argument to getnameinfo is specified to be socklen_t. ++ * Unfortunately there is a number of environments where socklen_t is ++ * not defined. As it's passed by value, it's safe to pass it as ++ * size_t... ++ */ ++ ++ if (p_getnameinfo.p == NULL) { ++ if ((p_getnameinfo.p = DSO_global_lookup("getnameinfo")) == NULL) ++ p_getnameinfo.p = (void *)-1; ++ } ++ if (p_getnameinfo.p == (void *)-1) ++ break; ++ ++ if ((*p_getnameinfo.f) (&sa.from.sa, sa.len.i, h, sizeof(h), s, ++ sizeof(s), NI_NUMERICHOST | NI_NUMERICSERV)) ++ break; ++ nl = strlen(h) + strlen(s) + 2; ++ p = *addr; ++ if (p) { ++ *p = '\0'; ++ p = OPENSSL_realloc(p, nl); + } else { +- strcpy(*ip_port, host); +- strcat(*ip_port, ":"); +- strcat(*ip_port, port); ++ p = OPENSSL_malloc(nl); ++ } ++ if (p == NULL) { ++ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); ++ goto end; ++ } ++ *addr = p; ++ BIO_snprintf(*addr, nl, "%s:%s", h, s); ++ goto end; ++ } while (0); ++# endif ++ if (sa.from.sa.sa_family != AF_INET) ++ goto end; ++ l = ntohl(sa.from.sa_in.sin_addr.s_addr); ++ port = ntohs(sa.from.sa_in.sin_port); ++ if (*addr == NULL) { ++ if ((p = OPENSSL_malloc(24)) == NULL) { ++ BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE); ++ goto end; + } +- OPENSSL_free(host); +- OPENSSL_free(port); ++ *addr = p; + } +- ++ BIO_snprintf(*addr, 24, "%d.%d.%d.%d:%d", ++ (unsigned char)(l >> 24L) & 0xff, ++ (unsigned char)(l >> 16L) & 0xff, ++ (unsigned char)(l >> 8L) & 0xff, ++ (unsigned char)(l) & 0xff, port); + end: +- return ret; ++ return (ret); + } +-# endif + + int BIO_set_tcp_ndelay(int s, int on) + { +@@ -312,70 +955,8 @@ int BIO_socket_nbio(int s, int mode) + + l = mode; + # ifdef FIONBIO +- l = mode; +- + ret = BIO_socket_ioctl(s, FIONBIO, &l); +-# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY)) +- /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ +- +- l = fcntl(s, F_GETFL, 0); +- if (l == -1) { +- SYSerr(SYS_F_FCNTL, get_last_rtl_error()); +- ret = -1; +- } else { +-# if defined(O_NONBLOCK) +- l &= ~O_NONBLOCK; +-# else +- l &= ~FNDELAY; /* BSD4.x */ +-# endif +- if (mode) { +-# if defined(O_NONBLOCK) +- l |= O_NONBLOCK; +-# else +- l |= FNDELAY; /* BSD4.x */ +-# endif +- } +- ret = fcntl(s, F_SETFL, l); +- +- if (ret < 0) { +- SYSerr(SYS_F_FCNTL, get_last_rtl_error()); +- } +- } +-# else +- /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */ +- BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT); + # endif +- + return (ret == 0); + } +- +-int BIO_sock_info(int sock, +- enum BIO_sock_info_type type, union BIO_sock_info_u *info) +-{ +- switch (type) { +- case BIO_SOCK_INFO_ADDRESS: +- { +- socklen_t addr_len; +- int ret = 0; +- addr_len = sizeof(*info->addr); +- ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr), +- &addr_len); +- if (ret == -1) { +- SYSerr(SYS_F_GETSOCKNAME, get_last_socket_error()); +- BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_ERROR); +- return 0; +- } +- if ((size_t)addr_len > sizeof(*info->addr)) { +- BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS); +- return 0; +- } +- } +- break; +- default: +- BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_UNKNOWN_INFO_TYPE); +- return 0; +- } +- return 1; +-} +- + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/b_sock2.c b/Cryptlib/OpenSSL/crypto/bio/b_sock2.c +deleted file mode 100644 +index 7f4d89e..0000000 +--- a/Cryptlib/OpenSSL/crypto/bio/b_sock2.c ++++ /dev/null +@@ -1,270 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +- +-#include "bio_lcl.h" +- +-#include +- +-#ifndef OPENSSL_NO_SOCK +-# ifdef SO_MAXCONN +-# define MAX_LISTEN SO_MAXCONN +-# elif defined(SOMAXCONN) +-# define MAX_LISTEN SOMAXCONN +-# else +-# define MAX_LISTEN 32 +-# endif +- +-/*- +- * BIO_socket - create a socket +- * @domain: the socket domain (AF_INET, AF_INET6, AF_UNIX, ...) +- * @socktype: the socket type (SOCK_STEAM, SOCK_DGRAM) +- * @protocol: the protocol to use (IPPROTO_TCP, IPPROTO_UDP) +- * @options: BIO socket options (currently unused) +- * +- * Creates a socket. This should be called before calling any +- * of BIO_connect and BIO_listen. +- * +- * Returns the file descriptor on success or INVALID_SOCKET on failure. On +- * failure errno is set, and a status is added to the OpenSSL error stack. +- */ +-int BIO_socket(int domain, int socktype, int protocol, int options) +-{ +- int sock = -1; +- +- if (BIO_sock_init() != 1) +- return INVALID_SOCKET; +- +- sock = socket(domain, socktype, protocol); +- if (sock == -1) { +- SYSerr(SYS_F_SOCKET, get_last_socket_error()); +- BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET); +- return INVALID_SOCKET; +- } +- +- return sock; +-} +- +-/*- +- * BIO_connect - connect to an address +- * @sock: the socket to connect with +- * @addr: the address to connect to +- * @options: BIO socket options +- * +- * Connects to the address using the given socket and options. +- * +- * Options can be a combination of the following: +- * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages. +- * - BIO_SOCK_NONBLOCK: Make the socket non-blocking. +- * - BIO_SOCK_NODELAY: don't delay small messages. +- * +- * options holds BIO socket options that can be used +- * You should call this for every address returned by BIO_lookup +- * until the connection is successful. +- * +- * Returns 1 on success or 0 on failure. On failure errno is set +- * and an error status is added to the OpenSSL error stack. +- */ +-int BIO_connect(int sock, const BIO_ADDR *addr, int options) +-{ +- int on = 1; +- +- if (sock == -1) { +- BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET); +- return 0; +- } +- +- if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0)) +- return 0; +- +- if (options & BIO_SOCK_KEEPALIVE) { +- if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) { +- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE); +- return 0; +- } +- } +- +- if (options & BIO_SOCK_NODELAY) { +- if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) { +- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY); +- return 0; +- } +- } +- +- if (connect(sock, BIO_ADDR_sockaddr(addr), +- BIO_ADDR_sockaddr_size(addr)) == -1) { +- if (!BIO_sock_should_retry(-1)) { +- SYSerr(SYS_F_CONNECT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_CONNECT, BIO_R_CONNECT_ERROR); +- } +- return 0; +- } +- return 1; +-} +- +-/*- +- * BIO_listen - Creates a listen socket +- * @sock: the socket to listen with +- * @addr: local address to bind to +- * @options: BIO socket options +- * +- * Binds to the address using the given socket and options, then +- * starts listening for incoming connections. +- * +- * Options can be a combination of the following: +- * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages. +- * - BIO_SOCK_NONBLOCK: Make the socket non-blocking. +- * - BIO_SOCK_NODELAY: don't delay small messages. +- * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination +- * for a recently closed port. +- * - BIO_SOCK_V6_ONLY: When creating an IPv6 socket, make it listen only +- * for IPv6 addresses and not IPv4 addresses mapped to IPv6. +- * +- * It's recommended that you set up both an IPv6 and IPv4 listen socket, and +- * then check both for new clients that connect to it. You want to set up +- * the socket as non-blocking in that case since else it could hang. +- * +- * Not all operating systems support IPv4 addresses on an IPv6 socket, and for +- * others it's an option. If you pass the BIO_LISTEN_V6_ONLY it will try to +- * create the IPv6 sockets to only listen for IPv6 connection. +- * +- * It could be that the first BIO_listen() call will listen to all the IPv6 +- * and IPv4 addresses and that then trying to bind to the IPv4 address will +- * fail. We can't tell the difference between already listening ourself to +- * it and someone else listening to it when failing and errno is EADDRINUSE, so +- * it's recommended to not give an error in that case if the first call was +- * successful. +- * +- * When restarting the program it could be that the port is still in use. If +- * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway. +- * It's recommended that you use this. +- */ +-int BIO_listen(int sock, const BIO_ADDR *addr, int options) +-{ +- int on = 1; +- int socktype; +- socklen_t socktype_len = sizeof(socktype); +- +- if (sock == -1) { +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_INVALID_SOCKET); +- return 0; +- } +- +- if (getsockopt(sock, SOL_SOCKET, SO_TYPE, &socktype, &socktype_len) != 0 +- || socktype_len != sizeof(socktype)) { +- SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE); +- return 0; +- } +- +- if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0)) +- return 0; +- +-# ifndef OPENSSL_SYS_WINDOWS +- /* SO_REUSEADDR has different behavior on Windows than on +- * other operating systems, don't set it there. */ +- if (options & BIO_SOCK_REUSEADDR) { +- if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) != 0) { +- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_REUSEADDR); +- return 0; +- } +- } +-# endif +- +- if (options & BIO_SOCK_KEEPALIVE) { +- if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) != 0) { +- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE); +- return 0; +- } +- } +- +- if (options & BIO_SOCK_NODELAY) { +- if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) != 0) { +- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY); +- return 0; +- } +- } +- +-# ifdef IPV6_V6ONLY +- if ((options & BIO_SOCK_V6_ONLY) && BIO_ADDR_family(addr) == AF_INET6) { +- if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) != 0) { +- SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY); +- return 0; +- } +- } +-# endif +- +- if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) { +- SYSerr(SYS_F_BIND, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_BIND_SOCKET); +- return 0; +- } +- +- if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) { +- SYSerr(SYS_F_LISTEN, get_last_socket_error()); +- BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_LISTEN_SOCKET); +- return 0; +- } +- +- return 1; +-} +- +-/*- +- * BIO_accept_ex - Accept new incoming connections +- * @sock: the listening socket +- * @addr: the BIO_ADDR to store the peer address in +- * @options: BIO socket options, applied on the accepted socket. +- * +- */ +-int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options) +-{ +- socklen_t len; +- int accepted_sock; +- BIO_ADDR locaddr; +- BIO_ADDR *addr = addr_ == NULL ? &locaddr : addr_; +- +- len = sizeof(*addr); +- accepted_sock = accept(accept_sock, +- BIO_ADDR_sockaddr_noconst(addr), &len); +- if (accepted_sock == -1) { +- if (!BIO_sock_should_retry(accepted_sock)) { +- SYSerr(SYS_F_ACCEPT, get_last_socket_error()); +- BIOerr(BIO_F_BIO_ACCEPT_EX, BIO_R_ACCEPT_ERROR); +- } +- return INVALID_SOCKET; +- } +- +- if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) { +- closesocket(accepted_sock); +- return INVALID_SOCKET; +- } +- +- return accepted_sock; +-} +- +-/*- +- * BIO_closesocket - Close a socket +- * @sock: the socket to close +- */ +-int BIO_closesocket(int sock) +-{ +- if (closesocket(sock) < 0) +- return 0; +- return 1; +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c +index b2a387b..478fa16 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bf_buff.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include + + static int buffer_write(BIO *h, const char *buf, int num); + static int buffer_read(BIO *h, char *buf, int size); +@@ -22,7 +71,7 @@ static int buffer_free(BIO *data); + static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + #define DEFAULT_BUFFER_SIZE 4096 + +-static const BIO_METHOD methods_buffer = { ++static BIO_METHOD methods_buffer = { + BIO_TYPE_BUFFER, + "buffer", + buffer_write, +@@ -35,30 +84,35 @@ static const BIO_METHOD methods_buffer = { + buffer_callback_ctrl, + }; + +-const BIO_METHOD *BIO_f_buffer(void) ++BIO_METHOD *BIO_f_buffer(void) + { + return (&methods_buffer); + } + + static int buffer_new(BIO *bi) + { +- BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); ++ BIO_F_BUFFER_CTX *ctx; + ++ ctx = (BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); + if (ctx == NULL) + return (0); +- ctx->ibuf_size = DEFAULT_BUFFER_SIZE; +- ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); ++ ctx->ibuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); + if (ctx->ibuf == NULL) { + OPENSSL_free(ctx); + return (0); + } +- ctx->obuf_size = DEFAULT_BUFFER_SIZE; +- ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); ++ ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); + if (ctx->obuf == NULL) { + OPENSSL_free(ctx->ibuf); + OPENSSL_free(ctx); + return (0); + } ++ ctx->ibuf_size = DEFAULT_BUFFER_SIZE; ++ ctx->obuf_size = DEFAULT_BUFFER_SIZE; ++ ctx->ibuf_len = 0; ++ ctx->ibuf_off = 0; ++ ctx->obuf_len = 0; ++ ctx->obuf_off = 0; + + bi->init = 1; + bi->ptr = (char *)ctx; +@@ -73,8 +127,10 @@ static int buffer_free(BIO *a) + if (a == NULL) + return (0); + b = (BIO_F_BUFFER_CTX *)a->ptr; +- OPENSSL_free(b->ibuf); +- OPENSSL_free(b->obuf); ++ if (b->ibuf != NULL) ++ OPENSSL_free(b->ibuf); ++ if (b->obuf != NULL) ++ OPENSSL_free(b->obuf); + OPENSSL_free(a->ptr); + a->ptr = NULL; + a->init = 0; +@@ -283,7 +339,8 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) + p1 = OPENSSL_malloc((int)num); + if (p1 == NULL) + goto malloc_error; +- OPENSSL_free(ctx->ibuf); ++ if (ctx->ibuf != NULL) ++ OPENSSL_free(ctx->ibuf); + ctx->ibuf = p1; + } + ctx->ibuf_off = 0; +@@ -309,12 +366,12 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) + p1 = ctx->ibuf; + p2 = ctx->obuf; + if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) { +- p1 = OPENSSL_malloc((int)num); ++ p1 = (char *)OPENSSL_malloc((int)num); + if (p1 == NULL) + goto malloc_error; + } + if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) { +- p2 = OPENSSL_malloc((int)num); ++ p2 = (char *)OPENSSL_malloc((int)num); + if (p2 == NULL) { + if (p1 != ctx->ibuf) + OPENSSL_free(p1); +@@ -357,6 +414,10 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) + if (ctx->obuf_len > 0) { + r = BIO_write(b->next_bio, + &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); ++#if 0 ++ fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off, ++ ctx->obuf_len, r); ++#endif + BIO_copy_next_retry(b); + if (r <= 0) + return ((long)r); +@@ -365,6 +426,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) + } else { + ctx->obuf_len = 0; + ctx->obuf_off = 0; ++ ret = 1; + break; + } + } +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c b/Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c +deleted file mode 100644 +index b3c2b5e..0000000 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_lbuf.c ++++ /dev/null +@@ -1,319 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" +-#include +- +-static int linebuffer_write(BIO *h, const char *buf, int num); +-static int linebuffer_read(BIO *h, char *buf, int size); +-static int linebuffer_puts(BIO *h, const char *str); +-static int linebuffer_gets(BIO *h, char *str, int size); +-static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); +-static int linebuffer_new(BIO *h); +-static int linebuffer_free(BIO *data); +-static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +- +-/* A 10k maximum should be enough for most purposes */ +-#define DEFAULT_LINEBUFFER_SIZE 1024*10 +- +-/* #define DEBUG */ +- +-static const BIO_METHOD methods_linebuffer = { +- BIO_TYPE_LINEBUFFER, +- "linebuffer", +- linebuffer_write, +- linebuffer_read, +- linebuffer_puts, +- linebuffer_gets, +- linebuffer_ctrl, +- linebuffer_new, +- linebuffer_free, +- linebuffer_callback_ctrl, +-}; +- +-const BIO_METHOD *BIO_f_linebuffer(void) +-{ +- return (&methods_linebuffer); +-} +- +-typedef struct bio_linebuffer_ctx_struct { +- char *obuf; /* the output char array */ +- int obuf_size; /* how big is the output buffer */ +- int obuf_len; /* how many bytes are in it */ +-} BIO_LINEBUFFER_CTX; +- +-static int linebuffer_new(BIO *bi) +-{ +- BIO_LINEBUFFER_CTX *ctx; +- +- ctx = OPENSSL_malloc(sizeof(*ctx)); +- if (ctx == NULL) +- return (0); +- ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); +- if (ctx->obuf == NULL) { +- OPENSSL_free(ctx); +- return (0); +- } +- ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE; +- ctx->obuf_len = 0; +- +- bi->init = 1; +- bi->ptr = (char *)ctx; +- bi->flags = 0; +- return (1); +-} +- +-static int linebuffer_free(BIO *a) +-{ +- BIO_LINEBUFFER_CTX *b; +- +- if (a == NULL) +- return (0); +- b = (BIO_LINEBUFFER_CTX *)a->ptr; +- OPENSSL_free(b->obuf); +- OPENSSL_free(a->ptr); +- a->ptr = NULL; +- a->init = 0; +- a->flags = 0; +- return (1); +-} +- +-static int linebuffer_read(BIO *b, char *out, int outl) +-{ +- int ret = 0; +- +- if (out == NULL) +- return (0); +- if (b->next_bio == NULL) +- return (0); +- ret = BIO_read(b->next_bio, out, outl); +- BIO_clear_retry_flags(b); +- BIO_copy_next_retry(b); +- return (ret); +-} +- +-static int linebuffer_write(BIO *b, const char *in, int inl) +-{ +- int i, num = 0, foundnl; +- BIO_LINEBUFFER_CTX *ctx; +- +- if ((in == NULL) || (inl <= 0)) +- return (0); +- ctx = (BIO_LINEBUFFER_CTX *)b->ptr; +- if ((ctx == NULL) || (b->next_bio == NULL)) +- return (0); +- +- BIO_clear_retry_flags(b); +- +- do { +- const char *p; +- +- for (p = in; p < in + inl && *p != '\n'; p++) ; +- if (*p == '\n') { +- p++; +- foundnl = 1; +- } else +- foundnl = 0; +- +- /* +- * If a NL was found and we already have text in the save buffer, +- * concatenate them and write +- */ +- while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) +- && ctx->obuf_len > 0) { +- int orig_olen = ctx->obuf_len; +- +- i = ctx->obuf_size - ctx->obuf_len; +- if (p - in > 0) { +- if (i >= p - in) { +- memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in); +- ctx->obuf_len += p - in; +- inl -= p - in; +- num += p - in; +- in = p; +- } else { +- memcpy(&(ctx->obuf[ctx->obuf_len]), in, i); +- ctx->obuf_len += i; +- inl -= i; +- in += i; +- num += i; +- } +- } +- i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); +- if (i <= 0) { +- ctx->obuf_len = orig_olen; +- BIO_copy_next_retry(b); +- +- if (i < 0) +- return ((num > 0) ? num : i); +- if (i == 0) +- return (num); +- } +- if (i < ctx->obuf_len) +- memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i); +- ctx->obuf_len -= i; +- } +- +- /* +- * Now that the save buffer is emptied, let's write the input buffer +- * if a NL was found and there is anything to write. +- */ +- if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) { +- i = BIO_write(b->next_bio, in, p - in); +- if (i <= 0) { +- BIO_copy_next_retry(b); +- if (i < 0) +- return ((num > 0) ? num : i); +- if (i == 0) +- return (num); +- } +- num += i; +- in += i; +- inl -= i; +- } +- } +- while (foundnl && inl > 0); +- /* +- * We've written as much as we can. The rest of the input buffer, if +- * any, is text that doesn't and with a NL and therefore needs to be +- * saved for the next trip. +- */ +- if (inl > 0) { +- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl); +- ctx->obuf_len += inl; +- num += inl; +- } +- return num; +-} +- +-static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) +-{ +- BIO *dbio; +- BIO_LINEBUFFER_CTX *ctx; +- long ret = 1; +- char *p; +- int r; +- int obs; +- +- ctx = (BIO_LINEBUFFER_CTX *)b->ptr; +- +- switch (cmd) { +- case BIO_CTRL_RESET: +- ctx->obuf_len = 0; +- if (b->next_bio == NULL) +- return (0); +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- break; +- case BIO_CTRL_INFO: +- ret = (long)ctx->obuf_len; +- break; +- case BIO_CTRL_WPENDING: +- ret = (long)ctx->obuf_len; +- if (ret == 0) { +- if (b->next_bio == NULL) +- return (0); +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- } +- break; +- case BIO_C_SET_BUFF_SIZE: +- obs = (int)num; +- p = ctx->obuf; +- if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) { +- p = OPENSSL_malloc((int)num); +- if (p == NULL) +- goto malloc_error; +- } +- if (ctx->obuf != p) { +- if (ctx->obuf_len > obs) { +- ctx->obuf_len = obs; +- } +- memcpy(p, ctx->obuf, ctx->obuf_len); +- OPENSSL_free(ctx->obuf); +- ctx->obuf = p; +- ctx->obuf_size = obs; +- } +- break; +- case BIO_C_DO_STATE_MACHINE: +- if (b->next_bio == NULL) +- return (0); +- BIO_clear_retry_flags(b); +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- BIO_copy_next_retry(b); +- break; +- +- case BIO_CTRL_FLUSH: +- if (b->next_bio == NULL) +- return (0); +- if (ctx->obuf_len <= 0) { +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- break; +- } +- +- for (;;) { +- BIO_clear_retry_flags(b); +- if (ctx->obuf_len > 0) { +- r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); +- BIO_copy_next_retry(b); +- if (r <= 0) +- return ((long)r); +- if (r < ctx->obuf_len) +- memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r); +- ctx->obuf_len -= r; +- } else { +- ctx->obuf_len = 0; +- break; +- } +- } +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- break; +- case BIO_CTRL_DUP: +- dbio = (BIO *)ptr; +- if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size)) +- ret = 0; +- break; +- default: +- if (b->next_bio == NULL) +- return (0); +- ret = BIO_ctrl(b->next_bio, cmd, num, ptr); +- break; +- } +- return (ret); +- malloc_error: +- BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE); +- return (0); +-} +- +-static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +-{ +- long ret = 1; +- +- if (b->next_bio == NULL) +- return (0); +- switch (cmd) { +- default: +- ret = BIO_callback_ctrl(b->next_bio, cmd, fp); +- break; +- } +- return (ret); +-} +- +-static int linebuffer_gets(BIO *b, char *buf, int size) +-{ +- if (b->next_bio == NULL) +- return (0); +- return (BIO_gets(b->next_bio, buf, size)); +-} +- +-static int linebuffer_puts(BIO *b, const char *str) +-{ +- return (linebuffer_write(b, str, strlen(str))); +-} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +index 364d9fb..4842bb4 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c +@@ -1,17 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bf_nbio.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include ++#include + + /* + * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest +@@ -31,7 +80,7 @@ typedef struct nbio_test_st { + int lwn; + } NBIO_TEST; + +-static const BIO_METHOD methods_nbiof = { ++static BIO_METHOD methods_nbiof = { + BIO_TYPE_NBIO_TEST, + "non-blocking IO test filter", + nbiof_write, +@@ -44,7 +93,7 @@ static const BIO_METHOD methods_nbiof = { + nbiof_callback_ctrl, + }; + +-const BIO_METHOD *BIO_f_nbio_test(void) ++BIO_METHOD *BIO_f_nbio_test(void) + { + return (&methods_nbiof); + } +@@ -53,12 +102,13 @@ static int nbiof_new(BIO *bi) + { + NBIO_TEST *nt; + +- if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) ++ if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) + return (0); + nt->lrn = -1; + nt->lwn = -1; + bi->ptr = (char *)nt; + bi->init = 1; ++ bi->flags = 0; + return (1); + } + +@@ -66,7 +116,8 @@ static int nbiof_free(BIO *a) + { + if (a == NULL) + return (0); +- OPENSSL_free(a->ptr); ++ if (a->ptr != NULL) ++ OPENSSL_free(a->ptr); + a->ptr = NULL; + a->init = 0; + a->flags = 0; +@@ -76,8 +127,10 @@ static int nbiof_free(BIO *a) + static int nbiof_read(BIO *b, char *out, int outl) + { + int ret = 0; ++#if 1 + int num; + unsigned char n; ++#endif + + if (out == NULL) + return (0); +@@ -85,6 +138,7 @@ static int nbiof_read(BIO *b, char *out, int outl) + return (0); + + BIO_clear_retry_flags(b); ++#if 1 + if (RAND_bytes(&n, 1) <= 0) + return -1; + num = (n & 0x07); +@@ -95,7 +149,9 @@ static int nbiof_read(BIO *b, char *out, int outl) + if (num == 0) { + ret = -1; + BIO_set_retry_read(b); +- } else { ++ } else ++#endif ++ { + ret = BIO_read(b->next_bio, out, outl); + if (ret < 0) + BIO_copy_next_retry(b); +@@ -118,6 +174,7 @@ static int nbiof_write(BIO *b, const char *in, int inl) + + BIO_clear_retry_flags(b); + ++#if 1 + if (nt->lwn > 0) { + num = nt->lwn; + nt->lwn = 0; +@@ -133,7 +190,9 @@ static int nbiof_write(BIO *b, const char *in, int inl) + if (num == 0) { + ret = -1; + BIO_set_retry_write(b); +- } else { ++ } else ++#endif ++ { + ret = BIO_write(b->next_bio, in, inl); + if (ret < 0) { + BIO_copy_next_retry(b); +diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c +index 0736b3f..e0c79e8 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bf_null.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bf_null.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bf_null.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include + + /* + * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest +@@ -24,7 +73,7 @@ static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int nullf_new(BIO *h); + static int nullf_free(BIO *data); + static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); +-static const BIO_METHOD methods_nullf = { ++static BIO_METHOD methods_nullf = { + BIO_TYPE_NULL_FILTER, + "NULL filter", + nullf_write, +@@ -37,7 +86,7 @@ static const BIO_METHOD methods_nullf = { + nullf_callback_ctrl, + }; + +-const BIO_METHOD *BIO_f_null(void) ++BIO_METHOD *BIO_f_null(void) + { + return (&methods_nullf); + } +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +index 69ea3d0..d3e8606 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c +@@ -1,24 +1,73 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bio_cb.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include + #include + +-long BIO_debug_callback(BIO *bio, int cmd, const char *argp, +- int argi, long argl, long ret) ++long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, ++ int argi, long argl, long ret) + { + BIO *b; +- char buf[256]; ++ MS_STATIC char buf[256]; + char *p; + long r = 1; + int len; +@@ -27,11 +76,8 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, + if (BIO_CB_RETURN & cmd) + r = ret; + +- len = BIO_snprintf(buf, sizeof buf, "BIO[%p]: ", (void *)bio); ++ len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + +- /* Ignore errors and continue printing the other information. */ +- if (len < 0) +- len = 0; + p = buf + len; + p_maxlen = sizeof(buf) - len; + +@@ -91,7 +137,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, + b = (BIO *)bio->cb_arg; + if (b != NULL) + BIO_write(b, buf, strlen(buf)); +-#if !defined(OPENSSL_NO_STDIO) ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) + else + fputs(buf, stderr); + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +index 98c90d6..d9007aa 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_err.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bio_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,21 +70,17 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) + + static ERR_STRING_DATA BIO_str_functs[] = { +- {ERR_FUNC(BIO_F_ACPT_STATE), "acpt_state"}, +- {ERR_FUNC(BIO_F_ADDR_STRINGS), "addr_strings"}, ++ {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"}, + {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"}, +- {ERR_FUNC(BIO_F_BIO_ACCEPT_EX), "BIO_accept_ex"}, +- {ERR_FUNC(BIO_F_BIO_ADDR_NEW), "BIO_ADDR_new"}, ++ {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"}, + {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"}, +- {ERR_FUNC(BIO_F_BIO_CONNECT), "BIO_connect"}, + {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"}, ++ {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"}, + {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"}, ++ {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"}, + {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"}, +- {ERR_FUNC(BIO_F_BIO_GET_NEW_INDEX), "BIO_get_new_index"}, + {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"}, +- {ERR_FUNC(BIO_F_BIO_LISTEN), "BIO_listen"}, +- {ERR_FUNC(BIO_F_BIO_LOOKUP), "BIO_lookup"}, +- {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "bio_make_pair"}, ++ {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"}, + {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"}, + {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"}, + {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"}, +@@ -41,70 +88,56 @@ static ERR_STRING_DATA BIO_str_functs[] = { + {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"}, + {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"}, + {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"}, +- {ERR_FUNC(BIO_F_BIO_PARSE_HOSTSERV), "BIO_parse_hostserv"}, + {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"}, + {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"}, +- {ERR_FUNC(BIO_F_BIO_SOCKET), "BIO_socket"}, +- {ERR_FUNC(BIO_F_BIO_SOCKET_NBIO), "BIO_socket_nbio"}, +- {ERR_FUNC(BIO_F_BIO_SOCK_INFO), "BIO_sock_info"}, + {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"}, + {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"}, +- {ERR_FUNC(BIO_F_BUFFER_CTRL), "buffer_ctrl"}, +- {ERR_FUNC(BIO_F_CONN_CTRL), "conn_ctrl"}, +- {ERR_FUNC(BIO_F_CONN_STATE), "conn_state"}, +- {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "dgram_sctp_read"}, +- {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "dgram_sctp_write"}, +- {ERR_FUNC(BIO_F_FILE_CTRL), "file_ctrl"}, +- {ERR_FUNC(BIO_F_FILE_READ), "file_read"}, +- {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "linebuffer_ctrl"}, +- {ERR_FUNC(BIO_F_MEM_WRITE), "mem_write"}, ++ {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"}, ++ {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, ++ {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, ++ {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"}, ++ {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"}, ++ {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, ++ {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, ++ {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, ++ {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"}, ++ {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"}, + {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"}, ++ {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"}, + {0, NULL} + }; + + static ERR_STRING_DATA BIO_str_reasons[] = { + {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"}, +- {ERR_REASON(BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET), +- "addrinfo addr is not af inet"}, +- {ERR_REASON(BIO_R_AMBIGUOUS_HOST_OR_SERVICE), +- "ambiguous host or service"}, + {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"}, ++ {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"}, + {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"}, + {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"}, ++ {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"}, ++ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"}, ++ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET), ++ "error setting nbio on accepted socket"}, ++ {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET), ++ "error setting nbio on accept socket"}, + {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), + "gethostbyname addr is not af inet"}, +- {ERR_REASON(BIO_R_GETSOCKNAME_ERROR), "getsockname error"}, +- {ERR_REASON(BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS), +- "getsockname truncated address"}, +- {ERR_REASON(BIO_R_GETTING_SOCKTYPE), "getting socktype"}, + {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"}, +- {ERR_REASON(BIO_R_INVALID_SOCKET), "invalid socket"}, ++ {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"}, + {ERR_REASON(BIO_R_IN_USE), "in use"}, +- {ERR_REASON(BIO_R_LISTEN_V6_ONLY), "listen v6 only"}, +- {ERR_REASON(BIO_R_LOOKUP_RETURNED_NOTHING), "lookup returned nothing"}, +- {ERR_REASON(BIO_R_MALFORMED_HOST_OR_SERVICE), +- "malformed host or service"}, ++ {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"}, + {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"}, +- {ERR_REASON(BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED), +- "no accept addr or service specified"}, +- {ERR_REASON(BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED), +- "no hostname or service specified"}, ++ {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"}, ++ {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"}, + {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"}, ++ {ERR_REASON(BIO_R_NO_PORT_SPECIFIED), "no port specified"}, + {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"}, + {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"}, ++ {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"}, + {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"}, + {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"}, +- {ERR_REASON(BIO_R_UNABLE_TO_KEEPALIVE), "unable to keepalive"}, + {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"}, +- {ERR_REASON(BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"}, +- {ERR_REASON(BIO_R_UNABLE_TO_REUSEADDR), "unable to reuseaddr"}, +- {ERR_REASON(BIO_R_UNAVAILABLE_IP_FAMILY), "unavailable ip family"}, + {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"}, +- {ERR_REASON(BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"}, +- {ERR_REASON(BIO_R_UNSUPPORTED_IP_FAMILY), "unsupported ip family"}, + {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"}, +- {ERR_REASON(BIO_R_UNSUPPORTED_PROTOCOL_FAMILY), +- "unsupported protocol family"}, + {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"}, + {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"}, + {0, NULL} +@@ -112,7 +145,7 @@ static ERR_STRING_DATA BIO_str_reasons[] = { + + #endif + +-int ERR_load_BIO_strings(void) ++void ERR_load_BIO_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -121,5 +154,4 @@ int ERR_load_BIO_strings(void) + ERR_load_strings(0, BIO_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h +index 39178cf..741884d 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lcl.h +@@ -1,154 +1,4 @@ +-/* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#define USE_SOCKETS +-#include "e_os.h" +- +-/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */ +- +-#ifndef OPENSSL_NO_SOCK +-/* +- * Throughout this file and b_addr.c, the existence of the macro +- * AI_PASSIVE is used to detect the availability of struct addrinfo, +- * getnameinfo() and getaddrinfo(). If that macro doesn't exist, +- * we use our own implementation instead. +- */ +- +-/* +- * It's imperative that these macros get defined before openssl/bio.h gets +- * included. Otherwise, the AI_PASSIVE hack will not work properly. +- * For clarity, we check for internal/cryptlib.h since it's a common header +- * that also includes bio.h. +- */ +-# ifdef HEADER_CRYPTLIB_H +-# error internal/cryptlib.h included before bio_lcl.h +-# endif +-# ifdef HEADER_BIO_H +-# error openssl/bio.h included before bio_lcl.h +-# endif +- +-/* +- * Undefine AF_UNIX on systems that define it but don't support it. +- */ +-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS) +-# undef AF_UNIX +-# endif +- +-# ifdef AI_PASSIVE +- +-/* +- * There's a bug in VMS C header file netdb.h, where struct addrinfo +- * always is the P32 variant, but the functions that handle that structure, +- * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer +- * size. The easiest workaround is to force struct addrinfo to be the +- * 64-bit variant when compiling in P64 mode. +- */ +-# if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64 +-# define addrinfo __addrinfo64 +-# endif +- +-# define bio_addrinfo_st addrinfo +-# define bai_family ai_family +-# define bai_socktype ai_socktype +-# define bai_protocol ai_protocol +-# define bai_addrlen ai_addrlen +-# define bai_addr ai_addr +-# define bai_next ai_next +-# else +-struct bio_addrinfo_st { +- int bai_family; +- int bai_socktype; +- int bai_protocol; +- size_t bai_addrlen; +- struct sockaddr *bai_addr; +- struct bio_addrinfo_st *bai_next; +-}; +-# endif +- +-union bio_addr_st { +- struct sockaddr sa; +-# ifdef AF_INET6 +- struct sockaddr_in6 s_in6; +-# endif +- struct sockaddr_in s_in; +-# ifdef AF_UNIX +- struct sockaddr_un s_un; +-# endif +-}; +-#endif +- +-/* END BIO_ADDRINFO/BIO_ADDR stuff. */ +- +-#include "internal/cryptlib.h" +-#include +- +-typedef struct bio_f_buffer_ctx_struct { +- /*- +- * Buffers are setup like this: +- * +- * <---------------------- size -----------------------> +- * +---------------------------------------------------+ +- * | consumed | remaining | free space | +- * +---------------------------------------------------+ +- * <-- off --><------- len -------> +- */ +- /*- BIO *bio; *//* +- * this is now in the BIO struct +- */ +- int ibuf_size; /* how big is the input buffer */ +- int obuf_size; /* how big is the output buffer */ +- char *ibuf; /* the char array */ +- int ibuf_len; /* how many bytes are in it */ +- int ibuf_off; /* write/read offset */ +- char *obuf; /* the char array */ +- int obuf_len; /* how many bytes are in it */ +- int obuf_off; /* write/read offset */ +-} BIO_F_BUFFER_CTX; +- +-struct bio_st { +- const BIO_METHOD *method; +- /* bio, mode, argp, argi, argl, ret */ +- long (*callback) (struct bio_st *, int, const char *, int, long, long); +- char *cb_arg; /* first argument for the callback */ +- int init; +- int shutdown; +- int flags; /* extra storage */ +- int retry_reason; +- int num; +- void *ptr; +- struct bio_st *next_bio; /* used by filter BIOs */ +- struct bio_st *prev_bio; /* used by filter BIOs */ +- int references; +- uint64_t num_read; +- uint64_t num_write; +- CRYPTO_EX_DATA ex_data; +- CRYPTO_RWLOCK *lock; +-}; +- +-#ifndef OPENSSL_NO_SOCK +-# ifdef OPENSSL_SYS_VMS +-typedef unsigned int socklen_t; +-# endif +- +-extern CRYPTO_RWLOCK *bio_lookup_lock; +- +-int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa); +-const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap); +-struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap); +-socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap); +-socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai); +-const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai); +-#endif +- +-extern CRYPTO_RWLOCK *bio_type_lock; +- +-void bio_sock_cleanup_int(void); ++#include + + #if BIO_FLAGS_UPLINK==0 + /* Shortcut UPLINK calls on most platforms... */ +@@ -183,6 +33,4 @@ void bio_sock_cleanup_int(void); + # define UP_lseek lseek + # define UP_close close + # endif +- + #endif +- +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +index 62392c3..07934f8 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c +@@ -1,53 +1,107 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bio_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include ++#include + +-BIO *BIO_new(const BIO_METHOD *method) ++BIO *BIO_new(BIO_METHOD *method) + { +- BIO *bio = OPENSSL_zalloc(sizeof(*bio)); ++ BIO *ret = NULL; + +- if (bio == NULL) { ++ ret = (BIO *)OPENSSL_malloc(sizeof(BIO)); ++ if (ret == NULL) { + BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ if (!BIO_set(ret, method)) { ++ OPENSSL_free(ret); ++ ret = NULL; ++ } ++ return (ret); ++} + ++int BIO_set(BIO *bio, BIO_METHOD *method) ++{ + bio->method = method; ++ bio->callback = NULL; ++ bio->cb_arg = NULL; ++ bio->init = 0; + bio->shutdown = 1; ++ bio->flags = 0; ++ bio->retry_reason = 0; ++ bio->num = 0; ++ bio->ptr = NULL; ++ bio->prev_bio = NULL; ++ bio->next_bio = NULL; + bio->references = 1; +- +- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data)) +- goto err; +- +- bio->lock = CRYPTO_THREAD_lock_new(); +- if (bio->lock == NULL) { +- BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); +- goto err; +- } +- +- if (method->create != NULL && !method->create(bio)) { +- BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL); +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); +- CRYPTO_THREAD_lock_free(bio->lock); +- goto err; +- } +- +- return bio; +- +-err: +- OPENSSL_free(bio); +- return NULL; ++ bio->num_read = 0L; ++ bio->num_write = 0L; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); ++ if (method->create != NULL) ++ if (!method->create(bio)) { ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); ++ return (0); ++ } ++ return (1); + } + + int BIO_free(BIO *a) +@@ -55,59 +109,30 @@ int BIO_free(BIO *a) + int i; + + if (a == NULL) +- return 0; +- +- if (CRYPTO_atomic_add(&a->references, -1, &i, a->lock) <= 0) +- return 0; ++ return (0); + +- REF_PRINT_COUNT("BIO", a); ++ i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO); ++#ifdef REF_PRINT ++ REF_PRINT("BIO", a); ++#endif + if (i > 0) +- return 1; +- REF_ASSERT_ISNT(i < 0); ++ return (1); ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "BIO_free, bad reference count\n"); ++ abort(); ++ } ++#endif + if ((a->callback != NULL) && + ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) +- return i; +- +- if ((a->method != NULL) && (a->method->destroy != NULL)) +- a->method->destroy(a); ++ return (i); + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); + +- CRYPTO_THREAD_lock_free(a->lock); +- ++ if ((a->method != NULL) && (a->method->destroy != NULL)) ++ a->method->destroy(a); + OPENSSL_free(a); +- +- return 1; +-} +- +-void BIO_set_data(BIO *a, void *ptr) +-{ +- a->ptr = ptr; +-} +- +-void *BIO_get_data(BIO *a) +-{ +- return a->ptr; +-} +- +-void BIO_set_init(BIO *a, int init) +-{ +- a->init = init; +-} +- +-int BIO_get_init(BIO *a) +-{ +- return a->init; +-} +- +-void BIO_set_shutdown(BIO *a, int shut) +-{ +- a->shutdown = shut; +-} +- +-int BIO_get_shutdown(BIO *a) +-{ +- return a->shutdown; ++ return (1); + } + + void BIO_vfree(BIO *a) +@@ -115,18 +140,6 @@ void BIO_vfree(BIO *a) + BIO_free(a); + } + +-int BIO_up_ref(BIO *a) +-{ +- int i; +- +- if (CRYPTO_atomic_add(&a->references, 1, &i, a->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("BIO", a); +- REF_ASSERT_ISNT(i < 2); +- return ((i > 1) ? 1 : 0); +-} +- + void BIO_clear_flags(BIO *b, int flags) + { + b->flags &= ~flags; +@@ -197,7 +210,7 @@ int BIO_read(BIO *b, void *out, int outl) + i = b->method->bread(b, out, outl); + + if (i > 0) +- b->num_read += (uint64_t)i; ++ b->num_read += (unsigned long)i; + + if (cb != NULL) + i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i); +@@ -230,7 +243,7 @@ int BIO_write(BIO *b, const void *in, int inl) + i = b->method->bwrite(b, in, inl); + + if (i > 0) +- b->num_write += (uint64_t)i; ++ b->num_write += (unsigned long)i; + + if (cb != NULL) + i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i); +@@ -260,7 +273,7 @@ int BIO_puts(BIO *b, const char *in) + i = b->method->bputs(b, in); + + if (i > 0) +- b->num_write += (uint64_t)i; ++ b->num_write += (unsigned long)i; + + if (cb != NULL) + i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i); +@@ -314,9 +327,9 @@ long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) + return (BIO_ctrl(b, cmd, larg, (char *)&i)); + } + +-void *BIO_ptr_ctrl(BIO *b, int cmd, long larg) ++char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) + { +- void *p = NULL; ++ char *p = NULL; + + if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) + return (NULL); +@@ -455,16 +468,11 @@ int BIO_get_retry_reason(BIO *bio) + return (bio->retry_reason); + } + +-void BIO_set_retry_reason(BIO *bio, int reason) +-{ +- bio->retry_reason = reason; +-} +- + BIO *BIO_find_type(BIO *bio, int type) + { + int mt, mask; + +- if (bio == NULL) ++ if (!bio) + return NULL; + mask = type & 0xff; + do { +@@ -484,16 +492,11 @@ BIO *BIO_find_type(BIO *bio, int type) + + BIO *BIO_next(BIO *b) + { +- if (b == NULL) ++ if (!b) + return NULL; + return b->next_bio; + } + +-void BIO_set_next(BIO *b, BIO *next) +-{ +- b->next_bio = next; +-} +- + void BIO_free_all(BIO *bio) + { + BIO *b; +@@ -559,6 +562,13 @@ void BIO_copy_next_retry(BIO *b) + b->retry_reason = b->next_bio->retry_reason; + } + ++int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, ++ new_func, dup_func, free_func); ++} ++ + int BIO_set_ex_data(BIO *bio, int idx, void *data) + { + return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data)); +@@ -569,32 +579,18 @@ void *BIO_get_ex_data(BIO *bio, int idx) + return (CRYPTO_get_ex_data(&(bio->ex_data), idx)); + } + +-uint64_t BIO_number_read(BIO *bio) ++unsigned long BIO_number_read(BIO *bio) + { + if (bio) + return bio->num_read; + return 0; + } + +-uint64_t BIO_number_written(BIO *bio) ++unsigned long BIO_number_written(BIO *bio) + { + if (bio) + return bio->num_write; + return 0; + } + +-void bio_free_ex_data(BIO *bio) +-{ +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); +-} +- +-void bio_cleanup(void) +-{ +-#ifndef OPENSSL_NO_SOCK +- bio_sock_cleanup_int(); +- CRYPTO_THREAD_lock_free(bio_lookup_lock); +- bio_lookup_lock = NULL; +-#endif +- CRYPTO_THREAD_lock_free(bio_type_lock); +- bio_type_lock = NULL; +-} ++IMPLEMENT_STACK_OF(BIO) +diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_meth.c b/Cryptlib/OpenSSL/crypto/bio/bio_meth.c +deleted file mode 100644 +index c5f9f7e..0000000 +--- a/Cryptlib/OpenSSL/crypto/bio/bio_meth.c ++++ /dev/null +@@ -1,145 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "bio_lcl.h" +-#include +- +-CRYPTO_RWLOCK *bio_type_lock = NULL; +-static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT; +- +-DEFINE_RUN_ONCE_STATIC(do_bio_type_init) +-{ +- bio_type_lock = CRYPTO_THREAD_lock_new(); +- return bio_type_lock != NULL; +-} +- +-int BIO_get_new_index() +-{ +- static int bio_count = BIO_TYPE_START; +- int newval; +- +- if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) { +- BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE); +- return -1; +- } +- if (!CRYPTO_atomic_add(&bio_count, 1, &newval, bio_type_lock)) +- return -1; +- return newval; +-} +- +-BIO_METHOD *BIO_meth_new(int type, const char *name) +-{ +- BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD)); +- +- if (biom != NULL) { +- biom->type = type; +- biom->name = name; +- } +- return biom; +-} +- +-void BIO_meth_free(BIO_METHOD *biom) +-{ +- OPENSSL_free(biom); +-} +- +-int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int) +-{ +- return biom->bwrite; +-} +- +-int BIO_meth_set_write(BIO_METHOD *biom, +- int (*bwrite) (BIO *, const char *, int)) +-{ +- biom->bwrite = bwrite; +- return 1; +-} +- +-int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int) +-{ +- return biom->bread; +-} +- +-int BIO_meth_set_read(BIO_METHOD *biom, +- int (*bread) (BIO *, char *, int)) +-{ +- biom->bread = bread; +- return 1; +-} +- +-int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *) +-{ +- return biom->bputs; +-} +- +-int BIO_meth_set_puts(BIO_METHOD *biom, +- int (*bputs) (BIO *, const char *)) +-{ +- biom->bputs = bputs; +- return 1; +-} +- +-int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int) +-{ +- return biom->bgets; +-} +- +-int BIO_meth_set_gets(BIO_METHOD *biom, +- int (*bgets) (BIO *, char *, int)) +-{ +- biom->bgets = bgets; +- return 1; +-} +- +-long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *) +-{ +- return biom->ctrl; +-} +- +-int BIO_meth_set_ctrl(BIO_METHOD *biom, +- long (*ctrl) (BIO *, int, long, void *)) +-{ +- biom->ctrl = ctrl; +- return 1; +-} +- +-int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *) +-{ +- return biom->create; +-} +- +-int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) +-{ +- biom->create = create; +- return 1; +-} +- +-int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *) +-{ +- return biom->destroy; +-} +- +-int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) +-{ +- biom->destroy = destroy; +- return 1; +-} +- +-long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, bio_info_cb *) +-{ +- return biom->callback_ctrl; +-} +- +-int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, +- long (*callback_ctrl) (BIO *, int, +- bio_info_cb *)) +-{ +- biom->callback_ctrl = callback_ctrl; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c +index 6fb971a..4a5e39b 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_acpt.c +@@ -1,35 +1,93 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_acpt.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "bio_lcl.h" ++#define USE_SOCKETS ++#include "cryptlib.h" ++#include + + #ifndef OPENSSL_NO_SOCK + ++# ifdef OPENSSL_SYS_WIN16 ++# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ ++# else ++# define SOCKET_PROTOCOL IPPROTO_TCP ++# endif ++ ++# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) ++/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ ++# undef FIONBIO ++# endif ++ + typedef struct bio_accept_st { + int state; +- int accept_family; +- int bind_mode; /* Socket mode for BIO_listen */ +- int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */ + char *param_addr; +- char *param_serv; +- + int accept_sock; +- +- BIO_ADDRINFO *addr_first; +- const BIO_ADDRINFO *addr_iter; +- BIO_ADDR cache_accepting_addr; /* Useful if we asked for port 0 */ +- char *cache_accepting_name, *cache_accepting_serv; +- BIO_ADDR cache_peer_addr; +- char *cache_peer_name, *cache_peer_serv; +- ++ int accept_nbio; ++ char *addr; ++ int nbio; ++ /* ++ * If 0, it means normal, if 1, do a connect on bind failure, and if ++ * there is no-one listening, bind with SO_REUSEADDR. If 2, always use ++ * SO_REUSEADDR. ++ */ ++ int bind_mode; + BIO *bio_chain; + } BIO_ACCEPT; + +@@ -45,13 +103,10 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void); + static void BIO_ACCEPT_free(BIO_ACCEPT *a); + + # define ACPT_S_BEFORE 1 +-# define ACPT_S_GET_ADDR 2 +-# define ACPT_S_CREATE_SOCKET 3 +-# define ACPT_S_LISTEN 4 +-# define ACPT_S_ACCEPT 5 +-# define ACPT_S_OK 6 ++# define ACPT_S_GET_ACCEPT_SOCKET 2 ++# define ACPT_S_OK 3 + +-static const BIO_METHOD methods_acceptp = { ++static BIO_METHOD methods_acceptp = { + BIO_TYPE_ACCEPT, + "socket accept", + acpt_write, +@@ -64,7 +119,7 @@ static const BIO_METHOD methods_acceptp = { + NULL, + }; + +-const BIO_METHOD *BIO_s_accept(void) ++BIO_METHOD *BIO_s_accept(void) + { + return (&methods_acceptp); + } +@@ -74,7 +129,7 @@ static int acpt_new(BIO *bi) + BIO_ACCEPT *ba; + + bi->init = 0; +- bi->num = (int)INVALID_SOCKET; ++ bi->num = INVALID_SOCKET; + bi->flags = 0; + if ((ba = BIO_ACCEPT_new()) == NULL) + return (0); +@@ -88,10 +143,12 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void) + { + BIO_ACCEPT *ret; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) ++ if ((ret = (BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL) + return (NULL); +- ret->accept_family = BIO_FAMILY_IPANY; +- ret->accept_sock = (int)INVALID_SOCKET; ++ ++ memset(ret, 0, sizeof(BIO_ACCEPT)); ++ ret->accept_sock = INVALID_SOCKET; ++ ret->bind_mode = BIO_BIND_NORMAL; + return (ret); + } + +@@ -100,14 +157,12 @@ static void BIO_ACCEPT_free(BIO_ACCEPT *a) + if (a == NULL) + return; + +- OPENSSL_free(a->param_addr); +- OPENSSL_free(a->param_serv); +- BIO_ADDRINFO_free(a->addr_first); +- OPENSSL_free(a->cache_accepting_name); +- OPENSSL_free(a->cache_accepting_serv); +- OPENSSL_free(a->cache_peer_name); +- OPENSSL_free(a->cache_peer_serv); +- BIO_free(a->bio_chain); ++ if (a->param_addr != NULL) ++ OPENSSL_free(a->param_addr); ++ if (a->addr != NULL) ++ OPENSSL_free(a->addr); ++ if (a->bio_chain != NULL) ++ BIO_free(a->bio_chain); + OPENSSL_free(a); + } + +@@ -116,11 +171,11 @@ static void acpt_close_socket(BIO *bio) + BIO_ACCEPT *c; + + c = (BIO_ACCEPT *)bio->ptr; +- if (c->accept_sock != (int)INVALID_SOCKET) { ++ if (c->accept_sock != INVALID_SOCKET) { + shutdown(c->accept_sock, 2); + closesocket(c->accept_sock); +- c->accept_sock = (int)INVALID_SOCKET; +- bio->num = (int)INVALID_SOCKET; ++ c->accept_sock = INVALID_SOCKET; ++ bio->num = INVALID_SOCKET; + } + } + +@@ -145,203 +200,102 @@ static int acpt_free(BIO *a) + static int acpt_state(BIO *b, BIO_ACCEPT *c) + { + BIO *bio = NULL, *dbio; +- int s = -1, ret = -1; +- +- for (;;) { +- switch (c->state) { +- case ACPT_S_BEFORE: +- if (c->param_addr == NULL && c->param_serv == NULL) { +- BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED); +- ERR_add_error_data(4, +- "hostname=", c->param_addr, +- " service=", c->param_serv); +- goto exit_loop; +- } +- +- /* Because we're starting a new bind, any cached name and serv +- * are now obsolete and need to be cleaned out. +- * QUESTION: should this be done in acpt_close_socket() instead? +- */ +- OPENSSL_free(c->cache_accepting_name); +- c->cache_accepting_name = NULL; +- OPENSSL_free(c->cache_accepting_serv); +- c->cache_accepting_serv = NULL; +- OPENSSL_free(c->cache_peer_name); +- c->cache_peer_name = NULL; +- OPENSSL_free(c->cache_peer_serv); +- c->cache_peer_serv = NULL; +- +- c->state = ACPT_S_GET_ADDR; +- break; +- +- case ACPT_S_GET_ADDR: +- { +- int family = AF_UNSPEC; +- switch (c->accept_family) { +- case BIO_FAMILY_IPV6: +- if (1) { /* This is a trick we use to avoid bit rot. +- * at least the "else" part will always be +- * compiled. +- */ +-#ifdef AF_INET6 +- family = AF_INET6; +- } else { +-#endif +- BIOerr(BIO_F_ACPT_STATE, BIO_R_UNAVAILABLE_IP_FAMILY); +- goto exit_loop; +- } +- break; +- case BIO_FAMILY_IPV4: +- family = AF_INET; +- break; +- case BIO_FAMILY_IPANY: +- family = AF_UNSPEC; +- break; +- default: +- BIOerr(BIO_F_ACPT_STATE, BIO_R_UNSUPPORTED_IP_FAMILY); +- goto exit_loop; +- } +- if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER, +- family, SOCK_STREAM, &c->addr_first) == 0) +- goto exit_loop; +- } +- if (c->addr_first == NULL) { +- BIOerr(BIO_F_ACPT_STATE, BIO_R_LOOKUP_RETURNED_NOTHING); +- goto exit_loop; +- } +- /* We're currently not iterating, but set this as preparation +- * for possible future development in that regard +- */ +- c->addr_iter = c->addr_first; +- c->state = ACPT_S_CREATE_SOCKET; +- break; +- +- case ACPT_S_CREATE_SOCKET: +- ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), +- BIO_ADDRINFO_socktype(c->addr_iter), +- BIO_ADDRINFO_protocol(c->addr_iter), 0); +- if (ret == (int)INVALID_SOCKET) { +- SYSerr(SYS_F_SOCKET, get_last_socket_error()); +- ERR_add_error_data(4, +- "hostname=", c->param_addr, +- " service=", c->param_serv); +- BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); +- goto exit_loop; +- } +- c->accept_sock = ret; +- b->num = ret; +- c->state = ACPT_S_LISTEN; +- break; +- +- case ACPT_S_LISTEN: +- { +- if (!BIO_listen(c->accept_sock, +- BIO_ADDRINFO_address(c->addr_iter), +- c->bind_mode)) { +- BIO_closesocket(c->accept_sock); +- goto exit_loop; +- } +- } +- +- { +- union BIO_sock_info_u info; +- +- info.addr = &c->cache_accepting_addr; +- if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS, +- &info)) { +- BIO_closesocket(c->accept_sock); +- goto exit_loop; +- } ++ int s = -1; ++ int i; ++ ++ again: ++ switch (c->state) { ++ case ACPT_S_BEFORE: ++ if (c->param_addr == NULL) { ++ BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_PORT_SPECIFIED); ++ return (-1); ++ } ++ s = BIO_get_accept_socket(c->param_addr, c->bind_mode); ++ if (s == INVALID_SOCKET) ++ return (-1); ++ ++ if (c->accept_nbio) { ++ if (!BIO_socket_nbio(s, 1)) { ++ closesocket(s); ++ BIOerr(BIO_F_ACPT_STATE, ++ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); ++ return (-1); + } ++ } ++ c->accept_sock = s; ++ b->num = s; ++ c->state = ACPT_S_GET_ACCEPT_SOCKET; ++ return (1); ++ /* break; */ ++ case ACPT_S_GET_ACCEPT_SOCKET: ++ if (b->next_bio != NULL) { ++ c->state = ACPT_S_OK; ++ goto again; ++ } ++ BIO_clear_retry_flags(b); ++ b->retry_reason = 0; ++ i = BIO_accept(c->accept_sock, &(c->addr)); ++ ++ /* -2 return means we should retry */ ++ if (i == -2) { ++ BIO_set_retry_special(b); ++ b->retry_reason = BIO_RR_ACCEPT; ++ return -1; ++ } + +- c->cache_accepting_name = +- BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1); +- c->cache_accepting_serv = +- BIO_ADDR_service_string(&c->cache_accepting_addr, 1); +- c->state = ACPT_S_ACCEPT; +- s = -1; +- ret = 1; +- goto end; +- +- case ACPT_S_ACCEPT: +- if (b->next_bio != NULL) { +- c->state = ACPT_S_OK; +- break; +- } +- BIO_clear_retry_flags(b); +- b->retry_reason = 0; +- +- s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr, +- c->accepted_mode); +- +- /* If the returned socket is invalid, this might still be +- * retryable +- */ +- if (s < 0) { +- if (BIO_sock_should_retry(s)) { +- BIO_set_retry_special(b); +- b->retry_reason = BIO_RR_ACCEPT; +- goto end; +- } +- } ++ if (i < 0) ++ return (i); + +- /* If it wasn't retryable, we fail */ +- if (s < 0) { +- ret = s; +- goto exit_loop; +- } ++ bio = BIO_new_socket(i, BIO_CLOSE); ++ if (bio == NULL) ++ goto err; + +- bio = BIO_new_socket(s, BIO_CLOSE); +- if (bio == NULL) +- goto exit_loop; +- +- BIO_set_callback(bio, BIO_get_callback(b)); +- BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); +- +- /* +- * If the accept BIO has an bio_chain, we dup it and put the new +- * socket at the end. +- */ +- if (c->bio_chain != NULL) { +- if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) +- goto exit_loop; +- if (!BIO_push(dbio, bio)) +- goto exit_loop; +- bio = dbio; +- } +- if (BIO_push(b, bio) == NULL) +- goto exit_loop; ++ BIO_set_callback(bio, BIO_get_callback(b)); ++ BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); + +- c->cache_peer_name = +- BIO_ADDR_hostname_string(&c->cache_peer_addr, 1); +- c->cache_peer_serv = +- BIO_ADDR_service_string(&c->cache_peer_addr, 1); +- c->state = ACPT_S_OK; +- bio = NULL; +- ret = 1; +- goto end; +- +- case ACPT_S_OK: +- if (b->next_bio == NULL) { +- c->state = ACPT_S_ACCEPT; +- break; ++ if (c->nbio) { ++ if (!BIO_socket_nbio(i, 1)) { ++ BIOerr(BIO_F_ACPT_STATE, ++ BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); ++ goto err; + } +- ret = 1; +- goto end; ++ } + +- default: +- ret = 0; +- goto end; ++ /* ++ * If the accept BIO has an bio_chain, we dup it and put the new ++ * socket at the end. ++ */ ++ if (c->bio_chain != NULL) { ++ if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) ++ goto err; ++ if (!BIO_push(dbio, bio)) ++ goto err; ++ bio = dbio; ++ } ++ if (BIO_push(b, bio) == NULL) ++ goto err; ++ ++ c->state = ACPT_S_OK; ++ return (1); ++ err: ++ if (bio != NULL) ++ BIO_free(bio); ++ else if (s >= 0) ++ closesocket(s); ++ return (0); ++ /* break; */ ++ case ACPT_S_OK: ++ if (b->next_bio == NULL) { ++ c->state = ACPT_S_GET_ACCEPT_SOCKET; ++ goto again; + } ++ return (1); ++ /* break; */ ++ default: ++ return (0); ++ /* break; */ + } + +- exit_loop: +- if (bio != NULL) +- BIO_free(bio); +- else if (s >= 0) +- BIO_closesocket(s); +- end: +- return ret; + } + + static int acpt_read(BIO *b, char *out, int outl) +@@ -396,8 +350,6 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = 0; + data->state = ACPT_S_BEFORE; + acpt_close_socket(b); +- BIO_ADDRINFO_free(data->addr_first); +- data->addr_first = NULL; + b->flags = 0; + break; + case BIO_C_DO_STATE_MACHINE: +@@ -407,49 +359,27 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_C_SET_ACCEPT: + if (ptr != NULL) { + if (num == 0) { +- char *hold_serv = data->param_serv; +- /* We affect the hostname regardless. However, the input +- * string might contain a host:service spec, so we must +- * parse it, which might or might not affect the service +- */ +- OPENSSL_free(data->param_addr); +- data->param_addr = NULL; +- ret = BIO_parse_hostserv(ptr, +- &data->param_addr, +- &data->param_serv, +- BIO_PARSE_PRIO_SERV); +- if (hold_serv != data->param_serv) +- OPENSSL_free(hold_serv); + b->init = 1; ++ if (data->param_addr != NULL) ++ OPENSSL_free(data->param_addr); ++ data->param_addr = BUF_strdup(ptr); + } else if (num == 1) { +- OPENSSL_free(data->param_serv); +- data->param_serv = BUF_strdup(ptr); +- b->init = 1; ++ data->accept_nbio = (ptr != NULL); + } else if (num == 2) { +- data->bind_mode |= BIO_SOCK_NONBLOCK; +- } else if (num == 3) { +- BIO_free(data->bio_chain); ++ if (data->bio_chain != NULL) ++ BIO_free(data->bio_chain); + data->bio_chain = (BIO *)ptr; +- } else if (num == 4) { +- data->accept_family = *(int *)ptr; +- } +- } else { +- if (num == 2) { +- data->bind_mode &= ~BIO_SOCK_NONBLOCK; + } + } + break; + case BIO_C_SET_NBIO: +- if (num != 0) +- data->accepted_mode |= BIO_SOCK_NONBLOCK; +- else +- data->accepted_mode &= ~BIO_SOCK_NONBLOCK; ++ data->nbio = (int)num; + break; + case BIO_C_SET_FD: + b->init = 1; + b->num = *((int *)ptr); + data->accept_sock = b->num; +- data->state = ACPT_S_ACCEPT; ++ data->state = ACPT_S_GET_ACCEPT_SOCKET; + b->shutdown = (int)num; + b->init = 1; + break; +@@ -464,35 +394,9 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) + break; + case BIO_C_GET_ACCEPT: + if (b->init) { +- if (num == 0 && ptr != NULL) { +- pp = (char **)ptr; +- *pp = data->cache_accepting_name; +- } else if (num == 1 && ptr != NULL) { ++ if (ptr != NULL) { + pp = (char **)ptr; +- *pp = data->cache_accepting_serv; +- } else if (num == 2 && ptr != NULL) { +- pp = (char **)ptr; +- *pp = data->cache_peer_name; +- } else if (num == 3 && ptr != NULL) { +- pp = (char **)ptr; +- *pp = data->cache_peer_serv; +- } else if (num == 4) { +- switch (BIO_ADDRINFO_family(data->addr_iter)) { +-#ifdef AF_INET6 +- case AF_INET6: +- ret = BIO_FAMILY_IPV6; +- break; +-#endif +- case AF_INET: +- ret = BIO_FAMILY_IPV4; +- break; +- case 0: +- ret = data->accept_family; +- break; +- default: +- ret = -1; +- break; +- } ++ *pp = data->param_addr; + } else + ret = -1; + } else +@@ -548,10 +452,12 @@ BIO *BIO_new_accept(const char *str) + ret = BIO_new(BIO_s_accept()); + if (ret == NULL) + return (NULL); +- if (BIO_set_accept_name(ret, str)) ++ if (BIO_set_accept_port(ret, str)) + return (ret); +- BIO_free(ret); +- return (NULL); ++ else { ++ BIO_free(ret); ++ return (NULL); ++ } + } + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +index de34f6b..3dd8187 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c +@@ -1,10 +1,56 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_bio.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -15,17 +61,39 @@ + * See ssl/ssltest.c for some hints on how this can be used. + */ + ++/* BIO_DEBUG implies BIO_PAIR_DEBUG */ ++#ifdef BIO_DEBUG ++# ifndef BIO_PAIR_DEBUG ++# define BIO_PAIR_DEBUG ++# endif ++#endif ++ ++/* disable assert() unless BIO_PAIR_DEBUG has been defined */ ++#ifndef BIO_PAIR_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++ + #include + #include + #include + #include + +-#include "bio_lcl.h" ++#include + #include + #include + + #include "e_os.h" + ++/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */ ++#if defined(OPENSSL_SYS_VXWORKS) ++# undef SSIZE_MAX ++#endif ++#ifndef SSIZE_MAX ++# define SSIZE_MAX INT_MAX ++#endif ++ + static int bio_new(BIO *bio); + static int bio_free(BIO *bio); + static int bio_read(BIO *bio, char *buf, int size); +@@ -36,7 +104,7 @@ static int bio_puts(BIO *bio, const char *str); + static int bio_make_pair(BIO *bio1, BIO *bio2); + static void bio_destroy_pair(BIO *bio); + +-static const BIO_METHOD methods_biop = { ++static BIO_METHOD methods_biop = { + BIO_TYPE_BIO, + "BIO pair", + bio_write, +@@ -49,7 +117,7 @@ static const BIO_METHOD methods_biop = { + NULL /* no bio_callback_ctrl */ + }; + +-const BIO_METHOD *BIO_s_bio(void) ++BIO_METHOD *BIO_s_bio(void) + { + return &methods_biop; + } +@@ -74,13 +142,20 @@ struct bio_bio_st { + + static int bio_new(BIO *bio) + { +- struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b)); ++ struct bio_bio_st *b; + ++ b = OPENSSL_malloc(sizeof *b); + if (b == NULL) + return 0; + ++ b->peer = NULL; ++ b->closed = 0; ++ b->len = 0; ++ b->offset = 0; + /* enough for one TLS record (just a default) */ + b->size = 17 * 1024; ++ b->buf = NULL; ++ b->request = 0; + + bio->ptr = b; + return 1; +@@ -99,7 +174,10 @@ static int bio_free(BIO *bio) + if (b->peer) + bio_destroy_pair(bio); + +- OPENSSL_free(b->buf); ++ if (b->buf != NULL) { ++ OPENSSL_free(b->buf); ++ } ++ + OPENSSL_free(b); + + return 1; +@@ -238,8 +316,8 @@ static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_) + struct bio_bio_st *b, *peer_b; + ossl_ssize_t num, available; + +- if (num_ > OSSL_SSIZE_MAX) +- num = OSSL_SSIZE_MAX; ++ if (num_ > SSIZE_MAX) ++ num = SSIZE_MAX; + else + num = (ossl_ssize_t) num_; + +@@ -394,8 +472,8 @@ static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) + struct bio_bio_st *b; + ossl_ssize_t num, space; + +- if (num_ > OSSL_SSIZE_MAX) +- num = OSSL_SSIZE_MAX; ++ if (num_ > SSIZE_MAX) ++ num = SSIZE_MAX; + else + num = (ossl_ssize_t) num_; + +@@ -433,8 +511,10 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) + size_t new_size = num; + + if (b->size != new_size) { +- OPENSSL_free(b->buf); +- b->buf = NULL; ++ if (b->buf) { ++ OPENSSL_free(b->buf); ++ b->buf = NULL; ++ } + b->size = new_size; + } + ret = 1; +@@ -711,10 +791,14 @@ int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, + + err: + if (ret == 0) { +- BIO_free(bio1); +- bio1 = NULL; +- BIO_free(bio2); +- bio2 = NULL; ++ if (bio1) { ++ BIO_free(bio1); ++ bio1 = NULL; ++ } ++ if (bio2) { ++ BIO_free(bio2); ++ bio2 = NULL; ++ } + } + + *bio1_p = bio1; +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_conn.c b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c +index dfd0988..7d15ad2 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_conn.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_conn.c +@@ -1,28 +1,88 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_conn.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +- +-#include "bio_lcl.h" ++#define USE_SOCKETS ++#include "cryptlib.h" ++#include + + #ifndef OPENSSL_NO_SOCK + ++# ifdef OPENSSL_SYS_WIN16 ++# define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ ++# else ++# define SOCKET_PROTOCOL IPPROTO_TCP ++# endif ++ ++# if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) ++/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ ++# undef FIONBIO ++# endif ++ + typedef struct bio_connect_st { + int state; +- int connect_family; + char *param_hostname; +- char *param_service; +- int connect_mode; +- +- BIO_ADDRINFO *addr_first; +- const BIO_ADDRINFO *addr_iter; ++ char *param_port; ++ int nbio; ++ unsigned char ip[4]; ++ unsigned short port; ++ struct sockaddr_in them; + /* + * int socket; this will be kept in bio->num so that it is compatible + * with the bss_sock bio +@@ -48,14 +108,7 @@ static void conn_close_socket(BIO *data); + BIO_CONNECT *BIO_CONNECT_new(void); + void BIO_CONNECT_free(BIO_CONNECT *a); + +-#define BIO_CONN_S_BEFORE 1 +-#define BIO_CONN_S_GET_ADDR 2 +-#define BIO_CONN_S_CREATE_SOCKET 3 +-#define BIO_CONN_S_CONNECT 4 +-#define BIO_CONN_S_OK 5 +-#define BIO_CONN_S_BLOCKED_CONNECT 6 +- +-static const BIO_METHOD methods_connectp = { ++static BIO_METHOD methods_connectp = { + BIO_TYPE_CONNECT, + "socket connect", + conn_write, +@@ -71,6 +124,8 @@ static const BIO_METHOD methods_connectp = { + static int conn_state(BIO *b, BIO_CONNECT *c) + { + int ret = -1, i; ++ unsigned long l; ++ char *p, *q; + int (*cb) (const BIO *, int, int) = NULL; + + if (c->info_callback != NULL) +@@ -79,103 +134,123 @@ static int conn_state(BIO *b, BIO_CONNECT *c) + for (;;) { + switch (c->state) { + case BIO_CONN_S_BEFORE: +- if (c->param_hostname == NULL && c->param_service == NULL) { +- BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED); +- ERR_add_error_data(4, +- "hostname=", c->param_hostname, +- " service=", c->param_service); ++ p = c->param_hostname; ++ if (p == NULL) { ++ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_SPECIFIED); + goto exit_loop; + } +- c->state = BIO_CONN_S_GET_ADDR; +- break; +- +- case BIO_CONN_S_GET_ADDR: +- { +- int family = AF_UNSPEC; +- switch (c->connect_family) { +- case BIO_FAMILY_IPV6: +- if (1) { /* This is a trick we use to avoid bit rot. +- * at least the "else" part will always be +- * compiled. +- */ +-#ifdef AF_INET6 +- family = AF_INET6; +- } else { +-#endif +- BIOerr(BIO_F_CONN_STATE, BIO_R_UNAVAILABLE_IP_FAMILY); +- goto exit_loop; +- } +- break; +- case BIO_FAMILY_IPV4: +- family = AF_INET; ++ for (; *p != '\0'; p++) { ++ if ((*p == ':') || (*p == '/')) + break; +- case BIO_FAMILY_IPANY: +- family = AF_UNSPEC; +- break; +- default: +- BIOerr(BIO_F_CONN_STATE, BIO_R_UNSUPPORTED_IP_FAMILY); +- goto exit_loop; ++ } ++ ++ i = *p; ++ if ((i == ':') || (i == '/')) { ++ ++ *(p++) = '\0'; ++ if (i == ':') { ++ for (q = p; *q; q++) ++ if (*q == '/') { ++ *q = '\0'; ++ break; ++ } ++ if (c->param_port != NULL) ++ OPENSSL_free(c->param_port); ++ c->param_port = BUF_strdup(p); + } +- if (BIO_lookup(c->param_hostname, c->param_service, +- BIO_LOOKUP_CLIENT, +- family, SOCK_STREAM, &c->addr_first) == 0) +- goto exit_loop; + } +- if (c->addr_first == NULL) { +- BIOerr(BIO_F_CONN_STATE, BIO_R_LOOKUP_RETURNED_NOTHING); ++ ++ if (c->param_port == NULL) { ++ BIOerr(BIO_F_CONN_STATE, BIO_R_NO_PORT_SPECIFIED); ++ ERR_add_error_data(2, "host=", c->param_hostname); + goto exit_loop; + } +- c->addr_iter = c->addr_first; ++ c->state = BIO_CONN_S_GET_IP; ++ break; ++ ++ case BIO_CONN_S_GET_IP: ++ if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0) ++ goto exit_loop; ++ c->state = BIO_CONN_S_GET_PORT; ++ break; ++ ++ case BIO_CONN_S_GET_PORT: ++ if (c->param_port == NULL) { ++ /* abort(); */ ++ goto exit_loop; ++ } else if (BIO_get_port(c->param_port, &c->port) <= 0) ++ goto exit_loop; + c->state = BIO_CONN_S_CREATE_SOCKET; + break; + + case BIO_CONN_S_CREATE_SOCKET: +- ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter), +- BIO_ADDRINFO_socktype(c->addr_iter), +- BIO_ADDRINFO_protocol(c->addr_iter), 0); +- if (ret == (int)INVALID_SOCKET) { ++ /* now setup address */ ++ memset((char *)&c->them, 0, sizeof(c->them)); ++ c->them.sin_family = AF_INET; ++ c->them.sin_port = htons((unsigned short)c->port); ++ l = (unsigned long) ++ ((unsigned long)c->ip[0] << 24L) | ++ ((unsigned long)c->ip[1] << 16L) | ++ ((unsigned long)c->ip[2] << 8L) | ((unsigned long)c->ip[3]); ++ c->them.sin_addr.s_addr = htonl(l); ++ c->state = BIO_CONN_S_CREATE_SOCKET; ++ ++ ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); ++ if (ret == INVALID_SOCKET) { + SYSerr(SYS_F_SOCKET, get_last_socket_error()); +- ERR_add_error_data(4, +- "hostname=", c->param_hostname, +- " service=", c->param_service); ++ ERR_add_error_data(4, "host=", c->param_hostname, ++ ":", c->param_port); + BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET); + goto exit_loop; + } + b->num = ret; ++ c->state = BIO_CONN_S_NBIO; ++ break; ++ ++ case BIO_CONN_S_NBIO: ++ if (c->nbio) { ++ if (!BIO_socket_nbio(b->num, 1)) { ++ BIOerr(BIO_F_CONN_STATE, BIO_R_ERROR_SETTING_NBIO); ++ ERR_add_error_data(4, "host=", ++ c->param_hostname, ":", c->param_port); ++ goto exit_loop; ++ } ++ } + c->state = BIO_CONN_S_CONNECT; ++ ++# if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) ++ i = 1; ++ i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, (char *)&i, ++ sizeof(i)); ++ if (i < 0) { ++ SYSerr(SYS_F_SOCKET, get_last_socket_error()); ++ ERR_add_error_data(4, "host=", c->param_hostname, ++ ":", c->param_port); ++ BIOerr(BIO_F_CONN_STATE, BIO_R_KEEPALIVE); ++ goto exit_loop; ++ } ++# endif + break; + + case BIO_CONN_S_CONNECT: + BIO_clear_retry_flags(b); +- ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), +- BIO_SOCK_KEEPALIVE | c->connect_mode); ++ ret = connect(b->num, ++ (struct sockaddr *)&c->them, sizeof(c->them)); + b->retry_reason = 0; +- if (ret == 0) { ++ if (ret < 0) { + if (BIO_sock_should_retry(ret)) { + BIO_set_retry_special(b); + c->state = BIO_CONN_S_BLOCKED_CONNECT; + b->retry_reason = BIO_RR_CONNECT; +- ERR_clear_error(); +- } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) +- != NULL) { +- /* +- * if there are more addresses to try, do that first +- */ +- BIO_closesocket(b->num); +- c->state = BIO_CONN_S_CREATE_SOCKET; +- ERR_clear_error(); +- break; + } else { + SYSerr(SYS_F_CONNECT, get_last_socket_error()); +- ERR_add_error_data(4, +- "hostname=", c->param_hostname, +- " service=", c->param_service); ++ ERR_add_error_data(4, "host=", ++ c->param_hostname, ":", c->param_port); + BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR); + } + goto exit_loop; +- } else { ++ } else + c->state = BIO_CONN_S_OK; +- } + break; + + case BIO_CONN_S_BLOCKED_CONNECT: +@@ -183,9 +258,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c) + if (i) { + BIO_clear_retry_flags(b); + SYSerr(SYS_F_CONNECT, i); +- ERR_add_error_data(4, +- "hostname=", c->param_hostname, +- " service=", c->param_service); ++ ERR_add_error_data(4, "host=", ++ c->param_hostname, ":", c->param_port); + BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR); + ret = 0; + goto exit_loop; +@@ -202,7 +276,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) + } + + if (cb != NULL) { +- if ((ret = cb((BIO *)b, c->state, ret)) == 0) ++ if (!(ret = cb((BIO *)b, c->state, ret))) + goto end; + } + } +@@ -219,10 +293,19 @@ BIO_CONNECT *BIO_CONNECT_new(void) + { + BIO_CONNECT *ret; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) ++ if ((ret = (BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL) + return (NULL); + ret->state = BIO_CONN_S_BEFORE; +- ret->connect_family = BIO_FAMILY_IPANY; ++ ret->param_hostname = NULL; ++ ret->param_port = NULL; ++ ret->info_callback = NULL; ++ ret->nbio = 0; ++ ret->ip[0] = 0; ++ ret->ip[1] = 0; ++ ret->ip[2] = 0; ++ ret->ip[3] = 0; ++ ret->port = 0; ++ memset((char *)&ret->them, 0, sizeof(ret->them)); + return (ret); + } + +@@ -231,13 +314,14 @@ void BIO_CONNECT_free(BIO_CONNECT *a) + if (a == NULL) + return; + +- OPENSSL_free(a->param_hostname); +- OPENSSL_free(a->param_service); +- BIO_ADDRINFO_free(a->addr_first); ++ if (a->param_hostname != NULL) ++ OPENSSL_free(a->param_hostname); ++ if (a->param_port != NULL) ++ OPENSSL_free(a->param_port); + OPENSSL_free(a); + } + +-const BIO_METHOD *BIO_s_connect(void) ++BIO_METHOD *BIO_s_connect(void) + { + return (&methods_connectp); + } +@@ -245,7 +329,7 @@ const BIO_METHOD *BIO_s_connect(void) + static int conn_new(BIO *bi) + { + bi->init = 0; +- bi->num = (int)INVALID_SOCKET; ++ bi->num = INVALID_SOCKET; + bi->flags = 0; + if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL) + return (0); +@@ -258,12 +342,12 @@ static void conn_close_socket(BIO *bio) + BIO_CONNECT *c; + + c = (BIO_CONNECT *)bio->ptr; +- if (bio->num != (int)INVALID_SOCKET) { ++ if (bio->num != INVALID_SOCKET) { + /* Only do a shutdown if things were established */ + if (c->state == BIO_CONN_S_OK) + shutdown(bio->num, 2); +- BIO_closesocket(bio->num); +- bio->num = (int)INVALID_SOCKET; ++ closesocket(bio->num); ++ bio->num = INVALID_SOCKET; + } + } + +@@ -346,8 +430,6 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = 0; + data->state = BIO_CONN_S_BEFORE; + conn_close_socket(b); +- BIO_ADDRINFO_free(data->addr_first); +- data->addr_first = NULL; + b->flags = 0; + break; + case BIO_C_DO_STATE_MACHINE: +@@ -360,33 +442,27 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_C_GET_CONNECT: + if (ptr != NULL) { + pptr = (const char **)ptr; +- if (num == 0) { +- *pptr = data->param_hostname; +- } else if (num == 1) { +- *pptr = data->param_service; +- } else if (num == 2) { +- *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter); +- } else if (num == 3) { +- switch (BIO_ADDRINFO_family(data->addr_iter)) { +-# ifdef AF_INET6 +- case AF_INET6: +- ret = BIO_FAMILY_IPV6; +- break; +-# endif +- case AF_INET: +- ret = BIO_FAMILY_IPV4; +- break; +- case 0: +- ret = data->connect_family; +- break; +- default: +- ret = -1; +- break; ++ } ++ ++ if (b->init) { ++ if (pptr != NULL) { ++ ret = 1; ++ if (num == 0) { ++ *pptr = data->param_hostname; ++ } else if (num == 1) { ++ *pptr = data->param_port; ++ } else if (num == 2) { ++ *pptr = (char *)&(data->ip[0]); ++ } else { ++ ret = 0; + } +- } else { +- ret = 0; ++ } ++ if (num == 3) { ++ ret = data->port; + } + } else { ++ if (pptr != NULL) ++ *pptr = "not initialized"; + ret = 0; + } + break; +@@ -394,46 +470,36 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) + if (ptr != NULL) { + b->init = 1; + if (num == 0) { +- char *hold_service = data->param_service; +- /* We affect the hostname regardless. However, the input +- * string might contain a host:service spec, so we must +- * parse it, which might or might not affect the service +- */ +- OPENSSL_free(data->param_hostname); +- data->param_hostname = NULL; +- ret = BIO_parse_hostserv(ptr, +- &data->param_hostname, +- &data->param_service, +- BIO_PARSE_PRIO_HOST); +- if (hold_service != data->param_service) +- OPENSSL_free(hold_service); ++ if (data->param_hostname != NULL) ++ OPENSSL_free(data->param_hostname); ++ data->param_hostname = BUF_strdup(ptr); + } else if (num == 1) { +- OPENSSL_free(data->param_service); +- data->param_service = BUF_strdup(ptr); ++ if (data->param_port != NULL) ++ OPENSSL_free(data->param_port); ++ data->param_port = BUF_strdup(ptr); + } else if (num == 2) { +- const BIO_ADDR *addr = (const BIO_ADDR *)ptr; +- if (ret) { +- data->param_hostname = BIO_ADDR_hostname_string(addr, 1); +- data->param_service = BIO_ADDR_service_string(addr, 1); +- BIO_ADDRINFO_free(data->addr_first); +- data->addr_first = NULL; +- data->addr_iter = NULL; +- } ++ char buf[16]; ++ unsigned char *p = ptr; ++ ++ BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", ++ p[0], p[1], p[2], p[3]); ++ if (data->param_hostname != NULL) ++ OPENSSL_free(data->param_hostname); ++ data->param_hostname = BUF_strdup(buf); ++ memcpy(&(data->ip[0]), ptr, 4); + } else if (num == 3) { +- data->connect_family = *(int *)ptr; +- } else { +- ret = 0; ++ char buf[DECIMAL_SIZE(int) + 1]; ++ ++ BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); ++ if (data->param_port != NULL) ++ OPENSSL_free(data->param_port); ++ data->param_port = BUF_strdup(buf); ++ data->port = *(int *)ptr; + } + } + break; + case BIO_C_SET_NBIO: +- if (num != 0) +- data->connect_mode |= BIO_SOCK_NONBLOCK; +- else +- data->connect_mode &= ~BIO_SOCK_NONBLOCK; +- break; +- case BIO_C_SET_CONNECT_MODE: +- data->connect_mode = (int)num; ++ data->nbio = (int)num; + break; + case BIO_C_GET_FD: + if (b->init) { +@@ -459,12 +525,11 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_DUP: + { + dbio = (BIO *)ptr; ++ if (data->param_port) ++ BIO_set_conn_port(dbio, data->param_port); + if (data->param_hostname) + BIO_set_conn_hostname(dbio, data->param_hostname); +- if (data->param_service) +- BIO_set_conn_port(dbio, data->param_service); +- BIO_set_conn_ip_family(dbio, data->connect_family); +- BIO_set_conn_mode(dbio, data->connect_mode); ++ BIO_set_nbio(dbio, data->nbio); + /* + * FIXME: the cast of the function seems unlikely to be a good + * idea +@@ -538,8 +603,10 @@ BIO *BIO_new_connect(const char *str) + return (NULL); + if (BIO_set_conn_hostname(ret, str)) + return (ret); +- BIO_free(ret); +- return (NULL); ++ else { ++ BIO_free(ret); ++ return (NULL); ++ } + } + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +index 6dfcc9b..bdd7bf8 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c +@@ -1,21 +1,70 @@ ++/* crypto/bio/bio_dgram.c */ + /* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * DTLS implementation written by Nagendra Modadugu ++ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include ++#define USE_SOCKETS ++#include "cryptlib.h" + +-#include "bio_lcl.h" ++#include + #ifndef OPENSSL_NO_DGRAM + +-# if !(defined(_WIN32) || defined(OPENSSL_SYS_VMS)) +-# include +-# endif + # if defined(OPENSSL_SYS_VMS) + # include + # endif +@@ -45,6 +94,12 @@ + ((a)->s6_addr32[2] == htonl(0x0000ffff))) + # endif + ++# ifdef WATT32 ++# define sock_write SockWrite /* Watt-32 uses same names */ ++# define sock_read SockRead ++# define sock_puts SockPuts ++# endif ++ + static int dgram_write(BIO *h, const char *buf, int num); + static int dgram_read(BIO *h, char *buf, int size); + static int dgram_puts(BIO *h, const char *str); +@@ -70,7 +125,7 @@ static int BIO_dgram_should_retry(int s); + + static void get_current_time(struct timeval *t); + +-static const BIO_METHOD methods_dgramp = { ++static BIO_METHOD methods_dgramp = { + BIO_TYPE_DGRAM, + "datagram socket", + dgram_write, +@@ -84,7 +139,7 @@ static const BIO_METHOD methods_dgramp = { + }; + + # ifndef OPENSSL_NO_SCTP +-static const BIO_METHOD methods_dgramp_sctp = { ++static BIO_METHOD methods_dgramp_sctp = { + BIO_TYPE_DGRAM_SCTP, + "datagram sctp socket", + dgram_sctp_write, +@@ -99,13 +154,18 @@ static const BIO_METHOD methods_dgramp_sctp = { + # endif + + typedef struct bio_dgram_data_st { +- BIO_ADDR peer; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; + struct timeval next_timeout; + struct timeval socket_timeout; +- unsigned int peekmode; + } bio_dgram_data; + + # ifndef OPENSSL_NO_SCTP +@@ -116,7 +176,13 @@ typedef struct bio_dgram_sctp_save_message_st { + } bio_dgram_sctp_save_message; + + typedef struct bio_dgram_sctp_data_st { +- BIO_ADDR peer; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; +@@ -134,7 +200,7 @@ typedef struct bio_dgram_sctp_data_st { + } bio_dgram_sctp_data; + # endif + +-const BIO_METHOD *BIO_s_datagram(void) ++BIO_METHOD *BIO_s_datagram(void) + { + return (&methods_dgramp); + } +@@ -152,11 +218,17 @@ BIO *BIO_new_dgram(int fd, int close_flag) + + static int dgram_new(BIO *bi) + { +- bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data)); ++ bio_dgram_data *data = NULL; + ++ bi->init = 0; ++ bi->num = 0; ++ data = OPENSSL_malloc(sizeof(bio_dgram_data)); + if (data == NULL) + return 0; ++ memset(data, 0x00, sizeof(bio_dgram_data)); + bi->ptr = data; ++ ++ bi->flags = 0; + return (1); + } + +@@ -170,7 +242,8 @@ static int dgram_free(BIO *a) + return 0; + + data = (bio_dgram_data *)a->ptr; +- OPENSSL_free(data); ++ if (data != NULL) ++ OPENSSL_free(data); + + return (1); + } +@@ -181,7 +254,7 @@ static int dgram_clear(BIO *a) + return (0); + if (a->shutdown) { + if (a->init) { +- BIO_closesocket(a->num); ++ SHUTDOWN2(a->num); + } + a->init = 0; + a->flags = 0; +@@ -244,7 +317,7 @@ static void dgram_adjust_rcv_timeout(BIO *b) + } + + /* +- * Adjust socket timeout if next handshake message timer will expire ++ * Adjust socket timeout if next handhake message timer will expire + * earlier. + */ + if ((data->socket_timeout.tv_sec == 0 +@@ -298,22 +371,39 @@ static int dgram_read(BIO *b, char *out, int outl) + { + int ret = 0; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; +- int flags = 0; + +- BIO_ADDR peer; +- socklen_t len = sizeof(peer); ++ struct { ++ /* ++ * See commentary in b_sock.c. ++ */ ++ union { ++ size_t s; ++ int i; ++ } len; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in sa_in; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 sa_in6; ++# endif ++ } peer; ++ } sa; ++ ++ sa.len.s = 0; ++ sa.len.i = sizeof(sa.peer); + + if (out != NULL) { + clear_socket_error(); +- memset(&peer, 0, sizeof(peer)); ++ memset(&sa.peer, 0x00, sizeof(sa.peer)); + dgram_adjust_rcv_timeout(b); +- if (data->peekmode) +- flags = MSG_PEEK; +- ret = recvfrom(b->num, out, outl, flags, +- BIO_ADDR_sockaddr_noconst(&peer), &len); ++ ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len); ++ if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { ++ OPENSSL_assert(sa.len.s <= sizeof(sa.peer)); ++ sa.len.i = (int)sa.len.s; ++ } + + if (!data->connected && ret >= 0) +- BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer); ++ BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); + + BIO_clear_retry_flags(b); + if (ret < 0) { +@@ -337,14 +427,18 @@ static int dgram_write(BIO *b, const char *in, int inl) + if (data->connected) + ret = writesocket(b->num, in, inl); + else { +- int peerlen = BIO_ADDR_sockaddr_size(&data->peer); ++ int peerlen = sizeof(data->peer); + ++ if (data->peer.sa.sa_family == AF_INET) ++ peerlen = sizeof(data->peer.sa_in); ++# if OPENSSL_USE_IPV6 ++ else if (data->peer.sa.sa_family == AF_INET6) ++ peerlen = sizeof(data->peer.sa_in6); ++# endif + # if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK) +- ret = sendto(b->num, (char *)in, inl, 0, +- BIO_ADDR_sockaddr(&data->peer), peerlen); ++ ret = sendto(b->num, (char *)in, inl, 0, &data->peer.sa, peerlen); + # else +- ret = sendto(b->num, in, inl, 0, +- BIO_ADDR_sockaddr(&data->peer), peerlen); ++ ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen); + # endif + } + +@@ -353,6 +447,13 @@ static int dgram_write(BIO *b, const char *in, int inl) + if (BIO_dgram_should_retry(ret)) { + BIO_set_retry_write(b); + data->_errno = get_last_socket_error(); ++ ++# if 0 /* higher layers are responsible for querying ++ * MTU, if necessary */ ++ if (data->_errno == EMSGSIZE) ++ /* retrieve the new MTU */ ++ BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); ++# endif + } + } + return (ret); +@@ -362,31 +463,27 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data) + { + long ret; + +- switch (BIO_ADDR_family(&data->peer)) { ++ switch (data->peer.sa.sa_family) { + case AF_INET: + /* + * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP + */ + ret = 28; + break; +-# ifdef AF_INET6 ++# if OPENSSL_USE_IPV6 + case AF_INET6: +- { + # ifdef IN6_IS_ADDR_V4MAPPED +- struct in6_addr tmp_addr; +- if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) +- && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) +- /* +- * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP +- */ +- ret = 28; +- else ++ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) ++ /* ++ * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP ++ */ ++ ret = 28; ++ else + # endif + /* + * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP + */ + ret = 48; +- } + break; + # endif + default: +@@ -401,14 +498,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + { + long ret = 1; + int *ip; ++ struct sockaddr *to = NULL; + bio_dgram_data *data = NULL; + int sockopt_val = 0; +- int d_errno; + # if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) + socklen_t sockopt_len; /* assume that system supporting IP_MTU is + * modern enough to define socklen_t */ + socklen_t addr_len; +- BIO_ADDR addr; ++ union { ++ struct sockaddr sa; ++ struct sockaddr_in s4; ++# if OPENSSL_USE_IPV6 ++ struct sockaddr_in6 s6; ++# endif ++ } addr; + # endif + + data = (bio_dgram_data *)b->ptr; +@@ -451,13 +554,35 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = 1; + break; + case BIO_CTRL_DGRAM_CONNECT: +- BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); ++ to = (struct sockaddr *)ptr; ++# if 0 ++ if (connect(b->num, to, sizeof(struct sockaddr)) < 0) { ++ perror("connect"); ++ ret = 0; ++ } else { ++# endif ++ switch (to->sa_family) { ++ case AF_INET: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); ++ break; ++# endif ++ default: ++ memcpy(&data->peer, to, sizeof(data->peer.sa)); ++ break; ++ } ++# if 0 ++ } ++# endif + break; + /* (Linux)kernel sets DF bit on outgoing IP packets */ + case BIO_CTRL_DGRAM_MTU_DISCOVER: + # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) + addr_len = (socklen_t) sizeof(addr); +- memset(&addr, 0, sizeof(addr)); ++ memset((void *)&addr, 0, sizeof(addr)); + if (getsockname(b->num, &addr.sa, &addr_len) < 0) { + ret = 0; + break; +@@ -481,14 +606,14 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = -1; + break; + } +-# else + ret = -1; +-# endif ++# else + break; ++# endif + case BIO_CTRL_DGRAM_QUERY_MTU: + # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) + addr_len = (socklen_t) sizeof(addr); +- memset(&addr, 0, sizeof(addr)); ++ memset((void *)&addr, 0, sizeof(addr)); + if (getsockname(b->num, &addr.sa, &addr_len) < 0) { + ret = 0; + break; +@@ -536,22 +661,18 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + break; + case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: + ret = -dgram_get_mtu_overhead(data); +- switch (BIO_ADDR_family(&data->peer)) { ++ switch (data->peer.sa.sa_family) { + case AF_INET: + ret += 576; + break; + # if OPENSSL_USE_IPV6 + case AF_INET6: +- { + # ifdef IN6_IS_ADDR_V4MAPPED +- struct in6_addr tmp_addr; +- if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL) +- && IN6_IS_ADDR_V4MAPPED(&tmp_addr)) +- ret += 576; +- else ++ if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) ++ ret += 576; ++ else + # endif +- ret += 1280; +- } ++ ret += 1280; + break; + # endif + default: +@@ -561,29 +682,67 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + break; + case BIO_CTRL_DGRAM_GET_MTU: + return data->mtu; ++ break; + case BIO_CTRL_DGRAM_SET_MTU: + data->mtu = num; + ret = num; + break; + case BIO_CTRL_DGRAM_SET_CONNECTED: +- if (ptr != NULL) { ++ to = (struct sockaddr *)ptr; ++ ++ if (to != NULL) { + data->connected = 1; +- BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); ++ switch (to->sa_family) { ++ case AF_INET: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); ++ break; ++# endif ++ default: ++ memcpy(&data->peer, to, sizeof(data->peer.sa)); ++ break; ++ } + } else { + data->connected = 0; +- memset(&data->peer, 0, sizeof(data->peer)); ++ memset(&(data->peer), 0x00, sizeof(data->peer)); + } + break; + case BIO_CTRL_DGRAM_GET_PEER: +- ret = BIO_ADDR_sockaddr_size(&data->peer); +- /* FIXME: if num < ret, we will only return part of an address. +- That should bee an error, no? */ ++ switch (data->peer.sa.sa_family) { ++ case AF_INET: ++ ret = sizeof(data->peer.sa_in); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ ret = sizeof(data->peer.sa_in6); ++ break; ++# endif ++ default: ++ ret = sizeof(data->peer.sa); ++ break; ++ } + if (num == 0 || num > ret) + num = ret; + memcpy(ptr, &data->peer, (ret = num)); + break; + case BIO_CTRL_DGRAM_SET_PEER: +- BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr)); ++ to = (struct sockaddr *)ptr; ++ switch (to->sa_family) { ++ case AF_INET: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in)); ++ break; ++# if OPENSSL_USE_IPV6 ++ case AF_INET6: ++ memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); ++ break; ++# endif ++ default: ++ memcpy(&data->peer, to, sizeof(data->peer.sa)); ++ break; ++ } + break; + case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: + memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); +@@ -706,11 +865,11 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + /* fall-through */ + case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: + # ifdef OPENSSL_SYS_WINDOWS +- d_errno = (data->_errno == WSAETIMEDOUT); ++ if (data->_errno == WSAETIMEDOUT) + # else +- d_errno = (data->_errno == EAGAIN); ++ if (data->_errno == EAGAIN) + # endif +- if (d_errno) { ++ { + ret = 1; + data->_errno = 0; + } else +@@ -783,9 +942,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD: + ret = dgram_get_mtu_overhead(data); + break; +- case BIO_CTRL_DGRAM_SET_PEEK_MODE: +- data->peekmode = (unsigned int)num; +- break; + default: + ret = 0; + break; +@@ -803,7 +959,7 @@ static int dgram_puts(BIO *bp, const char *str) + } + + # ifndef OPENSSL_NO_SCTP +-const BIO_METHOD *BIO_s_datagram_sctp(void) ++BIO_METHOD *BIO_s_datagram_sctp(void) + { + return (&methods_dgramp_sctp); + } +@@ -854,13 +1010,16 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) + * connected socket won't use it. + */ + sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); +- authchunks = OPENSSL_zalloc(sockopt_len); +- if (authchunks == NULL) { ++ authchunks = OPENSSL_malloc(sockopt_len); ++ if (!authchunks) { + BIO_vfree(bio); + return (NULL); + } +- ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, ++ memset(authchunks, 0, sizeof(sockopt_len)); ++ ret = ++ getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, + &sockopt_len); ++ + if (ret < 0) { + OPENSSL_free(authchunks); + BIO_vfree(bio); +@@ -883,7 +1042,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) + + # ifdef SCTP_AUTHENTICATION_EVENT + # ifdef SCTP_EVENT +- memset(&event, 0, sizeof(event)); ++ memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_AUTHENTICATION_EVENT; + event.se_on = 1; +@@ -940,9 +1099,10 @@ static int dgram_sctp_new(BIO *bi) + + bi->init = 0; + bi->num = 0; +- data = OPENSSL_zalloc(sizeof(*data)); ++ data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data)); + if (data == NULL) + return 0; ++ memset(data, 0x00, sizeof(bio_dgram_sctp_data)); + # ifdef SCTP_PR_SCTP_NONE + data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; + # endif +@@ -963,7 +1123,8 @@ static int dgram_sctp_free(BIO *a) + + data = (bio_dgram_sctp_data *) a->ptr; + if (data != NULL) { +- OPENSSL_free(data->saved_message.data); ++ if (data->saved_message.data != NULL) ++ OPENSSL_free(data->saved_message.data); + OPENSSL_free(data); + } + +@@ -1003,7 +1164,8 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) + clear_socket_error(); + + do { +- memset(&data->rcvinfo, 0, sizeof(data->rcvinfo)); ++ memset(&data->rcvinfo, 0x00, ++ sizeof(struct bio_dgram_sctp_rcvinfo)); + iov.iov_base = out; + iov.iov_len = outl; + msg.msg_name = NULL; +@@ -1072,13 +1234,9 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) + * it can be sent now. + */ + if (data->saved_message.length > 0) { +- i = dgram_sctp_write(data->saved_message.bio, ++ dgram_sctp_write(data->saved_message.bio, + data->saved_message.data, + data->saved_message.length); +- if (i < 0) { +- ret = i; +- break; +- } + OPENSSL_free(data->saved_message.data); + data->saved_message.data = NULL; + data->saved_message.length = 0; +@@ -1086,7 +1244,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) + + /* disable sender dry event */ + # ifdef SCTP_EVENT +- memset(&event, 0, sizeof(event)); ++ memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_SENDER_DRY_EVENT; + event.se_on = 0; +@@ -1192,11 +1350,11 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) + optlen = + (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); + authchunks = OPENSSL_malloc(optlen); +- if (authchunks == NULL) { ++ if (!authchunks) { + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE); + return -1; + } +- memset(authchunks, 0, optlen); ++ memset(authchunks, 0, sizeof(optlen)); + ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, + authchunks, &optlen); + +@@ -1223,14 +1381,6 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) + return (ret); + } + +-/* +- * dgram_sctp_write - send message on SCTP socket +- * @b: BIO to write to +- * @in: data to send +- * @inl: amount of bytes in @in to send +- * +- * Returns -1 on error or the sent amount of bytes on success +- */ + static int dgram_sctp_write(BIO *b, const char *in, int inl) + { + int ret; +@@ -1258,7 +1408,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) + * parameters and flags. + */ + if (in[0] != 23) { +- memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); ++ memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo)); + # ifdef SCTP_SACK_IMMEDIATELY + handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; + # endif +@@ -1269,24 +1419,19 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) + * If we have to send a shutdown alert message and the socket is not dry + * yet, we have to save it and send it as soon as the socket gets dry. + */ +- if (data->save_shutdown) { +- ret = BIO_dgram_sctp_wait_for_dry(b); +- if (ret < 0) { ++ if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { ++ char *tmp; ++ data->saved_message.bio = b; ++ if (!(tmp = OPENSSL_malloc(inl))) { ++ BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); + return -1; + } +- if (ret == 0) { +- char *tmp; +- data->saved_message.bio = b; +- if ((tmp = OPENSSL_malloc(inl)) == NULL) { +- BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); +- return -1; +- } ++ if (data->saved_message.data) + OPENSSL_free(data->saved_message.data); +- data->saved_message.data = tmp; +- memcpy(data->saved_message.data, in, inl); +- data->saved_message.length = inl; +- return inl; +- } ++ data->saved_message.data = tmp; ++ memcpy(data->saved_message.data, in, inl); ++ data->saved_message.length = inl; ++ return inl; + } + + iov[0].iov_base = (char *)in; +@@ -1304,7 +1449,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) + cmsg->cmsg_type = SCTP_SNDINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); + sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); +- memset(sndinfo, 0, sizeof(*sndinfo)); ++ memset(sndinfo, 0, sizeof(struct sctp_sndinfo)); + sndinfo->snd_sid = sinfo->snd_sid; + sndinfo->snd_flags = sinfo->snd_flags; + sndinfo->snd_ppid = sinfo->snd_ppid; +@@ -1317,7 +1462,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) + cmsg->cmsg_type = SCTP_PRINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); + prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); +- memset(prinfo, 0, sizeof(*prinfo)); ++ memset(prinfo, 0, sizeof(struct sctp_prinfo)); + prinfo->pr_policy = pinfo->pr_policy; + prinfo->pr_value = pinfo->pr_value; + msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); +@@ -1327,7 +1472,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) + cmsg->cmsg_type = SCTP_SNDRCV; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); + sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); +- memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); ++ memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo)); + sndrcvinfo->sinfo_stream = sinfo->snd_sid; + sndrcvinfo->sinfo_flags = sinfo->snd_flags; + # ifdef __FreeBSD__ +@@ -1424,7 +1569,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) + ret = -1; + break; + } +- memset(authkey, 0, sockopt_len); ++ memset(authkey, 0x00, sockopt_len); + authkey->sca_keynumber = authkeyid.scact_keynumber + 1; + # ifndef __FreeBSD__ + /* +@@ -1604,24 +1749,10 @@ int BIO_dgram_sctp_notification_cb(BIO *b, + return 0; + } + +-/* +- * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event +- * @b: The BIO to check for the dry event +- * +- * Wait until the peer confirms all packets have been received, and so that +- * our kernel doesn't have anything to send anymore. This is only received by +- * the peer's kernel, not the application. +- * +- * Returns: +- * -1 on error +- * 0 when not dry yet +- * 1 when dry +- */ + int BIO_dgram_sctp_wait_for_dry(BIO *b) + { + int is_dry = 0; +- int sockflags = 0; +- int n, ret; ++ int n, sockflags, ret; + union sctp_notification snp; + struct msghdr msg; + struct iovec iov; +@@ -1635,7 +1766,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) + + /* set sender dry event */ + # ifdef SCTP_EVENT +- memset(&event, 0, sizeof(event)); ++ memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_SENDER_DRY_EVENT; + event.se_on = 1; +@@ -1658,7 +1789,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) + return -1; + + /* peek for notification */ +- memset(&snp, 0, sizeof(snp)); ++ memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; +@@ -1680,7 +1811,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) + + /* if we find a notification, process it and try again if necessary */ + while (msg.msg_flags & MSG_NOTIFICATION) { +- memset(&snp, 0, sizeof(snp)); ++ memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; +@@ -1705,7 +1836,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) + + /* disable sender dry event */ + # ifdef SCTP_EVENT +- memset(&event, 0, sizeof(event)); ++ memset(&event, 0, sizeof(struct sctp_event)); + event.se_assoc_id = 0; + event.se_type = SCTP_SENDER_DRY_EVENT; + event.se_on = 0; +@@ -1739,7 +1870,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) + (void *)&snp); + + /* found notification, peek again */ +- memset(&snp, 0, sizeof(snp)); ++ memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; +@@ -1785,7 +1916,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) + + /* Check if there are any messages waiting to be read */ + do { +- memset(&snp, 0, sizeof(snp)); ++ memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; +@@ -1808,7 +1939,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) + dgram_sctp_handle_auth_free_key_event(b, &snp); + # endif + +- memset(&snp, 0, sizeof(snp)); ++ memset(&snp, 0x00, sizeof(union sctp_notification)); + iov.iov_base = (char *)&snp; + iov.iov_len = sizeof(union sctp_notification); + msg.msg_name = NULL; +@@ -1871,6 +2002,12 @@ int BIO_dgram_non_fatal_error(int err) + # if defined(WSAEWOULDBLOCK) + case WSAEWOULDBLOCK: + # endif ++ ++# if 0 /* This appears to always be an error */ ++# if defined(WSAENOTCONN) ++ case WSAENOTCONN: ++# endif ++# endif + # endif + + # ifdef EWOULDBLOCK +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +index 1e56cb6..5f4e344 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_fd.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +- +-#include "bio_lcl.h" ++#define USE_SOCKETS ++#include "cryptlib.h" + + #if defined(OPENSSL_NO_POSIX_IO) + /* +@@ -31,7 +80,7 @@ int BIO_fd_should_retry(int i) + return 0; + } + +-const BIO_METHOD *BIO_s_fd(void) ++BIO_METHOD *BIO_s_fd(void) + { + return NULL; + } +@@ -48,6 +97,8 @@ const BIO_METHOD *BIO_s_fd(void) + * file descriptors can only be provided by application. Therefore + * "UPLINK" calls are due... + */ ++# include "bio_lcl.h" ++ + static int fd_write(BIO *h, const char *buf, int num); + static int fd_read(BIO *h, char *buf, int size); + static int fd_puts(BIO *h, const char *str); +@@ -57,7 +108,7 @@ static int fd_new(BIO *h); + static int fd_free(BIO *data); + int BIO_fd_should_retry(int s); + +-static const BIO_METHOD methods_fdp = { ++static BIO_METHOD methods_fdp = { + BIO_TYPE_FD, "file descriptor", + fd_write, + fd_read, +@@ -69,7 +120,7 @@ static const BIO_METHOD methods_fdp = { + NULL, + }; + +-const BIO_METHOD *BIO_s_fd(void) ++BIO_METHOD *BIO_s_fd(void) + { + return (&methods_fdp); + } +@@ -219,6 +270,12 @@ int BIO_fd_should_retry(int i) + if ((i == 0) || (i == -1)) { + err = get_last_sys_error(); + ++# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps ++ * not? Ben 4/1/99 */ ++ if ((i == -1) && (err == 0)) ++ return (1); ++# endif ++ + return (BIO_fd_non_fatal_error(err)); + } + return (0); +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +index 6af2d9c..a6e3b3a 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_file.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /*- +@@ -36,19 +85,24 @@ + + # include + # include ++# include "cryptlib.h" + # include "bio_lcl.h" + # include + ++# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) ++# include ++# endif ++ + # if !defined(OPENSSL_NO_STDIO) + +-static int file_write(BIO *h, const char *buf, int num); +-static int file_read(BIO *h, char *buf, int size); +-static int file_puts(BIO *h, const char *str); +-static int file_gets(BIO *h, char *str, int size); +-static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2); +-static int file_new(BIO *h); +-static int file_free(BIO *data); +-static const BIO_METHOD methods_filep = { ++static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); ++static int MS_CALLBACK file_read(BIO *h, char *buf, int size); ++static int MS_CALLBACK file_puts(BIO *h, const char *str); ++static int MS_CALLBACK file_gets(BIO *h, char *str, int size); ++static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int MS_CALLBACK file_new(BIO *h); ++static int MS_CALLBACK file_free(BIO *data); ++static BIO_METHOD methods_filep = { + BIO_TYPE_FILE, + "FILE pointer", + file_write, +@@ -61,14 +115,61 @@ static const BIO_METHOD methods_filep = { + NULL, + }; + ++static FILE *file_fopen(const char *filename, const char *mode) ++{ ++ FILE *file = NULL; ++ ++# if defined(_WIN32) && defined(CP_UTF8) ++ int sz, len_0 = (int)strlen(filename) + 1; ++ DWORD flags; ++ ++ /* ++ * Basically there are three cases to cover: a) filename is ++ * pure ASCII string; b) actual UTF-8 encoded string and ++ * c) locale-ized string, i.e. one containing 8-bit ++ * characters that are meaningful in current system locale. ++ * If filename is pure ASCII or real UTF-8 encoded string, ++ * MultiByteToWideChar succeeds and _wfopen works. If ++ * filename is locale-ized string, chances are that ++ * MultiByteToWideChar fails reporting ++ * ERROR_NO_UNICODE_TRANSLATION, in which case we fall ++ * back to fopen... ++ */ ++ if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), ++ filename, len_0, NULL, 0)) > 0 || ++ (GetLastError() == ERROR_INVALID_FLAGS && ++ (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), ++ filename, len_0, NULL, 0)) > 0) ++ ) { ++ WCHAR wmode[8]; ++ WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); ++ ++ if (MultiByteToWideChar(CP_UTF8, flags, ++ filename, len_0, wfilename, sz) && ++ MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, ++ wmode, sizeof(wmode) / sizeof(wmode[0])) && ++ (file = _wfopen(wfilename, wmode)) == NULL && ++ (errno == ENOENT || errno == EBADF) ++ ) { ++ /* ++ * UTF-8 decode succeeded, but no file, filename ++ * could still have been locale-ized... ++ */ ++ file = fopen(filename, mode); ++ } ++ } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { ++ file = fopen(filename, mode); ++ } ++# else ++ file = fopen(filename, mode); ++# endif ++ return (file); ++} ++ + BIO *BIO_new_file(const char *filename, const char *mode) + { + BIO *ret; +- FILE *file = openssl_fopen(filename, mode); +- int fp_flags = BIO_CLOSE; +- +- if (strchr(mode, 'b') == NULL) +- fp_flags |= BIO_FP_TEXT; ++ FILE *file = file_fopen(filename, mode); + + if (file == NULL) { + SYSerr(SYS_F_FOPEN, get_last_sys_error()); +@@ -90,7 +191,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) + + BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage + * UPLINK */ +- BIO_set_fp(ret, file, fp_flags); ++ BIO_set_fp(ret, file, BIO_CLOSE); + return (ret); + } + +@@ -101,18 +202,18 @@ BIO *BIO_new_fp(FILE *stream, int close_flag) + if ((ret = BIO_new(BIO_s_file())) == NULL) + return (NULL); + +- /* redundant flag, left for documentation purposes */ +- BIO_set_flags(ret, BIO_FLAGS_UPLINK); ++ BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for ++ * documentation puposes */ + BIO_set_fp(ret, stream, close_flag); + return (ret); + } + +-const BIO_METHOD *BIO_s_file(void) ++BIO_METHOD *BIO_s_file(void) + { + return (&methods_filep); + } + +-static int file_new(BIO *bi) ++static int MS_CALLBACK file_new(BIO *bi) + { + bi->init = 0; + bi->num = 0; +@@ -121,7 +222,7 @@ static int file_new(BIO *bi) + return (1); + } + +-static int file_free(BIO *a) ++static int MS_CALLBACK file_free(BIO *a) + { + if (a == NULL) + return (0); +@@ -139,7 +240,7 @@ static int file_free(BIO *a) + return (1); + } + +-static int file_read(BIO *b, char *out, int outl) ++static int MS_CALLBACK file_read(BIO *b, char *out, int outl) + { + int ret = 0; + +@@ -150,7 +251,7 @@ static int file_read(BIO *b, char *out, int outl) + ret = fread(out, 1, (int)outl, (FILE *)b->ptr); + if (ret == 0 + && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) : +- ferror((FILE *)b->ptr)) { ++ ferror((FILE *)b->ptr)) { + SYSerr(SYS_F_FREAD, get_last_sys_error()); + BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB); + ret = -1; +@@ -159,7 +260,7 @@ static int file_read(BIO *b, char *out, int outl) + return (ret); + } + +-static int file_write(BIO *b, const char *in, int inl) ++static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) + { + int ret = 0; + +@@ -180,7 +281,7 @@ static int file_write(BIO *b, const char *in, int inl) + return (ret); + } + +-static long file_ctrl(BIO *b, int cmd, long num, void *ptr) ++static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) + { + long ret = 1; + FILE *fp = (FILE *)b->ptr; +@@ -217,11 +318,8 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) + # if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES) + # define _IOB_ENTRIES 20 + # endif ++# if defined(_IOB_ENTRIES) + /* Safety net to catch purely internal BIO_set_fp calls */ +-# if defined(_MSC_VER) && _MSC_VER>=1900 +- if (ptr == stdin || ptr == stdout || ptr == stderr) +- BIO_clear_flags(b, BIO_FLAGS_UPLINK); +-# elif defined(_IOB_ENTRIES) + if ((size_t)ptr >= (size_t)stdin && + (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES)) + BIO_clear_flags(b, BIO_FLAGS_UPLINK); +@@ -239,6 +337,13 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) + _setmode(fd, _O_TEXT); + else + _setmode(fd, _O_BINARY); ++# elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB) ++ int fd = fileno((FILE *)ptr); ++ /* Under CLib there are differences in file modes */ ++ if (num & BIO_FP_TEXT) ++ setmode(fd, O_TEXT); ++ else ++ setmode(fd, O_BINARY); + # elif defined(OPENSSL_SYS_MSDOS) + int fd = fileno((FILE *)ptr); + /* Set correct text/binary mode */ +@@ -252,7 +357,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) + } else + _setmode(fd, _O_BINARY); + } +-# elif defined(OPENSSL_SYS_WIN32_CYGWIN) ++# elif defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) + int fd = fileno((FILE *)ptr); + if (num & BIO_FP_TEXT) + setmode(fd, O_TEXT); +@@ -266,27 +371,33 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) + b->shutdown = (int)num & BIO_CLOSE; + if (num & BIO_FP_APPEND) { + if (num & BIO_FP_READ) +- OPENSSL_strlcpy(p, "a+", sizeof p); ++ BUF_strlcpy(p, "a+", sizeof p); + else +- OPENSSL_strlcpy(p, "a", sizeof p); ++ BUF_strlcpy(p, "a", sizeof p); + } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) +- OPENSSL_strlcpy(p, "r+", sizeof p); ++ BUF_strlcpy(p, "r+", sizeof p); + else if (num & BIO_FP_WRITE) +- OPENSSL_strlcpy(p, "w", sizeof p); ++ BUF_strlcpy(p, "w", sizeof p); + else if (num & BIO_FP_READ) +- OPENSSL_strlcpy(p, "r", sizeof p); ++ BUF_strlcpy(p, "r", sizeof p); + else { + BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE); + ret = 0; + break; + } +-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32_CYGWIN) ++# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN) + if (!(num & BIO_FP_TEXT)) + strcat(p, "b"); + else + strcat(p, "t"); + # endif +- fp = openssl_fopen(ptr, p); ++# if defined(OPENSSL_SYS_NETWARE) ++ if (!(num & BIO_FP_TEXT)) ++ strcat(p, "b"); ++ else ++ strcat(p, "t"); ++# endif ++ fp = file_fopen(ptr, p); + if (fp == NULL) { + SYSerr(SYS_F_FOPEN, get_last_sys_error()); + ERR_add_error_data(5, "fopen('", ptr, "','", p, "')"); +@@ -333,7 +444,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr) + return (ret); + } + +-static int file_gets(BIO *bp, char *buf, int size) ++static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) + { + int ret = 0; + +@@ -351,7 +462,7 @@ static int file_gets(BIO *bp, char *buf, int size) + return (ret); + } + +-static int file_puts(BIO *bp, const char *str) ++static int MS_CALLBACK file_puts(BIO *bp, const char *str) + { + int n, ret; + +@@ -360,60 +471,6 @@ static int file_puts(BIO *bp, const char *str) + return (ret); + } + +-#else +- +-static int file_write(BIO *b, const char *in, int inl) +-{ +- return -1; +-} +-static int file_read(BIO *b, char *out, int outl) +-{ +- return -1; +-} +-static int file_puts(BIO *bp, const char *str) +-{ +- return -1; +-} +-static int file_gets(BIO *bp, char *buf, int size) +-{ +- return 0; +-} +-static long file_ctrl(BIO *b, int cmd, long num, void *ptr) +-{ +- return 0; +-} +-static int file_new(BIO *bi) +-{ +- return 0; +-} +-static int file_free(BIO *a) +-{ +- return 0; +-} +- +-static const BIO_METHOD methods_filep = { +- BIO_TYPE_FILE, +- "FILE pointer", +- file_write, +- file_read, +- file_puts, +- file_gets, +- file_ctrl, +- file_new, +- file_free, +- NULL, +-}; +- +-const BIO_METHOD *BIO_s_file(void) +-{ +- return (&methods_filep); +-} +- +-BIO *BIO_new_file(const char *filename, const char *mode) +-{ +- return NULL; +-} +- + # endif /* OPENSSL_NO_STDIO */ + + #endif /* HEADER_BSS_FILE_C */ +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +index 6cbde4d..1283a52 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_log.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_log.c +@@ -1,10 +1,56 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_log.c */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -19,8 +65,7 @@ + #include + #include + +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #if defined(OPENSSL_SYS_WINCE) + #elif defined(OPENSSL_SYS_WIN32) +@@ -39,6 +84,8 @@ void *_malloc32(__size_t); + # endif /* __INITIAL_POINTER_SIZE == 64 */ + # endif /* __INITIAL_POINTER_SIZE && defined + * _ANSI_C_SOURCE */ ++#elif defined(__ultrix) ++# include + #elif defined(OPENSSL_SYS_NETWARE) + # define NO_SYSLOG + #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) +@@ -75,16 +122,16 @@ void *_malloc32(__size_t); + # define LOG_DAEMON OPC$M_NM_NTWORK + # endif + +-static int slg_write(BIO *h, const char *buf, int num); +-static int slg_puts(BIO *h, const char *str); +-static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); +-static int slg_new(BIO *h); +-static int slg_free(BIO *data); ++static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num); ++static int MS_CALLBACK slg_puts(BIO *h, const char *str); ++static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); ++static int MS_CALLBACK slg_new(BIO *h); ++static int MS_CALLBACK slg_free(BIO *data); + static void xopenlog(BIO *bp, char *name, int level); + static void xsyslog(BIO *bp, int priority, const char *string); + static void xcloselog(BIO *bp); + +-static const BIO_METHOD methods_slg = { ++static BIO_METHOD methods_slg = { + BIO_TYPE_MEM, "syslog", + slg_write, + NULL, +@@ -96,12 +143,12 @@ static const BIO_METHOD methods_slg = { + NULL, + }; + +-const BIO_METHOD *BIO_s_log(void) ++BIO_METHOD *BIO_s_log(void) + { + return (&methods_slg); + } + +-static int slg_new(BIO *bi) ++static int MS_CALLBACK slg_new(BIO *bi) + { + bi->init = 1; + bi->num = 0; +@@ -110,7 +157,7 @@ static int slg_new(BIO *bi) + return (1); + } + +-static int slg_free(BIO *a) ++static int MS_CALLBACK slg_free(BIO *a) + { + if (a == NULL) + return (0); +@@ -118,7 +165,7 @@ static int slg_free(BIO *a) + return (1); + } + +-static int slg_write(BIO *b, const char *in, int inl) ++static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) + { + int ret = inl; + char *buf; +@@ -192,7 +239,7 @@ static int slg_write(BIO *b, const char *in, int inl) + /* The default */ + }; + +- if ((buf = OPENSSL_malloc(inl + 1)) == NULL) { ++ if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) { + return (0); + } + strncpy(buf, in, inl); +@@ -210,7 +257,7 @@ static int slg_write(BIO *b, const char *in, int inl) + return (ret); + } + +-static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) ++static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) + { + switch (cmd) { + case BIO_CTRL_SET: +@@ -223,7 +270,7 @@ static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) + return (0); + } + +-static int slg_puts(BIO *bp, const char *str) ++static int MS_CALLBACK slg_puts(BIO *bp, const char *str) + { + int n, ret; + +@@ -275,7 +322,7 @@ static void xsyslog(BIO *bp, int priority, const char *string) + break; + } + +- sprintf(pidbuf, "[%lu] ", GetCurrentProcessId()); ++ sprintf(pidbuf, "[%u] ", GetCurrentProcessId()); + lpszStrings[0] = pidbuf; + lpszStrings[1] = string; + +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +index 6dc075d..b0394a9 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_mem.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include + + static int mem_write(BIO *h, const char *buf, int num); + static int mem_read(BIO *h, char *buf, int size); +@@ -18,12 +67,8 @@ static int mem_puts(BIO *h, const char *str); + static int mem_gets(BIO *h, char *str, int size); + static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int mem_new(BIO *h); +-static int secmem_new(BIO *h); + static int mem_free(BIO *data); +-static int mem_buf_free(BIO *data, int free_all); +-static int mem_buf_sync(BIO *h); +- +-static const BIO_METHOD mem_method = { ++static BIO_METHOD mem_method = { + BIO_TYPE_MEM, + "memory buffer", + mem_write, +@@ -36,159 +81,87 @@ static const BIO_METHOD mem_method = { + NULL, + }; + +-static const BIO_METHOD secmem_method = { +- BIO_TYPE_MEM, +- "secure memory buffer", +- mem_write, +- mem_read, +- mem_puts, +- mem_gets, +- mem_ctrl, +- secmem_new, +- mem_free, +- NULL, +-}; +- +-/* BIO memory stores buffer and read pointer */ +-typedef struct bio_buf_mem_st { +- struct buf_mem_st *buf; /* allocated buffer */ +- struct buf_mem_st *readp; /* read pointer */ +-} BIO_BUF_MEM; +- + /* + * bio->num is used to hold the value to return on 'empty', if it is 0, + * should_retry is not set + */ + +-const BIO_METHOD *BIO_s_mem(void) ++BIO_METHOD *BIO_s_mem(void) + { + return (&mem_method); + } + +-const BIO_METHOD *BIO_s_secmem(void) +-{ +- return(&secmem_method); +-} + + BIO *BIO_new_mem_buf(const void *buf, int len) + { + BIO *ret; + BUF_MEM *b; +- BIO_BUF_MEM *bb; + size_t sz; + +- if (buf == NULL) { ++ if (!buf) { + BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER); + return NULL; + } + sz = (len < 0) ? strlen(buf) : (size_t)len; +- if ((ret = BIO_new(BIO_s_mem())) == NULL) ++ if (!(ret = BIO_new(BIO_s_mem()))) + return NULL; +- bb = (BIO_BUF_MEM *)ret->ptr; +- b = bb->buf; ++ b = (BUF_MEM *)ret->ptr; + /* Cast away const and trust in the MEM_RDONLY flag. */ + b->data = (void *)buf; + b->length = sz; + b->max = sz; +- *bb->readp = *bb->buf; + ret->flags |= BIO_FLAGS_MEM_RDONLY; +- /* Since this is static data retrying won't help */ ++ /* Since this is static data retrying wont help */ + ret->num = 0; + return ret; + } + +-static int mem_init(BIO *bi, unsigned long flags) ++static int mem_new(BIO *bi) + { +- BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb)); ++ BUF_MEM *b; + +- if (bb == NULL) +- return 0; +- if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) { +- OPENSSL_free(bb); +- return 0; +- } +- if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) { +- BUF_MEM_free(bb->buf); +- OPENSSL_free(bb); +- return 0; +- } +- *bb->readp = *bb->buf; ++ if ((b = BUF_MEM_new()) == NULL) ++ return (0); + bi->shutdown = 1; + bi->init = 1; + bi->num = -1; +- bi->ptr = (char *)bb; +- return 1; +-} +- +-static int mem_new(BIO *bi) +-{ +- return (mem_init(bi, 0L)); +-} +- +-static int secmem_new(BIO *bi) +-{ +- return (mem_init(bi, BUF_MEM_FLAG_SECURE)); ++ bi->ptr = (char *)b; ++ return (1); + } + + static int mem_free(BIO *a) +-{ +- return (mem_buf_free(a, 1)); +-} +- +-static int mem_buf_free(BIO *a, int free_all) + { + if (a == NULL) + return (0); + if (a->shutdown) { + if ((a->init) && (a->ptr != NULL)) { + BUF_MEM *b; +- BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr; +- +- if (bb != NULL) { +- b = bb->buf; +- if (a->flags & BIO_FLAGS_MEM_RDONLY) +- b->data = NULL; +- BUF_MEM_free(b); +- if (free_all) { +- OPENSSL_free(bb->readp); +- OPENSSL_free(bb); +- } +- } ++ b = (BUF_MEM *)a->ptr; ++ if (a->flags & BIO_FLAGS_MEM_RDONLY) ++ b->data = NULL; ++ BUF_MEM_free(b); + a->ptr = NULL; + } + } + return (1); + } + +-/* +- * Reallocate memory buffer if read pointer differs +- */ +-static int mem_buf_sync(BIO *b) +-{ +- if (b != NULL && b->init != 0 && b->ptr != NULL) { +- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; +- +- if (bbm->readp->data != bbm->buf->data) { +- memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length); +- bbm->buf->length = bbm->readp->length; +- bbm->readp->data = bbm->buf->data; +- } +- } +- return (0); +-} +- + static int mem_read(BIO *b, char *out, int outl) + { + int ret = -1; +- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; +- BUF_MEM *bm = bbm->readp; ++ BUF_MEM *bm; + ++ bm = (BUF_MEM *)b->ptr; + BIO_clear_retry_flags(b); + ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl; + if ((out != NULL) && (ret > 0)) { + memcpy(out, bm->data, ret); + bm->length -= ret; +- bm->data += ret; ++ if (b->flags & BIO_FLAGS_MEM_RDONLY) ++ bm->data += ret; ++ else { ++ memmove(&(bm->data[0]), &(bm->data[ret]), bm->length); ++ } + } else if (bm->length == 0) { + ret = b->num; + if (ret != 0) +@@ -201,23 +174,24 @@ static int mem_write(BIO *b, const char *in, int inl) + { + int ret = -1; + int blen; +- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; ++ BUF_MEM *bm; + ++ bm = (BUF_MEM *)b->ptr; + if (in == NULL) { + BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER); + goto end; + } ++ + if (b->flags & BIO_FLAGS_MEM_RDONLY) { + BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO); + goto end; + } ++ + BIO_clear_retry_flags(b); +- blen = bbm->readp->length; +- mem_buf_sync(b); +- if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0) ++ blen = bm->length; ++ if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) + goto end; +- memcpy(bbm->buf->data + blen, in, inl); +- *bbm->readp = *bbm->buf; ++ memcpy(&(bm->data[blen]), in, inl); + ret = inl; + end: + return (ret); +@@ -227,32 +201,29 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) + { + long ret = 1; + char **pptr; +- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr; +- BUF_MEM *bm; ++ ++ BUF_MEM *bm = (BUF_MEM *)b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: +- bm = bbm->buf; + if (bm->data != NULL) { + /* For read only case reset to the start again */ +- if ((b->flags & BIO_FLAGS_MEM_RDONLY) || (b->flags & BIO_FLAGS_NONCLEAR_RST)) { ++ if (b->flags & BIO_FLAGS_MEM_RDONLY) { ++ bm->data -= bm->max - bm->length; + bm->length = bm->max; + } else { + memset(bm->data, 0, bm->max); + bm->length = 0; + } +- *bbm->readp = *bbm->buf; + } + break; + case BIO_CTRL_EOF: +- bm = bbm->readp; + ret = (long)(bm->length == 0); + break; + case BIO_C_SET_BUF_MEM_EOF_RETURN: + b->num = (int)num; + break; + case BIO_CTRL_INFO: +- bm = bbm->readp; + ret = (long)bm->length; + if (ptr != NULL) { + pptr = (char **)ptr; +@@ -260,16 +231,12 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) + } + break; + case BIO_C_SET_BUF_MEM: +- mem_buf_free(b, 0); ++ mem_free(b); + b->shutdown = (int)num; +- bbm->buf = ptr; +- *bbm->readp = *bbm->buf; +- b->ptr = bbm; ++ b->ptr = ptr; + break; + case BIO_C_GET_BUF_MEM_PTR: + if (ptr != NULL) { +- mem_buf_sync(b); +- bm = bbm->readp; + pptr = (char **)ptr; + *pptr = (char *)bm; + } +@@ -280,11 +247,11 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_SET_CLOSE: + b->shutdown = (int)num; + break; ++ + case BIO_CTRL_WPENDING: + ret = 0L; + break; + case BIO_CTRL_PENDING: +- bm = bbm->readp; + ret = (long)bm->length; + break; + case BIO_CTRL_DUP: +@@ -305,8 +272,7 @@ static int mem_gets(BIO *bp, char *buf, int size) + int i, j; + int ret = -1; + char *p; +- BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr; +- BUF_MEM *bm = bbm->readp; ++ BUF_MEM *bm = (BUF_MEM *)bp->ptr; + + BIO_clear_retry_flags(bp); + j = bm->length; +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c +index e5c4adc..6a03fa2 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_null.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_null.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_null.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include + + static int null_write(BIO *h, const char *buf, int num); + static int null_read(BIO *h, char *buf, int size); +@@ -19,7 +68,7 @@ static int null_gets(BIO *h, char *str, int size); + static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); + static int null_new(BIO *h); + static int null_free(BIO *data); +-static const BIO_METHOD null_method = { ++static BIO_METHOD null_method = { + BIO_TYPE_NULL, + "NULL", + null_write, +@@ -32,7 +81,7 @@ static const BIO_METHOD null_method = { + NULL, + }; + +-const BIO_METHOD *BIO_s_null(void) ++BIO_METHOD *BIO_s_null(void) + { + return (&null_method); + } +diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_sock.c b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c +index 570e898..6194d2c 100644 +--- a/Cryptlib/OpenSSL/crypto/bio/bss_sock.c ++++ b/Cryptlib/OpenSSL/crypto/bio/bss_sock.c +@@ -1,28 +1,72 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bio/bss_sock.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #define USE_SOCKETS +-#include "bio_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_SOCK + + # include + + # ifdef WATT32 +-/* Watt-32 uses same names */ +-# undef sock_write +-# undef sock_read +-# undef sock_puts +-# define sock_write SockWrite ++# define sock_write SockWrite /* Watt-32 uses same names */ + # define sock_read SockRead + # define sock_puts SockPuts + # endif +@@ -35,7 +79,7 @@ static int sock_new(BIO *h); + static int sock_free(BIO *data); + int BIO_sock_should_retry(int s); + +-static const BIO_METHOD methods_sockp = { ++static BIO_METHOD methods_sockp = { + BIO_TYPE_SOCKET, + "socket", + sock_write, +@@ -48,7 +92,7 @@ static const BIO_METHOD methods_sockp = { + NULL, + }; + +-const BIO_METHOD *BIO_s_socket(void) ++BIO_METHOD *BIO_s_socket(void) + { + return (&methods_sockp); + } +@@ -79,7 +123,7 @@ static int sock_free(BIO *a) + return (0); + if (a->shutdown) { + if (a->init) { +- BIO_closesocket(a->num); ++ SHUTDOWN2(a->num); + } + a->init = 0; + a->flags = 0; +@@ -171,6 +215,12 @@ int BIO_sock_should_retry(int i) + if ((i == 0) || (i == -1)) { + err = get_last_socket_error(); + ++# if defined(OPENSSL_SYS_WINDOWS) && 0/* more microsoft stupidity? perhaps ++ * not? Ben 4/1/99 */ ++ if ((i == -1) && (err == 0)) ++ return (1); ++# endif ++ + return (BIO_sock_non_fatal_error(err)); + } + return (0); +@@ -179,10 +229,16 @@ int BIO_sock_should_retry(int i) + int BIO_sock_non_fatal_error(int err) + { + switch (err) { +-# if defined(OPENSSL_SYS_WINDOWS) ++# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE) + # if defined(WSAEWOULDBLOCK) + case WSAEWOULDBLOCK: + # endif ++ ++# if 0 /* This appears to always be an error */ ++# if defined(WSAENOTCONN) ++ case WSAENOTCONN: ++# endif ++# endif + # endif + + # ifdef EWOULDBLOCK +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn.h b/Cryptlib/OpenSSL/crypto/bn/bn.h +new file mode 100644 +index 0000000..633d1b1 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/bn/bn.h +@@ -0,0 +1,951 @@ ++/* crypto/bn/bn.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* ==================================================================== ++ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. ++ * ++ * Portions of the attached software ("Contribution") are developed by ++ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. ++ * ++ * The Contribution is licensed pursuant to the Eric Young open source ++ * license provided above. ++ * ++ * The binary polynomial arithmetic software is originally written by ++ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. ++ * ++ */ ++ ++#ifndef HEADER_BN_H ++# define HEADER_BN_H ++ ++# include ++# include ++# ifndef OPENSSL_NO_FP_API ++# include /* FILE */ ++# endif ++# include ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/* ++ * These preprocessor symbols control various aspects of the bignum headers ++ * and library code. They're not defined by any "normal" configuration, as ++ * they are intended for development and testing purposes. NB: defining all ++ * three can be useful for debugging application code as well as openssl ++ * itself. BN_DEBUG - turn on various debugging alterations to the bignum ++ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up ++ * mismanagement of bignum internals. You must also define BN_DEBUG. ++ */ ++/* #define BN_DEBUG */ ++/* #define BN_DEBUG_RAND */ ++ ++# ifndef OPENSSL_SMALL_FOOTPRINT ++# define BN_MUL_COMBA ++# define BN_SQR_COMBA ++# define BN_RECURSION ++# endif ++ ++/* ++ * This next option uses the C libraries (2 word)/(1 word) function. If it is ++ * not defined, I use my C version (which is slower). The reason for this ++ * flag is that when the particular C compiler library routine is used, and ++ * the library is linked with a different compiler, the library is missing. ++ * This mostly happens when the library is built with gcc and then linked ++ * using normal cc. This would be a common occurrence because gcc normally ++ * produces code that is 2 times faster than system compilers for the big ++ * number stuff. For machines with only one compiler (or shared libraries), ++ * this should be on. Again this in only really a problem on machines using ++ * "long long's", are 32bit, and are not using my assembler code. ++ */ ++# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ ++ defined(OPENSSL_SYS_WIN32) || defined(linux) ++# ifndef BN_DIV2W ++# define BN_DIV2W ++# endif ++# endif ++ ++/* ++ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only ++ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha ++ */ ++# ifdef SIXTY_FOUR_BIT_LONG ++# define BN_ULLONG unsigned long long ++# define BN_ULONG unsigned long ++# define BN_LONG long ++# define BN_BITS 128 ++# define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK (0xffffffffffffffffffffffffffffffffLL) ++# define BN_MASK2 (0xffffffffffffffffL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000L) ++# define BN_MASK2h1 (0xffffffff80000000L) ++# define BN_TBIT (0x8000000000000000L) ++# define BN_DEC_CONV (10000000000000000000UL) ++# define BN_DEC_FMT1 "%lu" ++# define BN_DEC_FMT2 "%019lu" ++# define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%lX" ++# define BN_HEX_FMT2 "%016lX" ++# endif ++ ++/* ++ * This is where the long long data type is 64 bits, but long is 32. For ++ * machines where there are 64bit registers, this is the mode to use. IRIX, ++ * on R4000 and above should use this mode, along with the relevant assembler ++ * code :-). Do NOT define BN_LLONG. ++ */ ++# ifdef SIXTY_FOUR_BIT ++# undef BN_LLONG ++# undef BN_ULLONG ++# define BN_ULONG unsigned long long ++# define BN_LONG long long ++# define BN_BITS 128 ++# define BN_BYTES 8 ++# define BN_BITS2 64 ++# define BN_BITS4 32 ++# define BN_MASK2 (0xffffffffffffffffLL) ++# define BN_MASK2l (0xffffffffL) ++# define BN_MASK2h (0xffffffff00000000LL) ++# define BN_MASK2h1 (0xffffffff80000000LL) ++# define BN_TBIT (0x8000000000000000LL) ++# define BN_DEC_CONV (10000000000000000000ULL) ++# define BN_DEC_FMT1 "%llu" ++# define BN_DEC_FMT2 "%019llu" ++# define BN_DEC_NUM 19 ++# define BN_HEX_FMT1 "%llX" ++# define BN_HEX_FMT2 "%016llX" ++# endif ++ ++# ifdef THIRTY_TWO_BIT ++# ifdef BN_LLONG ++# if defined(_WIN32) && !defined(__GNUC__) ++# define BN_ULLONG unsigned __int64 ++# define BN_MASK (0xffffffffffffffffI64) ++# else ++# define BN_ULLONG unsigned long long ++# define BN_MASK (0xffffffffffffffffLL) ++# endif ++# endif ++# define BN_ULONG unsigned int ++# define BN_LONG int ++# define BN_BITS 64 ++# define BN_BYTES 4 ++# define BN_BITS2 32 ++# define BN_BITS4 16 ++# define BN_MASK2 (0xffffffffL) ++# define BN_MASK2l (0xffff) ++# define BN_MASK2h1 (0xffff8000L) ++# define BN_MASK2h (0xffff0000L) ++# define BN_TBIT (0x80000000L) ++# define BN_DEC_CONV (1000000000L) ++# define BN_DEC_FMT1 "%u" ++# define BN_DEC_FMT2 "%09u" ++# define BN_DEC_NUM 9 ++# define BN_HEX_FMT1 "%X" ++# define BN_HEX_FMT2 "%08X" ++# endif ++ ++# define BN_DEFAULT_BITS 1280 ++ ++# define BN_FLG_MALLOCED 0x01 ++# define BN_FLG_STATIC_DATA 0x02 ++ ++/* ++ * avoid leaking exponent information through timing, ++ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, ++ * BN_div() will call BN_div_no_branch, ++ * BN_mod_inverse() will call BN_mod_inverse_no_branch. ++ */ ++# define BN_FLG_CONSTTIME 0x04 ++ ++# ifdef OPENSSL_NO_DEPRECATED ++/* deprecated name for the flag */ ++# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME ++/* ++ * avoid leaking exponent information through timings ++ * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) ++ */ ++# endif ++ ++# ifndef OPENSSL_NO_DEPRECATED ++# define BN_FLG_FREE 0x8000 ++ /* used for debuging */ ++# endif ++# define BN_set_flags(b,n) ((b)->flags|=(n)) ++# define BN_get_flags(b,n) ((b)->flags&(n)) ++ ++/* ++ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the ++ * two BIGNUMs cannot not be used in parallel!) ++ */ ++# define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ ++ (dest)->top=(b)->top, \ ++ (dest)->dmax=(b)->dmax, \ ++ (dest)->neg=(b)->neg, \ ++ (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ ++ | ((b)->flags & ~BN_FLG_MALLOCED) \ ++ | BN_FLG_STATIC_DATA \ ++ | (n))) ++ ++/* Already declared in ossl_typ.h */ ++# if 0 ++typedef struct bignum_st BIGNUM; ++/* Used for temp variables (declaration hidden in bn_lcl.h) */ ++typedef struct bignum_ctx BN_CTX; ++typedef struct bn_blinding_st BN_BLINDING; ++typedef struct bn_mont_ctx_st BN_MONT_CTX; ++typedef struct bn_recp_ctx_st BN_RECP_CTX; ++typedef struct bn_gencb_st BN_GENCB; ++# endif ++ ++struct bignum_st { ++ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit ++ * chunks. */ ++ int top; /* Index of last used d +1. */ ++ /* The next are internal book keeping for bn_expand. */ ++ int dmax; /* Size of the d array. */ ++ int neg; /* one if the number is negative */ ++ int flags; ++}; ++ ++/* Used for montgomery multiplication */ ++struct bn_mont_ctx_st { ++ int ri; /* number of bits in R */ ++ BIGNUM RR; /* used to convert to montgomery form */ ++ BIGNUM N; /* The modulus */ ++ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only ++ * stored for bignum algorithm) */ ++ BN_ULONG n0[2]; /* least significant word(s) of Ni; (type ++ * changed with 0.9.9, was "BN_ULONG n0;" ++ * before) */ ++ int flags; ++}; ++ ++/* ++ * Used for reciprocal division/mod functions It cannot be shared between ++ * threads ++ */ ++struct bn_recp_ctx_st { ++ BIGNUM N; /* the divisor */ ++ BIGNUM Nr; /* the reciprocal */ ++ int num_bits; ++ int shift; ++ int flags; ++}; ++ ++/* Used for slow "generation" functions. */ ++struct bn_gencb_st { ++ unsigned int ver; /* To handle binary (in)compatibility */ ++ void *arg; /* callback-specific data */ ++ union { ++ /* if(ver==1) - handles old style callbacks */ ++ void (*cb_1) (int, int, void *); ++ /* if(ver==2) - new callback style */ ++ int (*cb_2) (int, int, BN_GENCB *); ++ } cb; ++}; ++/* Wrapper function to make using BN_GENCB easier, */ ++int BN_GENCB_call(BN_GENCB *cb, int a, int b); ++/* Macro to populate a BN_GENCB structure with an "old"-style callback */ ++# define BN_GENCB_set_old(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 1; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_1 = (callback); } ++/* Macro to populate a BN_GENCB structure with a "new"-style callback */ ++# define BN_GENCB_set(gencb, callback, cb_arg) { \ ++ BN_GENCB *tmp_gencb = (gencb); \ ++ tmp_gencb->ver = 2; \ ++ tmp_gencb->arg = (cb_arg); \ ++ tmp_gencb->cb.cb_2 = (callback); } ++ ++# define BN_prime_checks 0 /* default: select number of iterations based ++ * on the size of the number */ ++ ++/* ++ * number of Miller-Rabin iterations for an error rate of less than 2^-80 for ++ * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of ++ * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; ++ * original paper: Damgaard, Landrock, Pomerance: Average case error ++ * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) ++ * 177-194) ++ */ ++# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ ++ (b) >= 850 ? 3 : \ ++ (b) >= 650 ? 4 : \ ++ (b) >= 550 ? 5 : \ ++ (b) >= 450 ? 6 : \ ++ (b) >= 400 ? 7 : \ ++ (b) >= 350 ? 8 : \ ++ (b) >= 300 ? 9 : \ ++ (b) >= 250 ? 12 : \ ++ (b) >= 200 ? 15 : \ ++ (b) >= 150 ? 18 : \ ++ /* b >= 100 */ 27) ++ ++# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) ++ ++/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ ++# define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ ++ (((w) == 0) && ((a)->top == 0))) ++# define BN_is_zero(a) ((a)->top == 0) ++# define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) ++# define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) ++# define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) ++ ++# define BN_one(a) (BN_set_word((a),1)) ++# define BN_zero_ex(a) \ ++ do { \ ++ BIGNUM *_tmp_bn = (a); \ ++ _tmp_bn->top = 0; \ ++ _tmp_bn->neg = 0; \ ++ } while(0) ++# ifdef OPENSSL_NO_DEPRECATED ++# define BN_zero(a) BN_zero_ex(a) ++# else ++# define BN_zero(a) (BN_set_word((a),0)) ++# endif ++ ++const BIGNUM *BN_value_one(void); ++char *BN_options(void); ++BN_CTX *BN_CTX_new(void); ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_CTX_init(BN_CTX *c); ++# endif ++void BN_CTX_free(BN_CTX *c); ++void BN_CTX_start(BN_CTX *ctx); ++BIGNUM *BN_CTX_get(BN_CTX *ctx); ++void BN_CTX_end(BN_CTX *ctx); ++int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); ++int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); ++int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); ++int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); ++int BN_num_bits(const BIGNUM *a); ++int BN_num_bits_word(BN_ULONG); ++BIGNUM *BN_new(void); ++void BN_init(BIGNUM *); ++void BN_clear_free(BIGNUM *a); ++BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); ++void BN_swap(BIGNUM *a, BIGNUM *b); ++BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); ++int BN_bn2bin(const BIGNUM *a, unsigned char *to); ++BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); ++int BN_bn2mpi(const BIGNUM *a, unsigned char *to); ++int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); ++int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); ++/** BN_set_negative sets sign of a BIGNUM ++ * \param b pointer to the BIGNUM object ++ * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise ++ */ ++void BN_set_negative(BIGNUM *b, int n); ++/** BN_is_negative returns 1 if the BIGNUM is negative ++ * \param a pointer to the BIGNUM object ++ * \return 1 if a < 0 and 0 otherwise ++ */ ++# define BN_is_negative(a) ((a)->neg != 0) ++ ++int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, ++ BN_CTX *ctx); ++# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) ++int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); ++int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m); ++int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *m); ++int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); ++int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ++ BN_CTX *ctx); ++int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); ++ ++BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); ++BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); ++int BN_mul_word(BIGNUM *a, BN_ULONG w); ++int BN_add_word(BIGNUM *a, BN_ULONG w); ++int BN_sub_word(BIGNUM *a, BN_ULONG w); ++int BN_set_word(BIGNUM *a, BN_ULONG w); ++BN_ULONG BN_get_word(const BIGNUM *a); ++ ++int BN_cmp(const BIGNUM *a, const BIGNUM *b); ++void BN_free(BIGNUM *a); ++int BN_is_bit_set(const BIGNUM *a, int n); ++int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); ++int BN_lshift1(BIGNUM *r, const BIGNUM *a); ++int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++ ++int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, ++ BN_MONT_CTX *in_mont); ++int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, ++ const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, ++ BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++ ++int BN_mask_bits(BIGNUM *a, int n); ++# ifndef OPENSSL_NO_FP_API ++int BN_print_fp(FILE *fp, const BIGNUM *a); ++# endif ++# ifdef HEADER_BIO_H ++int BN_print(BIO *fp, const BIGNUM *a); ++# else ++int BN_print(void *fp, const BIGNUM *a); ++# endif ++int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); ++int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); ++int BN_rshift1(BIGNUM *r, const BIGNUM *a); ++void BN_clear(BIGNUM *a); ++BIGNUM *BN_dup(const BIGNUM *a); ++int BN_ucmp(const BIGNUM *a, const BIGNUM *b); ++int BN_set_bit(BIGNUM *a, int n); ++int BN_clear_bit(BIGNUM *a, int n); ++char *BN_bn2hex(const BIGNUM *a); ++char *BN_bn2dec(const BIGNUM *a); ++int BN_hex2bn(BIGNUM **a, const char *str); ++int BN_dec2bn(BIGNUM **a, const char *str); ++int BN_asc2bn(BIGNUM **a, const char *str); ++int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); ++int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns ++ * -2 for ++ * error */ ++BIGNUM *BN_mod_inverse(BIGNUM *ret, ++ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); ++BIGNUM *BN_mod_sqrt(BIGNUM *ret, ++ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); ++ ++void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); ++ ++/* Deprecated versions */ ++# ifndef OPENSSL_NO_DEPRECATED ++BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, ++ const BIGNUM *add, const BIGNUM *rem, ++ void (*callback) (int, int, void *), void *cb_arg); ++int BN_is_prime(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), ++ BN_CTX *ctx, void *cb_arg); ++int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, ++ void (*callback) (int, int, void *), BN_CTX *ctx, ++ void *cb_arg, int do_trial_division); ++# endif /* !defined(OPENSSL_NO_DEPRECATED) */ ++ ++/* Newer versions */ ++int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, ++ const BIGNUM *rem, BN_GENCB *cb); ++int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); ++int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, ++ int do_trial_division, BN_GENCB *cb); ++ ++int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); ++ ++int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, ++ const BIGNUM *Xp, const BIGNUM *Xp1, ++ const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, ++ BN_GENCB *cb); ++int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, ++ BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, ++ BN_CTX *ctx, BN_GENCB *cb); ++ ++BN_MONT_CTX *BN_MONT_CTX_new(void); ++void BN_MONT_CTX_init(BN_MONT_CTX *ctx); ++int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ BN_MONT_CTX *mont, BN_CTX *ctx); ++# define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ ++ (r),(a),&((mont)->RR),(mont),(ctx)) ++int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, ++ BN_MONT_CTX *mont, BN_CTX *ctx); ++void BN_MONT_CTX_free(BN_MONT_CTX *mont); ++int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); ++BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); ++BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, ++ const BIGNUM *mod, BN_CTX *ctx); ++ ++/* BN_BLINDING flags */ ++# define BN_BLINDING_NO_UPDATE 0x00000001 ++# define BN_BLINDING_NO_RECREATE 0x00000002 ++ ++BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); ++void BN_BLINDING_free(BN_BLINDING *b); ++int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); ++int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); ++int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); ++int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); ++int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, ++ BN_CTX *); ++# ifndef OPENSSL_NO_DEPRECATED ++unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); ++void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); ++# endif ++CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); ++unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); ++void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); ++BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, ++ const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, ++ int (*bn_mod_exp) (BIGNUM *r, ++ const BIGNUM *a, ++ const BIGNUM *p, ++ const BIGNUM *m, ++ BN_CTX *ctx, ++ BN_MONT_CTX *m_ctx), ++ BN_MONT_CTX *m_ctx); ++ ++# ifndef OPENSSL_NO_DEPRECATED ++void BN_set_params(int mul, int high, int low, int mont); ++int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ ++# endif ++ ++void BN_RECP_CTX_init(BN_RECP_CTX *recp); ++BN_RECP_CTX *BN_RECP_CTX_new(void); ++void BN_RECP_CTX_free(BN_RECP_CTX *recp); ++int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); ++int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, ++ BN_RECP_CTX *recp, BN_CTX *ctx); ++int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx); ++int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, ++ BN_RECP_CTX *recp, BN_CTX *ctx); ++ ++# ifndef OPENSSL_NO_EC2M ++ ++/* ++ * Functions for arithmetic over binary polynomials represented by BIGNUMs. ++ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is ++ * ignored. Note that input arguments are not const so that their bit arrays ++ * can be expanded to the appropriate size if needed. ++ */ ++ ++/* ++ * r = a + b ++ */ ++int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); ++# define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) ++/* ++ * r=a mod p ++ */ ++int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); ++/* r = (a * b) mod p */ ++int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = (a * a) mod p */ ++int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++/* r = (1 / b) mod p */ ++int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx); ++/* r = (a / b) mod p */ ++int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = (a ^ b) mod p */ ++int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const BIGNUM *p, BN_CTX *ctx); ++/* r = sqrt(a) mod p */ ++int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ BN_CTX *ctx); ++/* r^2 + r = a mod p */ ++int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ BN_CTX *ctx); ++# define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) ++/*- ++ * Some functions allow for representation of the irreducible polynomials ++ * as an unsigned int[], say p. The irreducible f(t) is then of the form: ++ * t^p[0] + t^p[1] + ... + t^p[k] ++ * where m = p[0] > p[1] > ... > p[k] = 0. ++ */ ++/* r = a mod p */ ++int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); ++/* r = (a * b) mod p */ ++int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const int p[], BN_CTX *ctx); ++/* r = (a * a) mod p */ ++int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], ++ BN_CTX *ctx); ++/* r = (1 / b) mod p */ ++int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], ++ BN_CTX *ctx); ++/* r = (a / b) mod p */ ++int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const int p[], BN_CTX *ctx); ++/* r = (a ^ b) mod p */ ++int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ++ const int p[], BN_CTX *ctx); ++/* r = sqrt(a) mod p */ ++int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, ++ const int p[], BN_CTX *ctx); ++/* r^2 + r = a mod p */ ++int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, ++ const int p[], BN_CTX *ctx); ++int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); ++int BN_GF2m_arr2poly(const int p[], BIGNUM *a); ++ ++# endif ++ ++/* ++ * faster mod functions for the 'NIST primes' 0 <= a < p^2 ++ */ ++int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); ++ ++const BIGNUM *BN_get0_nist_prime_192(void); ++const BIGNUM *BN_get0_nist_prime_224(void); ++const BIGNUM *BN_get0_nist_prime_256(void); ++const BIGNUM *BN_get0_nist_prime_384(void); ++const BIGNUM *BN_get0_nist_prime_521(void); ++ ++/* library internal functions */ ++ ++# define bn_expand(a,bits) \ ++ ( \ ++ bits > (INT_MAX - BN_BITS2 + 1) ? \ ++ NULL \ ++ : \ ++ (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) ? \ ++ (a) \ ++ : \ ++ bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2) \ ++ ) ++ ++# define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) ++BIGNUM *bn_expand2(BIGNUM *a, int words); ++# ifndef OPENSSL_NO_DEPRECATED ++BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ ++# endif ++ ++/*- ++ * Bignum consistency macros ++ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from ++ * bignum data after direct manipulations on the data. There is also an ++ * "internal" macro, bn_check_top(), for verifying that there are no leading ++ * zeroes. Unfortunately, some auditing is required due to the fact that ++ * bn_fix_top() has become an overabused duct-tape because bignum data is ++ * occasionally passed around in an inconsistent state. So the following ++ * changes have been made to sort this out; ++ * - bn_fix_top()s implementation has been moved to bn_correct_top() ++ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and ++ * bn_check_top() is as before. ++ * - if BN_DEBUG *is* defined; ++ * - bn_check_top() tries to pollute unused words even if the bignum 'top' is ++ * consistent. (ed: only if BN_DEBUG_RAND is defined) ++ * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. ++ * The idea is to have debug builds flag up inconsistent bignums when they ++ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if ++ * the use of bn_fix_top() was appropriate (ie. it follows directly after code ++ * that manipulates the bignum) it is converted to bn_correct_top(), and if it ++ * was not appropriate, we convert it permanently to bn_check_top() and track ++ * down the cause of the bug. Eventually, no internal code should be using the ++ * bn_fix_top() macro. External applications and libraries should try this with ++ * their own code too, both in terms of building against the openssl headers ++ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it ++ * defined. This not only improves external code, it provides more test ++ * coverage for openssl's own code. ++ */ ++ ++# ifdef BN_DEBUG ++ ++/* We only need assert() when debugging */ ++# include ++ ++# ifdef BN_DEBUG_RAND ++/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ ++# ifndef RAND_pseudo_bytes ++int RAND_pseudo_bytes(unsigned char *buf, int num); ++# define BN_DEBUG_TRIX ++# endif ++# define bn_pollute(a) \ ++ do { \ ++ const BIGNUM *_bnum1 = (a); \ ++ if(_bnum1->top < _bnum1->dmax) { \ ++ unsigned char _tmp_char; \ ++ /* We cast away const without the compiler knowing, any \ ++ * *genuinely* constant variables that aren't mutable \ ++ * wouldn't be constructed with top!=dmax. */ \ ++ BN_ULONG *_not_const; \ ++ memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ ++ /* Debug only - safe to ignore error return */ \ ++ RAND_pseudo_bytes(&_tmp_char, 1); \ ++ memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ ++ (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ ++ } \ ++ } while(0) ++# ifdef BN_DEBUG_TRIX ++# undef RAND_pseudo_bytes ++# endif ++# else ++# define bn_pollute(a) ++# endif ++# define bn_check_top(a) \ ++ do { \ ++ const BIGNUM *_bnum2 = (a); \ ++ if (_bnum2 != NULL) { \ ++ assert((_bnum2->top == 0) || \ ++ (_bnum2->d[_bnum2->top - 1] != 0)); \ ++ bn_pollute(_bnum2); \ ++ } \ ++ } while(0) ++ ++# define bn_fix_top(a) bn_check_top(a) ++ ++# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) ++# define bn_wcheck_size(bn, words) \ ++ do { \ ++ const BIGNUM *_bnum2 = (bn); \ ++ assert((words) <= (_bnum2)->dmax && (words) >= (_bnum2)->top); \ ++ /* avoid unused variable warning with NDEBUG */ \ ++ (void)(_bnum2); \ ++ } while(0) ++ ++# else /* !BN_DEBUG */ ++ ++# define bn_pollute(a) ++# define bn_check_top(a) ++# define bn_fix_top(a) bn_correct_top(a) ++# define bn_check_size(bn, bits) ++# define bn_wcheck_size(bn, words) ++ ++# endif ++ ++# define bn_correct_top(a) \ ++ { \ ++ BN_ULONG *ftl; \ ++ int tmp_top = (a)->top; \ ++ if (tmp_top > 0) \ ++ { \ ++ for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ ++ if (*(ftl--)) break; \ ++ (a)->top = tmp_top; \ ++ } \ ++ if ((a)->top == 0) \ ++ (a)->neg = 0; \ ++ bn_pollute(a); \ ++ } ++ ++BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, ++ BN_ULONG w); ++BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); ++void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); ++BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); ++BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); ++BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, ++ int num); ++ ++/* Primes from RFC 2409 */ ++BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); ++BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); ++ ++/* Primes from RFC 3526 */ ++BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); ++BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); ++ ++int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); ++ ++/* BEGIN ERROR CODES */ ++/* ++ * The following lines are auto generated by the script mkerr.pl. Any changes ++ * made after this point may be overwritten when the script is next run. ++ */ ++void ERR_load_BN_strings(void); ++ ++/* Error codes for the BN functions. */ ++ ++/* Function codes. */ ++# define BN_F_BNRAND 127 ++# define BN_F_BN_BLINDING_CONVERT_EX 100 ++# define BN_F_BN_BLINDING_CREATE_PARAM 128 ++# define BN_F_BN_BLINDING_INVERT_EX 101 ++# define BN_F_BN_BLINDING_NEW 102 ++# define BN_F_BN_BLINDING_UPDATE 103 ++# define BN_F_BN_BN2DEC 104 ++# define BN_F_BN_BN2HEX 105 ++# define BN_F_BN_CTX_GET 116 ++# define BN_F_BN_CTX_NEW 106 ++# define BN_F_BN_CTX_START 129 ++# define BN_F_BN_DIV 107 ++# define BN_F_BN_DIV_NO_BRANCH 138 ++# define BN_F_BN_DIV_RECP 130 ++# define BN_F_BN_EXP 123 ++# define BN_F_BN_EXPAND2 108 ++# define BN_F_BN_EXPAND_INTERNAL 120 ++# define BN_F_BN_GF2M_MOD 131 ++# define BN_F_BN_GF2M_MOD_EXP 132 ++# define BN_F_BN_GF2M_MOD_MUL 133 ++# define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 ++# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 ++# define BN_F_BN_GF2M_MOD_SQR 136 ++# define BN_F_BN_GF2M_MOD_SQRT 137 ++# define BN_F_BN_LSHIFT 145 ++# define BN_F_BN_MOD_EXP2_MONT 118 ++# define BN_F_BN_MOD_EXP_MONT 109 ++# define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 ++# define BN_F_BN_MOD_EXP_MONT_WORD 117 ++# define BN_F_BN_MOD_EXP_RECP 125 ++# define BN_F_BN_MOD_EXP_SIMPLE 126 ++# define BN_F_BN_MOD_INVERSE 110 ++# define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 ++# define BN_F_BN_MOD_LSHIFT_QUICK 119 ++# define BN_F_BN_MOD_MUL_RECIPROCAL 111 ++# define BN_F_BN_MOD_SQRT 121 ++# define BN_F_BN_MPI2BN 112 ++# define BN_F_BN_NEW 113 ++# define BN_F_BN_RAND 114 ++# define BN_F_BN_RAND_RANGE 122 ++# define BN_F_BN_RSHIFT 146 ++# define BN_F_BN_USUB 115 ++ ++/* Reason codes. */ ++# define BN_R_ARG2_LT_ARG3 100 ++# define BN_R_BAD_RECIPROCAL 101 ++# define BN_R_BIGNUM_TOO_LONG 114 ++# define BN_R_BITS_TOO_SMALL 118 ++# define BN_R_CALLED_WITH_EVEN_MODULUS 102 ++# define BN_R_DIV_BY_ZERO 103 ++# define BN_R_ENCODING_ERROR 104 ++# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 ++# define BN_R_INPUT_NOT_REDUCED 110 ++# define BN_R_INVALID_LENGTH 106 ++# define BN_R_INVALID_RANGE 115 ++# define BN_R_INVALID_SHIFT 119 ++# define BN_R_NOT_A_SQUARE 111 ++# define BN_R_NOT_INITIALIZED 107 ++# define BN_R_NO_INVERSE 108 ++# define BN_R_NO_SOLUTION 116 ++# define BN_R_P_IS_NOT_PRIME 112 ++# define BN_R_TOO_MANY_ITERATIONS 113 ++# define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 ++ ++#ifdef __cplusplus ++} ++#endif ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c +index 6479650..2f3d110 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_add.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_add.c +@@ -1,18 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_add.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" + + /* r can == a or b */ + int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { ++ const BIGNUM *tmp; + int a_neg = a->neg, ret; + + bn_check_top(a); +@@ -27,8 +78,6 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + if (a_neg ^ b->neg) { + /* only one is negative */ + if (a_neg) { +- const BIGNUM *tmp; +- + tmp = a; + a = b; + b = tmp; +@@ -38,14 +87,14 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + + if (BN_ucmp(a, b) < 0) { + if (!BN_usub(r, b, a)) +- return 0; ++ return (0); + r->neg = 1; + } else { + if (!BN_usub(r, a, b)) +- return 0; ++ return (0); + r->neg = 0; + } +- return 1; ++ return (1); + } + + ret = BN_uadd(r, a, b); +@@ -58,15 +107,13 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + int max, min, dif; +- const BN_ULONG *ap, *bp; +- BN_ULONG *rp, carry, t1, t2; ++ BN_ULONG *ap, *bp, *rp, carry, t1, t2; ++ const BIGNUM *tmp; + + bn_check_top(a); + bn_check_top(b); + + if (a->top < b->top) { +- const BIGNUM *tmp; +- + tmp = a; + a = b; + b = tmp; +@@ -87,17 +134,29 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + carry = bn_add_words(rp, ap, bp, min); + rp += min; + ap += min; +- +- while (dif) { +- dif--; +- t1 = *(ap++); +- t2 = (t1 + carry) & BN_MASK2; +- *(rp++) = t2; +- carry &= (t2 == 0); ++ bp += min; ++ ++ if (carry) { ++ while (dif) { ++ dif--; ++ t1 = *(ap++); ++ t2 = (t1 + 1) & BN_MASK2; ++ *(rp++) = t2; ++ if (t2) { ++ carry = 0; ++ break; ++ } ++ } ++ if (carry) { ++ /* carry != 0 => dif == 0 */ ++ *rp = 1; ++ r->top++; ++ } + } +- *rp = carry; +- r->top += carry; +- ++ if (dif && rp != ap) ++ while (dif--) ++ /* copy remaining words if ap != rp */ ++ *(rp++) = *(ap++); + r->neg = 0; + bn_check_top(r); + return 1; +@@ -107,8 +166,11 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + int max, min, dif; +- BN_ULONG t1, t2, borrow, *rp; +- const BN_ULONG *ap, *bp; ++ register BN_ULONG t1, t2, *ap, *bp, *rp; ++ int i, carry; ++#if defined(IRIX_CC_BUG) && !defined(LINT) ++ int dummy; ++#endif + + bn_check_top(a); + bn_check_top(b); +@@ -119,38 +181,86 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + + if (dif < 0) { /* hmm... should not be happening */ + BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3); +- return 0; ++ return (0); + } + + if (bn_wexpand(r, max) == NULL) +- return 0; ++ return (0); + + ap = a->d; + bp = b->d; + rp = r->d; + +- borrow = bn_sub_words(rp, ap, bp, min); ++#if 1 ++ carry = 0; ++ for (i = min; i != 0; i--) { ++ t1 = *(ap++); ++ t2 = *(bp++); ++ if (carry) { ++ carry = (t1 <= t2); ++ t1 = (t1 - t2 - 1) & BN_MASK2; ++ } else { ++ carry = (t1 < t2); ++ t1 = (t1 - t2) & BN_MASK2; ++ } ++# if defined(IRIX_CC_BUG) && !defined(LINT) ++ dummy = t1; ++# endif ++ *(rp++) = t1 & BN_MASK2; ++ } ++#else ++ carry = bn_sub_words(rp, ap, bp, min); + ap += min; ++ bp += min; + rp += min; +- +- while (dif) { +- dif--; +- t1 = *(ap++); +- t2 = (t1 - borrow) & BN_MASK2; +- *(rp++) = t2; +- borrow &= (t1 == 0); ++#endif ++ if (carry) { /* subtracted */ ++ if (!dif) ++ /* error: a < b */ ++ return 0; ++ while (dif) { ++ dif--; ++ t1 = *(ap++); ++ t2 = (t1 - 1) & BN_MASK2; ++ *(rp++) = t2; ++ if (t1) ++ break; ++ } ++ } ++#if 0 ++ memcpy(rp, ap, sizeof(*rp) * (max - i)); ++#else ++ if (rp != ap) { ++ for (;;) { ++ if (!dif--) ++ break; ++ rp[0] = ap[0]; ++ if (!dif--) ++ break; ++ rp[1] = ap[1]; ++ if (!dif--) ++ break; ++ rp[2] = ap[2]; ++ if (!dif--) ++ break; ++ rp[3] = ap[3]; ++ rp += 4; ++ ap += 4; ++ } + } ++#endif + + r->top = max; + r->neg = 0; + bn_correct_top(r); +- return 1; ++ return (1); + } + + int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + int max; + int add = 0, neg = 0; ++ const BIGNUM *tmp; + + bn_check_top(a); + bn_check_top(b); +@@ -163,8 +273,6 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + */ + if (a->neg) { + if (b->neg) { +- const BIGNUM *tmp; +- + tmp = a; + a = b; + b = tmp; +@@ -181,25 +289,25 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + + if (add) { + if (!BN_uadd(r, a, b)) +- return 0; ++ return (0); + r->neg = neg; +- return 1; ++ return (1); + } + + /* We are actually doing a - b :-) */ + + max = (a->top > b->top) ? a->top : b->top; + if (bn_wexpand(r, max) == NULL) +- return 0; ++ return (0); + if (BN_ucmp(a, b) < 0) { + if (!BN_usub(r, b, a)) +- return 0; ++ return (0); + r->neg = 1; + } else { + if (!BN_usub(r, a, b)) +- return 0; ++ return (0); + r->neg = 0; + } + bn_check_top(r); +- return 1; ++ return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +index 39c6c21..03a33cf 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +@@ -1,15 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_asm.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + ++#ifndef BN_DEBUG ++# undef NDEBUG /* avoid conflicting definitions */ ++# define NDEBUG ++#endif ++ ++#include + #include +-#include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) +@@ -951,13 +1005,13 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + + /* hmm... is it faster just to do a multiply? */ + # undef bn_sqr_comba4 +-# undef bn_sqr_comba8 + void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) + { + BN_ULONG t[8]; + bn_sqr_normal(r, a, 4, t); + } + ++# undef bn_sqr_comba8 + void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) + { + BN_ULONG t[16]; +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +index 24d1383..d448daa 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +@@ -1,14 +1,116 @@ +-/* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_blind.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" + + #define BN_BLINDING_COUNTER 32 +@@ -18,13 +120,16 @@ struct bn_blinding_st { + BIGNUM *Ai; + BIGNUM *e; + BIGNUM *mod; /* just a reference */ +- CRYPTO_THREAD_ID tid; ++#ifndef OPENSSL_NO_DEPRECATED ++ unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; used ++ * only by crypto/rsa/rsa_eay.c, rsa_lib.c */ ++#endif ++ CRYPTO_THREADID tid; + int counter; + unsigned long flags; + BN_MONT_CTX *m_ctx; + int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +- CRYPTO_RWLOCK *lock; + }; + + BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) +@@ -33,25 +138,15 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) + + bn_check_top(mod); + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { ++ if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { + BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; ++ return (NULL); + } +- +- ret->lock = CRYPTO_THREAD_lock_new(); +- if (ret->lock == NULL) { +- BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(ret); +- return NULL; +- } +- +- BN_BLINDING_set_current_thread(ret); +- ++ memset(ret, 0, sizeof(BN_BLINDING)); + if (A != NULL) { + if ((ret->A = BN_dup(A)) == NULL) + goto err; + } +- + if (Ai != NULL) { + if ((ret->Ai = BN_dup(Ai)) == NULL) + goto err; +@@ -60,7 +155,6 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) + /* save a copy of mod in the BN_BLINDING structure */ + if ((ret->mod = BN_dup(mod)) == NULL) + goto err; +- + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(ret->mod, BN_FLG_CONSTTIME); + +@@ -70,12 +164,12 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) + * use. + */ + ret->counter = -1; +- +- return ret; +- ++ CRYPTO_THREADID_current(&ret->tid); ++ return (ret); + err: +- BN_BLINDING_free(ret); +- return NULL; ++ if (ret != NULL) ++ BN_BLINDING_free(ret); ++ return (NULL); + } + + void BN_BLINDING_free(BN_BLINDING *r) +@@ -83,11 +177,14 @@ void BN_BLINDING_free(BN_BLINDING *r) + if (r == NULL) + return; + +- BN_free(r->A); +- BN_free(r->Ai); +- BN_free(r->e); +- BN_free(r->mod); +- CRYPTO_THREAD_lock_free(r->lock); ++ if (r->A != NULL) ++ BN_free(r->A); ++ if (r->Ai != NULL) ++ BN_free(r->Ai); ++ if (r->e != NULL) ++ BN_free(r->e); ++ if (r->mod != NULL) ++ BN_free(r->mod); + OPENSSL_free(r); + } + +@@ -181,24 +278,21 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, + return (ret); + } + +-int BN_BLINDING_is_current_thread(BN_BLINDING *b) +-{ +- return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid); +-} +- +-void BN_BLINDING_set_current_thread(BN_BLINDING *b) ++#ifndef OPENSSL_NO_DEPRECATED ++unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) + { +- b->tid = CRYPTO_THREAD_get_current_id(); ++ return b->thread_id; + } + +-int BN_BLINDING_lock(BN_BLINDING *b) ++void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) + { +- return CRYPTO_THREAD_write_lock(b->lock); ++ b->thread_id = n; + } ++#endif + +-int BN_BLINDING_unlock(BN_BLINDING *b) ++CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) + { +- return CRYPTO_THREAD_unlock(b->lock); ++ return &b->tid; + } + + unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) +@@ -238,7 +332,8 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + goto err; + + if (e != NULL) { +- BN_free(ret->e); ++ if (ret->e != NULL) ++ BN_free(ret->e); + ret->e = BN_dup(e); + } + if (ret->e == NULL) +@@ -250,19 +345,20 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + ret->m_ctx = m_ctx; + + do { +- int rv; + if (!BN_rand_range(ret->A, ret->mod)) + goto err; +- if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) { ++ if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { + /* + * this should almost never happen for good RSA keys + */ +- if (rv) { ++ unsigned long error = ERR_peek_last_error(); ++ if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + if (retry_counter-- == 0) { + BNerr(BN_F_BN_BLINDING_CREATE_PARAM, + BN_R_TOO_MANY_ITERATIONS); + goto err; + } ++ ERR_clear_error(); + } else + goto err; + } else +@@ -280,7 +376,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + + return ret; + err: +- if (b == NULL) { ++ if (b == NULL && ret != NULL) { + BN_BLINDING_free(ret); + ret = NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c +index 39dd612..12c3208 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_const.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_const.c +@@ -1,13 +1,7 @@ +-/* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ ++/* crypto/bn/knownprimes.c */ ++/* Insert boilerplate */ + +-#include ++#include "bn.h" + + /*- + * "First Oakley Default Group" from RFC2409, section 6.1. +@@ -18,7 +12,7 @@ + * RFC2412 specifies a generator of of 22. + */ + +-BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) ++BIGNUM *get_rfc2409_prime_768(BIGNUM *bn) + { + static const unsigned char RFC2409_PRIME_768[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -46,7 +40,7 @@ BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn) + * RFC2412 specifies a generator of 22. + */ + +-BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) ++BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn) + { + static const unsigned char RFC2409_PRIME_1024[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -78,7 +72,7 @@ BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn) + * RFC2312 specifies a generator of 22. + */ + +-BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) ++BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_1536[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -117,7 +111,7 @@ BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn) + * RFC3526 specifies a generator of 2. + */ + +-BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) ++BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_2048[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -164,7 +158,7 @@ BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn) + * RFC3526 specifies a generator of 2. + */ + +-BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) ++BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_3072[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -227,7 +221,7 @@ BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn) + * RFC3526 specifies a generator of 2. + */ + +-BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) ++BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_4096[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -306,7 +300,7 @@ BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn) + * RFC3526 specifies a generator of 2. + */ + +-BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) ++BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_6144[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -417,7 +411,7 @@ BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn) + * RFC3526 specifies a generator of 2. + */ + +-BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn) ++BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn) + { + static const unsigned char RFC3526_PRIME_8192[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +index 68c0468..526c6a0 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +@@ -1,13 +1,69 @@ +-/* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_ctx.c */ ++/* Written by Ulf Moeller for the OpenSSL project. */ ++/* ==================================================================== ++ * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++ ++#include ++#include ++ ++#include "cryptlib.h" + #include "bn_lcl.h" + + /*- +@@ -48,7 +104,10 @@ typedef struct bignum_pool { + } BN_POOL; + static void BN_POOL_init(BN_POOL *); + static void BN_POOL_finish(BN_POOL *); +-static BIGNUM *BN_POOL_get(BN_POOL *, int); ++#ifndef OPENSSL_NO_DEPRECATED ++static void BN_POOL_reset(BN_POOL *); ++#endif ++static BIGNUM *BN_POOL_get(BN_POOL *); + static void BN_POOL_release(BN_POOL *, unsigned int); + + /************/ +@@ -64,6 +123,9 @@ typedef struct bignum_ctx_stack { + } BN_STACK; + static void BN_STACK_init(BN_STACK *); + static void BN_STACK_finish(BN_STACK *); ++#ifndef OPENSSL_NO_DEPRECATED ++static void BN_STACK_reset(BN_STACK *); ++#endif + static int BN_STACK_push(BN_STACK *, unsigned int); + static unsigned int BN_STACK_pop(BN_STACK *); + +@@ -83,8 +145,6 @@ struct bignum_ctx { + int err_stack; + /* Block "gets" until an "end" (compatibility behaviour) */ + int too_many; +- /* Flags. */ +- int flags; + }; + + /* Enable this to find BN_CTX bugs */ +@@ -130,27 +190,40 @@ static void ctxdbg(BN_CTX *ctx) + # define CTXDBG_RET(ctx,ret) + #endif + ++/* ++ * This function is an evil legacy and should not be used. This ++ * implementation is WYSIWYG, though I've done my best. ++ */ ++#ifndef OPENSSL_NO_DEPRECATED ++void BN_CTX_init(BN_CTX *ctx) ++{ ++ /* ++ * Assume the caller obtained the context via BN_CTX_new() and so is ++ * trying to reset it for use. Nothing else makes sense, least of all ++ * binary compatibility from a time when they could declare a static ++ * variable. ++ */ ++ BN_POOL_reset(&ctx->pool); ++ BN_STACK_reset(&ctx->stack); ++ ctx->used = 0; ++ ctx->err_stack = 0; ++ ctx->too_many = 0; ++} ++#endif + + BN_CTX *BN_CTX_new(void) + { +- BN_CTX *ret; +- +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { ++ BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); ++ if (!ret) { + BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + /* Initialise the structure */ + BN_POOL_init(&ret->pool); + BN_STACK_init(&ret->stack); +- return ret; +-} +- +-BN_CTX *BN_CTX_secure_new(void) +-{ +- BN_CTX *ret = BN_CTX_new(); +- +- if (ret != NULL) +- ret->flags = BN_FLG_SECURE; ++ ret->used = 0; ++ ret->err_stack = 0; ++ ret->too_many = 0; + return ret; + } + +@@ -212,11 +285,10 @@ void BN_CTX_end(BN_CTX *ctx) + BIGNUM *BN_CTX_get(BN_CTX *ctx) + { + BIGNUM *ret; +- + CTXDBG_ENTRY("BN_CTX_get", ctx); + if (ctx->err_stack || ctx->too_many) + return NULL; +- if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) { ++ if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { + /* + * Setting too_many prevents repeated "get" attempts from cluttering + * the error stack. +@@ -244,23 +316,32 @@ static void BN_STACK_init(BN_STACK *st) + + static void BN_STACK_finish(BN_STACK *st) + { +- OPENSSL_free(st->indexes); +- st->indexes = NULL; ++ if (st->size) ++ OPENSSL_free(st->indexes); + } + ++#ifndef OPENSSL_NO_DEPRECATED ++static void BN_STACK_reset(BN_STACK *st) ++{ ++ st->depth = 0; ++} ++#endif + + static int BN_STACK_push(BN_STACK *st, unsigned int idx) + { +- if (st->depth == st->size) { ++ if (st->depth == st->size) + /* Need to expand */ +- unsigned int newsize = +- st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES; +- unsigned int *newitems = OPENSSL_malloc(sizeof(*newitems) * newsize); +- if (newitems == NULL) ++ { ++ unsigned int newsize = (st->size ? ++ (st->size * 3 / 2) : BN_CTX_START_FRAMES); ++ unsigned int *newitems = OPENSSL_malloc(newsize * ++ sizeof(unsigned int)); ++ if (!newitems) + return 0; + if (st->depth) +- memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth); +- OPENSSL_free(st->indexes); ++ memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int)); ++ if (st->size) ++ OPENSSL_free(st->indexes); + st->indexes = newitems; + st->size = newsize; + } +@@ -285,39 +366,55 @@ static void BN_POOL_init(BN_POOL *p) + + static void BN_POOL_finish(BN_POOL *p) + { +- unsigned int loop; +- BIGNUM *bn; +- + while (p->head) { +- for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++) ++ unsigned int loop = 0; ++ BIGNUM *bn = p->head->vals; ++ while (loop++ < BN_CTX_POOL_SIZE) { + if (bn->d) + BN_clear_free(bn); ++ bn++; ++ } + p->current = p->head->next; + OPENSSL_free(p->head); + p->head = p->current; + } + } + +- +-static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) ++#ifndef OPENSSL_NO_DEPRECATED ++static void BN_POOL_reset(BN_POOL *p) + { +- BIGNUM *bn; +- unsigned int loop; ++ BN_POOL_ITEM *item = p->head; ++ while (item) { ++ unsigned int loop = 0; ++ BIGNUM *bn = item->vals; ++ while (loop++ < BN_CTX_POOL_SIZE) { ++ if (bn->d) ++ BN_clear(bn); ++ bn++; ++ } ++ item = item->next; ++ } ++ p->current = p->head; ++ p->used = 0; ++} ++#endif + +- /* Full; allocate a new pool item and link it in. */ ++static BIGNUM *BN_POOL_get(BN_POOL *p) ++{ + if (p->used == p->size) { +- BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item)); +- if (item == NULL) ++ BIGNUM *bn; ++ unsigned int loop = 0; ++ BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); ++ if (!item) + return NULL; +- for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) { +- bn_init(bn); +- if ((flag & BN_FLG_SECURE) != 0) +- BN_set_flags(bn, BN_FLG_SECURE); +- } ++ /* Initialise the structure */ ++ bn = item->vals; ++ while (loop++ < BN_CTX_POOL_SIZE) ++ BN_init(bn++); + item->prev = p->tail; + item->next = NULL; +- +- if (p->head == NULL) ++ /* Link it in */ ++ if (!p->head) + p->head = p->current = p->tail = item; + else { + p->tail->next = item; +@@ -329,7 +426,6 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) + /* Return the first bignum from the new pool */ + return item->vals; + } +- + if (!p->used) + p->current = p->head; + else if ((p->used % BN_CTX_POOL_SIZE) == 0) +@@ -340,11 +436,10 @@ static BIGNUM *BN_POOL_get(BN_POOL *p, int flag) + static void BN_POOL_release(BN_POOL *p, unsigned int num) + { + unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; +- + p->used -= num; + while (num--) { + bn_check_top(p->current->vals + offset); +- if (offset == 0) { ++ if (!offset) { + offset = BN_CTX_POOL_SIZE - 1; + p->current = p->current->prev; + } else +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +index 7d89214..34895f5 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +@@ -1,10 +1,56 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_depr.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -12,22 +58,22 @@ + * slurp this code if applications are using them directly. + */ + +-#include +-#if OPENSSL_API_COMPAT >= 0x00908000L +-NON_EMPTY_TRANSLATION_UNIT +-#else ++#include ++#include ++#include "cryptlib.h" ++#include "bn_lcl.h" ++#include + +-# include +-# include +-# include "internal/cryptlib.h" +-# include "bn_lcl.h" ++static void *dummy = &dummy; + ++#ifndef OPENSSL_NO_DEPRECATED + BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback) (int, int, void *), void *cb_arg) + { + BN_GENCB cb; + BIGNUM *rnd = NULL; ++ int found = 0; + + BN_GENCB_set_old(&cb, callback, cb_arg); + +@@ -40,10 +86,11 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + goto err; + + /* we have a prime :-) */ +- return ret; ++ found = 1; + err: +- BN_free(rnd); +- return NULL; ++ if (!found && (ret == NULL) && (rnd != NULL)) ++ BN_free(rnd); ++ return (found ? rnd : NULL); + } + + int BN_is_prime(const BIGNUM *a, int checks, +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_dh.c b/Cryptlib/OpenSSL/crypto/bn/bn_dh.c +deleted file mode 100644 +index 17d0559..0000000 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_dh.c ++++ /dev/null +@@ -1,220 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "bn_lcl.h" +-#include "e_os.h" +- +-#ifndef OPENSSL_NO_DH +-#include +-#include "internal/bn_dh.h" +-/* DH parameters from RFC5114 */ +- +-# if BN_BITS2 == 64 +-static const BN_ULONG dh1024_160_p[] = { +- 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, +- 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, +- 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, +- 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, +- 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, +- 0xB10B8F96A080E01DULL +-}; +- +-static const BN_ULONG dh1024_160_g[] = { +- 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, +- 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, +- 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, +- 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, +- 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, +- 0xA4D1CBD5C3FD3412ULL +-}; +- +-static const BN_ULONG dh1024_160_q[] = { +- 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL +-}; +- +-static const BN_ULONG dh2048_224_p[] = { +- 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, +- 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, +- 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, +- 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, +- 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, +- 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, +- 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, +- 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, +- 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, +- 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, +- 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL +-}; +- +-static const BN_ULONG dh2048_224_g[] = { +- 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, +- 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, +- 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, +- 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, +- 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, +- 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, +- 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, +- 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, +- 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, +- 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, +- 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL +-}; +- +-static const BN_ULONG dh2048_224_q[] = { +- 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, +- 0x00000000801C0D34ULL +-}; +- +-static const BN_ULONG dh2048_256_p[] = { +- 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, +- 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, +- 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, +- 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, +- 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, +- 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, +- 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, +- 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, +- 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, +- 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, +- 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL +-}; +- +-static const BN_ULONG dh2048_256_g[] = { +- 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, +- 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, +- 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, +- 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, +- 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, +- 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, +- 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, +- 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, +- 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, +- 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, +- 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL +-}; +- +-static const BN_ULONG dh2048_256_q[] = { +- 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, +- 0x8CF83642A709A097ULL +-}; +- +-# elif BN_BITS2 == 32 +- +-static const BN_ULONG dh1024_160_p[] = { +- 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, +- 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, +- 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, +- 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, +- 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, +- 0xA080E01D, 0xB10B8F96 +-}; +- +-static const BN_ULONG dh1024_160_g[] = { +- 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, +- 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, +- 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, +- 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, +- 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, +- 0xC3FD3412, 0xA4D1CBD5 +-}; +- +-static const BN_ULONG dh1024_160_q[] = { +- 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 +-}; +- +-static const BN_ULONG dh2048_224_p[] = { +- 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, +- 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, +- 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, +- 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, +- 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, +- 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, +- 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, +- 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, +- 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, +- 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, +- 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E +-}; +- +-static const BN_ULONG dh2048_224_g[] = { +- 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, +- 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, +- 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, +- 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, +- 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, +- 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, +- 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, +- 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, +- 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, +- 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, +- 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF +-}; +- +-static const BN_ULONG dh2048_224_q[] = { +- 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, +- 0x801C0D34 +-}; +- +-static const BN_ULONG dh2048_256_p[] = { +- 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, +- 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, +- 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, +- 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, +- 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, +- 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, +- 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, +- 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, +- 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, +- 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, +- 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D +-}; +- +-static const BN_ULONG dh2048_256_g[] = { +- 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, +- 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, +- 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, +- 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, +- 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, +- 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, +- 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, +- 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, +- 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, +- 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, +- 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B +-}; +- +-static const BN_ULONG dh2048_256_q[] = { +- 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, +- 0xA709A097, 0x8CF83642 +-}; +- +-# else +-# error "unsupported BN_BITS2" +-# endif +- +-/* Macro to make a BIGNUM from static data */ +- +-# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \ +- const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ +- OSSL_NELEM(x),\ +- OSSL_NELEM(x),\ +- 0, BN_FLG_STATIC_DATA }; +- +- +-make_dh_bn(dh1024_160_p) +-make_dh_bn(dh1024_160_g) +-make_dh_bn(dh1024_160_q) +-make_dh_bn(dh2048_224_p) +-make_dh_bn(dh2048_224_g) +-make_dh_bn(dh2048_224_q) +-make_dh_bn(dh2048_256_p) +-make_dh_bn(dh2048_256_g) +-make_dh_bn(dh2048_256_q) +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +index 5e620b2..bc37671 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c +@@ -1,14 +1,64 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_div.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + ++#include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + /* The old slow way */ +@@ -130,7 +180,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + # endif /* OPENSSL_NO_ASM */ + + /*- +- * BN_div computes dv := num / divisor, rounding towards ++ * BN_div computes dv := num / divisor, rounding towards + * zero, and sets up rm such that dv*divisor + rm = num holds. + * Thus: + * dv->neg == num->neg ^ divisor->neg (unless the result is zero) +@@ -254,9 +304,9 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + wnump = &(snum->d[num_n - 1]); + + /* Setup to 'res' */ ++ res->neg = (num->neg ^ divisor->neg); + if (!bn_wexpand(res, (loop + 1))) + goto err; +- res->neg = (num->neg ^ divisor->neg); + res->top = loop - no_branch; + resp = &(res->d[loop - 1]); + +@@ -278,9 +328,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + res->top--; + } + +- /* Increase the resp pointer so that we never create an invalid pointer. */ +- resp++; +- + /* + * if res->top == 0 then clear the neg value otherwise decrease the resp + * pointer +@@ -290,7 +337,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + else + resp--; + +- for (i = 0; i < loop - 1; i++, wnump--) { ++ for (i = 0; i < loop - 1; i++, wnump--, resp--) { + BN_ULONG q, l0; + /* + * the first part of the loop uses the top two words of snum and sdiv +@@ -315,6 +362,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0); + # else + q = bn_div_words(n0, n1, d0); ++# ifdef BN_DEBUG_LEVITTE ++ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ ++X) -> 0x%08X\n", n0, n1, d0, q); ++# endif + # endif + + # ifndef REMAINDER_IS_ALREADY_CALCULATED +@@ -339,6 +390,10 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_ULONG t2l, t2h; + + q = bn_div_words(n0, n1, d0); ++# ifdef BN_DEBUG_LEVITTE ++ fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\ ++X) -> 0x%08X\n", n0, n1, d0, q); ++# endif + # ifndef REMAINDER_IS_ALREADY_CALCULATED + rem = (n1 - q * d0) & BN_MASK2; + # endif +@@ -396,7 +451,6 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + (*wnump)++; + } + /* store part of the result */ +- resp--; + *resp = q; + } + bn_correct_top(snum); +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +index 5fe9db9..e7a7038 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,7 +70,7 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) + + static ERR_STRING_DATA BN_str_functs[] = { +- {ERR_FUNC(BN_F_BNRAND), "bnrand"}, ++ {ERR_FUNC(BN_F_BNRAND), "BNRAND"}, + {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"}, + {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"}, + {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"}, +@@ -27,17 +78,15 @@ static ERR_STRING_DATA BN_str_functs[] = { + {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"}, + {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"}, + {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"}, +- {ERR_FUNC(BN_F_BN_COMPUTE_WNAF), "bn_compute_wNAF"}, + {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"}, + {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"}, + {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"}, + {ERR_FUNC(BN_F_BN_DIV), "BN_div"}, ++ {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"}, + {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"}, + {ERR_FUNC(BN_F_BN_EXP), "BN_exp"}, +- {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "bn_expand_internal"}, +- {ERR_FUNC(BN_F_BN_GENCB_NEW), "BN_GENCB_new"}, +- {ERR_FUNC(BN_F_BN_GENERATE_DSA_NONCE), "BN_generate_dsa_nonce"}, +- {ERR_FUNC(BN_F_BN_GENERATE_PRIME_EX), "BN_generate_prime_ex"}, ++ {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"}, ++ {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"}, + {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"}, + {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"}, + {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"}, +@@ -55,13 +104,13 @@ static ERR_STRING_DATA BN_str_functs[] = { + {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"}, + {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"}, + {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"}, ++ {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"}, + {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"}, + {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, + {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, + {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, +- {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"}, + {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, + {0, NULL} + }; +@@ -84,7 +133,6 @@ static ERR_STRING_DATA BN_str_reasons[] = { + {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, + {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, + {ERR_REASON(BN_R_NO_SOLUTION), "no solution"}, +- {ERR_REASON(BN_R_PRIVATE_KEY_TOO_LARGE), "private key too large"}, + {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"}, + {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"}, + {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), +@@ -94,7 +142,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { + + #endif + +-int ERR_load_BN_strings(void) ++void ERR_load_BN_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -103,5 +151,4 @@ int ERR_load_BN_strings(void) + ERR_load_strings(0, BN_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +index feeb764..195a786 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +@@ -1,14 +1,116 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_exp.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" +-#include "internal/constant_time_locl.h" ++#include "cryptlib.h" ++#include "constant_time_locl.h" + #include "bn_lcl.h" + + #include +@@ -46,7 +148,7 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; ++ return -1; + } + + BN_CTX_start(ctx); +@@ -98,7 +200,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + bn_check_top(m); + + /*- +- * For even modulus m = 2^k*m_odd, it might make sense to compute ++ * For even modulus m = 2^k*m_odd, it might make sense to compute + * a^p mod m_odd and a^p mod 2^k separately (with Montgomery + * exponentiation for the odd part), using appropriate exponent + * reductions, and combine the results using the CRT. +@@ -178,7 +280,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; ++ return -1; + } + + bits = BN_num_bits(p); +@@ -469,7 +571,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + goto err; + ret = 1; + err: +- if (in_mont == NULL) ++ if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); + BN_CTX_end(ctx); + bn_check_top(rr); +@@ -528,14 +630,6 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, + { + int i, j; + int width = 1 << window; +- /* +- * We declare table 'volatile' in order to discourage compiler +- * from reordering loads from the table. Concern is that if +- * reordered in specific manner loads might give away the +- * information we are trying to conceal. Some would argue that +- * compiler can reorder them anyway, but it can as well be +- * argued that doing so would be violation of standard... +- */ + volatile BN_ULONG *table = (volatile BN_ULONG *)buf; + + if (bn_wexpand(b, top) == NULL) +@@ -716,7 +810,8 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + else + #endif + if ((powerbufFree = +- OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) ++ (unsigned char *)OPENSSL_malloc(powerbufLen + ++ MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) + == NULL) + goto err; + +@@ -1085,11 +1180,12 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + goto err; + ret = 1; + err: +- if (in_mont == NULL) ++ if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); + if (powerbuf != NULL) { + OPENSSL_cleanse(powerbuf, powerbufLen); +- OPENSSL_free(powerbufFree); ++ if (powerbufFree) ++ OPENSSL_free(powerbufFree); + } + BN_CTX_end(ctx); + return (ret); +@@ -1124,7 +1220,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; ++ return -1; + } + + bn_check_top(p); +@@ -1235,7 +1331,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, + } + ret = 1; + err: +- if (in_mont == NULL) ++ if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); + BN_CTX_end(ctx); + bn_check_top(rr); +@@ -1255,7 +1351,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return 0; ++ return -1; + } + + bits = BN_num_bits(p); +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +index 5141c21..43fd204 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +@@ -1,14 +1,116 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_exp2.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + #define TABLE_SIZE 32 +@@ -193,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, + goto err; + ret = 1; + err: +- if (in_mont == NULL) ++ if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); + BN_CTX_end(ctx); + bn_check_top(rr); +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +index e1aac13..ce59fe7 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +@@ -1,13 +1,115 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_gcd.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); +@@ -123,26 +225,11 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + + BIGNUM *BN_mod_inverse(BIGNUM *in, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +-{ +- BIGNUM *rv; +- int noinv; +- rv = int_bn_mod_inverse(in, a, n, ctx, &noinv); +- if (noinv) +- BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); +- return rv; +-} +- +-BIGNUM *int_bn_mod_inverse(BIGNUM *in, +- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, +- int *pnoinv) + { + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; + int sign; + +- if (pnoinv) +- *pnoinv = 0; +- + if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) + || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) { + return BN_mod_inverse_no_branch(in, a, n, ctx); +@@ -189,11 +276,11 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, + * sign*Y*a == A (mod |n|). + */ + +- if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) { ++ if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { + /* + * Binary inversion algorithm; requires odd modulus. This is faster + * than the general algorithm if the modulus is sufficiently small +- * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit ++ * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit + * systems) + */ + int shift; +@@ -370,7 +457,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * +- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at ++ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. +@@ -435,8 +522,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, + goto err; + } + } else { +- if (pnoinv) +- *pnoinv = 1; ++ BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE); + goto err; + } + ret = R; +@@ -457,6 +543,8 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + BN_CTX *ctx) + { + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; ++ BIGNUM local_A, local_B; ++ BIGNUM *pA, *pB; + BIGNUM *ret = NULL; + int sign; + +@@ -494,14 +582,11 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ +- { +- BIGNUM local_B; +- bn_init(&local_B); +- BN_with_flags(&local_B, B, BN_FLG_CONSTTIME); +- if (!BN_nnmod(B, &local_B, A, ctx)) +- goto err; +- /* Ensure local_B goes out of scope before any further use of B */ +- } ++ pB = &local_B; ++ local_B.flags = 0; ++ BN_with_flags(pB, B, BN_FLG_CONSTTIME); ++ if (!BN_nnmod(B, pB, A, ctx)) ++ goto err; + } + sign = -1; + /*- +@@ -525,16 +610,13 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ +- { +- BIGNUM local_A; +- bn_init(&local_A); +- BN_with_flags(&local_A, A, BN_FLG_CONSTTIME); ++ pA = &local_A; ++ local_A.flags = 0; ++ BN_with_flags(pA, A, BN_FLG_CONSTTIME); + +- /* (D, M) := (A/B, A%B) ... */ +- if (!BN_div(D, M, &local_A, B, ctx)) +- goto err; +- /* Ensure local_A goes out of scope before any further use of A */ +- } ++ /* (D, M) := (A/B, A%B) ... */ ++ if (!BN_div(D, M, pA, B, ctx)) ++ goto err; + + /*- + * Now +@@ -565,7 +647,7 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * +- * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at ++ * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +index b1987f5..2c61da1 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +@@ -1,12 +1,4 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- ++/* crypto/bn/bn_gf2m.c */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * +@@ -16,12 +8,91 @@ + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. ++ * ++ * In addition, Sun covenants to all licensees who provide a reciprocal ++ * covenant with respect to their own patents if any, not to sue under ++ * current and future patent claims necessarily infringed by the making, ++ * using, practicing, selling, offering for sale and/or otherwise ++ * disposing of the ECC Code as delivered hereunder (or portions thereof), ++ * provided that such covenant shall not apply: ++ * 1) for code that a licensee deletes from the ECC Code; ++ * 2) separates from the ECC Code; or ++ * 3) for infringements caused by: ++ * i) the modification of the ECC Code or ++ * ii) the combination of the ECC Code with other software or ++ * devices where such combination causes the infringement. ++ * ++ * The software is originally written by Sheueling Chang Shantz and ++ * Douglas Stebila of Sun Microsystems Laboratories. ++ * ++ */ ++ ++/* ++ * NOTE: This file is licensed pursuant to the OpenSSL license below and may ++ * be modified; but after modifications, the above covenant may no longer ++ * apply! In such cases, the corresponding paragraph ["In addition, Sun ++ * covenants ... causes the infringement."] and this note can be edited out; ++ * but please keep the Sun copyright notice and attribution. ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * + */ + + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + #ifndef OPENSSL_NO_EC2M +@@ -401,8 +472,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) + int arr[6]; + bn_check_top(a); + bn_check_top(p); +- ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr)); +- if (!ret || ret > (int)OSSL_NELEM(arr)) { ++ ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); ++ if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { + BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); + return 0; + } +@@ -479,7 +550,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); +- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -489,7 +560,8 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); + bn_check_top(r); + err: +- OPENSSL_free(arr); ++ if (arr) ++ OPENSSL_free(arr); + return ret; + } + +@@ -537,7 +609,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + + bn_check_top(a); + bn_check_top(p); +- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -547,7 +619,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); + bn_check_top(r); + err: +- OPENSSL_free(arr); ++ if (arr) ++ OPENSSL_free(arr); + return ret; + } + +@@ -961,7 +1034,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); +- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -971,7 +1044,8 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); + bn_check_top(r); + err: +- OPENSSL_free(arr); ++ if (arr) ++ OPENSSL_free(arr); + return ret; + } + +@@ -1020,7 +1094,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + int *arr = NULL; + bn_check_top(a); + bn_check_top(p); +- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -1030,7 +1104,8 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); + bn_check_top(r); + err: +- OPENSSL_free(arr); ++ if (arr) ++ OPENSSL_free(arr); + return ret; + } + +@@ -1089,7 +1164,7 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], + if (tmp == NULL) + goto err; + do { +- if (!BN_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) ++ if (!BN_rand(rho, p[0], 0, 0)) + goto err; + if (!BN_GF2m_mod_arr(rho, rho, p)) + goto err; +@@ -1150,7 +1225,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + int *arr = NULL; + bn_check_top(a); + bn_check_top(p); +- if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) ++ if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { +@@ -1160,7 +1235,8 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); + bn_check_top(r); + err: +- OPENSSL_free(arr); ++ if (arr) ++ OPENSSL_free(arr); + return ret; + } + +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_intern.c b/Cryptlib/OpenSSL/crypto/bn/bn_intern.c +deleted file mode 100644 +index 2c97064..0000000 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_intern.c ++++ /dev/null +@@ -1,210 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "internal/cryptlib.h" +-#include "bn_lcl.h" +- +-/* +- * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. +- * This is an array r[] of values that are either zero or odd with an +- * absolute value less than 2^w satisfying +- * scalar = \sum_j r[j]*2^j +- * where at most one of any w+1 consecutive digits is non-zero +- * with the exception that the most significant digit may be only +- * w-1 zeros away from that next non-zero digit. +- */ +-signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) +-{ +- int window_val; +- signed char *r = NULL; +- int sign = 1; +- int bit, next_bit, mask; +- size_t len = 0, j; +- +- if (BN_is_zero(scalar)) { +- r = OPENSSL_malloc(1); +- if (r == NULL) { +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- r[0] = 0; +- *ret_len = 1; +- return r; +- } +- +- if (w <= 0 || w > 7) { /* 'signed char' can represent integers with +- * absolute values less than 2^7 */ +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- bit = 1 << w; /* at most 128 */ +- next_bit = bit << 1; /* at most 256 */ +- mask = next_bit - 1; /* at most 255 */ +- +- if (BN_is_negative(scalar)) { +- sign = -1; +- } +- +- if (scalar->d == NULL || scalar->top == 0) { +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- len = BN_num_bits(scalar); +- r = OPENSSL_malloc(len + 1); /* +- * Modified wNAF may be one digit longer than binary representation +- * (*ret_len will be set to the actual length, i.e. at most +- * BN_num_bits(scalar) + 1) +- */ +- if (r == NULL) { +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- window_val = scalar->d[0] & mask; +- j = 0; +- while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len, +- * window_val will not +- * increase */ +- int digit = 0; +- +- /* 0 <= window_val <= 2^(w+1) */ +- +- if (window_val & 1) { +- /* 0 < window_val < 2^(w+1) */ +- +- if (window_val & bit) { +- digit = window_val - next_bit; /* -2^w < digit < 0 */ +- +-#if 1 /* modified wNAF */ +- if (j + w + 1 >= len) { +- /* +- * Special case for generating modified wNAFs: +- * no new bits will be added into window_val, +- * so using a positive digit here will decrease +- * the total length of the representation +- */ +- +- digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ +- } +-#endif +- } else { +- digit = window_val; /* 0 < digit < 2^w */ +- } +- +- if (digit <= -bit || digit >= bit || !(digit & 1)) { +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- +- window_val -= digit; +- +- /* +- * now window_val is 0 or 2^(w+1) in standard wNAF generation; +- * for modified window NAFs, it may also be 2^w +- */ +- if (window_val != 0 && window_val != next_bit +- && window_val != bit) { +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- r[j++] = sign * digit; +- +- window_val >>= 1; +- window_val += bit * BN_is_bit_set(scalar, j + w); +- +- if (window_val > next_bit) { +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (j > len + 1) { +- BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- *ret_len = j; +- return r; +- +- err: +- OPENSSL_free(r); +- return NULL; +-} +- +-int bn_get_top(const BIGNUM *a) +-{ +- return a->top; +-} +- +-void bn_set_top(BIGNUM *a, int top) +-{ +- a->top = top; +-} +- +-int bn_get_dmax(const BIGNUM *a) +-{ +- return a->dmax; +-} +- +-void bn_set_all_zero(BIGNUM *a) +-{ +- int i; +- +- for (i = a->top; i < a->dmax; i++) +- a->d[i] = 0; +-} +- +-int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size) +-{ +- if (in->top > size) +- return 0; +- +- memset(out, 0, sizeof(*out) * size); +- if (in->d != NULL) +- memcpy(out, in->d, sizeof(*out) * in->top); +- return 1; +-} +- +-BN_ULONG *bn_get_words(const BIGNUM *a) +-{ +- return a->d; +-} +- +-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) +-{ +- a->d = words; +- a->dmax = a->top = size; +- a->neg = 0; +- a->flags |= BN_FLG_STATIC_DATA; +- bn_correct_top(a); +-} +- +-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) +-{ +- if (bn_wexpand(a, num_words) == NULL) { +- BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- memcpy(a->d, words, sizeof(BN_ULONG) * num_words); +- a->top = num_words; +- bn_correct_top(a); +- return 1; +-} +- +-size_t bn_sizeof_BIGNUM(void) +-{ +- return sizeof(BIGNUM); +-} +- +-BIGNUM *bn_array_el(BIGNUM *base, int el) +-{ +- return &base[el]; +-} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +index b9bc6cc..88d731a 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +@@ -1,13 +1,59 @@ +-/* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_kron.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + /* least significant word */ +@@ -46,7 +92,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + goto end; + + /* +- * Kronecker symbol, implemented according to Henri Cohen, ++ * Kronecker symbol, imlemented according to Henri Cohen, + * "A Course in Computational Algebraic Number Theory" + * (algorithm 1.4.10). + */ +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h +index 5fb3814..00f4f09 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lcl.h +@@ -1,267 +1,123 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_lcl.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_BN_LCL_H + # define HEADER_BN_LCL_H + +-/* +- * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or +- * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our +- * Configure script and needs to support both 32-bit and 64-bit. +- */ +-# include +- +-# if !defined(OPENSSL_SYS_UEFI) +-# include "internal/bn_conf.h" +-# endif +- +-# include "internal/bn_int.h" ++# include + + #ifdef __cplusplus + extern "C" { + #endif + +-/* +- * These preprocessor symbols control various aspects of the bignum headers +- * and library code. They're not defined by any "normal" configuration, as +- * they are intended for development and testing purposes. NB: defining all +- * three can be useful for debugging application code as well as openssl +- * itself. BN_DEBUG - turn on various debugging alterations to the bignum +- * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up +- * mismanagement of bignum internals. You must also define BN_DEBUG. +- */ +-/* #define BN_DEBUG */ +-/* #define BN_DEBUG_RAND */ +- +-# ifndef OPENSSL_SMALL_FOOTPRINT +-# define BN_MUL_COMBA +-# define BN_SQR_COMBA +-# define BN_RECURSION +-# endif +- +-/* +- * This next option uses the C libraries (2 word)/(1 word) function. If it is +- * not defined, I use my C version (which is slower). The reason for this +- * flag is that when the particular C compiler library routine is used, and +- * the library is linked with a different compiler, the library is missing. +- * This mostly happens when the library is built with gcc and then linked +- * using normal cc. This would be a common occurrence because gcc normally +- * produces code that is 2 times faster than system compilers for the big +- * number stuff. For machines with only one compiler (or shared libraries), +- * this should be on. Again this in only really a problem on machines using +- * "long long's", are 32bit, and are not using my assembler code. +- */ +-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ +- defined(OPENSSL_SYS_WIN32) || defined(linux) +-# define BN_DIV2W +-# endif +- +-/* +- * 64-bit processor with LP64 ABI +- */ +-# ifdef SIXTY_FOUR_BIT_LONG +-# define BN_ULLONG unsigned long long +-# define BN_BITS4 32 +-# define BN_MASK2 (0xffffffffffffffffL) +-# define BN_MASK2l (0xffffffffL) +-# define BN_MASK2h (0xffffffff00000000L) +-# define BN_MASK2h1 (0xffffffff80000000L) +-# define BN_DEC_CONV (10000000000000000000UL) +-# define BN_DEC_NUM 19 +-# define BN_DEC_FMT1 "%lu" +-# define BN_DEC_FMT2 "%019lu" +-# endif +- +-/* +- * 64-bit processor other than LP64 ABI +- */ +-# ifdef SIXTY_FOUR_BIT +-# undef BN_LLONG +-# undef BN_ULLONG +-# define BN_BITS4 32 +-# define BN_MASK2 (0xffffffffffffffffLL) +-# define BN_MASK2l (0xffffffffL) +-# define BN_MASK2h (0xffffffff00000000LL) +-# define BN_MASK2h1 (0xffffffff80000000LL) +-# define BN_DEC_CONV (10000000000000000000ULL) +-# define BN_DEC_NUM 19 +-# define BN_DEC_FMT1 "%llu" +-# define BN_DEC_FMT2 "%019llu" +-# endif +- +-# ifdef THIRTY_TWO_BIT +-# ifdef BN_LLONG +-# if defined(_WIN32) && !defined(__GNUC__) +-# define BN_ULLONG unsigned __int64 +-# else +-# define BN_ULLONG unsigned long long +-# endif +-# endif +-# define BN_BITS4 16 +-# define BN_MASK2 (0xffffffffL) +-# define BN_MASK2l (0xffff) +-# define BN_MASK2h1 (0xffff8000L) +-# define BN_MASK2h (0xffff0000L) +-# define BN_DEC_CONV (1000000000L) +-# define BN_DEC_NUM 9 +-# define BN_DEC_FMT1 "%u" +-# define BN_DEC_FMT2 "%09u" +-# endif +- +- +-/*- +- * Bignum consistency macros +- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from +- * bignum data after direct manipulations on the data. There is also an +- * "internal" macro, bn_check_top(), for verifying that there are no leading +- * zeroes. Unfortunately, some auditing is required due to the fact that +- * bn_fix_top() has become an overabused duct-tape because bignum data is +- * occasionally passed around in an inconsistent state. So the following +- * changes have been made to sort this out; +- * - bn_fix_top()s implementation has been moved to bn_correct_top() +- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and +- * bn_check_top() is as before. +- * - if BN_DEBUG *is* defined; +- * - bn_check_top() tries to pollute unused words even if the bignum 'top' is +- * consistent. (ed: only if BN_DEBUG_RAND is defined) +- * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. +- * The idea is to have debug builds flag up inconsistent bignums when they +- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if +- * the use of bn_fix_top() was appropriate (ie. it follows directly after code +- * that manipulates the bignum) it is converted to bn_correct_top(), and if it +- * was not appropriate, we convert it permanently to bn_check_top() and track +- * down the cause of the bug. Eventually, no internal code should be using the +- * bn_fix_top() macro. External applications and libraries should try this with +- * their own code too, both in terms of building against the openssl headers +- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it +- * defined. This not only improves external code, it provides more test +- * coverage for openssl's own code. +- */ +- +-# ifdef BN_DEBUG +- +-# ifdef BN_DEBUG_RAND +-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ +-# ifndef RAND_bytes +-int RAND_bytes(unsigned char *buf, int num); +-# define BN_DEBUG_TRIX +-# endif +-# define bn_pollute(a) \ +- do { \ +- const BIGNUM *_bnum1 = (a); \ +- if (_bnum1->top < _bnum1->dmax) { \ +- unsigned char _tmp_char; \ +- /* We cast away const without the compiler knowing, any \ +- * *genuinely* constant variables that aren't mutable \ +- * wouldn't be constructed with top!=dmax. */ \ +- BN_ULONG *_not_const; \ +- memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ +- RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ +- memset(_not_const + _bnum1->top, _tmp_char, \ +- sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ +- } \ +- } while(0) +-# ifdef BN_DEBUG_TRIX +-# undef RAND_bytes +-# endif +-# else +-# define bn_pollute(a) +-# endif +-# define bn_check_top(a) \ +- do { \ +- const BIGNUM *_bnum2 = (a); \ +- if (_bnum2 != NULL) { \ +- OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \ +- (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ +- bn_pollute(_bnum2); \ +- } \ +- } while(0) +- +-# define bn_fix_top(a) bn_check_top(a) +- +-# define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +-# define bn_wcheck_size(bn, words) \ +- do { \ +- const BIGNUM *_bnum2 = (bn); \ +- OPENSSL_assert((words) <= (_bnum2)->dmax && \ +- (words) >= (_bnum2)->top); \ +- /* avoid unused variable warning with NDEBUG */ \ +- (void)(_bnum2); \ +- } while(0) +- +-# else /* !BN_DEBUG */ +- +-# define bn_pollute(a) +-# define bn_check_top(a) +-# define bn_fix_top(a) bn_correct_top(a) +-# define bn_check_size(bn, bits) +-# define bn_wcheck_size(bn, words) +- +-# endif +- +-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, +- BN_ULONG w); +-BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +-void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +-BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, +- int num); +-BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, +- int num); +- +-struct bignum_st { +- BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit +- * chunks. */ +- int top; /* Index of last used d +1. */ +- /* The next are internal book keeping for bn_expand. */ +- int dmax; /* Size of the d array. */ +- int neg; /* one if the number is negative */ +- int flags; +-}; +- +-/* Used for montgomery multiplication */ +-struct bn_mont_ctx_st { +- int ri; /* number of bits in R */ +- BIGNUM RR; /* used to convert to montgomery form */ +- BIGNUM N; /* The modulus */ +- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only +- * stored for bignum algorithm) */ +- BN_ULONG n0[2]; /* least significant word(s) of Ni; (type +- * changed with 0.9.9, was "BN_ULONG n0;" +- * before) */ +- int flags; +-}; +- +-/* +- * Used for reciprocal division/mod functions It cannot be shared between +- * threads +- */ +-struct bn_recp_ctx_st { +- BIGNUM N; /* the divisor */ +- BIGNUM Nr; /* the reciprocal */ +- int num_bits; +- int shift; +- int flags; +-}; +- +-/* Used for slow "generation" functions. */ +-struct bn_gencb_st { +- unsigned int ver; /* To handle binary (in)compatibility */ +- void *arg; /* callback-specific data */ +- union { +- /* if (ver==1) - handles old style callbacks */ +- void (*cb_1) (int, int, void *); +- /* if (ver==2) - new callback style */ +- int (*cb_2) (int, int, BN_GENCB *); +- } cb; +-}; +- + /*- + * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions + * +@@ -287,11 +143,23 @@ struct bn_gencb_st { + * (with draws in between). Very small exponents are often selected + * with low Hamming weight, so we use w = 1 for b <= 23. + */ +-# define BN_window_bits_for_exponent_size(b) \ ++# if 1 ++# define BN_window_bits_for_exponent_size(b) \ + ((b) > 671 ? 6 : \ + (b) > 239 ? 5 : \ + (b) > 79 ? 4 : \ + (b) > 23 ? 3 : 1) ++# else ++/* ++ * Old SSLeay/OpenSSL table. Maximum window size was 5, so this table differs ++ * for b==1024; but it coincides for other interesting values (b==160, ++ * b==512). ++ */ ++# define BN_window_bits_for_exponent_size(b) \ ++ ((b) > 255 ? 5 : \ ++ (b) > 127 ? 4 : \ ++ (b) > 17 ? 3 : 1) ++# endif + + /* + * BN_mod_exp_mont_conttime is based on the assumption that the L1 data cache +@@ -426,8 +294,8 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, + # endif + # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) + # if defined(__GNUC__) && __GNUC__>=2 +-# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 +- /* "h" constraint is not an option on R6 and was removed in 4.4 */ ++# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) ++ /* "h" constraint is no more since 4.4 */ + # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) + # define BN_UMULT_LOHI(low,high,a,b) ({ \ + __uint128_t ret=(__uint128_t)(a)*(b); \ +@@ -633,10 +501,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, + } + # endif /* !BN_LLONG */ + +-void BN_RECP_CTX_init(BN_RECP_CTX *recp); +-void BN_MONT_CTX_init(BN_MONT_CTX *ctx); ++# if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS) ++# undef bn_div_words ++# endif + +-void bn_init(BIGNUM *a); + void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb); + void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); + void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); +@@ -662,26 +530,6 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, + int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num); + +-BIGNUM *int_bn_mod_inverse(BIGNUM *in, +- const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, +- int *noinv); +- +-int bn_probable_prime_dh(BIGNUM *rnd, int bits, +- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); +-int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx); +-int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx); +- +-static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits) +-{ +- if (bits > (INT_MAX - BN_BITS2 + 1)) +- return NULL; +- +- if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax) +- return a; +- +- return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2); +-} +- + #ifdef __cplusplus + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +index 17d34c3..10b78f5 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +@@ -1,20 +1,76 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + ++#ifndef BN_DEBUG ++# undef NDEBUG /* avoid conflicting definitions */ ++# define NDEBUG ++#endif ++ + #include + #include +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" +-#include ++ ++const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; + + /* This stuff appears to be completely unused, so is deprecated */ +-#if OPENSSL_API_COMPAT < 0x00908000L ++#ifndef OPENSSL_NO_DEPRECATED + /*- + * For a 32 bit machine + * 2 - 4 == 128 +@@ -168,15 +224,6 @@ int BN_num_bits(const BIGNUM *a) + return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); + } + +-static void bn_free_d(BIGNUM *a) +-{ +- if (BN_get_flags(a, BN_FLG_SECURE)) +- OPENSSL_secure_free(a->d); +- else +- OPENSSL_free(a->d); +-} +- +- + void BN_clear_free(BIGNUM *a) + { + int i; +@@ -186,11 +233,11 @@ void BN_clear_free(BIGNUM *a) + bn_check_top(a); + if (a->d != NULL) { + OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); +- if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) +- bn_free_d(a); ++ if (!(BN_get_flags(a, BN_FLG_STATIC_DATA))) ++ OPENSSL_free(a->d); + } + i = BN_get_flags(a, BN_FLG_MALLOCED); +- OPENSSL_cleanse(a, sizeof(*a)); ++ OPENSSL_cleanse(a, sizeof(BIGNUM)); + if (i) + OPENSSL_free(a); + } +@@ -200,23 +247,21 @@ void BN_free(BIGNUM *a) + if (a == NULL) + return; + bn_check_top(a); +- if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) +- bn_free_d(a); ++ if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) ++ OPENSSL_free(a->d); + if (a->flags & BN_FLG_MALLOCED) + OPENSSL_free(a); + else { +-#if OPENSSL_API_COMPAT < 0x00908000L ++#ifndef OPENSSL_NO_DEPRECATED + a->flags |= BN_FLG_FREE; + #endif + a->d = NULL; + } + } + +-void bn_init(BIGNUM *a) ++void BN_init(BIGNUM *a) + { +- static BIGNUM nilbn; +- +- *a = nilbn; ++ memset(a, 0, sizeof(BIGNUM)); + bn_check_top(a); + } + +@@ -224,24 +269,20 @@ BIGNUM *BN_new(void) + { + BIGNUM *ret; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { ++ if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { + BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } + ret->flags = BN_FLG_MALLOCED; ++ ret->top = 0; ++ ret->neg = 0; ++ ret->dmax = 0; ++ ret->d = NULL; + bn_check_top(ret); + return (ret); + } + +- BIGNUM *BN_secure_new(void) +- { +- BIGNUM *ret = BN_new(); +- if (ret != NULL) +- ret->flags |= BN_FLG_SECURE; +- return (ret); +- } +- +-/* This is used by bn_expand2() */ ++/* This is used both by bn_expand2() and bn_dup_expand() */ + /* The caller MUST check that words > b->dmax before calling this */ + static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + { +@@ -259,14 +300,20 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); + return (NULL); + } +- if (BN_get_flags(b, BN_FLG_SECURE)) +- a = A = OPENSSL_secure_zalloc(words * sizeof(*a)); +- else +- a = A = OPENSSL_zalloc(words * sizeof(*a)); ++ a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words); + if (A == NULL) { + BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++#ifdef PURIFY ++ /* ++ * Valgrind complains in BN_consttime_swap because we process the whole ++ * array even if it's not initialised yet. This doesn't matter in that ++ * function - what's important is constant time operation (we're not ++ * actually going to use the data) ++ */ ++ memset(a, 0, sizeof(BN_ULONG) * words); ++#endif + + #if 1 + B = b->d; +@@ -277,7 +324,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + * The fact that the loop is unrolled + * 4-wise is a tribute to Intel. It's + * the one that doesn't have enough +- * registers to accommodate more data. ++ * registers to accomodate more data. + * I'd unroll it 8-wise otherwise:-) + * + * +@@ -292,6 +339,11 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + A[2] = a2; + A[3] = a3; + } ++ /* ++ * workaround for ultrix cc: without 'case 0', the optimizer does ++ * the switch table by doing a=top&3; a--; goto jump_table[a]; ++ * which fails for top== 0 ++ */ + switch (b->top & 3) { + case 3: + A[2] = B[2]; +@@ -300,18 +352,69 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) + case 1: + A[0] = B[0]; + case 0: +- /* Without the "case 0" some old optimizers got this wrong. */ + ; + } + } + #else +- memset(A, 0, sizeof(*A) * words); ++ memset(A, 0, sizeof(BN_ULONG) * words); + memcpy(A, b->d, sizeof(b->d[0]) * b->top); + #endif + + return (a); + } + ++/* ++ * This is an internal function that can be used instead of bn_expand2() when ++ * there is a need to copy BIGNUMs instead of only expanding the data part, ++ * while still expanding them. Especially useful when needing to expand ++ * BIGNUMs that are declared 'const' and should therefore not be changed. The ++ * reason to use this instead of a BN_dup() followed by a bn_expand2() is ++ * memory allocation overhead. A BN_dup() followed by a bn_expand2() will ++ * allocate new memory for the BIGNUM data twice, and free it once, while ++ * bn_dup_expand() makes sure allocation is made only once. ++ */ ++ ++#ifndef OPENSSL_NO_DEPRECATED ++BIGNUM *bn_dup_expand(const BIGNUM *b, int words) ++{ ++ BIGNUM *r = NULL; ++ ++ bn_check_top(b); ++ ++ /* ++ * This function does not work if words <= b->dmax && top < words because ++ * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used ++ * anywhere yet.) ++ */ ++ ++ if (words > b->dmax) { ++ BN_ULONG *a = bn_expand_internal(b, words); ++ ++ if (a) { ++ r = BN_new(); ++ if (r) { ++ r->top = b->top; ++ r->dmax = words; ++ r->neg = b->neg; ++ r->d = a; ++ } else { ++ /* r == NULL, BN_new failure */ ++ OPENSSL_free(a); ++ } ++ } ++ /* ++ * If a == NULL, there was an error in allocation in ++ * bn_expand_internal(), and NULL should be returned ++ */ ++ } else { ++ r = BN_dup(b); ++ } ++ ++ bn_check_top(r); ++ return r; ++} ++#endif ++ + /* + * This is an internal function that should not be used in applications. It + * ensures that 'b' has enough room for a 'words' word number and initialises +@@ -328,14 +431,35 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) + BN_ULONG *a = bn_expand_internal(b, words); + if (!a) + return NULL; +- if (b->d) { +- OPENSSL_cleanse(b->d, b->dmax * sizeof(b->d[0])); +- bn_free_d(b); +- } ++ if (b->d) ++ OPENSSL_free(b->d); + b->d = a; + b->dmax = words; + } + ++/* None of this should be necessary because of what b->top means! */ ++#if 0 ++ /* ++ * NB: bn_wexpand() calls this only if the BIGNUM really has to grow ++ */ ++ if (b->top < b->dmax) { ++ int i; ++ BN_ULONG *A = &(b->d[b->top]); ++ for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { ++ A[0] = 0; ++ A[1] = 0; ++ A[2] = 0; ++ A[3] = 0; ++ A[4] = 0; ++ A[5] = 0; ++ A[6] = 0; ++ A[7] = 0; ++ } ++ for (i = (b->dmax - b->top) & 7; i > 0; i--, A++) ++ A[0] = 0; ++ assert(A == &(b->d[b->dmax])); ++ } ++#endif + bn_check_top(b); + return b; + } +@@ -348,7 +472,7 @@ BIGNUM *BN_dup(const BIGNUM *a) + return NULL; + bn_check_top(a); + +- t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new(); ++ t = BN_new(); + if (t == NULL) + return NULL; + if (!BN_copy(t, a)) { +@@ -445,7 +569,7 @@ void BN_clear(BIGNUM *a) + { + bn_check_top(a); + if (a->d != NULL) +- OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); ++ OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0])); + a->top = 0; + a->neg = 0; + } +@@ -484,9 +608,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) + if (ret == NULL) + return (NULL); + bn_check_top(ret); +- /* Skip leading zero's. */ +- for ( ; len > 0 && *s == 0; s++, len--) +- continue; ++ l = 0; + n = len; + if (n == 0) { + ret->top = 0; +@@ -495,12 +617,12 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) + i = ((n - 1) / BN_BYTES) + 1; + m = ((n - 1) % (BN_BYTES)); + if (bn_wexpand(ret, (int)i) == NULL) { +- BN_free(bn); ++ if (bn) ++ BN_free(bn); + return NULL; + } + ret->top = i; + ret->neg = 0; +- l = 0; + while (n--) { + l = (l << 8L) | *(s++); + if (m-- == 0) { +@@ -518,106 +640,18 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) + } + + /* ignore negative */ +-static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +-{ +- int i; +- BN_ULONG l; +- +- bn_check_top(a); +- i = BN_num_bytes(a); +- if (tolen == -1) +- tolen = i; +- else if (tolen < i) +- return -1; +- /* Add leading zeroes if necessary */ +- if (tolen > i) { +- memset(to, 0, tolen - i); +- to += tolen - i; +- } +- while (i--) { +- l = a->d[i / BN_BYTES]; +- *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; +- } +- return tolen; +-} +- +-int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) +-{ +- if (tolen < 0) +- return -1; +- return bn2binpad(a, to, tolen); +-} +- + int BN_bn2bin(const BIGNUM *a, unsigned char *to) + { +- return bn2binpad(a, to, -1); +-} +- +-BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret) +-{ +- unsigned int i, m; +- unsigned int n; ++ int n, i; + BN_ULONG l; +- BIGNUM *bn = NULL; +- +- if (ret == NULL) +- ret = bn = BN_new(); +- if (ret == NULL) +- return (NULL); +- bn_check_top(ret); +- s += len; +- /* Skip trailing zeroes. */ +- for ( ; len > 0 && s[-1] == 0; s--, len--) +- continue; +- n = len; +- if (n == 0) { +- ret->top = 0; +- return ret; +- } +- i = ((n - 1) / BN_BYTES) + 1; +- m = ((n - 1) % (BN_BYTES)); +- if (bn_wexpand(ret, (int)i) == NULL) { +- BN_free(bn); +- return NULL; +- } +- ret->top = i; +- ret->neg = 0; +- l = 0; +- while (n--) { +- s--; +- l = (l << 8L) | *s; +- if (m-- == 0) { +- ret->d[--i] = l; +- l = 0; +- m = BN_BYTES - 1; +- } +- } +- /* +- * need to call this due to clear byte at top if avoiding having the top +- * bit set (-ve number) +- */ +- bn_correct_top(ret); +- return ret; +-} + +-int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen) +-{ +- int i; +- BN_ULONG l; + bn_check_top(a); +- i = BN_num_bytes(a); +- if (tolen < i) +- return -1; +- /* Add trailing zeroes if necessary */ +- if (tolen > i) +- memset(to + i, 0, tolen - i); +- to += i; ++ n = i = BN_num_bytes(a); + while (i--) { + l = a->d[i / BN_BYTES]; +- to--; +- *to = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; ++ *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + } +- return tolen; ++ return (n); + } + + int BN_ucmp(const BIGNUM *a, const BIGNUM *b) +@@ -793,9 +827,9 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) + + /* + * Here follows a specialised variants of bn_cmp_words(). It has the +- * capability of performing the operation on arrays of different sizes. The ++ * property of performing the operation on arrays of different sizes. The + * sizes of those arrays is expressed through cl, which is the common length +- * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the ++ * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the + * two lengths, calculated as len(a)-len(b). All lengths are the number of + * BN_ULONGs... + */ +@@ -880,158 +914,3 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + } + #undef BN_CONSTTIME_SWAP + } +- +-/* Bits of security, see SP800-57 */ +- +-int BN_security_bits(int L, int N) +-{ +- int secbits, bits; +- if (L >= 15360) +- secbits = 256; +- else if (L >= 7690) +- secbits = 192; +- else if (L >= 3072) +- secbits = 128; +- else if (L >= 2048) +- secbits = 112; +- else if (L >= 1024) +- secbits = 80; +- else +- return 0; +- if (N == -1) +- return secbits; +- bits = N / 2; +- if (bits < 80) +- return 0; +- return bits >= secbits ? secbits : bits; +-} +- +-void BN_zero_ex(BIGNUM *a) +-{ +- a->top = 0; +- a->neg = 0; +-} +- +-int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) +-{ +- return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0)); +-} +- +-int BN_is_zero(const BIGNUM *a) +-{ +- return a->top == 0; +-} +- +-int BN_is_one(const BIGNUM *a) +-{ +- return BN_abs_is_word(a, 1) && !a->neg; +-} +- +-int BN_is_word(const BIGNUM *a, const BN_ULONG w) +-{ +- return BN_abs_is_word(a, w) && (!w || !a->neg); +-} +- +-int BN_is_odd(const BIGNUM *a) +-{ +- return (a->top > 0) && (a->d[0] & 1); +-} +- +-int BN_is_negative(const BIGNUM *a) +-{ +- return (a->neg != 0); +-} +- +-int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, +- BN_CTX *ctx) +-{ +- return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx); +-} +- +-void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags) +-{ +- dest->d = b->d; +- dest->top = b->top; +- dest->dmax = b->dmax; +- dest->neg = b->neg; +- dest->flags = ((dest->flags & BN_FLG_MALLOCED) +- | (b->flags & ~BN_FLG_MALLOCED) +- | BN_FLG_STATIC_DATA | flags); +-} +- +-BN_GENCB *BN_GENCB_new(void) +-{ +- BN_GENCB *ret; +- +- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { +- BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE); +- return (NULL); +- } +- +- return ret; +-} +- +-void BN_GENCB_free(BN_GENCB *cb) +-{ +- if (cb == NULL) +- return; +- OPENSSL_free(cb); +-} +- +-void BN_set_flags(BIGNUM *b, int n) +-{ +- b->flags |= n; +-} +- +-int BN_get_flags(const BIGNUM *b, int n) +-{ +- return b->flags & n; +-} +- +-/* Populate a BN_GENCB structure with an "old"-style callback */ +-void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *), +- void *cb_arg) +-{ +- BN_GENCB *tmp_gencb = gencb; +- tmp_gencb->ver = 1; +- tmp_gencb->arg = cb_arg; +- tmp_gencb->cb.cb_1 = callback; +-} +- +-/* Populate a BN_GENCB structure with a "new"-style callback */ +-void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *), +- void *cb_arg) +-{ +- BN_GENCB *tmp_gencb = gencb; +- tmp_gencb->ver = 2; +- tmp_gencb->arg = cb_arg; +- tmp_gencb->cb.cb_2 = callback; +-} +- +-void *BN_GENCB_get_arg(BN_GENCB *cb) +-{ +- return cb->arg; +-} +- +-BIGNUM *bn_wexpand(BIGNUM *a, int words) +-{ +- return (words <= a->dmax) ? a : bn_expand2(a, words); +-} +- +-void bn_correct_top(BIGNUM *a) +-{ +- BN_ULONG *ftl; +- int tmp_top = a->top; +- +- if (tmp_top > 0) { +- for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) { +- ftl--; +- if (*ftl != 0) +- break; +- } +- a->top = tmp_top; +- } +- if (a->top == 0) +- a->neg = 0; +- bn_pollute(a); +-} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +index 13b583f..ffbce89 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +@@ -1,15 +1,129 @@ ++/* crypto/bn/bn_mod.c */ + /* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Includes code written by Lenka Fibikova ++ * for the OpenSSL project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + ++#if 0 /* now just a #define */ ++int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) ++{ ++ return (BN_div(NULL, rem, m, d, ctx)); ++ /* note that rem->neg == m->neg (unless the remainder is zero) */ ++} ++#endif ++ + int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) + { + /* +@@ -148,7 +262,8 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, + ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); + bn_check_top(r); + +- BN_free(abs_m); ++ if (abs_m) ++ BN_free(abs_m); + return ret; + } + +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +index 6d37279..be95bd5 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +@@ -1,10 +1,112 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_mont.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -14,7 +116,8 @@ + * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf + */ + +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" + + #define MONT_WORD /* use the faster word-based algorithm */ +@@ -94,15 +197,36 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) + rp = r->d; + + /* clear the top words of T */ +- i = max - r->top; +- if (i) +- memset(&rp[r->top], 0, sizeof(*rp) * i); ++# if 1 ++ for (i = r->top; i < max; i++) /* memset? XXX */ ++ rp[i] = 0; ++# else ++ memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); ++# endif + + r->top = max; + n0 = mont->n0[0]; + ++# ifdef BN_COUNT ++ fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl); ++# endif + for (carry = 0, i = 0; i < nl; i++, rp++) { ++# ifdef __TANDEM ++ { ++ long long t1; ++ long long t2; ++ long long t3; ++ t1 = rp[0] * (n0 & 0177777); ++ t2 = 037777600000l; ++ t2 = n0 & t2; ++ t3 = rp[0] & 0177777; ++ t2 = (t3 * t2) & BN_MASK2; ++ t1 = t1 + t2; ++ v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1); ++ } ++# else + v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); ++# endif + v = (v + carry + rp[nl]) & BN_MASK2; + carry |= (v != rp[nl]); + carry &= (v <= rp[nl]); +@@ -214,7 +338,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) + { + BN_MONT_CTX *ret; + +- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) ++ if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) + return (NULL); + + BN_MONT_CTX_init(ret); +@@ -225,9 +349,9 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) + void BN_MONT_CTX_init(BN_MONT_CTX *ctx) + { + ctx->ri = 0; +- bn_init(&(ctx->RR)); +- bn_init(&(ctx->N)); +- bn_init(&(ctx->Ni)); ++ BN_init(&(ctx->RR)); ++ BN_init(&(ctx->N)); ++ BN_init(&(ctx->Ni)); + ctx->n0[0] = ctx->n0[1] = 0; + ctx->flags = 0; + } +@@ -265,7 +389,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) + BIGNUM tmod; + BN_ULONG buf[2]; + +- bn_init(&tmod); ++ BN_init(&tmod); + tmod.d = buf; + tmod.dmax = 2; + tmod.neg = 0; +@@ -395,14 +519,14 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) + return (to); + } + +-BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, ++BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx) + { + BN_MONT_CTX *ret; + +- CRYPTO_THREAD_read_lock(lock); ++ CRYPTO_r_lock(lock); + ret = *pmont; +- CRYPTO_THREAD_unlock(lock); ++ CRYPTO_r_unlock(lock); + if (ret) + return ret; + +@@ -415,7 +539,7 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + * (the losers throw away the work they've done). + */ + ret = BN_MONT_CTX_new(); +- if (ret == NULL) ++ if (!ret) + return NULL; + if (!BN_MONT_CTX_set(ret, mod, ctx)) { + BN_MONT_CTX_free(ret); +@@ -423,12 +547,12 @@ BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock, + } + + /* The locked compare-and-set, after the local work is done. */ +- CRYPTO_THREAD_write_lock(lock); ++ CRYPTO_w_lock(lock); + if (*pmont) { + BN_MONT_CTX_free(ret); + ret = *pmont; + } else + *pmont = ret; +- CRYPTO_THREAD_unlock(lock); ++ CRYPTO_w_unlock(lock); + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +index 043e21d..3bd40bb 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_mpi.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + int BN_bn2mpi(const BIGNUM *a, unsigned char *d) +@@ -39,48 +88,41 @@ int BN_bn2mpi(const BIGNUM *a, unsigned char *d) + return (num + 4 + ext); + } + +-BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain) ++BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) + { + long len; + int neg = 0; +- BIGNUM *a = NULL; + + if (n < 4) { + BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH); +- return NULL; ++ return (NULL); + } + len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int) + d[3]; + if ((len + 4) != n) { + BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR); +- return NULL; ++ return (NULL); + } + +- if (ain == NULL) ++ if (a == NULL) + a = BN_new(); +- else +- a = ain; +- + if (a == NULL) +- return NULL; ++ return (NULL); + + if (len == 0) { + a->neg = 0; + a->top = 0; +- return a; ++ return (a); + } + d += 4; + if ((*d) & 0x80) + neg = 1; +- if (BN_bin2bn(d, (int)len, a) == NULL) { +- if (ain == NULL) +- BN_free(a); +- return NULL; +- } ++ if (BN_bin2bn(d, (int)len, a) == NULL) ++ return (NULL); + a->neg = neg; + if (neg) { + BN_clear_bit(a, BN_num_bits(a) - 1); + } + bn_check_top(a); +- return a; ++ return (a); + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +index 4a0a950..3c618dc 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +@@ -1,14 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_mul.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + ++#ifndef BN_DEBUG ++# undef NDEBUG /* avoid conflicting definitions */ ++# define NDEBUG ++#endif ++ ++#include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) +@@ -16,7 +71,7 @@ + * Here follows specialised variants of bn_add_words() and bn_sub_words(). + * They have the property performing operations on arrays of different sizes. + * The sizes of those arrays is expressed through cl, which is the common +- * length ( basically, min(len(a),len(b)) ), and dl, which is the delta ++ * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta + * between the two lengths, calculated as len(a)-len(b). All lengths are the + * number of BN_ULONGs... For the operations that require a result array as + * parameter, it must have the length cl+abs(dl). These functions should +@@ -41,6 +96,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, + b += cl; + + if (dl < 0) { ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, ++ dl, c); ++# endif + for (;;) { + t = b[0]; + r[0] = (0 - t - c) & BN_MASK2; +@@ -75,6 +134,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, + } + } else { + int save_dl = dl; ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, ++ dl, c); ++# endif + while (c) { + t = a[0]; + r[0] = (t - c) & BN_MASK2; +@@ -109,6 +172,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, + r += 4; + } + if (dl > 0) { ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", ++ cl, dl); ++# endif + if (save_dl > dl) { + switch (save_dl - dl) { + case 1: +@@ -129,6 +196,10 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, + } + } + if (dl > 0) { ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", ++ cl, dl); ++# endif + for (;;) { + r[0] = a[0]; + if (--dl <= 0) +@@ -170,6 +241,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, + + if (dl < 0) { + int save_dl = dl; ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, ++ dl, c); ++#endif + while (c) { + l = (c + b[0]) & BN_MASK2; + c = (l < c); +@@ -200,6 +275,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, + r += 4; + } + if (dl < 0) { ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", ++ cl, dl); ++#endif + if (save_dl < dl) { + switch (dl - save_dl) { + case 1: +@@ -220,6 +299,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, + } + } + if (dl < 0) { ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", ++ cl, dl); ++#endif + for (;;) { + r[0] = b[0]; + if (++dl >= 0) +@@ -240,6 +323,9 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, + } + } else { + int save_dl = dl; ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); ++#endif + while (c) { + t = (a[0] + c) & BN_MASK2; + c = (t < c); +@@ -269,6 +355,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, + a += 4; + r += 4; + } ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, ++ dl); ++#endif + if (dl > 0) { + if (save_dl > dl) { + switch (save_dl - dl) { +@@ -290,6 +380,10 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, + } + } + if (dl > 0) { ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", ++ cl, dl); ++#endif + for (;;) { + r[0] = a[0]; + if (--dl <= 0) +@@ -338,6 +432,9 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + unsigned int neg, zero; + BN_ULONG ln, lo, *p; + ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb); ++# endif + # ifdef BN_MUL_COMBA + # if 0 + if (n2 == 4) { +@@ -404,7 +501,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + if (!zero) + bn_mul_comba4(&(t[n2]), t, &(t[n])); + else +- memset(&t[n2], 0, sizeof(*t) * 8); ++ memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); + + bn_mul_comba4(r, a, b); + bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); +@@ -414,7 +511,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + if (!zero) + bn_mul_comba8(&(t[n2]), t, &(t[n])); + else +- memset(&t[n2], 0, sizeof(*t) * 16); ++ memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); + + bn_mul_comba8(r, a, b); + bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); +@@ -425,7 +522,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + if (!zero) + bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); + else +- memset(&t[n2], 0, sizeof(*t) * n2); ++ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + bn_mul_recursive(r, a, b, n, 0, 0, p); + bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); + } +@@ -484,6 +581,10 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + int c1, c2, neg; + BN_ULONG ln, lo, *p; + ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", ++ n, tna, n, tnb); ++# endif + if (n < 8) { + bn_mul_normal(r, a, n + tna, b, n + tnb); + return; +@@ -530,14 +631,14 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + bn_mul_comba4(&(t[n2]), t, &(t[n])); + bn_mul_comba4(r, a, b); + bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); +- memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); ++ memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); + } else + # endif + if (n == 8) { + bn_mul_comba8(&(t[n2]), t, &(t[n])); + bn_mul_comba8(r, a, b); + bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); +- memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb)); ++ memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); + } else { + p = &(t[n2 * 2]); + bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); +@@ -553,7 +654,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + if (j == 0) { + bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), + i, tna - i, tnb - i, p); +- memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); ++ memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); + } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ + bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), + i, tna - i, tnb - i, p); +@@ -561,7 +662,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + sizeof(BN_ULONG) * (n2 - tna - tnb)); + } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ + +- memset(&r[n2], 0, sizeof(*r) * n2); ++ memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); + if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL + && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { + bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); +@@ -640,6 +741,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + { + int n = n2 / 2; + ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2); ++# endif ++ + bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); + if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { + bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); +@@ -668,6 +773,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, + int neg, oneg, zero; + BN_ULONG ll, lc, *lp, *mp; + ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2); ++# endif + n = n2 / 2; + + /* Calculate (al-ah)*(bh-bl) */ +@@ -729,8 +837,9 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, + */ + if (l != NULL) { + lp = &(t[n2 + n]); +- bn_add_words(lp, &(r[0]), &(l[0]), n); ++ c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); + } else { ++ c1 = 0; + lp = &(r[0]); + } + +@@ -838,6 +947,10 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + int j = 0, k; + #endif + ++#ifdef BN_COUNT ++ fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top); ++#endif ++ + bn_check_top(a); + bn_check_top(b); + bn_check_top(r); +@@ -857,6 +970,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + goto err; + } else + rr = r; ++ rr->neg = a->neg ^ b->neg; + + #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) + i = al - bl; +@@ -968,7 +1082,6 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) + #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) + end: + #endif +- rr->neg = a->neg ^ b->neg; + bn_correct_top(rr); + if (r != rr && BN_copy(r, rr) == NULL) + goto err; +@@ -984,6 +1097,10 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) + { + BN_ULONG *rr; + ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); ++#endif ++ + if (na < nb) { + int itmp; + BN_ULONG *ltmp; +@@ -1024,6 +1141,9 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) + + void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) + { ++#ifdef BN_COUNT ++ fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); ++#endif + bn_mul_words(r, a, n, b[0]); + + for (;;) { +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +index 53598f9..4a45404 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +@@ -1,14 +1,63 @@ ++/* crypto/bn/bn_nist.c */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Nils Larsch for the OpenSSL project ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include "bn_lcl.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 + #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 +@@ -330,8 +379,8 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + PTR_SIZE_INT mask; + static const BIGNUM _bignum_nist_p_192_sqr = { + (BN_ULONG *)_nist_p_192_sqr, +- OSSL_NELEM(_nist_p_192_sqr), +- OSSL_NELEM(_nist_p_192_sqr), ++ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), ++ sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + 0, BN_FLG_STATIC_DATA + }; + +@@ -475,8 +524,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + } u; + static const BIGNUM _bignum_nist_p_224_sqr = { + (BN_ULONG *)_nist_p_224_sqr, +- OSSL_NELEM(_nist_p_224_sqr), +- OSSL_NELEM(_nist_p_224_sqr), ++ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), ++ sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + 0, BN_FLG_STATIC_DATA + }; + +@@ -596,7 +645,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + #endif + } else if (carry < 0) { + /* +- * it's a bit more complicated logic in this case. if bn_add_words ++ * it's a bit more comlicated logic in this case. if bn_add_words + * yields no carry, then result has to be adjusted by unconditionally + * *adding* the modulus. but if it does, then result has to be + * compared to the modulus and conditionally adjusted by +@@ -656,8 +705,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + } u; + static const BIGNUM _bignum_nist_p_256_sqr = { + (BN_ULONG *)_nist_p_256_sqr, +- OSSL_NELEM(_nist_p_256_sqr), +- OSSL_NELEM(_nist_p_256_sqr), ++ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), ++ sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + 0, BN_FLG_STATIC_DATA + }; + +@@ -902,8 +951,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + } u; + static const BIGNUM _bignum_nist_p_384_sqr = { + (BN_ULONG *)_nist_p_384_sqr, +- OSSL_NELEM(_nist_p_384_sqr), +- OSSL_NELEM(_nist_p_384_sqr), ++ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), ++ sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + 0, BN_FLG_STATIC_DATA + }; + +@@ -1160,8 +1209,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + PTR_SIZE_INT mask; + static const BIGNUM _bignum_nist_p_521_sqr = { + (BN_ULONG *)_nist_p_521_sqr, +- OSSL_NELEM(_nist_p_521_sqr), +- OSSL_NELEM(_nist_p_521_sqr), ++ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), ++ sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + 0, BN_FLG_STATIC_DATA + }; + +@@ -1190,20 +1239,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); + /* ... and right shift */ + for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { +-#if 0 +- /* +- * MSC ARM compiler [version 2013, presumably even earlier, +- * much earlier] miscompiles this code, but not one in +- * #else section. See RT#3541. +- */ +- tmp = val >> BN_NIST_521_RSHIFT; +- val = t_d[i + 1]; +- t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; +-#else + t_d[i] = (val >> BN_NIST_521_RSHIFT | + (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2; + val = tmp; +-#endif + } + t_d[i] = val >> BN_NIST_521_RSHIFT; + /* lower 521 bits */ +@@ -1222,18 +1260,3 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, + + return 1; + } +- +-int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a, +- const BIGNUM *field, BN_CTX *ctx) { +- if (BN_ucmp(&_bignum_nist_p_192, p) == 0) +- return BN_nist_mod_192; +- if (BN_ucmp(&_bignum_nist_p_224, p) == 0) +- return BN_nist_mod_224; +- if (BN_ucmp(&_bignum_nist_p_256, p) == 0) +- return BN_nist_mod_256; +- if (BN_ucmp(&_bignum_nist_p_384, p) == 0) +- return BN_nist_mod_384; +- if (BN_ucmp(&_bignum_nist_p_521, p) == 0) +- return BN_nist_mod_521; +- return 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +index 7103acf..4dab3bb 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +@@ -1,18 +1,125 @@ +-/* +- * WARNING: do not edit! +- * Generated by crypto/bn/bn_prime.pl +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_prime.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" ++#include ++ ++/* ++ * NB: these functions have been "upgraded", the deprecated versions (which ++ * are compatibility wrappers using these functions) are in bn_depr.c. - ++ * Geoff ++ */ + + /* + * The quick sieve algorithm approach to weeding out primes is Philip +@@ -25,56 +132,11 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, + const BIGNUM *a1_odd, int k, BN_CTX *ctx, + BN_MONT_CTX *mont); + static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods); +-static int probable_prime_dh_safe(BIGNUM *rnd, int bits, +- const BIGNUM *add, const BIGNUM *rem, +- BN_CTX *ctx); +- +-static const int prime_offsets[480] = { +- 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, +- 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, +- 167, 169, 173, 179, 181, 191, 193, 197, 199, 211, 221, 223, 227, 229, +- 233, 239, 241, 247, 251, 257, 263, 269, 271, 277, 281, 283, 289, 293, +- 299, 307, 311, 313, 317, 323, 331, 337, 347, 349, 353, 359, 361, 367, +- 373, 377, 379, 383, 389, 391, 397, 401, 403, 409, 419, 421, 431, 433, +- 437, 439, 443, 449, 457, 461, 463, 467, 479, 481, 487, 491, 493, 499, +- 503, 509, 521, 523, 527, 529, 533, 541, 547, 551, 557, 559, 563, 569, +- 571, 577, 587, 589, 593, 599, 601, 607, 611, 613, 617, 619, 629, 631, +- 641, 643, 647, 653, 659, 661, 667, 673, 677, 683, 689, 691, 697, 701, +- 703, 709, 713, 719, 727, 731, 733, 739, 743, 751, 757, 761, 767, 769, +- 773, 779, 787, 793, 797, 799, 809, 811, 817, 821, 823, 827, 829, 839, +- 841, 851, 853, 857, 859, 863, 871, 877, 881, 883, 887, 893, 899, 901, +- 907, 911, 919, 923, 929, 937, 941, 943, 947, 949, 953, 961, 967, 971, +- 977, 983, 989, 991, 997, 1003, 1007, 1009, 1013, 1019, 1021, 1027, 1031, +- 1033, 1037, 1039, 1049, 1051, 1061, 1063, 1069, 1073, 1079, 1081, 1087, +- 1091, 1093, 1097, 1103, 1109, 1117, 1121, 1123, 1129, 1139, 1147, 1151, +- 1153, 1157, 1159, 1163, 1171, 1181, 1187, 1189, 1193, 1201, 1207, 1213, +- 1217, 1219, 1223, 1229, 1231, 1237, 1241, 1247, 1249, 1259, 1261, 1271, +- 1273, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1313, 1319, +- 1321, 1327, 1333, 1339, 1343, 1349, 1357, 1361, 1363, 1367, 1369, 1373, +- 1381, 1387, 1391, 1399, 1403, 1409, 1411, 1417, 1423, 1427, 1429, 1433, +- 1439, 1447, 1451, 1453, 1457, 1459, 1469, 1471, 1481, 1483, 1487, 1489, +- 1493, 1499, 1501, 1511, 1513, 1517, 1523, 1531, 1537, 1541, 1543, 1549, +- 1553, 1559, 1567, 1571, 1577, 1579, 1583, 1591, 1597, 1601, 1607, 1609, +- 1613, 1619, 1621, 1627, 1633, 1637, 1643, 1649, 1651, 1657, 1663, 1667, +- 1669, 1679, 1681, 1691, 1693, 1697, 1699, 1703, 1709, 1711, 1717, 1721, +- 1723, 1733, 1739, 1741, 1747, 1751, 1753, 1759, 1763, 1769, 1777, 1781, +- 1783, 1787, 1789, 1801, 1807, 1811, 1817, 1819, 1823, 1829, 1831, 1843, +- 1847, 1849, 1853, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1891, 1901, +- 1907, 1909, 1913, 1919, 1921, 1927, 1931, 1933, 1937, 1943, 1949, 1951, +- 1957, 1961, 1963, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, +- 2021, 2027, 2029, 2033, 2039, 2041, 2047, 2053, 2059, 2063, 2069, 2071, +- 2077, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2117, 2119, 2129, 2131, +- 2137, 2141, 2143, 2147, 2153, 2159, 2161, 2171, 2173, 2179, 2183, 2197, +- 2201, 2203, 2207, 2209, 2213, 2221, 2227, 2231, 2237, 2239, 2243, 2249, +- 2251, 2257, 2263, 2267, 2269, 2273, 2279, 2281, 2287, 2291, 2293, 2297, +- 2309, 2311 +-}; +- +-static const int prime_offset_count = 480; +-static const int prime_multiplier = 2310; +-static const int prime_multiplier_bits = 11; /* 2^|prime_multiplier_bits| <= +- * |prime_multiplier| */ +-static const int first_prime_index = 5; ++static int probable_prime_dh(BIGNUM *rnd, int bits, ++ const BIGNUM *add, const BIGNUM *rem, ++ BN_CTX *ctx); ++static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add, ++ const BIGNUM *rem, BN_CTX *ctx); + + int BN_GENCB_call(BN_GENCB *cb, int a, int b) + { +@@ -108,20 +170,9 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, + prime_t *mods = NULL; + int checks = BN_prime_checks_for_size(bits); + +- if (bits < 2) { +- /* There are no prime numbers this small. */ +- BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); +- return 0; +- } else if (bits == 2 && safe) { +- /* The smallest safe prime (7) is three bits. */ +- BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL); +- return 0; +- } +- +- mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES); ++ mods = OPENSSL_malloc(sizeof(*mods) * NUMPRIMES); + if (mods == NULL) + goto err; +- + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; +@@ -139,11 +190,11 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, + if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) + goto err; + } else { +- if (!bn_probable_prime_dh(ret, bits, add, rem, ctx)) ++ if (!probable_prime_dh(ret, bits, add, rem, ctx)) + goto err; + } + } +- ++ /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ + if (!BN_GENCB_call(cb, 0, c1++)) + /* aborted */ + goto err; +@@ -184,9 +235,10 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, + found = 1; + err: + OPENSSL_free(mods); +- if (ctx != NULL) ++ if (ctx != NULL) { + BN_CTX_end(ctx); +- BN_CTX_free(ctx); ++ BN_CTX_free(ctx); ++ } + bn_check_top(ret); + return found; + } +@@ -218,13 +270,9 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, + /* a is even => a is prime if and only if a == 2 */ + return BN_is_word(a, 2); + if (do_trial_division) { +- for (i = 1; i < NUMPRIMES; i++) { +- BN_ULONG mod = BN_mod_word(a, primes[i]); +- if (mod == (BN_ULONG)-1) +- goto err; +- if (mod == 0) ++ for (i = 1; i < NUMPRIMES; i++) ++ if (BN_mod_word(a, primes[i]) == 0) + return 0; +- } + if (!BN_GENCB_call(cb, 1, -1)) + goto err; + } +@@ -300,88 +348,12 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, + if (ctx_passed == NULL) + BN_CTX_free(ctx); + } +- BN_MONT_CTX_free(mont); ++ if (mont != NULL) ++ BN_MONT_CTX_free(mont); + + return (ret); + } + +-int bn_probable_prime_dh_retry(BIGNUM *rnd, int bits, BN_CTX *ctx) +-{ +- int i; +- int ret = 0; +- +- loop: +- if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) +- goto err; +- +- /* we now have a random number 'rand' to test. */ +- +- for (i = 1; i < NUMPRIMES; i++) { +- /* check that rnd is a prime */ +- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); +- if (mod == (BN_ULONG)-1) +- goto err; +- if (mod <= 1) { +- goto loop; +- } +- } +- ret = 1; +- +- err: +- bn_check_top(rnd); +- return (ret); +-} +- +-int bn_probable_prime_dh_coprime(BIGNUM *rnd, int bits, BN_CTX *ctx) +-{ +- int i; +- BIGNUM *offset_index; +- BIGNUM *offset_count; +- int ret = 0; +- +- OPENSSL_assert(bits > prime_multiplier_bits); +- +- BN_CTX_start(ctx); +- if ((offset_index = BN_CTX_get(ctx)) == NULL) +- goto err; +- if ((offset_count = BN_CTX_get(ctx)) == NULL) +- goto err; +- +- if (!BN_add_word(offset_count, prime_offset_count)) +- goto err; +- +- loop: +- if (!BN_rand(rnd, bits - prime_multiplier_bits, +- BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) +- goto err; +- if (BN_is_bit_set(rnd, bits)) +- goto loop; +- if (!BN_rand_range(offset_index, offset_count)) +- goto err; +- +- if (!BN_mul_word(rnd, prime_multiplier) +- || !BN_add_word(rnd, prime_offsets[BN_get_word(offset_index)])) +- goto err; +- +- /* we now have a random number 'rand' to test. */ +- +- /* skip coprimes */ +- for (i = first_prime_index; i < NUMPRIMES; i++) { +- /* check that rnd is a prime */ +- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); +- if (mod == (BN_ULONG)-1) +- goto err; +- if (mod <= 1) +- goto loop; +- } +- ret = 1; +- +- err: +- BN_CTX_end(ctx); +- bn_check_top(rnd); +- return ret; +-} +- + static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, + const BIGNUM *a1_odd, int k, BN_CTX *ctx, + BN_MONT_CTX *mont) +@@ -412,87 +384,37 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, + static int probable_prime(BIGNUM *rnd, int bits, prime_t *mods) + { + int i; +- BN_ULONG delta; +- BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; +- char is_single_word = bits <= BN_BITS2; ++ BN_ULONG delta, maxdelta; + + again: +- if (!BN_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD)) ++ if (!BN_rand(rnd, bits, 1, 1)) + return (0); +- /* we now have a random number 'rnd' to test. */ +- for (i = 1; i < NUMPRIMES; i++) { +- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); +- if (mod == (BN_ULONG)-1) +- return 0; +- mods[i] = (prime_t) mod; +- } +- /* +- * If bits is so small that it fits into a single word then we +- * additionally don't want to exceed that many bits. +- */ +- if (is_single_word) { +- BN_ULONG size_limit; +- +- if (bits == BN_BITS2) { +- /* +- * Shifting by this much has undefined behaviour so we do it a +- * different way +- */ +- size_limit = ~((BN_ULONG)0) - BN_get_word(rnd); +- } else { +- size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; +- } +- if (size_limit < maxdelta) +- maxdelta = size_limit; +- } ++ /* we now have a random number 'rand' to test. */ ++ for (i = 1; i < NUMPRIMES; i++) ++ mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]); ++ maxdelta = BN_MASK2 - primes[NUMPRIMES - 1]; + delta = 0; +- loop: +- if (is_single_word) { +- BN_ULONG rnd_word = BN_get_word(rnd); +- +- /*- +- * In the case that the candidate prime is a single word then +- * we check that: +- * 1) It's greater than primes[i] because we shouldn't reject +- * 3 as being a prime number because it's a multiple of +- * three. +- * 2) That it's not a multiple of a known prime. We don't +- * check that rnd-1 is also coprime to all the known +- * primes because there aren't many small primes where +- * that's true. ++ loop:for (i = 1; i < NUMPRIMES; i++) { ++ /* ++ * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1 ++ * (except for 2) + */ +- for (i = 1; i < NUMPRIMES && primes[i] < rnd_word; i++) { +- if ((mods[i] + delta) % primes[i] == 0) { +- delta += 2; +- if (delta > maxdelta) +- goto again; +- goto loop; +- } +- } +- } else { +- for (i = 1; i < NUMPRIMES; i++) { +- /* +- * check that rnd is not a prime and also that gcd(rnd-1,primes) +- * == 1 (except for 2) +- */ +- if (((mods[i] + delta) % primes[i]) <= 1) { +- delta += 2; +- if (delta > maxdelta) +- goto again; +- goto loop; +- } ++ if (((mods[i] + delta) % primes[i]) <= 1) { ++ delta += 2; ++ if (delta > maxdelta) ++ goto again; ++ goto loop; + } + } + if (!BN_add_word(rnd, delta)) + return (0); +- if (BN_num_bits(rnd) != bits) +- goto again; + bn_check_top(rnd); + return (1); + } + +-int bn_probable_prime_dh(BIGNUM *rnd, int bits, +- const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) ++static int probable_prime_dh(BIGNUM *rnd, int bits, ++ const BIGNUM *add, const BIGNUM *rem, ++ BN_CTX *ctx) + { + int i, ret = 0; + BIGNUM *t1; +@@ -501,7 +423,7 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, + if ((t1 = BN_CTX_get(ctx)) == NULL) + goto err; + +- if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) ++ if (!BN_rand(rnd, bits, 0, 1)) + goto err; + + /* we need ((rnd-rem) % add) == 0 */ +@@ -520,20 +442,15 @@ int bn_probable_prime_dh(BIGNUM *rnd, int bits, + + /* we now have a random number 'rand' to test. */ + +- loop: +- for (i = 1; i < NUMPRIMES; i++) { ++ loop:for (i = 1; i < NUMPRIMES; i++) { + /* check that rnd is a prime */ +- BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]); +- if (mod == (BN_ULONG)-1) +- goto err; +- if (mod <= 1) { ++ if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) { + if (!BN_add(rnd, rnd, add)) + goto err; + goto loop; + } + } + ret = 1; +- + err: + BN_CTX_end(ctx); + bn_check_top(rnd); +@@ -557,7 +474,7 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, + if (!BN_rshift1(qadd, padd)) + goto err; + +- if (!BN_rand(q, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD)) ++ if (!BN_rand(q, bits, 0, 1)) + goto err; + + /* we need ((rnd-rem) % add) == 0 */ +@@ -581,17 +498,13 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, + if (!BN_add_word(p, 1)) + goto err; + +- loop: +- for (i = 1; i < NUMPRIMES; i++) { ++ loop:for (i = 1; i < NUMPRIMES; i++) { + /* check that p and q are prime */ + /* + * check that for p and q gcd(p-1,primes) == 1 (except for 2) + */ +- BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]); +- BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]); +- if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1) +- goto err; +- if (pmod == 0 || qmod == 0) { ++ if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) || ++ (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) { + if (!BN_add(p, p, padd)) + goto err; + if (!BN_add(q, q, qadd)) +@@ -600,7 +513,6 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, + } + } + ret = 1; +- + err: + BN_CTX_end(ctx); + bn_check_top(p); +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h +index 41440fa..5cf0de1 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.h ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.h +@@ -1,274 +1,326 @@ +-/* +- * WARNING: do not edit! +- * Generated by crypto/bn/bn_prime.pl ++/* Auto generated by bn_prime.pl */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-typedef unsigned short prime_t; ++#ifndef EIGHT_BIT + # define NUMPRIMES 2048 +- +-static const prime_t primes[2048] = { +- +- 2, 3, 5, 7, 11, 13, 17, 19, +- 23, 29, 31, 37, 41, 43, 47, 53, +- 59, 61, 67, 71, 73, 79, 83, 89, +- 97, 101, 103, 107, 109, 113, 127, 131, +- 137, 139, 149, 151, 157, 163, 167, 173, +- 179, 181, 191, 193, 197, 199, 211, 223, +- 227, 229, 233, 239, 241, 251, 257, 263, +- 269, 271, 277, 281, 283, 293, 307, 311, +- 313, 317, 331, 337, 347, 349, 353, 359, +- 367, 373, 379, 383, 389, 397, 401, 409, +- 419, 421, 431, 433, 439, 443, 449, 457, +- 461, 463, 467, 479, 487, 491, 499, 503, +- 509, 521, 523, 541, 547, 557, 563, 569, +- 571, 577, 587, 593, 599, 601, 607, 613, +- 617, 619, 631, 641, 643, 647, 653, 659, +- 661, 673, 677, 683, 691, 701, 709, 719, +- 727, 733, 739, 743, 751, 757, 761, 769, +- 773, 787, 797, 809, 811, 821, 823, 827, +- 829, 839, 853, 857, 859, 863, 877, 881, +- 883, 887, 907, 911, 919, 929, 937, 941, +- 947, 953, 967, 971, 977, 983, 991, 997, +- 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, +- 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, +- 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, +- 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, +- 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, +- 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, +- 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, +- 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, +- 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, +- 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, +- 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, +- 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, +- 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, +- 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, +- 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, +- 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, +- 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, +- 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, +- 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, +- 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, +- 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, +- 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, +- 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, +- 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, +- 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, +- 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, +- 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, +- 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, +- 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, +- 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, +- 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, +- 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, +- 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, +- 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, +- 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, +- 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, +- 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, +- 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, +- 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, +- 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, +- 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, +- 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, +- 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, +- 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, +- 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, +- 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, +- 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, +- 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, +- 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, +- 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, +- 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, +- 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, +- 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, +- 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, +- 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, +- 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, +- 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, +- 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, +- 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, +- 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, +- 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, +- 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, +- 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, +- 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, +- 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, +- 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, +- 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, +- 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, +- 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, +- 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, +- 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, +- 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, +- 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, +- 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, +- 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, +- 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, +- 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, +- 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, +- 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, +- 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, +- 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, +- 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, +- 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, +- 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, +- 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, +- 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, +- 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, +- 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, +- 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, +- 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, +- 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, +- 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, +- 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, +- 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, +- 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, +- 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, +- 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, +- 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, +- 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, +- 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, +- 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, +- 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, +- 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, +- 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, +- 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, +- 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, +- 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, +- 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, +- 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, +- 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, +- 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, +- 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, +- 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, +- 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, +- 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, +- 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, +- 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, +- 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, +- 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, +- 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, +- 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, +- 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, +- 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, +- 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, +- 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, +- 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, +- 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, +- 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, +- 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, +- 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, +- 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, +- 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, +- 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, +- 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, +- 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, +- 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, +- 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, +- 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, +- 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, +- 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, +- 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, +- 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, +- 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, +- 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, +- 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, +- 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, +- 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, +- 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, +- 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, +- 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, +- 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, +- 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, +- 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, +- 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, +- 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, +- 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, +- 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, +- 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, +- 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, +- 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, +- 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, +- 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, +- 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, +- 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, +- 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, +- 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, +- 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, +- 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, +- 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, +- 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, +- 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, +- 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, +- 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, +- 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, +- 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, +- 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, +- 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, +- 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, +- 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, +- 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, +- 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, +- 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, +- 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, +- 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, +- 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, +- 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, +- 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, +- 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, +- 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, +- 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, +- 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, +- 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, +- 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, +- 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, +- 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, +- 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, +- 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, +- 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, +- 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, +- 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, +- 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, +- 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, +- 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, +- 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, +- 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, +- 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, +- 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, +- 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, +- 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, +- 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, +- 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, +- 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, +- 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, +- 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, +- 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, +- 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, +- 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, +- 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, +- 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, +- 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, +- 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, +- 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, +- 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, +- 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, +- 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, +- 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, +- 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, +- 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, +- 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, +- 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, +- 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, +- 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, +- 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, +- 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, +- 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, ++typedef unsigned short prime_t; ++#else ++# define NUMPRIMES 54 ++typedef unsigned char prime_t; ++#endif ++static const prime_t primes[NUMPRIMES] = { ++ 2, 3, 5, 7, 11, 13, 17, 19, ++ 23, 29, 31, 37, 41, 43, 47, 53, ++ 59, 61, 67, 71, 73, 79, 83, 89, ++ 97, 101, 103, 107, 109, 113, 127, 131, ++ 137, 139, 149, 151, 157, 163, 167, 173, ++ 179, 181, 191, 193, 197, 199, 211, 223, ++ 227, 229, 233, 239, 241, 251, ++#ifndef EIGHT_BIT ++ 257, 263, ++ 269, 271, 277, 281, 283, 293, 307, 311, ++ 313, 317, 331, 337, 347, 349, 353, 359, ++ 367, 373, 379, 383, 389, 397, 401, 409, ++ 419, 421, 431, 433, 439, 443, 449, 457, ++ 461, 463, 467, 479, 487, 491, 499, 503, ++ 509, 521, 523, 541, 547, 557, 563, 569, ++ 571, 577, 587, 593, 599, 601, 607, 613, ++ 617, 619, 631, 641, 643, 647, 653, 659, ++ 661, 673, 677, 683, 691, 701, 709, 719, ++ 727, 733, 739, 743, 751, 757, 761, 769, ++ 773, 787, 797, 809, 811, 821, 823, 827, ++ 829, 839, 853, 857, 859, 863, 877, 881, ++ 883, 887, 907, 911, 919, 929, 937, 941, ++ 947, 953, 967, 971, 977, 983, 991, 997, ++ 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, ++ 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, ++ 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, ++ 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, ++ 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, ++ 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, ++ 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, ++ 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, ++ 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, ++ 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, ++ 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, ++ 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, ++ 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, ++ 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, ++ 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, ++ 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, ++ 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, ++ 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, ++ 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, ++ 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, ++ 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, ++ 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, ++ 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, ++ 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, ++ 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, ++ 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, ++ 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, ++ 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, ++ 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, ++ 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, ++ 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, ++ 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, ++ 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, ++ 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, ++ 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, ++ 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, ++ 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, ++ 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, ++ 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, ++ 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, ++ 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, ++ 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, ++ 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, ++ 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, ++ 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, ++ 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, ++ 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, ++ 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, ++ 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, ++ 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, ++ 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, ++ 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, ++ 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, ++ 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, ++ 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, ++ 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, ++ 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, ++ 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, ++ 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, ++ 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, ++ 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, ++ 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, ++ 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011, ++ 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, ++ 5099, 5101, 5107, 5113, 5119, 5147, 5153, 5167, ++ 5171, 5179, 5189, 5197, 5209, 5227, 5231, 5233, ++ 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, ++ 5323, 5333, 5347, 5351, 5381, 5387, 5393, 5399, ++ 5407, 5413, 5417, 5419, 5431, 5437, 5441, 5443, ++ 5449, 5471, 5477, 5479, 5483, 5501, 5503, 5507, ++ 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, ++ 5581, 5591, 5623, 5639, 5641, 5647, 5651, 5653, ++ 5657, 5659, 5669, 5683, 5689, 5693, 5701, 5711, ++ 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791, ++ 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, ++ 5851, 5857, 5861, 5867, 5869, 5879, 5881, 5897, ++ 5903, 5923, 5927, 5939, 5953, 5981, 5987, 6007, ++ 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, ++ 6079, 6089, 6091, 6101, 6113, 6121, 6131, 6133, ++ 6143, 6151, 6163, 6173, 6197, 6199, 6203, 6211, ++ 6217, 6221, 6229, 6247, 6257, 6263, 6269, 6271, ++ 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, ++ 6337, 6343, 6353, 6359, 6361, 6367, 6373, 6379, ++ 6389, 6397, 6421, 6427, 6449, 6451, 6469, 6473, ++ 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563, ++ 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, ++ 6653, 6659, 6661, 6673, 6679, 6689, 6691, 6701, ++ 6703, 6709, 6719, 6733, 6737, 6761, 6763, 6779, ++ 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, ++ 6841, 6857, 6863, 6869, 6871, 6883, 6899, 6907, ++ 6911, 6917, 6947, 6949, 6959, 6961, 6967, 6971, ++ 6977, 6983, 6991, 6997, 7001, 7013, 7019, 7027, ++ 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, ++ 7127, 7129, 7151, 7159, 7177, 7187, 7193, 7207, ++ 7211, 7213, 7219, 7229, 7237, 7243, 7247, 7253, ++ 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349, ++ 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, ++ 7459, 7477, 7481, 7487, 7489, 7499, 7507, 7517, ++ 7523, 7529, 7537, 7541, 7547, 7549, 7559, 7561, ++ 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, ++ 7639, 7643, 7649, 7669, 7673, 7681, 7687, 7691, ++ 7699, 7703, 7717, 7723, 7727, 7741, 7753, 7757, ++ 7759, 7789, 7793, 7817, 7823, 7829, 7841, 7853, ++ 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, ++ 7927, 7933, 7937, 7949, 7951, 7963, 7993, 8009, ++ 8011, 8017, 8039, 8053, 8059, 8069, 8081, 8087, ++ 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161, ++ 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, ++ 8233, 8237, 8243, 8263, 8269, 8273, 8287, 8291, ++ 8293, 8297, 8311, 8317, 8329, 8353, 8363, 8369, ++ 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, ++ 8447, 8461, 8467, 8501, 8513, 8521, 8527, 8537, ++ 8539, 8543, 8563, 8573, 8581, 8597, 8599, 8609, ++ 8623, 8627, 8629, 8641, 8647, 8663, 8669, 8677, ++ 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, ++ 8737, 8741, 8747, 8753, 8761, 8779, 8783, 8803, ++ 8807, 8819, 8821, 8831, 8837, 8839, 8849, 8861, ++ 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941, ++ 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, ++ 9013, 9029, 9041, 9043, 9049, 9059, 9067, 9091, ++ 9103, 9109, 9127, 9133, 9137, 9151, 9157, 9161, ++ 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, ++ 9239, 9241, 9257, 9277, 9281, 9283, 9293, 9311, ++ 9319, 9323, 9337, 9341, 9343, 9349, 9371, 9377, ++ 9391, 9397, 9403, 9413, 9419, 9421, 9431, 9433, ++ 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, ++ 9497, 9511, 9521, 9533, 9539, 9547, 9551, 9587, ++ 9601, 9613, 9619, 9623, 9629, 9631, 9643, 9649, ++ 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733, ++ 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, ++ 9803, 9811, 9817, 9829, 9833, 9839, 9851, 9857, ++ 9859, 9871, 9883, 9887, 9901, 9907, 9923, 9929, ++ 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, ++ 10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099, ++ 10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163, ++ 10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247, ++ 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, ++ 10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369, ++ 10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459, ++ 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531, ++ 10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, ++ 10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691, ++ 10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771, ++ 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, ++ 10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937, ++ 10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003, ++ 11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087, ++ 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, ++ 11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251, ++ 11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317, ++ 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399, ++ 11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, ++ 11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551, ++ 11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657, ++ 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, ++ 11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813, ++ 11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887, ++ 11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941, ++ 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, ++ 12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101, ++ 12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161, ++ 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251, ++ 12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, ++ 12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401, ++ 12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473, ++ 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, ++ 12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589, ++ 12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653, ++ 12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739, ++ 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, ++ 12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907, ++ 12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967, ++ 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033, ++ 13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, ++ 13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177, ++ 13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259, ++ 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, ++ 13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421, ++ 13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499, ++ 13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597, ++ 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, ++ 13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723, ++ 13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799, ++ 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879, ++ 13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, ++ 13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033, ++ 14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143, ++ 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, ++ 14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323, ++ 14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407, ++ 14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461, ++ 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, ++ 14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627, ++ 14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699, ++ 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753, ++ 14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, ++ 14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887, ++ 14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957, ++ 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, ++ 15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137, ++ 15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217, ++ 15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277, ++ 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, ++ 15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401, ++ 15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473, ++ 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569, ++ 15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, ++ 15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727, ++ 15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773, ++ 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, ++ 15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919, ++ 15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007, ++ 16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087, ++ 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, ++ 16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249, ++ 16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349, ++ 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427, ++ 16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, ++ 16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603, ++ 16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661, ++ 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, ++ 16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843, ++ 16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927, ++ 16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993, ++ 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, ++ 17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159, ++ 17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231, ++ 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327, ++ 17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, ++ 17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467, ++ 17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519, ++ 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, ++ 17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683, ++ 17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783, ++ 17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863, ++#endif + }; +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c +index a16bde8..f121fb6 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_print.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_print.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_print.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include "bn_lcl.h" + +@@ -64,8 +113,8 @@ char *BN_bn2dec(const BIGNUM *a) + /*- + * get an upper bound for the length of the decimal integer + * num <= (BN_num_bits(a) + 1) * log(2) +- * <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1 (rounding error) +- * <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1 ++ * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) ++ * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 + */ + i = BN_num_bits(a) * 3; + num = (i / 10 + i / 1000 + 1) + 1; +@@ -115,12 +164,16 @@ char *BN_bn2dec(const BIGNUM *a) + } + ok = 1; + err: +- OPENSSL_free(bn_data); +- BN_free(t); +- if (ok) +- return buf; +- OPENSSL_free(buf); +- return NULL; ++ if (bn_data != NULL) ++ OPENSSL_free(bn_data); ++ if (t != NULL) ++ BN_free(t); ++ if (!ok && buf) { ++ OPENSSL_free(buf); ++ buf = NULL; ++ } ++ ++ return (buf); + } + + int BN_hex2bn(BIGNUM **bn, const char *a) +@@ -141,7 +194,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) + for (i = 0; i <= (INT_MAX/4) && isxdigit((unsigned char)a[i]); i++) + continue; + +- if (i == 0 || i > INT_MAX/4) ++ if (i > INT_MAX/4) + goto err; + + num = i + neg; +@@ -169,8 +222,13 @@ int BN_hex2bn(BIGNUM **bn, const char *a) + l = 0; + for (;;) { + c = a[j - m]; +- k = OPENSSL_hexchar2int(c); +- if (k < 0) ++ if ((c >= '0') && (c <= '9')) ++ k = c - '0'; ++ else if ((c >= 'a') && (c <= 'f')) ++ k = c - 'a' + 10; ++ else if ((c >= 'A') && (c <= 'F')) ++ k = c - 'A' + 10; ++ else + k = 0; /* paranoia */ + l = (l << 4) | k; + +@@ -213,7 +271,7 @@ int BN_dec2bn(BIGNUM **bn, const char *a) + for (i = 0; i <= (INT_MAX/4) && isdigit((unsigned char)a[i]); i++) + continue; + +- if (i == 0 || i > INT_MAX/4) ++ if (i > INT_MAX/4) + goto err; + + num = i + neg; +@@ -245,9 +303,8 @@ int BN_dec2bn(BIGNUM **bn, const char *a) + l += *a - '0'; + a++; + if (++j == BN_DEC_NUM) { +- if (!BN_mul_word(ret, BN_DEC_CONV) +- || !BN_add_word(ret, l)) +- goto err; ++ BN_mul_word(ret, BN_DEC_CONV); ++ BN_add_word(ret, l); + l = 0; + j = 0; + } +@@ -286,7 +343,8 @@ int BN_asc2bn(BIGNUM **bn, const char *a) + return 1; + } + +-# ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_BIO ++# ifndef OPENSSL_NO_FP_API + int BN_print_fp(FILE *fp, const BIGNUM *a) + { + BIO *b; +@@ -325,6 +383,7 @@ int BN_print(BIO *bp, const BIGNUM *a) + end: + return (ret); + } ++#endif + + char *BN_options(void) + { +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +index 9ce4c5f..60d3f22 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +@@ -1,18 +1,119 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_rand.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + #include +-#include + + static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + { +@@ -21,7 +122,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + time_t tim; + + if (bits == 0) { +- if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY) ++ if (top != -1 || bottom != 0) + goto toosmall; + BN_zero(rnd); + return 1; +@@ -33,7 +134,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + bit = (bits - 1) % 8; + mask = 0xff << (bit + 1); + +- buf = OPENSSL_malloc(bytes); ++ buf = (unsigned char *)OPENSSL_malloc(bytes); + if (buf == NULL) { + BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE); + goto err; +@@ -43,9 +144,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + time(&tim); + RAND_add(&tim, sizeof(tim), 0.0); + ++ /* We ignore the value of pseudorand and always call RAND_bytes */ + if (RAND_bytes(buf, bytes) <= 0) + goto err; + ++#if 1 + if (pseudorand == 2) { + /* + * generate patterns that are more likely to trigger BN library bugs +@@ -54,7 +157,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + unsigned char c; + + for (i = 0; i < bytes; i++) { +- if (RAND_bytes(&c, 1) <= 0) ++ if (RAND_pseudo_bytes(&c, 1) < 0) + goto err; + if (c >= 128 && i > 0) + buf[i] = buf[i - 1]; +@@ -64,6 +167,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + buf[i] = 255; + } + } ++#endif + + if (top >= 0) { + if (top) { +@@ -84,7 +188,10 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + goto err; + ret = 1; + err: +- OPENSSL_clear_free(buf, bytes); ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, bytes); ++ OPENSSL_free(buf); ++ } + bn_check_top(rnd); + return (ret); + +@@ -103,10 +210,12 @@ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) + return bnrand(1, rnd, bits, top, bottom); + } + ++#if 1 + int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) + { + return bnrand(2, rnd, bits, top, bottom); + } ++#endif + + /* random number r: 0 <= r < range */ + static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) +@@ -133,7 +242,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) + * than range + */ + do { +- if (!bn_rand(r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) ++ if (!bn_rand(r, n + 1, -1, 0)) + return 0; + /* + * If r < 3*range, use r := r MOD range (which is either r, r - +@@ -159,7 +268,7 @@ static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range) + } else { + do { + /* range = 11..._2 or range = 101..._2 */ +- if (!bn_rand(r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) ++ if (!bn_rand(r, n, -1, 0)) + return 0; + + if (!--count) { +@@ -183,76 +292,3 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) + { + return bn_rand_range(1, r, range); + } +- +-/* +- * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike +- * BN_rand_range, it also includes the contents of |priv| and |message| in +- * the generation so that an RNG failure isn't fatal as long as |priv| +- * remains secret. This is intended for use in DSA and ECDSA where an RNG +- * weakness leads directly to private key exposure unless this function is +- * used. +- */ +-int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, +- const BIGNUM *priv, const unsigned char *message, +- size_t message_len, BN_CTX *ctx) +-{ +- SHA512_CTX sha; +- /* +- * We use 512 bits of random data per iteration to ensure that we have at +- * least |range| bits of randomness. +- */ +- unsigned char random_bytes[64]; +- unsigned char digest[SHA512_DIGEST_LENGTH]; +- unsigned done, todo; +- /* We generate |range|+8 bytes of random output. */ +- const unsigned num_k_bytes = BN_num_bytes(range) + 8; +- unsigned char private_bytes[96]; +- unsigned char *k_bytes; +- int ret = 0; +- +- k_bytes = OPENSSL_malloc(num_k_bytes); +- if (k_bytes == NULL) +- goto err; +- +- /* We copy |priv| into a local buffer to avoid exposing its length. */ +- todo = sizeof(priv->d[0]) * priv->top; +- if (todo > sizeof(private_bytes)) { +- /* +- * No reasonable DSA or ECDSA key should have a private key this +- * large and we don't handle this case in order to avoid leaking the +- * length of the private key. +- */ +- BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE); +- goto err; +- } +- memcpy(private_bytes, priv->d, todo); +- memset(private_bytes + todo, 0, sizeof(private_bytes) - todo); +- +- for (done = 0; done < num_k_bytes;) { +- if (RAND_bytes(random_bytes, sizeof(random_bytes)) != 1) +- goto err; +- SHA512_Init(&sha); +- SHA512_Update(&sha, &done, sizeof(done)); +- SHA512_Update(&sha, private_bytes, sizeof(private_bytes)); +- SHA512_Update(&sha, message, message_len); +- SHA512_Update(&sha, random_bytes, sizeof(random_bytes)); +- SHA512_Final(digest, &sha); +- +- todo = num_k_bytes - done; +- if (todo > SHA512_DIGEST_LENGTH) +- todo = SHA512_DIGEST_LENGTH; +- memcpy(k_bytes + done, digest, todo); +- done += todo; +- } +- +- if (!BN_bin2bn(k_bytes, num_k_bytes, out)) +- goto err; +- if (BN_mod(out, out, range, ctx) != 1) +- goto err; +- ret = 1; +- +- err: +- OPENSSL_free(k_bytes); +- OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); +- return ret; +-} +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +index 20585b9..f047040 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +@@ -1,31 +1,82 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_recp.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" + + void BN_RECP_CTX_init(BN_RECP_CTX *recp) + { +- memset(recp, 0, sizeof(*recp)); +- bn_init(&(recp->N)); +- bn_init(&(recp->Nr)); ++ BN_init(&(recp->N)); ++ BN_init(&(recp->Nr)); ++ recp->num_bits = 0; ++ recp->shift = 0; ++ recp->flags = 0; + } + + BN_RECP_CTX *BN_RECP_CTX_new(void) + { + BN_RECP_CTX *ret; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) ++ if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) + return (NULL); + +- bn_init(&(ret->N)); +- bn_init(&(ret->Nr)); ++ BN_RECP_CTX_init(ret); + ret->flags = BN_FLG_MALLOCED; + return (ret); + } +@@ -148,6 +199,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + goto err; + r->neg = 0; + ++#if 1 + j = 0; + while (BN_ucmp(r, &(recp->N)) >= 0) { + if (j++ > 2) { +@@ -159,6 +211,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + if (!BN_add_word(d, 1)) + goto err; + } ++#endif + + r->neg = BN_is_zero(r) ? 0 : m->neg; + d->neg = m->neg ^ recp->N.neg; +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +index 6a1eec8..9673d9a 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +@@ -1,13 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_shift.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" + + int BN_lshift1(BIGNUM *r, const BIGNUM *a) +@@ -74,8 +124,6 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) + c = (t & 1) ? BN_TBIT : 0; + } + r->top = j; +- if (!r->top) +- r->neg = 0; /* don't allow negative zero */ + bn_check_top(r); + return (1); + } +@@ -94,10 +142,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) + return 0; + } + ++ r->neg = a->neg; + nw = n / BN_BITS2; + if (bn_wexpand(r, a->top + nw + 1) == NULL) + return (0); +- r->neg = a->neg; + lb = n % BN_BITS2; + rb = BN_BITS2 - lb; + f = a->d; +@@ -112,7 +160,10 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) + t[nw + i + 1] |= (l >> rb) & BN_MASK2; + t[nw + i] = (l << lb) & BN_MASK2; + } +- memset(t, 0, sizeof(*t) * nw); ++ memset(t, 0, nw * sizeof(t[0])); ++ /* ++ * for (i=0; itop = a->top + nw + 1; + bn_correct_top(r); + bn_check_top(r); +@@ -142,9 +193,9 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) + } + i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; + if (r != a) { ++ r->neg = a->neg; + if (bn_wexpand(r, i) == NULL) + return (0); +- r->neg = a->neg; + } else { + if (n == 0) + return 1; /* or the copying loop will go berserk */ +@@ -168,8 +219,6 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) + if ((l = (l >> rb) & BN_MASK2)) + *(t) = l; + } +- if (!r->top) +- r->neg = 0; /* don't allow negative zero */ + bn_check_top(r); + return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +index 44e7332..256d26e 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +@@ -1,13 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_sqr.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" + + /* r must not be a */ +@@ -20,6 +70,9 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) + int ret = 0; + BIGNUM *tmp, *rr; + ++#ifdef BN_COUNT ++ fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); ++#endif + bn_check_top(a); + + al = a->top; +@@ -155,6 +208,9 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) + int zero, c1; + BN_ULONG ln, lo, *p; + ++# ifdef BN_COUNT ++ fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); ++# endif + if (n2 == 4) { + # ifndef BN_SQR_COMBA + bn_sqr_normal(r, a, 4, t); +@@ -190,7 +246,7 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) + if (!zero) + bn_sqr_recursive(&(t[n2]), t, n, p); + else +- memset(&t[n2], 0, sizeof(*t) * n2); ++ memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + bn_sqr_recursive(r, a, n, p); + bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); + +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +index 84376c7..232af99 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +@@ -1,13 +1,63 @@ ++/* crypto/bn/bn_sqrt.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Lenka Fibikova and Bodo ++ * Moeller for the OpenSSL project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include "bn_lcl.h" + + BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +@@ -348,8 +398,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + + end: + if (err) { +- if (ret != in) ++ if (ret != NULL && ret != in) { + BN_clear_free(ret); ++ } + ret = NULL; + } + BN_CTX_end(ctx); +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_srp.c b/Cryptlib/OpenSSL/crypto/bn/bn_srp.c +deleted file mode 100644 +index 58b1691..0000000 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_srp.c ++++ /dev/null +@@ -1,545 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "bn_lcl.h" +-#include "e_os.h" +- +-#ifndef OPENSSL_NO_SRP +- +-#include +-#include +- +-# if (BN_BYTES == 8) +-# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +-# define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64) +-# elif defined(__arch64__) +-# define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL) +-# else +-# define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL) +-# endif +-# elif (BN_BYTES == 4) +-# define bn_pack4(a1,a2,a3,a4) ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL) +-# else +-# error "unsupported BN_BYTES" +-# endif +- +-static const BN_ULONG bn_group_1024_value[] = { +- bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3), +- bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B), +- bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A), +- bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0), +- bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC), +- bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885), +- bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49), +- bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6), +- bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1), +- bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4), +- bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0), +- bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3), +- bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576), +- bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B), +- bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8), +- bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6) +-}; +- +-const BIGNUM bn_group_1024 = { +- (BN_ULONG *)bn_group_1024_value, +- OSSL_NELEM(bn_group_1024_value), +- OSSL_NELEM(bn_group_1024_value), +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-static const BN_ULONG bn_group_1536_value[] = { +- bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB), +- bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D), +- bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3), +- bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E), +- bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E), +- bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8), +- bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE), +- bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C), +- bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486), +- bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627), +- bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5), +- bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1), +- bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC), +- bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D), +- bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914), +- bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0), +- bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC), +- bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843), +- bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29), +- bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE), +- bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D), +- bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80), +- bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB), +- bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A) +-}; +- +-const BIGNUM bn_group_1536 = { +- (BN_ULONG *)bn_group_1536_value, +- OSSL_NELEM(bn_group_1536_value), +- OSSL_NELEM(bn_group_1536_value), +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-static const BN_ULONG bn_group_2048_value[] = { +- bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73), +- bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2), +- bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475), +- bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4), +- bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6), +- bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382), +- bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8), +- bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329), +- bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6), +- bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378), +- bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA), +- bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D), +- bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748), +- bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A), +- bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481), +- bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016), +- bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B), +- bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7), +- bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74), +- bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA), +- bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8), +- bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8), +- bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3), +- bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0), +- bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50), +- bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D), +- bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D), +- bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED), +- bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050), +- bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07), +- bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F), +- bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B) +-}; +- +-const BIGNUM bn_group_2048 = { +- (BN_ULONG *)bn_group_2048_value, +- OSSL_NELEM(bn_group_2048_value), +- OSSL_NELEM(bn_group_2048_value), +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-static const BN_ULONG bn_group_3072_value[] = { +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), +- bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA), +- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), +- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), +- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), +- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), +- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), +- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), +- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), +- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), +- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), +- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), +- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), +- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), +- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), +- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), +- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), +- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), +- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), +- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), +- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), +- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), +- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), +- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), +- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), +- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), +- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), +- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), +- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), +- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), +- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), +- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), +- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), +- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), +- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), +- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), +- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), +- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), +- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), +- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), +- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), +- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), +- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), +- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), +- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), +- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), +- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +-}; +- +-const BIGNUM bn_group_3072 = { +- (BN_ULONG *)bn_group_3072_value, +- OSSL_NELEM(bn_group_3072_value), +- OSSL_NELEM(bn_group_3072_value), +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-static const BN_ULONG bn_group_4096_value[] = { +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), +- bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199), +- bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), +- bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), +- bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), +- bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), +- bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), +- bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), +- bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), +- bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), +- bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), +- bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), +- bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), +- bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), +- bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), +- bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), +- bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), +- bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), +- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), +- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), +- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), +- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), +- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), +- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), +- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), +- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), +- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), +- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), +- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), +- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), +- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), +- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), +- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), +- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), +- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), +- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), +- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), +- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), +- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), +- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), +- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), +- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), +- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), +- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), +- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), +- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), +- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), +- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), +- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), +- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), +- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), +- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), +- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), +- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), +- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), +- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), +- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), +- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), +- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), +- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), +- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), +- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), +- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +-}; +- +-const BIGNUM bn_group_4096 = { +- (BN_ULONG *)bn_group_4096_value, +- OSSL_NELEM(bn_group_4096_value), +- OSSL_NELEM(bn_group_4096_value), +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-static const BN_ULONG bn_group_6144_value[] = { +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), +- bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024), +- bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), +- bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), +- bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), +- bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), +- bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), +- bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), +- bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), +- bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), +- bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), +- bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), +- bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), +- bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), +- bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), +- bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), +- bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), +- bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), +- bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), +- bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), +- bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), +- bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), +- bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), +- bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), +- bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), +- bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), +- bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), +- bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), +- bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), +- bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), +- bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), +- bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), +- bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), +- bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), +- bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), +- bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), +- bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), +- bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), +- bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), +- bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), +- bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), +- bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), +- bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), +- bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), +- bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), +- bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), +- bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), +- bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), +- bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), +- bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), +- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), +- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), +- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), +- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), +- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), +- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), +- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), +- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), +- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), +- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), +- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), +- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), +- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), +- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), +- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), +- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), +- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), +- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), +- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), +- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), +- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), +- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), +- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), +- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), +- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), +- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), +- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), +- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), +- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), +- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), +- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), +- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), +- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), +- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), +- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), +- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), +- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), +- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), +- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), +- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), +- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), +- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), +- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), +- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), +- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +-}; +- +-const BIGNUM bn_group_6144 = { +- (BN_ULONG *)bn_group_6144_value, +- OSSL_NELEM(bn_group_6144_value), +- OSSL_NELEM(bn_group_6144_value), +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-static const BN_ULONG bn_group_8192_value[] = { +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF), +- bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF), +- bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71), +- bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF), +- bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA), +- bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47), +- bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B), +- bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7), +- bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92), +- bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268), +- bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73), +- bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1), +- bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D), +- bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1), +- bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36), +- bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D), +- bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6), +- bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A), +- bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8), +- bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD), +- bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B), +- bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7), +- bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07), +- bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9), +- bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D), +- bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978), +- bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568), +- bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466), +- bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED), +- bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300), +- bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA), +- bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C), +- bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4), +- bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159), +- bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6), +- bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE), +- bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468), +- bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632), +- bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C), +- bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0), +- bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76), +- bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328), +- bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0), +- bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8), +- bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA), +- bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5), +- bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE), +- bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3), +- bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E), +- bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82), +- bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6), +- bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03), +- bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC), +- bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF), +- bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42), +- bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B), +- bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B), +- bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED), +- bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918), +- bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831), +- bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE), +- bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E), +- bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD), +- bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE), +- bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026), +- bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492), +- bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F), +- bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1), +- bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9), +- bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C), +- bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF), +- bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED), +- bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2), +- bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D), +- bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6), +- bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9), +- bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8), +- bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA), +- bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C), +- bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26), +- bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7), +- bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801), +- bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E), +- bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31), +- bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2), +- bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C), +- bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C), +- bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64), +- bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864), +- bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B), +- bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D), +- bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7), +- bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7), +- bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D), +- bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A), +- bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64), +- bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33), +- bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D), +- bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510), +- bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5), +- bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718), +- bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9), +- bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F), +- bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603), +- bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B), +- bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C), +- bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804), +- bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D), +- bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB), +- bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96), +- bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F), +- bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A), +- bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05), +- bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D), +- bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6), +- bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5), +- bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED), +- bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B), +- bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6), +- bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245), +- bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437), +- bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B), +- bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD), +- bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22), +- bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74), +- bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1), +- bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234), +- bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF) +-}; +- +-const BIGNUM bn_group_8192 = { +- (BN_ULONG *)bn_group_8192_value, +- OSSL_NELEM(bn_group_8192_value), +- OSSL_NELEM(bn_group_8192_value), +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-static const BN_ULONG bn_generator_19_value[] = { 19 }; +- +-const BIGNUM bn_generator_19 = { +- (BN_ULONG *)bn_generator_19_value, +- 1, +- 1, +- 0, +- BN_FLG_STATIC_DATA +-}; +-static const BN_ULONG bn_generator_5_value[] = { 5 }; +- +-const BIGNUM bn_generator_5 = { +- (BN_ULONG *)bn_generator_5_value, +- 1, +- 1, +- 0, +- BN_FLG_STATIC_DATA +-}; +-static const BN_ULONG bn_generator_2_value[] = { 2 }; +- +-const BIGNUM bn_generator_2 = { +- (BN_ULONG *)bn_generator_2_value, +- 1, +- 1, +- 0, +- BN_FLG_STATIC_DATA +-}; +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +index 1af13a5..9b5f9cb 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c +@@ -1,13 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/bn/bn_word.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include "bn_lcl.h" + + BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) +@@ -89,8 +139,6 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) + if ((a->top > 0) && (a->d[a->top - 1] == 0)) + a->top--; + ret >>= j; +- if (!a->top) +- a->neg = 0; /* don't allow negative zero */ + bn_check_top(a); + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +index 40734cb..efa48bd 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c ++++ b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +@@ -1,15 +1,64 @@ ++/* bn_x931p.c */ + /* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "bn_lcl.h" + + /* X9.31 routines for prime derivation */ + +@@ -21,7 +70,7 @@ + static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, + BN_GENCB *cb) + { +- int i = 0, is_prime; ++ int i = 0; + if (!BN_copy(pi, Xpi)) + return 0; + if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) +@@ -29,11 +78,8 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, + for (;;) { + i++; + BN_GENCB_call(cb, 0, i); +- /* NB 27 MR is specified in X9.31 */ +- is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb); +- if (is_prime < 0) +- return 0; +- if (is_prime) ++ /* NB 27 MR is specificed in X9.31 */ ++ if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb)) + break; + if (!BN_add_word(pi, 2)) + return 0; +@@ -74,9 +120,6 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + + pm1 = BN_CTX_get(ctx); + +- if (pm1 == NULL) +- goto err; +- + if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) + goto err; + +@@ -125,18 +168,14 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + goto err; + if (!BN_gcd(t, pm1, e, ctx)) + goto err; +- if (BN_is_one(t)) { ++ if (BN_is_one(t) + /* + * X9.31 specifies 8 MR and 1 Lucas test or any prime test + * offering similar or better guarantees 50 MR is considerably + * better. + */ +- int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb); +- if (r < 0) +- goto err; +- if (r) +- break; +- } ++ && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb)) ++ break; + if (!BN_add(p, p, p1p2)) + goto err; + } +@@ -153,8 +192,8 @@ int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + } + + /* +- * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits +- * parameter is sum of number of bits in both. ++ * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits ++ * paramter is sum of number of bits in both. + */ + + int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) +@@ -173,14 +212,14 @@ int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) + * - 1. By setting the top two bits we ensure that the lower bound is + * exceeded. + */ +- if (!BN_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) ++ if (!BN_rand(Xp, nbits, 1, 0)) + goto err; + + BN_CTX_start(ctx); + t = BN_CTX_get(ctx); + + for (i = 0; i < 1000; i++) { +- if (!BN_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY)) ++ if (!BN_rand(Xq, nbits, 1, 0)) + goto err; + /* Check that |Xp - Xq| > 2^(nbits - 100) */ + BN_sub(t, Xp, Xq); +@@ -221,9 +260,9 @@ int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + if (!Xp2) + Xp2 = BN_CTX_get(ctx); + +- if (!BN_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) ++ if (!BN_rand(Xp1, 101, 0, 0)) + goto error; +- if (!BN_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) ++ if (!BN_rand(Xp2, 101, 0, 0)) + goto error; + if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) + goto error; +diff --git a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c +deleted file mode 100644 +index 1a70f6c..0000000 +--- a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.c ++++ /dev/null +@@ -1,352 +0,0 @@ +-/* +- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/***************************************************************************** +-* * +-* Copyright (c) 2012, Intel Corporation * +-* * +-* All rights reserved. * +-* * +-* Redistribution and use in source and binary forms, with or without * +-* modification, are permitted provided that the following conditions are * +-* met: * +-* * +-* * Redistributions of source code must retain the above copyright * +-* notice, this list of conditions and the following disclaimer. * +-* * +-* * Redistributions in binary form must reproduce the above copyright * +-* notice, this list of conditions and the following disclaimer in the * +-* documentation and/or other materials provided with the * +-* distribution. * +-* * +-* * Neither the name of the Intel Corporation nor the names of its * +-* contributors may be used to endorse or promote products derived from * +-* this software without specific prior written permission. * +-* * +-* * +-* THIS SOFTWARE IS PROVIDED BY INTEL CORPORATION ""AS IS"" AND ANY * +-* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * +-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * +-* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL INTEL CORPORATION OR * +-* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * +-* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * +-* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR * +-* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF * +-* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING * +-* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * +-* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * +-* * +-****************************************************************************** +-* Developers and authors: * +-* Shay Gueron (1, 2), and Vlad Krasnov (1) * +-* (1) Intel Corporation, Israel Development Center, Haifa, Israel * +-* (2) University of Haifa, Israel * +-*****************************************************************************/ +- +-#include +-#include "rsaz_exp.h" +- +-#ifndef RSAZ_ENABLED +-NON_EMPTY_TRANSLATION_UNIT +-#else +- +-/* +- * See crypto/bn/asm/rsaz-avx2.pl for further details. +- */ +-void rsaz_1024_norm2red_avx2(void *red, const void *norm); +-void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b, +- const void *n, BN_ULONG k); +-void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k, +- int cnt); +-void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i); +-void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i); +-void rsaz_1024_red2norm_avx2(void *norm, const void *red); +- +-#if defined(__GNUC__) +-# define ALIGN64 __attribute__((aligned(64))) +-#elif defined(_MSC_VER) +-# define ALIGN64 __declspec(align(64)) +-#elif defined(__SUNPRO_C) +-# define ALIGN64 +-# pragma align 64(one,two80) +-#else +-/* not fatal, might hurt performance a little */ +-# define ALIGN64 +-#endif +- +-ALIGN64 static const BN_ULONG one[40] = { +- 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +-}; +- +-ALIGN64 static const BN_ULONG two80[40] = { +- 0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +-}; +- +-void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], +- const BN_ULONG base_norm[16], +- const BN_ULONG exponent[16], +- const BN_ULONG m_norm[16], const BN_ULONG RR[16], +- BN_ULONG k0) +-{ +- unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */ +- unsigned char *p_str = storage + (64 - ((size_t)storage % 64)); +- unsigned char *a_inv, *m, *result; +- unsigned char *table_s = p_str + 320 * 3; +- unsigned char *R2 = table_s; /* borrow */ +- int index; +- int wvalue; +- +- if ((((size_t)p_str & 4095) + 320) >> 12) { +- result = p_str; +- a_inv = p_str + 320; +- m = p_str + 320 * 2; /* should not cross page */ +- } else { +- m = p_str; /* should not cross page */ +- result = p_str + 320; +- a_inv = p_str + 320 * 2; +- } +- +- rsaz_1024_norm2red_avx2(m, m_norm); +- rsaz_1024_norm2red_avx2(a_inv, base_norm); +- rsaz_1024_norm2red_avx2(R2, RR); +- +- rsaz_1024_mul_avx2(R2, R2, R2, m, k0); +- rsaz_1024_mul_avx2(R2, R2, two80, m, k0); +- +- /* table[0] = 1 */ +- rsaz_1024_mul_avx2(result, R2, one, m, k0); +- /* table[1] = a_inv^1 */ +- rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0); +- +- rsaz_1024_scatter5_avx2(table_s, result, 0); +- rsaz_1024_scatter5_avx2(table_s, a_inv, 1); +- +- /* table[2] = a_inv^2 */ +- rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 2); +-#if 0 +- /* this is almost 2x smaller and less than 1% slower */ +- for (index = 3; index < 32; index++) { +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, index); +- } +-#else +- /* table[4] = a_inv^4 */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 4); +- /* table[8] = a_inv^8 */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 8); +- /* table[16] = a_inv^16 */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 16); +- /* table[17] = a_inv^17 */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 17); +- +- /* table[3] */ +- rsaz_1024_gather5_avx2(result, table_s, 2); +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 3); +- /* table[6] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 6); +- /* table[12] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 12); +- /* table[24] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 24); +- /* table[25] */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 25); +- +- /* table[5] */ +- rsaz_1024_gather5_avx2(result, table_s, 4); +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 5); +- /* table[10] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 10); +- /* table[20] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 20); +- /* table[21] */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 21); +- +- /* table[7] */ +- rsaz_1024_gather5_avx2(result, table_s, 6); +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 7); +- /* table[14] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 14); +- /* table[28] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 28); +- /* table[29] */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 29); +- +- /* table[9] */ +- rsaz_1024_gather5_avx2(result, table_s, 8); +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 9); +- /* table[18] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 18); +- /* table[19] */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 19); +- +- /* table[11] */ +- rsaz_1024_gather5_avx2(result, table_s, 10); +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 11); +- /* table[22] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 22); +- /* table[23] */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 23); +- +- /* table[13] */ +- rsaz_1024_gather5_avx2(result, table_s, 12); +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 13); +- /* table[26] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 26); +- /* table[27] */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 27); +- +- /* table[15] */ +- rsaz_1024_gather5_avx2(result, table_s, 14); +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 15); +- /* table[30] */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 1); +- rsaz_1024_scatter5_avx2(table_s, result, 30); +- /* table[31] */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- rsaz_1024_scatter5_avx2(table_s, result, 31); +-#endif +- +- /* load first window */ +- p_str = (unsigned char *)exponent; +- wvalue = p_str[127] >> 3; +- rsaz_1024_gather5_avx2(result, table_s, wvalue); +- +- index = 1014; +- +- while (index > -1) { /* loop for the remaining 127 windows */ +- +- rsaz_1024_sqr_avx2(result, result, m, k0, 5); +- +- wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8]; +- wvalue = (wvalue >> (index % 8)) & 31; +- index -= 5; +- +- rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- } +- +- /* square four times */ +- rsaz_1024_sqr_avx2(result, result, m, k0, 4); +- +- wvalue = p_str[0] & 15; +- +- rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */ +- rsaz_1024_mul_avx2(result, result, a_inv, m, k0); +- +- /* from Montgomery */ +- rsaz_1024_mul_avx2(result, result, one, m, k0); +- +- rsaz_1024_red2norm_avx2(result_norm, result); +- +- OPENSSL_cleanse(storage, sizeof(storage)); +-} +- +-/* +- * See crypto/bn/rsaz-x86_64.pl for further details. +- */ +-void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n, +- BN_ULONG k); +-void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n, +- BN_ULONG k, const void *tbl, unsigned int power); +-void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl, +- const void *n, BN_ULONG k, unsigned int power); +-void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k); +-void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k, +- int cnt); +-void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power); +-void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power); +- +-void RSAZ_512_mod_exp(BN_ULONG result[8], +- const BN_ULONG base[8], const BN_ULONG exponent[8], +- const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8]) +-{ +- unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */ +- unsigned char *table = storage + (64 - ((size_t)storage % 64)); +- BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8); +- BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8); +- unsigned char *p_str = (unsigned char *)exponent; +- int index; +- unsigned int wvalue; +- +- /* table[0] = 1_inv */ +- temp[0] = 0 - m[0]; +- temp[1] = ~m[1]; +- temp[2] = ~m[2]; +- temp[3] = ~m[3]; +- temp[4] = ~m[4]; +- temp[5] = ~m[5]; +- temp[6] = ~m[6]; +- temp[7] = ~m[7]; +- rsaz_512_scatter4(table, temp, 0); +- +- /* table [1] = a_inv^1 */ +- rsaz_512_mul(a_inv, base, RR, m, k0); +- rsaz_512_scatter4(table, a_inv, 1); +- +- /* table [2] = a_inv^2 */ +- rsaz_512_sqr(temp, a_inv, m, k0, 1); +- rsaz_512_scatter4(table, temp, 2); +- +- for (index = 3; index < 16; index++) +- rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index); +- +- /* load first window */ +- wvalue = p_str[63]; +- +- rsaz_512_gather4(temp, table, wvalue >> 4); +- rsaz_512_sqr(temp, temp, m, k0, 4); +- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf); +- +- for (index = 62; index >= 0; index--) { +- wvalue = p_str[index]; +- +- rsaz_512_sqr(temp, temp, m, k0, 4); +- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4); +- +- rsaz_512_sqr(temp, temp, m, k0, 4); +- rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f); +- } +- +- /* from Montgomery */ +- rsaz_512_mul_by_one(result, temp, m, k0); +- +- OPENSSL_cleanse(storage, sizeof(storage)); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h +index 9501cc8..229e181 100644 +--- a/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h ++++ b/Cryptlib/OpenSSL/crypto/bn/rsaz_exp.h +@@ -1,12 +1,3 @@ +-/* +- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + /***************************************************************************** + * * + * Copyright (c) 2012, Intel Corporation * +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +index a6a2ab8..631eec3 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/buffer/buf_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,9 +70,12 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) + + static ERR_STRING_DATA BUF_str_functs[] = { ++ {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"}, + {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"}, + {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"}, + {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"}, ++ {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"}, ++ {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"}, + {0, NULL} + }; + +@@ -31,7 +85,7 @@ static ERR_STRING_DATA BUF_str_reasons[] = { + + #endif + +-int ERR_load_BUF_strings(void) ++void ERR_load_BUF_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -40,5 +94,4 @@ int ERR_load_BUF_strings(void) + ERR_load_strings(0, BUF_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +new file mode 100644 +index 0000000..fa0d608 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c +@@ -0,0 +1,137 @@ ++/* crypto/buffer/buffer.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++ ++size_t BUF_strnlen(const char *str, size_t maxlen) ++{ ++ const char *p; ++ ++ for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; ++ ++ return p - str; ++} ++ ++char *BUF_strdup(const char *str) ++{ ++ if (str == NULL) ++ return NULL; ++ return BUF_strndup(str, strlen(str)); ++} ++ ++char *BUF_strndup(const char *str, size_t siz) ++{ ++ char *ret; ++ ++ if (str == NULL) ++ return NULL; ++ ++ siz = BUF_strnlen(str, siz); ++ ++ if (siz >= INT_MAX) ++ return NULL; ++ ++ ret = OPENSSL_malloc(siz + 1); ++ if (ret == NULL) { ++ BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ memcpy(ret, str, siz); ++ ret[siz] = '\0'; ++ ++ return (ret); ++} ++ ++void *BUF_memdup(const void *data, size_t siz) ++{ ++ void *ret; ++ ++ if (data == NULL || siz >= INT_MAX) ++ return NULL; ++ ++ ret = OPENSSL_malloc(siz); ++ if (ret == NULL) { ++ BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ return memcpy(ret, data, siz); ++} ++ ++size_t BUF_strlcpy(char *dst, const char *src, size_t size) ++{ ++ size_t l = 0; ++ for (; size > 1 && *src; size--) { ++ *dst++ = *src++; ++ l++; ++ } ++ if (size) ++ *dst = '\0'; ++ return l + strlen(src); ++} ++ ++size_t BUF_strlcat(char *dst, const char *src, size_t size) ++{ ++ size_t l = 0; ++ for (; size > 0 && *dst; size--, dst++) ++ l++; ++ return l + BUF_strlcpy(dst, src, size); ++} +diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +index 6b0bd4a..eff3e08 100644 +--- a/Cryptlib/OpenSSL/crypto/buffer/buffer.c ++++ b/Cryptlib/OpenSSL/crypto/buffer/buffer.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/buffer/buffer.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + /* +@@ -18,25 +67,18 @@ + */ + #define LIMIT_BEFORE_EXPANSION 0x5ffffffc + +-BUF_MEM *BUF_MEM_new_ex(unsigned long flags) +-{ +- BUF_MEM *ret; +- +- ret = BUF_MEM_new(); +- if (ret != NULL) +- ret->flags = flags; +- return (ret); +-} +- + BUF_MEM *BUF_MEM_new(void) + { + BUF_MEM *ret; + +- ret = OPENSSL_zalloc(sizeof(*ret)); ++ ret = OPENSSL_malloc(sizeof(BUF_MEM)); + if (ret == NULL) { + BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ ret->length = 0; ++ ret->max = 0; ++ ret->data = NULL; + return (ret); + } + +@@ -46,30 +88,13 @@ void BUF_MEM_free(BUF_MEM *a) + return; + + if (a->data != NULL) { +- if (a->flags & BUF_MEM_FLAG_SECURE) +- OPENSSL_secure_free(a->data); +- else +- OPENSSL_clear_free(a->data, a->max); ++ OPENSSL_cleanse(a->data, a->max); ++ OPENSSL_free(a->data); + } + OPENSSL_free(a); + } + +-/* Allocate a block of secure memory; copy over old data if there +- * was any, and then free it. */ +-static char *sec_alloc_realloc(BUF_MEM *str, size_t len) +-{ +- char *ret; +- +- ret = OPENSSL_secure_malloc(len); +- if (str->data != NULL) { +- if (ret != NULL) +- memcpy(ret, str->data, str->length); +- OPENSSL_secure_free(str->data); +- } +- return (ret); +-} +- +-size_t BUF_MEM_grow(BUF_MEM *str, size_t len) ++int BUF_MEM_grow(BUF_MEM *str, size_t len) + { + char *ret; + size_t n; +@@ -79,8 +104,7 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) + return (len); + } + if (str->max >= len) { +- if (str->data != NULL) +- memset(&str->data[str->length], 0, len - str->length); ++ memset(&str->data[str->length], 0, len - str->length); + str->length = len; + return (len); + } +@@ -90,8 +114,8 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) + return 0; + } + n = (len + 3) / 3 * 4; +- if ((str->flags & BUF_MEM_FLAG_SECURE)) +- ret = sec_alloc_realloc(str, n); ++ if (str->data == NULL) ++ ret = OPENSSL_malloc(n); + else + ret = OPENSSL_realloc(str->data, n); + if (ret == NULL) { +@@ -106,14 +130,13 @@ size_t BUF_MEM_grow(BUF_MEM *str, size_t len) + return (len); + } + +-size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) ++int BUF_MEM_grow_clean(BUF_MEM *str, size_t len) + { + char *ret; + size_t n; + + if (str->length >= len) { +- if (str->data != NULL) +- memset(&str->data[len], 0, str->length - len); ++ memset(&str->data[len], 0, str->length - len); + str->length = len; + return (len); + } +@@ -128,10 +151,10 @@ size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len) + return 0; + } + n = (len + 3) / 3 * 4; +- if ((str->flags & BUF_MEM_FLAG_SECURE)) +- ret = sec_alloc_realloc(str, n); ++ if (str->data == NULL) ++ ret = OPENSSL_malloc(n); + else +- ret = OPENSSL_clear_realloc(str->data, str->max, n); ++ ret = OPENSSL_realloc_clean(str->data, str->max, n); + if (ret == NULL) { + BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE); + len = 0; +diff --git a/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c b/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c +index a58454a..bf933e0 100644 +--- a/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c ++++ b/Cryptlib/OpenSSL/crypto/cmac/cm_ameth.c +@@ -1,17 +1,61 @@ + /* +- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2010. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/asn1_int.h" ++#include "asn1_locl.h" + + /* + * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output +@@ -25,8 +69,9 @@ static int cmac_size(const EVP_PKEY *pkey) + + static void cmac_key_free(EVP_PKEY *pkey) + { +- CMAC_CTX *cmctx = EVP_PKEY_get0(pkey); +- CMAC_CTX_free(cmctx); ++ CMAC_CTX *cmctx = (CMAC_CTX *)pkey->pkey.ptr; ++ if (cmctx) ++ CMAC_CTX_free(cmctx); + } + + const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { +@@ -42,7 +87,7 @@ const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { + 0, 0, 0, + + cmac_size, +- 0, 0, ++ 0, + 0, 0, 0, 0, 0, 0, 0, + + cmac_key_free, +diff --git a/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c b/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c +index 10748f1..a2300df 100644 +--- a/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c ++++ b/Cryptlib/OpenSSL/crypto/cmac/cm_pmeth.c +@@ -1,26 +1,70 @@ + /* +- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2010. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/evp_int.h" ++#include "evp_locl.h" + + /* The context structure and "key" is simply a CMAC_CTX */ + + static int pkey_cmac_init(EVP_PKEY_CTX *ctx) + { + ctx->data = CMAC_CTX_new(); +- if (ctx->data == NULL) ++ if (!ctx->data) + return 0; + ctx->keygen_info_count = 0; + return 1; +@@ -44,7 +88,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + CMAC_CTX *cmkey = CMAC_CTX_new(); + CMAC_CTX *cmctx = ctx->data; +- if (cmkey == NULL) ++ if (!cmkey) + return 0; + if (!CMAC_CTX_copy(cmkey, cmctx)) { + CMAC_CTX_free(cmkey); +@@ -57,7 +101,7 @@ static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + + static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count)) ++ if (!CMAC_Update(ctx->pctx->data, data, count)) + return 0; + return 1; + } +@@ -65,7 +109,7 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) + static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) + { + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); +- EVP_MD_CTX_set_update_fn(mctx, int_update); ++ mctx->update = int_update; + return 1; + } + +@@ -113,17 +157,28 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx, + if (!value) { + return 0; + } +- if (strcmp(type, "cipher") == 0) { ++ if (!strcmp(type, "key")) { ++ void *p = (void *)value; ++ return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p); ++ } ++ if (!strcmp(type, "cipher")) { + const EVP_CIPHER *c; + c = EVP_get_cipherbyname(value); + if (!c) + return 0; + return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c); + } +- if (strcmp(type, "key") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); +- if (strcmp(type, "hexkey") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); ++ if (!strcmp(type, "hexkey")) { ++ unsigned char *key; ++ int r; ++ long keylen; ++ key = string_to_hex(value, &keylen); ++ if (!key) ++ return 0; ++ r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); ++ OPENSSL_free(key); ++ return r; ++ } + return -2; + } + +diff --git a/Cryptlib/OpenSSL/crypto/cmac/cmac.c b/Cryptlib/OpenSSL/crypto/cmac/cmac.c +index c4f13a0..2954b6e 100644 +--- a/Cryptlib/OpenSSL/crypto/cmac/cmac.c ++++ b/Cryptlib/OpenSSL/crypto/cmac/cmac.c +@@ -1,21 +1,70 @@ ++/* crypto/cmac/cmac.c */ + /* +- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ + struct CMAC_CTX_st { + /* Cipher context to use */ +- EVP_CIPHER_CTX *cctx; ++ EVP_CIPHER_CTX cctx; + /* Keys k1 and k2 */ + unsigned char k1[EVP_MAX_BLOCK_LENGTH]; + unsigned char k2[EVP_MAX_BLOCK_LENGTH]; +@@ -29,38 +78,40 @@ struct CMAC_CTX_st { + + /* Make temporary keys K1 and K2 */ + +-static void make_kn(unsigned char *k1, const unsigned char *l, int bl) ++static void make_kn(unsigned char *k1, unsigned char *l, int bl) + { + int i; +- unsigned char c = l[0], carry = c >> 7, cnext; +- + /* Shift block to left, including carry */ +- for (i = 0; i < bl - 1; i++, c = cnext) +- k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7); +- ++ for (i = 0; i < bl; i++) { ++ k1[i] = l[i] << 1; ++ if (i < bl - 1 && l[i + 1] & 0x80) ++ k1[i] |= 1; ++ } + /* If MSB set fixup with R */ +- k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b)); ++ if (l[0] & 0x80) ++ k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; + } + + CMAC_CTX *CMAC_CTX_new(void) + { + CMAC_CTX *ctx; +- +- ctx = OPENSSL_malloc(sizeof(*ctx)); +- if (ctx == NULL) +- return NULL; +- ctx->cctx = EVP_CIPHER_CTX_new(); +- if (ctx->cctx == NULL) { +- OPENSSL_free(ctx); ++ ctx = OPENSSL_malloc(sizeof(CMAC_CTX)); ++ if (!ctx) + return NULL; +- } ++ EVP_CIPHER_CTX_init(&ctx->cctx); + ctx->nlast_block = -1; + return ctx; + } + + void CMAC_CTX_cleanup(CMAC_CTX *ctx) + { +- EVP_CIPHER_CTX_free(ctx->cctx); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->cctx.engine) { ++ FIPS_cmac_ctx_cleanup(ctx); ++ return; ++ } ++#endif ++ EVP_CIPHER_CTX_cleanup(&ctx->cctx); + OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH); + OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH); + OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH); +@@ -70,7 +121,7 @@ void CMAC_CTX_cleanup(CMAC_CTX *ctx) + + EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) + { +- return ctx->cctx; ++ return &ctx->cctx; + } + + void CMAC_CTX_free(CMAC_CTX *ctx) +@@ -86,9 +137,9 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) + int bl; + if (in->nlast_block == -1) + return 0; +- if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx)) ++ if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) + return 0; +- bl = EVP_CIPHER_CTX_block_size(in->cctx); ++ bl = EVP_CIPHER_CTX_block_size(&in->cctx); + memcpy(out->k1, in->k1, bl); + memcpy(out->k2, in->k2, bl); + memcpy(out->tbl, in->tbl, bl); +@@ -100,38 +151,62 @@ int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) + int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl) + { +- static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 }; ++ static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ /* If we have an ENGINE need to allow non FIPS */ ++ if ((impl || ctx->cctx.engine) ++ && !(ctx->cctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_CMAC_INIT, EVP_R_DISABLED_FOR_FIPS); ++ return 0; ++ } ++ ++ /* Switch to FIPS cipher implementation if possible */ ++ if (cipher != NULL) { ++ const EVP_CIPHER *fcipher; ++ fcipher = FIPS_get_cipherbynid(EVP_CIPHER_nid(cipher)); ++ if (fcipher != NULL) ++ cipher = fcipher; ++ } ++ /* ++ * Other algorithm blocking will be done in FIPS_cmac_init, via ++ * FIPS_cipherinit(). ++ */ ++ if (!impl && !ctx->cctx.engine) ++ return FIPS_cmac_init(ctx, key, keylen, cipher, NULL); ++ } ++#endif + /* All zeros means restart */ + if (!key && !cipher && !impl && keylen == 0) { + /* Not initialised */ + if (ctx->nlast_block == -1) + return 0; +- if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) ++ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + return 0; +- memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx)); ++ memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx)); + ctx->nlast_block = 0; + return 1; + } +- /* Initialise context */ +- if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL)) ++ /* Initialiase context */ ++ if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + /* Non-NULL key means initialisation complete */ + if (key) { + int bl; +- if (!EVP_CIPHER_CTX_cipher(ctx->cctx)) ++ if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) + return 0; +- if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen)) ++ if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) + return 0; +- if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv)) ++ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) + return 0; +- bl = EVP_CIPHER_CTX_block_size(ctx->cctx); +- if (!EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl)) ++ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); ++ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) + return 0; + make_kn(ctx->k1, ctx->tbl, bl); + make_kn(ctx->k2, ctx->k1, bl); + OPENSSL_cleanse(ctx->tbl, bl); + /* Reset context again ready for first data block */ +- if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv)) ++ if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + return 0; + /* Zero tbl so resume works */ + memset(ctx->tbl, 0, bl); +@@ -144,11 +219,15 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) + { + const unsigned char *data = in; + size_t bl; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->cctx.engine) ++ return FIPS_cmac_update(ctx, in, dlen); ++#endif + if (ctx->nlast_block == -1) + return 0; + if (dlen == 0) + return 1; +- bl = EVP_CIPHER_CTX_block_size(ctx->cctx); ++ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + /* Copy into partial block if we need to */ + if (ctx->nlast_block > 0) { + size_t nleft; +@@ -163,12 +242,12 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) + return 1; + data += nleft; + /* Else not final block so encrypt it */ +- if (!EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl)) ++ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl)) + return 0; + } + /* Encrypt all but one of the complete blocks left */ + while (dlen > bl) { +- if (!EVP_Cipher(ctx->cctx, ctx->tbl, data, bl)) ++ if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) + return 0; + dlen -= bl; + data += bl; +@@ -183,9 +262,13 @@ int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) + int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) + { + int i, bl, lb; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->cctx.engine) ++ return FIPS_cmac_final(ctx, out, poutlen); ++#endif + if (ctx->nlast_block == -1) + return 0; +- bl = EVP_CIPHER_CTX_block_size(ctx->cctx); ++ bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + *poutlen = (size_t)bl; + if (!out) + return 1; +@@ -201,7 +284,7 @@ int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) + for (i = 0; i < bl; i++) + out[i] = ctx->last_block[i] ^ ctx->k2[i]; + } +- if (!EVP_Cipher(ctx->cctx, out, out, bl)) { ++ if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { + OPENSSL_cleanse(out, bl); + return 0; + } +@@ -213,11 +296,11 @@ int CMAC_resume(CMAC_CTX *ctx) + if (ctx->nlast_block == -1) + return 0; + /* +- * The buffer "tbl" contains the last fully encrypted block which is the ++ * The buffer "tbl" containes the last fully encrypted block which is the + * last IV (or all zeroes if no last encrypted block). The last block has +- * not been modified since CMAC_final(). So reinitialising using the last ++ * not been modified since CMAC_final(). So reinitliasing using the last + * decrypted block will allow CMAC to continue after calling + * CMAC_Final(). + */ +- return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl); ++ return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); + } +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +new file mode 100644 +index 0000000..e9aabbd +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/comp/c_rle.c +@@ -0,0 +1,62 @@ ++#include ++#include ++#include ++#include ++#include ++ ++static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); ++static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); ++ ++static COMP_METHOD rle_method = { ++ NID_rle_compression, ++ LN_rle_compression, ++ NULL, ++ NULL, ++ rle_compress_block, ++ rle_expand_block, ++ NULL, ++ NULL, ++}; ++ ++COMP_METHOD *COMP_rle(void) ++{ ++ return (&rle_method); ++} ++ ++static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ /* int i; */ ++ ++ if (ilen == 0 || olen < (ilen - 1)) { ++ /* ZZZZZZZZZZZZZZZZZZZZZZ */ ++ return (-1); ++ } ++ ++ *(out++) = 0; ++ memcpy(out, in, ilen); ++ return (ilen + 1); ++} ++ ++static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ int i; ++ ++ if (olen < (ilen - 1)) { ++ /* ZZZZZZZZZZZZZZZZZZZZZZ */ ++ return (-1); ++ } ++ ++ i = *(in++); ++ if (i == 0) { ++ memcpy(out, in, ilen - 1); ++ } ++ return (ilen - 1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +index 2f38c2e..9c32614 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c ++++ b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c +@@ -1,21 +1,9 @@ +-/* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + #include + #include + #include + #include +-#include "internal/comp.h" ++#include + #include +-#include "internal/cryptlib_int.h" +-#include "internal/bio.h" +-#include "comp_lcl.h" + + COMP_METHOD *COMP_zlib(void); + +@@ -26,6 +14,8 @@ static COMP_METHOD zlib_method_nozlib = { + NULL, + NULL, + NULL, ++ NULL, ++ NULL, + }; + + #ifndef ZLIB +@@ -43,12 +33,14 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, + unsigned int ilen); + +-/* memory allocations functions for zlib initialisation */ ++/* memory allocations functions for zlib intialization */ + static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size) + { + void *p; + +- p = OPENSSL_zalloc(no * size); ++ p = OPENSSL_malloc(no * size); ++ if (p) ++ memset(p, 0, no * size); + return p; + } + +@@ -57,6 +49,28 @@ static void zlib_zfree(void *opaque, void *address) + OPENSSL_free(address); + } + ++# if 0 ++static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); ++static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen); ++ ++static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, ++ uLong sourceLen); ++ ++static COMP_METHOD zlib_stateless_method = { ++ NID_zlib_compression, ++ LN_zlib_compression, ++ NULL, ++ NULL, ++ zlib_compress_block, ++ zlib_expand_block, ++ NULL, ++ NULL, ++}; ++# endif + + static COMP_METHOD zlib_stateful_method = { + NID_zlib_compression, +@@ -64,7 +78,9 @@ static COMP_METHOD zlib_stateful_method = { + zlib_stateful_init, + zlib_stateful_finish, + zlib_stateful_compress_block, +- zlib_stateful_expand_block ++ zlib_stateful_expand_block, ++ NULL, ++ NULL, + }; + + /* +@@ -79,7 +95,7 @@ static COMP_METHOD zlib_stateful_method = { + * OPENSSL_SYS_WIN32) */ + + # ifdef ZLIB_SHARED +-# include "internal/dso.h" ++# include + + /* Function pointers */ + typedef int (*compress_ft) (Bytef *dest, uLongf * destLen, +@@ -120,10 +136,13 @@ struct zlib_state { + z_stream ostream; + }; + ++static int zlib_stateful_ex_idx = -1; ++ + static int zlib_stateful_init(COMP_CTX *ctx) + { + int err; +- struct zlib_state *state = OPENSSL_zalloc(sizeof(*state)); ++ struct zlib_state *state = ++ (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state)); + + if (state == NULL) + goto err; +@@ -133,6 +152,8 @@ static int zlib_stateful_init(COMP_CTX *ctx) + state->istream.opaque = Z_NULL; + state->istream.next_in = Z_NULL; + state->istream.next_out = Z_NULL; ++ state->istream.avail_in = 0; ++ state->istream.avail_out = 0; + err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream)); + if (err != Z_OK) + goto err; +@@ -142,24 +163,31 @@ static int zlib_stateful_init(COMP_CTX *ctx) + state->ostream.opaque = Z_NULL; + state->ostream.next_in = Z_NULL; + state->ostream.next_out = Z_NULL; ++ state->ostream.avail_in = 0; ++ state->ostream.avail_out = 0; + err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION, + ZLIB_VERSION, sizeof(z_stream)); + if (err != Z_OK) + goto err; + +- ctx->data = state; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); ++ CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state); + return 1; + err: +- OPENSSL_free(state); ++ if (state) ++ OPENSSL_free(state); + return 0; + } + + static void zlib_stateful_finish(COMP_CTX *ctx) + { +- struct zlib_state *state = ctx->data; ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); + inflateEnd(&state->istream); + deflateEnd(&state->ostream); + OPENSSL_free(state); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); + } + + static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, +@@ -167,7 +195,9 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, + unsigned int ilen) + { + int err = Z_OK; +- struct zlib_state *state = ctx->data; ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); + + if (state == NULL) + return -1; +@@ -180,6 +210,11 @@ static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, + err = deflate(&state->ostream, Z_SYNC_FLUSH); + if (err != Z_OK) + return -1; ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "compress(%4d)->%4d %s\n", ++ ilen, olen - state->ostream.avail_out, ++ (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear"); ++# endif + return olen - state->ostream.avail_out; + } + +@@ -188,7 +223,10 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int ilen) + { + int err = Z_OK; +- struct zlib_state *state = ctx->data; ++ ++ struct zlib_state *state = ++ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, ++ zlib_stateful_ex_idx); + + if (state == NULL) + return 0; +@@ -201,9 +239,105 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + err = inflate(&state->istream, Z_SYNC_FLUSH); + if (err != Z_OK) + return -1; ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "expand(%4d)->%4d %s\n", ++ ilen, olen - state->istream.avail_out, ++ (ilen != olen - state->istream.avail_out) ? "zlib" : "clear"); ++# endif + return olen - state->istream.avail_out; + } + ++# if 0 ++static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ unsigned long l; ++ int i; ++ int clear = 1; ++ ++ if (ilen > 128) { ++ out[0] = 1; ++ l = olen - 1; ++ i = compress(&(out[1]), &l, in, (unsigned long)ilen); ++ if (i != Z_OK) ++ return (-1); ++ if (ilen > l) { ++ clear = 0; ++ l++; ++ } ++ } ++ if (clear) { ++ out[0] = 0; ++ memcpy(&(out[1]), in, ilen); ++ l = ilen + 1; ++ } ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "compress(%4d)->%4d %s\n", ++ ilen, (int)l, (clear) ? "clear" : "zlib"); ++# endif ++ return ((int)l); ++} ++ ++static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, ++ unsigned int olen, unsigned char *in, ++ unsigned int ilen) ++{ ++ unsigned long l; ++ int i; ++ ++ if (in[0]) { ++ l = olen; ++ i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1); ++ if (i != Z_OK) ++ return (-1); ++ } else { ++ memcpy(out, &(in[1]), ilen - 1); ++ l = ilen - 1; ++ } ++# ifdef DEBUG_ZLIB ++ fprintf(stderr, "expand (%4d)->%4d %s\n", ++ ilen, (int)l, in[0] ? "zlib" : "clear"); ++# endif ++ return ((int)l); ++} ++ ++static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, ++ uLong sourceLen) ++{ ++ z_stream stream; ++ int err; ++ ++ stream.next_in = (Bytef *)source; ++ stream.avail_in = (uInt) sourceLen; ++ /* Check for source > 64K on 16-bit machine: */ ++ if ((uLong) stream.avail_in != sourceLen) ++ return Z_BUF_ERROR; ++ ++ stream.next_out = dest; ++ stream.avail_out = (uInt) * destLen; ++ if ((uLong) stream.avail_out != *destLen) ++ return Z_BUF_ERROR; ++ ++ stream.zalloc = (alloc_func) 0; ++ stream.zfree = (free_func) 0; ++ ++ err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream)); ++ if (err != Z_OK) ++ return err; ++ ++ err = inflate(&stream, Z_FINISH); ++ if (err != Z_STREAM_END) { ++ inflateEnd(&stream); ++ return err; ++ } ++ *destLen = stream.total_out; ++ ++ err = inflateEnd(&stream); ++ return err; ++} ++# endif ++ + #endif + + COMP_METHOD *COMP_zlib(void) +@@ -211,19 +345,12 @@ COMP_METHOD *COMP_zlib(void) + COMP_METHOD *meth = &zlib_method_nozlib; + + #ifdef ZLIB_SHARED +- /* LIBZ may be externally defined, and we should respect that value */ +-# ifndef LIBZ +-# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +-# define LIBZ "ZLIB1" +-# elif defined(OPENSSL_SYS_VMS) +-# define LIBZ "LIBZ" +-# else +-# define LIBZ "z" +-# endif +-# endif +- + if (!zlib_loaded) { +- zlib_dso = DSO_load(NULL, LIBZ, NULL, 0); ++# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) ++ zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0); ++# else ++ zlib_dso = DSO_load(NULL, "z", NULL, 0); ++# endif + if (zlib_dso != NULL) { + p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress"); + p_inflateEnd +@@ -242,24 +369,39 @@ COMP_METHOD *COMP_zlib(void) + && p_inflateInit_ && p_deflateEnd + && p_deflate && p_deflateInit_ && p_zError) + zlib_loaded++; +- +- if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) { +- comp_zlib_cleanup_int(); +- return meth; +- } +- if (zlib_loaded) +- meth = &zlib_stateful_method; + } + } + #endif +-#if defined(ZLIB) +- meth = &zlib_stateful_method; ++#ifdef ZLIB_SHARED ++ if (zlib_loaded) ++#endif ++#if defined(ZLIB) || defined(ZLIB_SHARED) ++ { ++ /* ++ * init zlib_stateful_ex_idx here so that in a multi-process ++ * application it's enough to intialize openssl before forking (idx ++ * will be inherited in all the children) ++ */ ++ if (zlib_stateful_ex_idx == -1) { ++ CRYPTO_w_lock(CRYPTO_LOCK_COMP); ++ if (zlib_stateful_ex_idx == -1) ++ zlib_stateful_ex_idx = ++ CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, ++ 0, NULL, NULL, NULL, NULL); ++ CRYPTO_w_unlock(CRYPTO_LOCK_COMP); ++ if (zlib_stateful_ex_idx == -1) ++ goto err; ++ } ++ ++ meth = &zlib_stateful_method; ++ } ++ err: + #endif + + return (meth); + } + +-void comp_zlib_cleanup_int(void) ++void COMP_zlib_cleanup(void) + { + #ifdef ZLIB_SHARED + if (zlib_dso != NULL) +@@ -294,7 +436,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl); + static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); + static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); + +-static const BIO_METHOD bio_meth_zlib = { ++static BIO_METHOD bio_meth_zlib = { + BIO_TYPE_COMP, + "zlib", + bio_zlib_write, +@@ -307,7 +449,7 @@ static const BIO_METHOD bio_meth_zlib = { + bio_zlib_callback_ctrl + }; + +-const BIO_METHOD *BIO_f_zlib(void) ++BIO_METHOD *BIO_f_zlib(void) + { + return &bio_meth_zlib; + } +@@ -322,21 +464,32 @@ static int bio_zlib_new(BIO *bi) + return 0; + } + # endif +- ctx = OPENSSL_zalloc(sizeof(*ctx)); +- if (ctx == NULL) { ++ ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); ++ if (!ctx) { + COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); + return 0; + } ++ ctx->ibuf = NULL; ++ ctx->obuf = NULL; + ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->zin.zalloc = Z_NULL; + ctx->zin.zfree = Z_NULL; ++ ctx->zin.next_in = NULL; ++ ctx->zin.avail_in = 0; ++ ctx->zin.next_out = NULL; ++ ctx->zin.avail_out = 0; + ctx->zout.zalloc = Z_NULL; + ctx->zout.zfree = Z_NULL; ++ ctx->zout.next_in = NULL; ++ ctx->zout.avail_in = 0; ++ ctx->zout.next_out = NULL; ++ ctx->zout.avail_out = 0; ++ ctx->odone = 0; + ctx->comp_level = Z_DEFAULT_COMPRESSION; +- BIO_set_init(bi, 1); +- BIO_set_data(bi, ctx); +- ++ bi->init = 1; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; + return 1; + } + +@@ -345,7 +498,7 @@ static int bio_zlib_free(BIO *bi) + BIO_ZLIB_CTX *ctx; + if (!bi) + return 0; +- ctx = BIO_get_data(bi); ++ ctx = (BIO_ZLIB_CTX *) bi->ptr; + if (ctx->ibuf) { + /* Destroy decompress context */ + inflateEnd(&ctx->zin); +@@ -357,9 +510,9 @@ static int bio_zlib_free(BIO *bi) + OPENSSL_free(ctx->obuf); + } + OPENSSL_free(ctx); +- BIO_set_data(bi, NULL); +- BIO_set_init(bi, 0); +- ++ bi->ptr = NULL; ++ bi->init = 0; ++ bi->flags = 0; + return 1; + } + +@@ -368,16 +521,14 @@ static int bio_zlib_read(BIO *b, char *out, int outl) + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zin; +- BIO *next = BIO_next(b); +- + if (!out || !outl) + return 0; +- ctx = BIO_get_data(b); ++ ctx = (BIO_ZLIB_CTX *) b->ptr; + zin = &ctx->zin; + BIO_clear_retry_flags(b); + if (!ctx->ibuf) { + ctx->ibuf = OPENSSL_malloc(ctx->ibufsize); +- if (ctx->ibuf == NULL) { ++ if (!ctx->ibuf) { + COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -407,7 +558,7 @@ static int bio_zlib_read(BIO *b, char *out, int outl) + * No data in input buffer try to read some in, if an error then + * return the total data read. + */ +- ret = BIO_read(next, ctx->ibuf, ctx->ibufsize); ++ ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); + if (ret <= 0) { + /* Total data read */ + int tot = outl - zin->avail_out; +@@ -426,11 +577,9 @@ static int bio_zlib_write(BIO *b, const char *in, int inl) + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; +- BIO *next = BIO_next(b); +- + if (!in || !inl) + return 0; +- ctx = BIO_get_data(b); ++ ctx = (BIO_ZLIB_CTX *) b->ptr; + if (ctx->odone) + return 0; + zout = &ctx->zout; +@@ -438,7 +587,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl) + if (!ctx->obuf) { + ctx->obuf = OPENSSL_malloc(ctx->obufsize); + /* Need error here */ +- if (ctx->obuf == NULL) { ++ if (!ctx->obuf) { + COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -454,7 +603,7 @@ static int bio_zlib_write(BIO *b, const char *in, int inl) + for (;;) { + /* If data in output buffer write it first */ + while (ctx->ocount) { +- ret = BIO_write(next, ctx->optr, ctx->ocount); ++ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if (ret <= 0) { + /* Total data written */ + int tot = inl - zout->avail_in; +@@ -493,9 +642,7 @@ static int bio_zlib_flush(BIO *b) + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; +- BIO *next = BIO_next(b); +- +- ctx = BIO_get_data(b); ++ ctx = (BIO_ZLIB_CTX *) b->ptr; + /* If no data written or already flush show success */ + if (!ctx->obuf || (ctx->odone && !ctx->ocount)) + return 1; +@@ -507,7 +654,7 @@ static int bio_zlib_flush(BIO *b) + for (;;) { + /* If data in output buffer write it first */ + while (ctx->ocount) { +- ret = BIO_write(next, ctx->optr, ctx->ocount); ++ ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if (ret <= 0) { + BIO_copy_next_retry(b); + return ret; +@@ -542,11 +689,9 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + BIO_ZLIB_CTX *ctx; + int ret, *ip; + int ibs, obs; +- BIO *next = BIO_next(b); +- +- if (next == NULL) ++ if (!b->next_bio) + return 0; +- ctx = BIO_get_data(b); ++ ctx = (BIO_ZLIB_CTX *) b->ptr; + switch (cmd) { + + case BIO_CTRL_RESET: +@@ -558,7 +703,7 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_FLUSH: + ret = bio_zlib_flush(b); + if (ret > 0) +- ret = BIO_flush(next); ++ ret = BIO_flush(b->next_bio); + break; + + case BIO_C_SET_BUFF_SIZE: +@@ -576,14 +721,18 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + } + + if (ibs != -1) { +- OPENSSL_free(ctx->ibuf); +- ctx->ibuf = NULL; ++ if (ctx->ibuf) { ++ OPENSSL_free(ctx->ibuf); ++ ctx->ibuf = NULL; ++ } + ctx->ibufsize = ibs; + } + + if (obs != -1) { +- OPENSSL_free(ctx->obuf); +- ctx->obuf = NULL; ++ if (ctx->obuf) { ++ OPENSSL_free(ctx->obuf); ++ ctx->obuf = NULL; ++ } + ctx->obufsize = obs; + } + ret = 1; +@@ -591,12 +740,12 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + + default: +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + + } +@@ -606,10 +755,9 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) + + static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { +- BIO *next = BIO_next(b); +- if (next == NULL) ++ if (!b->next_bio) + return 0; +- return BIO_callback_ctrl(next, cmd, fp); ++ return BIO_callback_ctrl(b->next_bio, cmd, fp); + } + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +index 8e2e695..8ca159b 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/comp_err.c ++++ b/Cryptlib/OpenSSL/crypto/comp/comp_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/comp/comp_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,10 +70,10 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) + + static ERR_STRING_DATA COMP_str_functs[] = { +- {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "bio_zlib_flush"}, +- {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "bio_zlib_new"}, +- {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "bio_zlib_read"}, +- {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "bio_zlib_write"}, ++ {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"}, ++ {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"}, ++ {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"}, ++ {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"}, + {0, NULL} + }; + +@@ -35,7 +86,7 @@ static ERR_STRING_DATA COMP_str_reasons[] = { + + #endif + +-int ERR_load_COMP_strings(void) ++void ERR_load_COMP_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -44,5 +95,4 @@ int ERR_load_COMP_strings(void) + ERR_load_strings(0, COMP_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lcl.h b/Cryptlib/OpenSSL/crypto/comp/comp_lcl.h +deleted file mode 100644 +index aa45fca..0000000 +--- a/Cryptlib/OpenSSL/crypto/comp/comp_lcl.h ++++ /dev/null +@@ -1,30 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-struct comp_method_st { +- int type; /* NID for compression library */ +- const char *name; /* A text string to identify the library */ +- int (*init) (COMP_CTX *ctx); +- void (*finish) (COMP_CTX *ctx); +- int (*compress) (COMP_CTX *ctx, +- unsigned char *out, unsigned int olen, +- unsigned char *in, unsigned int ilen); +- int (*expand) (COMP_CTX *ctx, +- unsigned char *out, unsigned int olen, +- unsigned char *in, unsigned int ilen); +-}; +- +-struct comp_ctx_st { +- struct comp_method_st *meth; +- unsigned long compress_in; +- unsigned long compress_out; +- unsigned long expand_in; +- unsigned long expand_out; +- void* data; +-}; +diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c +index 32afd0d..bd4eb7a 100644 +--- a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c +@@ -1,25 +1,18 @@ +-/* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + #include + #include + #include + #include + #include +-#include "comp_lcl.h" + + COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) + { + COMP_CTX *ret; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) ++ if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) { ++ /* ZZZZZZZZZZZZZZZZ */ + return (NULL); ++ } ++ memset(ret, 0, sizeof(COMP_CTX)); + ret->meth = meth; + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + OPENSSL_free(ret); +@@ -28,21 +21,6 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) + return (ret); + } + +-const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx) +-{ +- return ctx->meth; +-} +- +-int COMP_get_type(const COMP_METHOD *meth) +-{ +- return meth->type; +-} +- +-const char *COMP_get_name(const COMP_METHOD *meth) +-{ +- return meth->name; +-} +- + void COMP_CTX_free(COMP_CTX *ctx) + { + if (ctx == NULL) +@@ -59,6 +37,7 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + { + int ret; + if (ctx->meth->compress == NULL) { ++ /* ZZZZZZZZZZZZZZZZZ */ + return (-1); + } + ret = ctx->meth->compress(ctx, out, olen, in, ilen); +@@ -75,6 +54,7 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + int ret; + + if (ctx->meth->expand == NULL) { ++ /* ZZZZZZZZZZZZZZZZZ */ + return (-1); + } + ret = ctx->meth->expand(ctx, out, olen, in, ilen); +@@ -84,8 +64,3 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + } + return (ret); + } +- +-int COMP_CTX_get_type(const COMP_CTX* comp) +-{ +- return comp->meth ? comp->meth->type : NID_undef; +-} +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +index 5535416..4cf7553 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c +@@ -1,22 +1,81 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* conf_api.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* Part of the code in here was originally in conf.c, which is now removed */ + ++#ifndef CONF_DEBUG ++# undef NDEBUG /* avoid conflicting definitions */ ++# define NDEBUG ++#endif ++ ++#include + #include + #include + #include + #include + #include "e_os.h" + +-static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf); ++static void value_free_hash_doall_arg(CONF_VALUE *a, ++ LHASH_OF(CONF_VALUE) *conf); + static void value_free_stack_doall(CONF_VALUE *a); ++static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE, ++ LHASH_OF(CONF_VALUE)) ++static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE) + + /* Up until OpenSSL 0.9.5a, this was get_section */ + CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) +@@ -98,11 +157,35 @@ char *_CONF_get_string(const CONF *conf, const char *section, + return (getenv(name)); + } + ++#if 0 /* There's no way to provide error checking ++ * with this function, so force implementors ++ * of the higher levels to get a string and ++ * read the number themselves. */ ++long _CONF_get_number(CONF *conf, char *section, char *name) ++{ ++ char *str; ++ long ret = 0; ++ ++ str = _CONF_get_string(conf, section, name); ++ if (str == NULL) ++ return (0); ++ for (;;) { ++ if (conf->meth->is_number(conf, *str)) ++ ret = ret * 10 + conf->meth->to_int(conf, *str); ++ else ++ return (ret); ++ str++; ++ } ++} ++#endif ++ + static unsigned long conf_value_hash(const CONF_VALUE *v) + { +- return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name); ++ return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name); + } + ++static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE) ++ + static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) + { + int i; +@@ -122,42 +205,43 @@ static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) + return ((a->name == NULL) ? -1 : 1); + } + ++static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE) ++ + int _CONF_new_data(CONF *conf) + { + if (conf == NULL) { + return 0; + } +- if (conf->data == NULL) { +- conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp); +- if (conf->data == NULL) ++ if (conf->data == NULL) ++ if ((conf->data = lh_CONF_VALUE_new()) == NULL) { + return 0; +- } ++ } + return 1; + } + +-typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE; +- +-IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE); +- + void _CONF_free_data(CONF *conf) + { + if (conf == NULL || conf->data == NULL) + return; + +- /* evil thing to make sure the 'OPENSSL_free()' works as expected */ +- lh_CONF_VALUE_set_down_load(conf->data, 0); +- lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data); ++ lh_CONF_VALUE_down_load(conf->data) = 0; /* evil thing to make * sure the ++ * 'OPENSSL_free()' works as * ++ * expected */ ++ lh_CONF_VALUE_doall_arg(conf->data, ++ LHASH_DOALL_ARG_FN(value_free_hash), ++ LHASH_OF(CONF_VALUE), conf->data); + + /* + * We now have only 'section' entries in the hash table. Due to problems + * with + */ + +- lh_CONF_VALUE_doall(conf->data, value_free_stack_doall); ++ lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack)); + lh_CONF_VALUE_free(conf->data); + } + +-static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf) ++static void value_free_hash_doall_arg(CONF_VALUE *a, ++ LHASH_OF(CONF_VALUE) *conf) + { + if (a->name != NULL) + (void)lh_CONF_VALUE_delete(conf, a); +@@ -179,7 +263,8 @@ static void value_free_stack_doall(CONF_VALUE *a) + OPENSSL_free(vv->name); + OPENSSL_free(vv); + } +- sk_CONF_VALUE_free(sk); ++ if (sk != NULL) ++ sk_CONF_VALUE_free(sk); + OPENSSL_free(a->section); + OPENSSL_free(a); + } +@@ -188,12 +273,12 @@ static void value_free_stack_doall(CONF_VALUE *a) + CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) + { + STACK_OF(CONF_VALUE) *sk = NULL; +- int i; ++ int ok = 0, i; + CONF_VALUE *v = NULL, *vv; + + if ((sk = sk_CONF_VALUE_new_null()) == NULL) + goto err; +- if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) ++ if ((v = OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) + goto err; + i = strlen(section) + 1; + if ((v->section = OPENSSL_malloc(i)) == NULL) +@@ -205,10 +290,16 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) + + vv = lh_CONF_VALUE_insert(conf->data, v); + OPENSSL_assert(vv == NULL); +- return v; +- ++ ok = 1; + err: +- sk_CONF_VALUE_free(sk); +- OPENSSL_free(v); +- return NULL; ++ if (!ok) { ++ if (sk != NULL) ++ sk_CONF_VALUE_free(sk); ++ if (v != NULL) ++ OPENSSL_free(v); ++ v = NULL; ++ } ++ return (v); + } ++ ++IMPLEMENT_STACK_OF(CONF_VALUE) +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +index 8861b3a..3d308c7 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c +@@ -1,17 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/conf/conf.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* Part of the code in here was originally in conf.c, which is now removed */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -39,6 +88,8 @@ static int def_dump(const CONF *conf, BIO *bp); + static int def_is_number(const CONF *conf, char c); + static int def_to_int(const CONF *conf, char c); + ++const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT; ++ + static CONF_METHOD default_method = { + "OpenSSL default", + def_create, +@@ -79,8 +130,8 @@ static CONF *def_create(CONF_METHOD *meth) + { + CONF *ret; + +- ret = OPENSSL_malloc(sizeof(*ret)); +- if (ret != NULL) ++ ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); ++ if (ret) + if (meth->init(ret) == 0) { + OPENSSL_free(ret); + ret = NULL; +@@ -94,7 +145,7 @@ static int def_init_default(CONF *conf) + return 0; + + conf->meth = &default_method; +- conf->meth_data = (void *)CONF_type_default; ++ conf->meth_data = CONF_type_default; + conf->data = NULL; + + return 1; +@@ -131,6 +182,10 @@ static int def_destroy_data(CONF *conf) + + static int def_load(CONF *conf, const char *name, long *line) + { ++#ifdef OPENSSL_NO_STDIO ++ CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB); ++ return 0; ++#else + int ret; + BIO *in = NULL; + +@@ -151,6 +206,7 @@ static int def_load(CONF *conf, const char *name, long *line) + BIO_free(in); + + return ret; ++#endif + } + + static int def_load_bio(CONF *conf, BIO *in, long *line) +@@ -174,7 +230,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) + goto err; + } + +- section = OPENSSL_strdup("default"); ++ section = BUF_strdup("default"); + if (section == NULL) { + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + goto err; +@@ -305,19 +361,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) + p++; + *p = '\0'; + +- if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) { ++ if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) { + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } + if (psection == NULL) + psection = section; +- v->name = OPENSSL_malloc(strlen(pname) + 1); ++ v->name = (char *)OPENSSL_malloc(strlen(pname) + 1); + v->value = NULL; + if (v->name == NULL) { + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } +- OPENSSL_strlcpy(v->name, pname, strlen(pname) + 1); ++ BUF_strlcpy(v->name, pname, strlen(pname) + 1); + if (!str_copy(conf, psection, &(v->value), start)) + goto err; + +@@ -332,31 +388,53 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) + } + } else + tv = sv; ++#if 1 + if (_CONF_add_string(conf, tv, v) == 0) { + CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } ++#else ++ v->section = tv->section; ++ if (!sk_CONF_VALUE_push(ts, v)) { ++ CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ vv = (CONF_VALUE *)lh_insert(conf->data, v); ++ if (vv != NULL) { ++ sk_CONF_VALUE_delete_ptr(ts, vv); ++ OPENSSL_free(vv->name); ++ OPENSSL_free(vv->value); ++ OPENSSL_free(vv); ++ } ++#endif + v = NULL; + } + } +- BUF_MEM_free(buff); +- OPENSSL_free(section); ++ if (buff != NULL) ++ BUF_MEM_free(buff); ++ if (section != NULL) ++ OPENSSL_free(section); + return (1); + err: +- BUF_MEM_free(buff); +- OPENSSL_free(section); ++ if (buff != NULL) ++ BUF_MEM_free(buff); ++ if (section != NULL) ++ OPENSSL_free(section); + if (line != NULL) + *line = eline; + BIO_snprintf(btmp, sizeof btmp, "%ld", eline); + ERR_add_error_data(2, "line ", btmp); +- if (h != conf->data) { ++ if ((h != conf->data) && (conf->data != NULL)) { + CONF_free(conf->data); + conf->data = NULL; + } + if (v != NULL) { +- OPENSSL_free(v->name); +- OPENSSL_free(v->value); +- OPENSSL_free(v); ++ if (v->name != NULL) ++ OPENSSL_free(v->name); ++ if (v->value != NULL) ++ OPENSSL_free(v->value); ++ if (v != NULL) ++ OPENSSL_free(v); + } + return (0); + } +@@ -536,12 +614,14 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) + buf->data[to++] = *(from++); + } + buf->data[to] = '\0'; +- OPENSSL_free(*pto); ++ if (*pto != NULL) ++ OPENSSL_free(*pto); + *pto = buf->data; + OPENSSL_free(buf); + return (1); + err: +- BUF_MEM_free(buf); ++ if (buf != NULL) ++ BUF_MEM_free(buf); + return (0); + } + +@@ -603,7 +683,7 @@ static char *scan_dquote(CONF *conf, char *p) + return (p); + } + +-static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) ++static void dump_value_doall_arg(CONF_VALUE *a, BIO *out) + { + if (a->name) + BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); +@@ -611,11 +691,12 @@ static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out) + BIO_printf(out, "[[%s]]\n", a->section); + } + +-IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO); ++static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO) + + static int def_dump(const CONF *conf, BIO *out) + { +- lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out); ++ lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), ++ BIO, out); + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.h b/Cryptlib/OpenSSL/crypto/conf/conf_def.h +index da4767e..48b3442 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.h ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.h +@@ -1,12 +1,64 @@ +-/* +- * WARNING: do not edit! +- * Generated by crypto/conf/keysets.pl ++/* crypto/conf/conf_def.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++/* ++ * THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to ++ * regenerate it. + */ + + #define CONF_NUMBER 1 +@@ -27,38 +79,38 @@ + #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \ + CONF_PUNCTUATION) + +-#define KEYTYPES(c) ((const unsigned short *)((c)->meth_data)) ++#define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) + #ifndef CHARSET_EBCDIC +-# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) +-# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) +-# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) +-# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) +-# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) +-# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) +-# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) ++# define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) ++# define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) ++# define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) ++# define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) ++# define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) ++# define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) ++# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) + # define IS_ALPHA_NUMERIC_PUNCT(c,a) \ + (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) +-# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) +-# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) +-# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) ++# define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) ++# define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) ++# define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) + +-#else /* CHARSET_EBCDIC */ ++#else /*CHARSET_EBCDIC*/ + +-# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_COMMENT) +-# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_FCOMMENT) +-# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_EOF) +-# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ESC) +-# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_NUMBER) +-# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_WS) +-# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC) ++# define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) ++# define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) ++# define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) ++# define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) ++# define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) ++# define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) ++# define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) + # define IS_ALPHA_NUMERIC_PUNCT(c,a) \ +- (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_ALPHA_NUMERIC_PUNCT) +-# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_QUOTE) +-# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_DQUOTE) +-# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a & 0xff]]&CONF_HIGHBIT) +-#endif /* CHARSET_EBCDIC */ ++ (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) ++# define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) ++# define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) ++# define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) ++#endif /*CHARSET_EBCDIC*/ + +-static const unsigned short CONF_type_default[256] = { ++static unsigned short CONF_type_default[256] = { + 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, + 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, +@@ -93,7 +145,7 @@ static const unsigned short CONF_type_default[256] = { + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + }; + +-static const unsigned short CONF_type_win32[256] = { ++static unsigned short CONF_type_win32[256] = { + 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, + 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +index b583c05..bb5e2fe 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_err.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/conf/conf_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -21,15 +72,18 @@ + static ERR_STRING_DATA CONF_str_functs[] = { + {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"}, + {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"}, ++ {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"}, + {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"}, ++ {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"}, + {ERR_FUNC(CONF_F_CONF_PARSE_LIST), "CONF_parse_list"}, +- {ERR_FUNC(CONF_F_DEF_LOAD), "def_load"}, +- {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "def_load_bio"}, +- {ERR_FUNC(CONF_F_MODULE_INIT), "module_init"}, +- {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "module_load_dso"}, +- {ERR_FUNC(CONF_F_MODULE_RUN), "module_run"}, ++ {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"}, ++ {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"}, ++ {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"}, ++ {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"}, ++ {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"}, + {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"}, + {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"}, ++ {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"}, + {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"}, + {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"}, + {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"}, +@@ -37,7 +91,7 @@ static ERR_STRING_DATA CONF_str_functs[] = { + {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"}, + {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"}, + {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"}, +- {ERR_FUNC(CONF_F_STR_COPY), "str_copy"}, ++ {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"}, + {0, NULL} + }; + +@@ -47,6 +101,7 @@ static ERR_STRING_DATA CONF_str_reasons[] = { + {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), + "missing close square bracket"}, + {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"}, ++ {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"}, + {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"}, + {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR), + "module initialization error"}, +@@ -66,7 +121,7 @@ static ERR_STRING_DATA CONF_str_reasons[] = { + + #endif + +-int ERR_load_CONF_strings(void) ++void ERR_load_CONF_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -75,5 +130,4 @@ int ERR_load_CONF_strings(void) + ERR_load_strings(0, CONF_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +index 3532114..952b545 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c +@@ -1,21 +1,70 @@ ++/* conf_lib.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include +-#include + #include + #include + #include + #include + #include +-#include "e_os.h" ++ ++const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT; + + static CONF_METHOD *default_CONF_method = NULL; + +@@ -41,6 +90,7 @@ int CONF_set_default_method(CONF_METHOD *meth) + return 1; + } + ++#ifndef OPENSSL_NO_STDIO + LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline) + { +@@ -62,14 +112,15 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + + return ltmp; + } ++#endif + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline) + { + BIO *btmp; + LHASH_OF(CONF_VALUE) *ltmp; +- if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { ++ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { + CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB); + return NULL; + } +@@ -145,13 +196,13 @@ void CONF_free(LHASH_OF(CONF_VALUE) *conf) + NCONF_free_data(&ctmp); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) + { + BIO *btmp; + int ret; + +- if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { ++ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { + CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB); + return 0; + } +@@ -206,6 +257,7 @@ void NCONF_free_data(CONF *conf) + conf->meth->destroy_data(conf); + } + ++#ifndef OPENSSL_NO_STDIO + int NCONF_load(CONF *conf, const char *file, long *eline) + { + if (conf == NULL) { +@@ -215,13 +267,14 @@ int NCONF_load(CONF *conf, const char *file, long *eline) + + return conf->meth->load(conf, file, eline); + } ++#endif + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) + { + BIO *btmp; + int ret; +- if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { ++ if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { + CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB); + return 0; + } +@@ -300,12 +353,12 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + return 1; + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int NCONF_dump_fp(const CONF *conf, FILE *out) + { + BIO *btmp; + int ret; +- if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { ++ if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { + CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB); + return 0; + } +@@ -325,41 +378,18 @@ int NCONF_dump_bio(const CONF *conf, BIO *out) + return conf->meth->dump(conf, out); + } + +-/* +- * These routines call the C malloc/free, to avoid intermixing with +- * OpenSSL function pointers before the library is initialized. +- */ +-OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void) +-{ +- OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret)); +- +- if (ret != NULL) +- memset(ret, 0, sizeof(*ret)); +- return ret; +-} +- +- +-#ifndef OPENSSL_NO_STDIO +-int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings, +- const char *appname) ++/* This function should be avoided */ ++#if 0 ++long NCONF_get_number(CONF *conf, char *group, char *name) + { +- char *newappname = NULL; ++ int status; ++ long ret = 0; + +- if (appname != NULL) { +- newappname = strdup(appname); +- if (newappname == NULL) +- return 0; ++ status = NCONF_get_number_e(conf, group, name, &ret); ++ if (status == 0) { ++ /* This function does not believe in errors... */ ++ ERR_get_error(); + } +- +- free(settings->appname); +- settings->appname = newappname; +- +- return 1; ++ return ret; + } + #endif +- +-void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings) +-{ +- free(settings->appname); +- free(settings); +-} +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +index 4e7a434..b4dbd66 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c +@@ -1,19 +1,72 @@ ++/* conf_mall.c */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include ++#include + #include + #include +-#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + + /* Load all OpenSSL builtin modules */ + +@@ -21,7 +74,6 @@ void OPENSSL_load_builtin_modules(void) + { + /* Add builtin modules here */ + ASN1_add_oid_module(); +- ASN1_add_stable_module(); + #ifndef OPENSSL_NO_ENGINE + ENGINE_add_conf_module(); + #endif +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +index 31f838e..13d93ea 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c +@@ -1,18 +1,68 @@ ++/* conf_mod.c */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include +-#include "internal/cryptlib.h" +-#include "internal/conf.h" +-#include "internal/dso.h" ++#include "cryptlib.h" ++#include ++#include + #include + + #define DSO_mod_init_name "OPENSSL_init" +@@ -56,16 +106,16 @@ static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; + + static void module_free(CONF_MODULE *md); + static void module_finish(CONF_IMODULE *imod); +-static int module_run(const CONF *cnf, const char *name, const char *value, ++static int module_run(const CONF *cnf, char *name, char *value, + unsigned long flags); + static CONF_MODULE *module_add(DSO *dso, const char *name, + conf_init_func *ifunc, + conf_finish_func *ffunc); +-static CONF_MODULE *module_find(const char *name); +-static int module_init(CONF_MODULE *pmod, const char *name, const char *value, ++static CONF_MODULE *module_find(char *name); ++static int module_init(CONF_MODULE *pmod, char *name, char *value, + const CONF *cnf); +-static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name, +- const char *value); ++static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, ++ unsigned long flags); + + /* Main function: load modules from a CONF structure */ + +@@ -109,6 +159,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, + + } + ++#ifndef OPENSSL_NO_STDIO + int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags) + { +@@ -116,7 +167,7 @@ int CONF_modules_load_file(const char *filename, const char *appname, + CONF *conf = NULL; + int ret = 0; + conf = NCONF_new(NULL); +- if (conf == NULL) ++ if (!conf) + goto err; + + if (filename == NULL) { +@@ -144,8 +195,9 @@ int CONF_modules_load_file(const char *filename, const char *appname, + + return ret; + } ++#endif + +-static int module_run(const CONF *cnf, const char *name, const char *value, ++static int module_run(const CONF *cnf, char *name, char *value, + unsigned long flags) + { + CONF_MODULE *md; +@@ -155,7 +207,7 @@ static int module_run(const CONF *cnf, const char *name, const char *value, + + /* Module not found: try to load DSO */ + if (!md && !(flags & CONF_MFLAGS_NO_DSO)) +- md = module_load_dso(cnf, name, value); ++ md = module_load_dso(cnf, name, value, flags); + + if (!md) { + if (!(flags & CONF_MFLAGS_SILENT)) { +@@ -181,13 +233,13 @@ static int module_run(const CONF *cnf, const char *name, const char *value, + } + + /* Load a module from a DSO */ +-static CONF_MODULE *module_load_dso(const CONF *cnf, +- const char *name, const char *value) ++static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, ++ unsigned long flags) + { + DSO *dso = NULL; + conf_init_func *ifunc; + conf_finish_func *ffunc; +- const char *path = NULL; ++ char *path = NULL; + int errcode = 0; + CONF_MODULE *md; + /* Look for alternative path in module section */ +@@ -216,7 +268,8 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, + return md; + + err: +- DSO_free(dso); ++ if (dso) ++ DSO_free(dso); + CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); + ERR_add_error_data(4, "module=", name, ", path=", path); + return NULL; +@@ -231,21 +284,21 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, + supported_modules = sk_CONF_MODULE_new_null(); + if (supported_modules == NULL) + return NULL; +- tmod = OPENSSL_zalloc(sizeof(*tmod)); ++ tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); + if (tmod == NULL) + return NULL; + + tmod->dso = dso; +- tmod->name = OPENSSL_strdup(name); +- tmod->init = ifunc; +- tmod->finish = ffunc; ++ tmod->name = BUF_strdup(name); + if (tmod->name == NULL) { + OPENSSL_free(tmod); + return NULL; + } ++ tmod->init = ifunc; ++ tmod->finish = ffunc; ++ tmod->links = 0; + + if (!sk_CONF_MODULE_push(supported_modules, tmod)) { +- OPENSSL_free(tmod->name); + OPENSSL_free(tmod); + return NULL; + } +@@ -259,7 +312,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, + * initialized more than once. + */ + +-static CONF_MODULE *module_find(const char *name) ++static CONF_MODULE *module_find(char *name) + { + CONF_MODULE *tmod; + int i, nchar; +@@ -273,7 +326,7 @@ static CONF_MODULE *module_find(const char *name) + + for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { + tmod = sk_CONF_MODULE_value(supported_modules, i); +- if (strncmp(tmod->name, name, nchar) == 0) ++ if (!strncmp(tmod->name, name, nchar)) + return tmod; + } + +@@ -282,7 +335,7 @@ static CONF_MODULE *module_find(const char *name) + } + + /* initialize a module */ +-static int module_init(CONF_MODULE *pmod, const char *name, const char *value, ++static int module_init(CONF_MODULE *pmod, char *name, char *value, + const CONF *cnf) + { + int ret = 1; +@@ -290,13 +343,13 @@ static int module_init(CONF_MODULE *pmod, const char *name, const char *value, + CONF_IMODULE *imod = NULL; + + /* Otherwise add initialized module to list */ +- imod = OPENSSL_malloc(sizeof(*imod)); +- if (imod == NULL) ++ imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); ++ if (!imod) + goto err; + + imod->pmod = pmod; +- imod->name = OPENSSL_strdup(name); +- imod->value = OPENSSL_strdup(value); ++ imod->name = BUF_strdup(name); ++ imod->value = BUF_strdup(value); + imod->usr_data = NULL; + + if (!imod->name || !imod->value) +@@ -336,8 +389,10 @@ static int module_init(CONF_MODULE *pmod, const char *name, const char *value, + + memerr: + if (imod) { +- OPENSSL_free(imod->name); +- OPENSSL_free(imod->value); ++ if (imod->name) ++ OPENSSL_free(imod->name); ++ if (imod->value) ++ OPENSSL_free(imod->value); + OPENSSL_free(imod); + } + +@@ -375,7 +430,8 @@ void CONF_modules_unload(int all) + /* unload a single module */ + static void module_free(CONF_MODULE *md) + { +- DSO_free(md->dso); ++ if (md->dso) ++ DSO_free(md->dso); + OPENSSL_free(md->name); + OPENSSL_free(md); + } +@@ -397,8 +453,6 @@ void CONF_modules_finish(void) + + static void module_finish(CONF_IMODULE *imod) + { +- if (!imod) +- return; + if (imod->pmod->finish) + imod->pmod->finish(imod); + imod->pmod->links--; +@@ -418,7 +472,7 @@ int CONF_module_add(const char *name, conf_init_func *ifunc, + return 0; + } + +-void conf_modules_free_int(void) ++void CONF_modules_free(void) + { + CONF_modules_finish(); + CONF_modules_unload(1); +@@ -480,7 +534,7 @@ char *CONF_get1_default_config_file(void) + + file = getenv("OPENSSL_CONF"); + if (file) +- return OPENSSL_strdup(file); ++ return BUF_strdup(file); + + len = strlen(X509_get_default_cert_area()); + #ifndef OPENSSL_SYS_VMS +@@ -490,13 +544,13 @@ char *CONF_get1_default_config_file(void) + + file = OPENSSL_malloc(len + 1); + +- if (file == NULL) ++ if (!file) + return NULL; +- OPENSSL_strlcpy(file, X509_get_default_cert_area(), len + 1); ++ BUF_strlcpy(file, X509_get_default_cert_area(), len + 1); + #ifndef OPENSSL_SYS_VMS +- OPENSSL_strlcat(file, "/", len + 1); ++ BUF_strlcat(file, "/", len + 1); + #endif +- OPENSSL_strlcat(file, OPENSSL_CONF, len + 1); ++ BUF_strlcat(file, OPENSSL_CONF, len + 1); + + return file; + } +diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +index bed95ab..a25b636 100644 +--- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c ++++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c +@@ -1,19 +1,72 @@ ++/* conf_sap.c */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" +-#include ++#include "cryptlib.h" ++#include ++#include + #include + #include +-#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + + /* + * This is the automatic configuration loader: it is called automatically by +@@ -23,19 +76,7 @@ + + static int openssl_configured = 0; + +-#if OPENSSL_API_COMPAT < 0x10100000L +-void OPENSSL_config(const char *appname) +-{ +- OPENSSL_INIT_SETTINGS settings; +- +- memset(&settings, 0, sizeof(settings)); +- if (appname != NULL) +- settings.appname = strdup(appname); +- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings); +-} +-#endif +- +-void openssl_config_int(const char *appname) ++void OPENSSL_config(const char *config_name) + { + if (openssl_configured) + return; +@@ -46,15 +87,15 @@ void openssl_config_int(const char *appname) + ENGINE_load_builtin_engines(); + #endif + ERR_clear_error(); +-#ifndef OPENSSL_SYS_UEFI +- CONF_modules_load_file(NULL, appname, ++#ifndef OPENSSL_NO_STDIO ++ CONF_modules_load_file(NULL, config_name, + CONF_MFLAGS_DEFAULT_SECTION | + CONF_MFLAGS_IGNORE_MISSING_FILE); + #endif + openssl_configured = 1; + } + +-void openssl_no_config_int(void) ++void OPENSSL_no_config() + { + openssl_configured = 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/constant_time_locl.h b/Cryptlib/OpenSSL/crypto/constant_time_locl.h +new file mode 100644 +index 0000000..c786aea +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/constant_time_locl.h +@@ -0,0 +1,211 @@ ++/* crypto/constant_time_locl.h */ ++/*- ++ * Utilities for constant-time cryptography. ++ * ++ * Author: Emilia Kasper (emilia@openssl.org) ++ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley ++ * (Google). ++ * ==================================================================== ++ * Copyright (c) 2014 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#ifndef HEADER_CONSTANT_TIME_LOCL_H ++# define HEADER_CONSTANT_TIME_LOCL_H ++ ++# include "e_os.h" /* For 'inline' */ ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++/*- ++ * The boolean methods return a bitmask of all ones (0xff...f) for true ++ * and 0 for false. This is useful for choosing a value based on the result ++ * of a conditional in constant time. For example, ++ * ++ * if (a < b) { ++ * c = a; ++ * } else { ++ * c = b; ++ * } ++ * ++ * can be written as ++ * ++ * unsigned int lt = constant_time_lt(a, b); ++ * c = constant_time_select(lt, a, b); ++ */ ++ ++/* ++ * Returns the given value with the MSB copied to all the other ++ * bits. Uses the fact that arithmetic shift shifts-in the sign bit. ++ * However, this is not ensured by the C standard so you may need to ++ * replace this with something else on odd CPUs. ++ */ ++static inline unsigned int constant_time_msb(unsigned int a); ++ ++/* ++ * Returns 0xff..f if a < b and 0 otherwise. ++ */ ++static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_lt_8(unsigned int a, ++ unsigned int b); ++ ++/* ++ * Returns 0xff..f if a >= b and 0 otherwise. ++ */ ++static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_ge_8(unsigned int a, ++ unsigned int b); ++ ++/* ++ * Returns 0xff..f if a == 0 and 0 otherwise. ++ */ ++static inline unsigned int constant_time_is_zero(unsigned int a); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_is_zero_8(unsigned int a); ++ ++/* ++ * Returns 0xff..f if a == b and 0 otherwise. ++ */ ++static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_eq_8(unsigned int a, ++ unsigned int b); ++/* Signed integers. */ ++static inline unsigned int constant_time_eq_int(int a, int b); ++/* Convenience method for getting an 8-bit mask. */ ++static inline unsigned char constant_time_eq_int_8(int a, int b); ++ ++/*- ++ * Returns (mask & a) | (~mask & b). ++ * ++ * When |mask| is all 1s or all 0s (as returned by the methods above), ++ * the select methods return either |a| (if |mask| is nonzero) or |b| ++ * (if |mask| is zero). ++ */ ++static inline unsigned int constant_time_select(unsigned int mask, ++ unsigned int a, ++ unsigned int b); ++/* Convenience method for unsigned chars. */ ++static inline unsigned char constant_time_select_8(unsigned char mask, ++ unsigned char a, ++ unsigned char b); ++/* Convenience method for signed integers. */ ++static inline int constant_time_select_int(unsigned int mask, int a, int b); ++ ++static inline unsigned int constant_time_msb(unsigned int a) ++{ ++ return 0 - (a >> (sizeof(a) * 8 - 1)); ++} ++ ++static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) ++{ ++ return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); ++} ++ ++static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) ++{ ++ return (unsigned char)(constant_time_lt(a, b)); ++} ++ ++static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) ++{ ++ return ~constant_time_lt(a, b); ++} ++ ++static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) ++{ ++ return (unsigned char)(constant_time_ge(a, b)); ++} ++ ++static inline unsigned int constant_time_is_zero(unsigned int a) ++{ ++ return constant_time_msb(~a & (a - 1)); ++} ++ ++static inline unsigned char constant_time_is_zero_8(unsigned int a) ++{ ++ return (unsigned char)(constant_time_is_zero(a)); ++} ++ ++static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) ++{ ++ return constant_time_is_zero(a ^ b); ++} ++ ++static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) ++{ ++ return (unsigned char)(constant_time_eq(a, b)); ++} ++ ++static inline unsigned int constant_time_eq_int(int a, int b) ++{ ++ return constant_time_eq((unsigned)(a), (unsigned)(b)); ++} ++ ++static inline unsigned char constant_time_eq_int_8(int a, int b) ++{ ++ return constant_time_eq_8((unsigned)(a), (unsigned)(b)); ++} ++ ++static inline unsigned int constant_time_select(unsigned int mask, ++ unsigned int a, ++ unsigned int b) ++{ ++ return (mask & a) | (~mask & b); ++} ++ ++static inline unsigned char constant_time_select_8(unsigned char mask, ++ unsigned char a, ++ unsigned char b) ++{ ++ return (unsigned char)(constant_time_select(mask, a, b)); ++} ++ ++static inline int constant_time_select_int(unsigned int mask, int a, int b) ++{ ++ return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); ++} ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* HEADER_CONSTANT_TIME_LOCL_H */ +diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c +index c28dcf1..a513838 100644 +--- a/Cryptlib/OpenSSL/crypto/cpt_err.c ++++ b/Cryptlib/OpenSSL/crypto/cpt_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/cpt_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,30 +70,29 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) + + static ERR_STRING_DATA CRYPTO_str_functs[] = { +- {ERR_FUNC(CRYPTO_F_CRYPTO_DUP_EX_DATA), "CRYPTO_dup_ex_data"}, +- {ERR_FUNC(CRYPTO_F_CRYPTO_FREE_EX_DATA), "CRYPTO_free_ex_data"}, + {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, +- {ERR_FUNC(CRYPTO_F_CRYPTO_MEMDUP), "CRYPTO_memdup"}, +- {ERR_FUNC(CRYPTO_F_CRYPTO_NEW_EX_DATA), "CRYPTO_new_ex_data"}, ++ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, ++ {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, + {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, ++ {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, ++ {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, + {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"}, +- {ERR_FUNC(CRYPTO_F_GET_AND_LOCK), "get_and_lock"}, +- {ERR_FUNC(CRYPTO_F_OPENSSL_BUF2HEXSTR), "OPENSSL_buf2hexstr"}, +- {ERR_FUNC(CRYPTO_F_OPENSSL_HEXSTR2BUF), "OPENSSL_hexstr2buf"}, +- {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO), "OPENSSL_init_crypto"}, ++ {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, ++ {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, ++ {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, + {0, NULL} + }; + + static ERR_STRING_DATA CRYPTO_str_reasons[] = { + {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, +- {ERR_REASON(CRYPTO_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, +- {ERR_REASON(CRYPTO_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, ++ {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK), ++ "no dynlock create callback"}, + {0, NULL} + }; + + #endif + +-int ERR_load_CRYPTO_strings(void) ++void ERR_load_CRYPTO_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -51,5 +101,4 @@ int ERR_load_CRYPTO_strings(void) + ERR_load_strings(0, CRYPTO_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c +index 01b8ce5..da4b34d 100644 +--- a/Cryptlib/OpenSSL/crypto/cryptlib.c ++++ b/Cryptlib/OpenSSL/crypto/cryptlib.c +@@ -1,31 +1,682 @@ +-/* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/cryptlib.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ + /* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +-#include "internal/cryptlib_int.h" ++#include "cryptlib.h" + #include + ++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) ++static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */ ++#endif ++ ++DECLARE_STACK_OF(CRYPTO_dynlock) ++ ++/* real #defines in crypto.h, keep these upto date */ ++static const char *const lock_names[CRYPTO_NUM_LOCKS] = { ++ "<>", ++ "err", ++ "ex_data", ++ "x509", ++ "x509_info", ++ "x509_pkey", ++ "x509_crl", ++ "x509_req", ++ "dsa", ++ "rsa", ++ "evp_pkey", ++ "x509_store", ++ "ssl_ctx", ++ "ssl_cert", ++ "ssl_session", ++ "ssl_sess_cert", ++ "ssl", ++ "ssl_method", ++ "rand", ++ "rand2", ++ "debug_malloc", ++ "BIO", ++ "gethostbyname", ++ "getservbyname", ++ "readdir", ++ "RSA_blinding", ++ "dh", ++ "debug_malloc2", ++ "dso", ++ "dynlock", ++ "engine", ++ "ui", ++ "ecdsa", ++ "ec", ++ "ecdh", ++ "bn", ++ "ec_pre_comp", ++ "store", ++ "comp", ++ "fips", ++ "fips2", ++#if CRYPTO_NUM_LOCKS != 41 ++# error "Inconsistency between crypto.h and cryptlib.c" ++#endif ++}; ++ ++/* ++ * This is for applications to allocate new type names in the non-dynamic ++ * array of lock names. These are numbered with positive numbers. ++ */ ++static STACK_OF(OPENSSL_STRING) *app_locks = NULL; ++ ++/* ++ * For applications that want a more dynamic way of handling threads, the ++ * following stack is used. These are externally numbered with negative ++ * numbers. ++ */ ++static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL; ++ ++static void (MS_FAR *locking_callback) (int mode, int type, ++ const char *file, int line) = 0; ++static int (MS_FAR *add_lock_callback) (int *pointer, int amount, ++ int type, const char *file, ++ int line) = 0; ++#ifndef OPENSSL_NO_DEPRECATED ++static unsigned long (MS_FAR *id_callback) (void) = 0; ++#endif ++static void (MS_FAR *threadid_callback) (CRYPTO_THREADID *) = 0; ++static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) ++ (const char *file, int line) = 0; ++static void (MS_FAR *dynlock_lock_callback) (int mode, ++ struct CRYPTO_dynlock_value *l, ++ const char *file, int line) = 0; ++static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line) = 0; ++ ++int CRYPTO_get_new_lockid(char *name) ++{ ++ char *str; ++ int i; ++ ++#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) ++ /* ++ * A hack to make Visual C++ 5.0 work correctly when linking as a DLL ++ * using /MT. Without this, the application cannot use any floating point ++ * printf's. It also seems to be needed for Visual C 1.5 (win16) ++ */ ++ SSLeay_MSVC5_hack = (double)name[0] * (double)name[1]; ++#endif ++ ++ if ((app_locks == NULL) ++ && ((app_locks = sk_OPENSSL_STRING_new_null()) == NULL)) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ if ((str = BUF_strdup(name)) == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ i = sk_OPENSSL_STRING_push(app_locks, str); ++ if (!i) ++ OPENSSL_free(str); ++ else ++ i += CRYPTO_NUM_LOCKS; /* gap of one :-) */ ++ return (i); ++} ++ ++int CRYPTO_num_locks(void) ++{ ++ return CRYPTO_NUM_LOCKS; ++} ++ ++int CRYPTO_get_new_dynlockid(void) ++{ ++ int i = 0; ++ CRYPTO_dynlock *pointer = NULL; ++ ++ if (dynlock_create_callback == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ++ CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); ++ return (0); ++ } ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ if ((dyn_locks == NULL) ++ && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock)); ++ if (pointer == NULL) { ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ pointer->references = 1; ++ pointer->data = dynlock_create_callback(OPENSSL_FILE, OPENSSL_LINE); ++ if (pointer->data == NULL) { ++ OPENSSL_free(pointer); ++ CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ /* First, try to find an existing empty slot */ ++ i = sk_CRYPTO_dynlock_find(dyn_locks, NULL); ++ /* If there was none, push, thereby creating a new one */ ++ if (i == -1) ++ /* ++ * Since sk_push() returns the number of items on the stack, not the ++ * location of the pushed item, we need to transform the returned ++ * number into a position, by decreasing it. ++ */ ++ i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1; ++ else ++ /* ++ * If we found a place with a NULL pointer, put our pointer in it. ++ */ ++ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer); ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (i == -1) { ++ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE); ++ OPENSSL_free(pointer); ++ } else ++ i += 1; /* to avoid 0 */ ++ return -i; ++} ++ ++void CRYPTO_destroy_dynlockid(int i) ++{ ++ CRYPTO_dynlock *pointer = NULL; ++ if (i) ++ i = -i - 1; ++ if (dynlock_destroy_callback == NULL) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ return; ++ } ++ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); ++ if (pointer != NULL) { ++ --pointer->references; ++#ifdef REF_CHECK ++ if (pointer->references < 0) { ++ fprintf(stderr, ++ "CRYPTO_destroy_dynlockid, bad reference count\n"); ++ abort(); ++ } else ++#endif ++ if (pointer->references <= 0) { ++ (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); ++ } else ++ pointer = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (pointer) { ++ dynlock_destroy_callback(pointer->data, OPENSSL_FILE, OPENSSL_LINE); ++ OPENSSL_free(pointer); ++ } ++} ++ ++struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) ++{ ++ CRYPTO_dynlock *pointer = NULL; ++ if (i) ++ i = -i - 1; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) ++ pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); ++ if (pointer) ++ pointer->references++; ++ ++ CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); ++ ++ if (pointer) ++ return pointer->data; ++ return NULL; ++} ++ ++struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) ++ (const char *file, int line) { ++ return (dynlock_create_callback); ++} ++ ++void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode, ++ struct CRYPTO_dynlock_value ++ *l, const char *file, ++ int line) { ++ return (dynlock_lock_callback); ++} ++ ++void (*CRYPTO_get_dynlock_destroy_callback(void)) ++ (struct CRYPTO_dynlock_value *l, const char *file, int line) { ++ return (dynlock_destroy_callback); ++} ++ ++void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) ++ (const char *file, int line)) ++{ ++ dynlock_create_callback = func; ++} ++ ++void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode, ++ struct ++ CRYPTO_dynlock_value *l, ++ const char *file, ++ int line)) ++{ ++ dynlock_lock_callback = func; ++} ++ ++void CRYPTO_set_dynlock_destroy_callback(void (*func) ++ (struct CRYPTO_dynlock_value *l, ++ const char *file, int line)) ++{ ++ dynlock_destroy_callback = func; ++} ++ ++void (*CRYPTO_get_locking_callback(void)) (int mode, int type, ++ const char *file, int line) { ++ return (locking_callback); ++} ++ ++int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type, ++ const char *file, int line) { ++ return (add_lock_callback); ++} ++ ++void CRYPTO_set_locking_callback(void (*func) (int mode, int type, ++ const char *file, int line)) ++{ ++ /* ++ * Calling this here ensures initialisation before any threads are ++ * started. ++ */ ++ OPENSSL_init(); ++ locking_callback = func; ++} ++ ++void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type, ++ const char *file, int line)) ++{ ++ add_lock_callback = func; ++} ++ ++/* ++ * the memset() here and in set_pointer() seem overkill, but for the sake of ++ * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause ++ * two "equal" THREADID structs to not be memcmp()-identical. ++ */ ++void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val) ++{ ++ memset(id, 0, sizeof(*id)); ++ id->val = val; ++} ++ ++static const unsigned char hash_coeffs[] = { 3, 5, 7, 11, 13, 17, 19, 23 }; ++ ++void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) ++{ ++ unsigned char *dest = (void *)&id->val; ++ unsigned int accum = 0; ++ unsigned char dnum = sizeof(id->val); ++ ++ memset(id, 0, sizeof(*id)); ++ id->ptr = ptr; ++ if (sizeof(id->val) >= sizeof(id->ptr)) { ++ /* ++ * 'ptr' can be embedded in 'val' without loss of uniqueness ++ */ ++ id->val = (unsigned long)id->ptr; ++ return; ++ } ++ /* ++ * hash ptr ==> val. Each byte of 'val' gets the mod-256 total of a ++ * linear function over the bytes in 'ptr', the co-efficients of which ++ * are a sequence of low-primes (hash_coeffs is an 8-element cycle) - the ++ * starting prime for the sequence varies for each byte of 'val' (unique ++ * polynomials unless pointers are >64-bit). For added spice, the totals ++ * accumulate rather than restarting from zero, and the index of the ++ * 'val' byte is added each time (position dependence). If I was a ++ * black-belt, I'd scan big-endian pointers in reverse to give low-order ++ * bits more play, but this isn't crypto and I'd prefer nobody mistake it ++ * as such. Plus I'm lazy. ++ */ ++ while (dnum--) { ++ const unsigned char *src = (void *)&id->ptr; ++ unsigned char snum = sizeof(id->ptr); ++ while (snum--) ++ accum += *(src++) * hash_coeffs[(snum + dnum) & 7]; ++ accum += dnum; ++ *(dest++) = accum & 255; ++ } ++} ++ ++int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) ++{ ++ if (threadid_callback) ++ return 0; ++ threadid_callback = func; ++ return 1; ++} ++ ++void (*CRYPTO_THREADID_get_callback(void)) (CRYPTO_THREADID *) { ++ return threadid_callback; ++} ++ ++void CRYPTO_THREADID_current(CRYPTO_THREADID *id) ++{ ++ if (threadid_callback) { ++ threadid_callback(id); ++ return; ++ } ++#ifndef OPENSSL_NO_DEPRECATED ++ /* If the deprecated callback was set, fall back to that */ ++ if (id_callback) { ++ CRYPTO_THREADID_set_numeric(id, id_callback()); ++ return; ++ } ++#endif ++ /* Else pick a backup */ ++#ifdef OPENSSL_SYS_WIN16 ++ CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); ++#elif defined(OPENSSL_SYS_WIN32) ++ CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); ++#elif defined(OPENSSL_SYS_BEOS) ++ CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL)); ++#else ++ /* For everything else, default to using the address of 'errno' */ ++ CRYPTO_THREADID_set_pointer(id, (void *)&errno); ++#endif ++} ++ ++int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) ++{ ++ return memcmp(a, b, sizeof(*a)); ++} ++ ++void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) ++{ ++ memcpy(dest, src, sizeof(*src)); ++} ++ ++unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) ++{ ++ return id->val; ++} ++ ++#ifndef OPENSSL_NO_DEPRECATED ++unsigned long (*CRYPTO_get_id_callback(void)) (void) { ++ return (id_callback); ++} ++ ++void CRYPTO_set_id_callback(unsigned long (*func) (void)) ++{ ++ id_callback = func; ++} ++ ++unsigned long CRYPTO_thread_id(void) ++{ ++ unsigned long ret = 0; ++ ++ if (id_callback == NULL) { ++# ifdef OPENSSL_SYS_WIN16 ++ ret = (unsigned long)GetCurrentTask(); ++# elif defined(OPENSSL_SYS_WIN32) ++ ret = (unsigned long)GetCurrentThreadId(); ++# elif defined(GETPID_IS_MEANINGLESS) ++ ret = 1L; ++# elif defined(OPENSSL_SYS_BEOS) ++ ret = (unsigned long)find_thread(NULL); ++# else ++ ret = (unsigned long)getpid(); ++# endif ++ } else ++ ret = id_callback(); ++ return (ret); ++} ++#endif ++ ++void CRYPTO_lock(int mode, int type, const char *file, int line) ++{ ++#ifdef LOCK_DEBUG ++ { ++ CRYPTO_THREADID id; ++ char *rw_text, *operation_text; ++ ++ if (mode & CRYPTO_LOCK) ++ operation_text = "lock "; ++ else if (mode & CRYPTO_UNLOCK) ++ operation_text = "unlock"; ++ else ++ operation_text = "ERROR "; ++ ++ if (mode & CRYPTO_READ) ++ rw_text = "r"; ++ else if (mode & CRYPTO_WRITE) ++ rw_text = "w"; ++ else ++ rw_text = "ERROR"; ++ ++ CRYPTO_THREADID_current(&id); ++ fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n", ++ CRYPTO_THREADID_hash(&id), rw_text, operation_text, ++ CRYPTO_get_lock_name(type), file, line); ++ } ++#endif ++ if (type < 0) { ++ if (dynlock_lock_callback != NULL) { ++ struct CRYPTO_dynlock_value *pointer ++ = CRYPTO_get_dynlock_value(type); ++ ++ OPENSSL_assert(pointer != NULL); ++ ++ dynlock_lock_callback(mode, pointer, file, line); ++ ++ CRYPTO_destroy_dynlockid(type); ++ } ++ } else if (locking_callback != NULL) ++ locking_callback(mode, type, file, line); ++} ++ ++int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, ++ int line) ++{ ++ int ret = 0; ++ ++ if (add_lock_callback != NULL) { ++#ifdef LOCK_DEBUG ++ int before = *pointer; ++#endif ++ ++ ret = add_lock_callback(pointer, amount, type, file, line); ++#ifdef LOCK_DEBUG ++ { ++ CRYPTO_THREADID id; ++ CRYPTO_THREADID_current(&id); ++ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", ++ CRYPTO_THREADID_hash(&id), before, amount, ret, ++ CRYPTO_get_lock_name(type), file, line); ++ } ++#endif ++ } else { ++ CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line); ++ ++ ret = *pointer + amount; ++#ifdef LOCK_DEBUG ++ { ++ CRYPTO_THREADID id; ++ CRYPTO_THREADID_current(&id); ++ fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", ++ CRYPTO_THREADID_hash(&id), ++ *pointer, amount, ret, ++ CRYPTO_get_lock_name(type), file, line); ++ } ++#endif ++ *pointer = ret; ++ CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line); ++ } ++ return (ret); ++} ++ ++const char *CRYPTO_get_lock_name(int type) ++{ ++ if (type < 0) ++ return ("dynamic"); ++ else if (type < CRYPTO_NUM_LOCKS) ++ return (lock_names[type]); ++ else if (type - CRYPTO_NUM_LOCKS > sk_OPENSSL_STRING_num(app_locks)) ++ return ("ERROR"); ++ else ++ return (sk_OPENSSL_STRING_value(app_locks, type - CRYPTO_NUM_LOCKS)); ++} ++ + #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++ defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) + + extern unsigned int OPENSSL_ia32cap_P[4]; ++unsigned long *OPENSSL_ia32cap_loc(void) ++{ ++ if (sizeof(long) == 4) ++ /* ++ * If 32-bit application pulls address of OPENSSL_ia32cap_P[0] ++ * clear second element to maintain the illusion that vector ++ * is 32-bit. ++ */ ++ OPENSSL_ia32cap_P[1] = 0; ++ ++ OPENSSL_ia32cap_P[2] = 0; ++ ++ return (unsigned long *)OPENSSL_ia32cap_P; ++} + + # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) + #include + # define OPENSSL_CPUID_SETUP +-typedef uint64_t IA32CAP; ++# if defined(_WIN32) ++typedef unsigned __int64 IA32CAP; ++# else ++typedef unsigned long long IA32CAP; ++# endif + void OPENSSL_cpuid_setup(void) + { + static int trigger = 0; +@@ -76,6 +727,12 @@ void OPENSSL_cpuid_setup(void) + # else + unsigned int OPENSSL_ia32cap_P[4]; + # endif ++ ++#else ++unsigned long *OPENSSL_ia32cap_loc(void) ++{ ++ return NULL; ++} + #endif + int OPENSSL_NONPIC_relocated = 0; + #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) +@@ -84,6 +741,53 @@ void OPENSSL_cpuid_setup(void) + } + #endif + ++#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL) ++# ifdef __CYGWIN__ ++/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */ ++# include ++/* ++ * this has side-effect of _WIN32 getting defined, which otherwise is ++ * mutually exclusive with __CYGWIN__... ++ */ ++# endif ++ ++/* ++ * All we really need to do is remove the 'error' state when a thread ++ * detaches ++ */ ++ ++BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) ++{ ++ switch (fdwReason) { ++ case DLL_PROCESS_ATTACH: ++ OPENSSL_cpuid_setup(); ++# if defined(_WIN32_WINNT) ++ { ++ IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL; ++ IMAGE_NT_HEADERS *nt_headers; ++ ++ if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { ++ nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header ++ + dos_header->e_lfanew); ++ if (nt_headers->Signature == IMAGE_NT_SIGNATURE && ++ hinstDLL != ++ (HINSTANCE) (nt_headers->OptionalHeader.ImageBase)) ++ OPENSSL_NONPIC_relocated = 1; ++ } ++ } ++# endif ++ break; ++ case DLL_THREAD_ATTACH: ++ break; ++ case DLL_THREAD_DETACH: ++ break; ++ case DLL_PROCESS_DETACH: ++ break; ++ } ++ return (TRUE); ++} ++#endif ++ + #if defined(_WIN32) && !defined(__CYGWIN__) + # include + # include +@@ -106,15 +810,15 @@ int OPENSSL_isservice(void) + WCHAR *name; + static union { + void *p; +- FARPROC f; ++ int (*f) (void); + } _OPENSSL_isservice = { + NULL + }; + + if (_OPENSSL_isservice.p == NULL) { +- HANDLE mod = GetModuleHandle(NULL); +- if (mod != NULL) +- _OPENSSL_isservice.f = GetProcAddress(mod, "_OPENSSL_isservice"); ++ HANDLE h = GetModuleHandle(NULL); ++ if (h != NULL) ++ _OPENSSL_isservice.p = GetProcAddress(h, "_OPENSSL_isservice"); + if (_OPENSSL_isservice.p == NULL) + _OPENSSL_isservice.p = (void *)-1; + } +@@ -197,9 +901,12 @@ void OPENSSL_showfatal(const char *fmta, ...) + fmt = (const TCHAR *)L"no stack?"; + break; + } ++# ifndef OPENSSL_NO_MULTIBYTE + if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) ++# endif + for (i = 0; i < len_0; i++) + fmtw[i] = (WCHAR)fmta[i]; ++ + for (i = 0; i < len_0; i++) { + if (fmtw[i] == L'%') + do { +@@ -240,8 +947,8 @@ void OPENSSL_showfatal(const char *fmta, ...) + } while (0); + + va_start(ap, fmta); +- _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap); +- buf[OSSL_NELEM(buf) - 1] = _T('\0'); ++ _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap); ++ buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0'); + va_end(ap); + + # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 +@@ -289,10 +996,11 @@ int OPENSSL_isservice(void) + } + #endif + +-void OPENSSL_die(const char *message, const char *file, int line) ++void OpenSSLDie(const char *file, int line, const char *assertion) + { +- OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n", +- file, line, message); ++ OPENSSL_showfatal ++ ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line, ++ assertion); + #if !defined(_WIN32) || defined(__CYGWIN__) + abort(); + #else +@@ -306,27 +1014,14 @@ void OPENSSL_die(const char *message, const char *file, int line) + #endif + } + +-#if !defined(OPENSSL_CPUID_OBJ) +-/* volatile unsigned char* pointers are there because +- * 1. Accessing a variable declared volatile via a pointer +- * that lacks a volatile qualifier causes undefined behavior. +- * 2. When the variable itself is not volatile the compiler is +- * not required to keep all those reads and can convert +- * this into canonical memcmp() which doesn't read the whole block. +- * Pointers to volatile resolve the first problem fully. The second +- * problem cannot be resolved in any Standard-compliant way but this +- * works the problem around. Compilers typically react to +- * pointers to volatile by preserving the reads and writes through them. +- * The latter is not required by the Standard if the memory pointed to +- * is not volatile. +- * Pointers themselves are volatile in the function signature to work +- * around a subtle bug in gcc 4.6+ which causes writes through +- * pointers to volatile to not be emitted in some rare, +- * never needed in real life, pieces of code. +- */ +-int CRYPTO_memcmp(const volatile void * volatile in_a, +- const volatile void * volatile in_b, +- size_t len) ++#ifndef OPENSSL_NO_STDIO ++void *OPENSSL_stderr(void) ++{ ++ return stderr; ++} ++#endif ++ ++int CRYPTO_memcmp(const volatile void *in_a, const volatile void *in_b, size_t len) + { + size_t i; + const volatile unsigned char *a = in_a; +@@ -338,4 +1033,3 @@ int CRYPTO_memcmp(const volatile void * volatile in_a, + + return x; + } +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.h b/Cryptlib/OpenSSL/crypto/cryptlib.h +new file mode 100644 +index 0000000..3e3ea5e +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/cryptlib.h +@@ -0,0 +1,113 @@ ++/* crypto/cryptlib.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#ifndef HEADER_CRYPTLIB_H ++# define HEADER_CRYPTLIB_H ++ ++# include ++# include ++ ++# include "e_os.h" ++ ++# ifdef OPENSSL_USE_APPLINK ++# define BIO_FLAGS_UPLINK 0x8000 ++# include "ms/uplink.h" ++# endif ++ ++# include ++# include ++# include ++# include ++# include ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++# ifndef OPENSSL_SYS_VMS ++# define X509_CERT_AREA OPENSSLDIR ++# define X509_CERT_DIR OPENSSLDIR "/certs" ++# define X509_CERT_FILE OPENSSLDIR "/cert.pem" ++# define X509_PRIVATE_DIR OPENSSLDIR "/private" ++# else ++# define X509_CERT_AREA "SSLROOT:[000000]" ++# define X509_CERT_DIR "SSLCERTS:" ++# define X509_CERT_FILE "SSLCERTS:cert.pem" ++# define X509_PRIVATE_DIR "SSLPRIVATE:" ++# endif ++ ++# define X509_CERT_DIR_EVP "SSL_CERT_DIR" ++# define X509_CERT_FILE_EVP "SSL_CERT_FILE" ++ ++/* size of string representations */ ++# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) ++# define HEX_SIZE(type) (sizeof(type)*2) ++ ++void OPENSSL_cpuid_setup(void); ++extern unsigned int OPENSSL_ia32cap_P[]; ++void OPENSSL_showfatal(const char *fmta, ...); ++#ifndef OPENSSL_NO_STDIO ++void *OPENSSL_stderr(void); ++#endif ++extern int OPENSSL_NONPIC_relocated; ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c +index 96d8a5b..bfff699 100644 +--- a/Cryptlib/OpenSSL/crypto/cversion.c ++++ b/Cryptlib/OpenSSL/crypto/cversion.c +@@ -1,28 +1,72 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/cversion.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef NO_WINDOWS_BRAINDEATH + # include "buildinf.h" + #endif + +-unsigned long OpenSSL_version_num(void) +-{ +- return OPENSSL_VERSION_NUMBER; +-} +- +-const char *OpenSSL_version(int t) ++const char *SSLeay_version(int t) + { +- if (t == OPENSSL_VERSION) ++ if (t == SSLEAY_VERSION) + return OPENSSL_VERSION_TEXT; +- if (t == OPENSSL_BUILT_ON) { ++ if (t == SSLEAY_BUILT_ON) { + #ifdef DATE + # ifdef OPENSSL_USE_BUILD_DATE + return (DATE); +@@ -33,33 +77,31 @@ const char *OpenSSL_version(int t) + return ("built on: date not available"); + #endif + } +- if (t == OPENSSL_CFLAGS) { ++ if (t == SSLEAY_CFLAGS) { + #ifdef CFLAGS + return (CFLAGS); + #else + return ("compiler: information not available"); + #endif + } +- if (t == OPENSSL_PLATFORM) { ++ if (t == SSLEAY_PLATFORM) { + #ifdef PLATFORM + return (PLATFORM); + #else + return ("platform: information not available"); + #endif + } +- if (t == OPENSSL_DIR) { ++ if (t == SSLEAY_DIR) { + #ifdef OPENSSLDIR + return "OPENSSLDIR: \"" OPENSSLDIR "\""; + #else + return "OPENSSLDIR: N/A"; +-#endif +- } +- if (t == OPENSSL_ENGINES_DIR) { +-#ifdef ENGINESDIR +- return "ENGINESDIR: \"" ENGINESDIR "\""; +-#else +- return "ENGINESDIR: N/A"; + #endif + } + return ("not available"); + } ++ ++unsigned long SSLeay(void) ++{ ++ return (SSLEAY_VERSION_NUMBER); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c +new file mode 100644 +index 0000000..f89b5b9 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c +@@ -0,0 +1,103 @@ ++/* crypto/des/cbc_cksm.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, ++ long length, DES_key_schedule *schedule, ++ const_DES_cblock *ivec) ++{ ++ register DES_LONG tout0, tout1, tin0, tin1; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *out = &(*output)[0]; ++ const unsigned char *iv = &(*ivec)[0]; ++ ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (; l > 0; l -= 8) { ++ if (l >= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ } else ++ c2ln(in, tin0, tin1, l); ++ ++ tin0 ^= tout0; ++ tin[0] = tin0; ++ tin1 ^= tout1; ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); ++ /* fix 15/10/91 eay - thanks to keithr@sco.COM */ ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ } ++ if (out != NULL) { ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ tout0 = tin0 = tin1 = tin[0] = tin[1] = 0; ++ /* ++ * Transform the data in tout1 so that it will match the return value ++ * that the MIT Kerberos mit_des_cbc_cksum API returns. ++ */ ++ tout1 = ((tout1 >> 24L) & 0x000000FF) ++ | ((tout1 >> 8L) & 0x0000FF00) ++ | ((tout1 << 8L) & 0x00FF0000) ++ | ((tout1 << 24L) & 0xFF000000); ++ return (tout1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c +new file mode 100644 +index 0000000..7ee3599 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c +@@ -0,0 +1,61 @@ ++/* crypto/des/cbc_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#define CBC_ENC_C__DONT_UPDATE_IV ++ ++#include "ncbc_enc.c" /* des_cbc_encrypt */ +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c +new file mode 100644 +index 0000000..5d709c1 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c +@@ -0,0 +1,249 @@ ++/* crypto/des/cfb64ede.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++#include "e_os.h" ++ ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; ++ */ ++ ++void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int *num, int enc) ++{ ++ register DES_LONG v0, v1; ++ register long l = length; ++ register int n = *num; ++ DES_LONG ti[2]; ++ unsigned char *iv, c, cc; ++ ++ iv = &(*ivec)[0]; ++ if (enc) { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ v0 = ti[0]; ++ v1 = ti[1]; ++ ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ iv = &(*ivec)[0]; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ v0 = ti[0]; ++ v1 = ti[1]; ++ ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ iv = &(*ivec)[0]; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = c = cc = 0; ++ *num = n; ++} ++ ++#ifdef undef /* MACRO */ ++void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule ks1, ++ DES_key_schedule ks2, DES_cblock (*ivec), ++ int *num, int enc) ++{ ++ DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc); ++} ++#endif ++ ++/* ++ * This is compatible with the single key CFB-r for DES, even thought that's ++ * not what EVP needs. ++ */ ++ ++void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, ++ int numbits, long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG d0, d1, v0, v1; ++ register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8; ++ register int num = numbits, i; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++ unsigned char ovec[16]; ++ ++ if (num > 64) ++ return; ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ if (enc) { ++ while (l >= n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ c2ln(in, d0, d1, n); ++ in += n; ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (num == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (num == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); ++ /* shift ovec left most of the bits... */ ++ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); ++ /* now the remaining bits */ ++ if (num % 8 != 0) ++ for (i = 0; i < 8; ++i) { ++ ovec[i] <<= num % 8; ++ ovec[i] |= ovec[i + 1] >> (8 - num % 8); ++ } ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ } ++ } ++ } else { ++ while (l >= n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt3(ti, ks1, ks2, ks3); ++ c2ln(in, d0, d1, n); ++ in += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (num == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (num == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); ++ /* shift ovec left most of the bits... */ ++ memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0)); ++ /* now the remaining bits */ ++ if (num % 8 != 0) ++ for (i = 0; i < 8; ++i) { ++ ovec[i] <<= num % 8; ++ ovec[i] |= ovec[i + 1] >> (8 - num % 8); ++ } ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ } ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ } ++ } ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c +new file mode 100644 +index 0000000..7346774 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c +@@ -0,0 +1,122 @@ ++/* crypto/des/cfb64enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++/* ++ * The input and output encrypted as though 64bit cfb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; ++ */ ++ ++void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int *num, int enc) ++{ ++ register DES_LONG v0, v1; ++ register long l = length; ++ register int n = *num; ++ DES_LONG ti[2]; ++ unsigned char *iv, c, cc; ++ ++ iv = &(*ivec)[0]; ++ if (enc) { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ ti[0] = v0; ++ c2l(iv, v1); ++ ti[1] = v1; ++ DES_encrypt1(ti, schedule, DES_ENCRYPT); ++ iv = &(*ivec)[0]; ++ v0 = ti[0]; ++ l2c(v0, iv); ++ v0 = ti[1]; ++ l2c(v0, iv); ++ iv = &(*ivec)[0]; ++ } ++ c = *(in++) ^ iv[n]; ++ *(out++) = c; ++ iv[n] = c; ++ n = (n + 1) & 0x07; ++ } ++ } else { ++ while (l--) { ++ if (n == 0) { ++ c2l(iv, v0); ++ ti[0] = v0; ++ c2l(iv, v1); ++ ti[1] = v1; ++ DES_encrypt1(ti, schedule, DES_ENCRYPT); ++ iv = &(*ivec)[0]; ++ v0 = ti[0]; ++ l2c(v0, iv); ++ v0 = ti[1]; ++ l2c(v0, iv); ++ iv = &(*ivec)[0]; ++ } ++ cc = *(in++); ++ c = iv[n]; ++ iv[n] = cc; ++ *(out++) = c ^ cc; ++ n = (n + 1) & 0x07; ++ } ++ } ++ v0 = v1 = ti[0] = ti[1] = c = cc = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c +new file mode 100644 +index 0000000..bd0e299 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c +@@ -0,0 +1,199 @@ ++/* crypto/des/cfb_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "e_os.h" ++#include "des_locl.h" ++#include ++ ++/* ++ * The input and output are loaded in multiples of 8 bits. What this means is ++ * that if you hame numbits=12 and length=2 the first 12 bits will be ++ * retrieved from the first byte and half the second. The second 12 bits ++ * will come from the 3rd and half the 4th byte. ++ */ ++/* ++ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it ++ * will not be compatible with any encryption prior to that date. Ben. ++ */ ++void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG d0, d1, v0, v1; ++ register unsigned long l = length; ++ register int num = numbits / 8, n = (numbits + 7) / 8, i, rem = ++ numbits % 8; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++#ifndef L_ENDIAN ++ unsigned char ovec[16]; ++#else ++ unsigned int sh[4]; ++ unsigned char *ovec = (unsigned char *)sh; ++ ++ /* I kind of count that compiler optimizes away this assertioni, */ ++ assert(sizeof(sh[0]) == 4); /* as this holds true for all, */ ++ /* but 16-bit platforms... */ ++ ++#endif ++ ++ if (numbits <= 0 || numbits > 64) ++ return; ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ if (enc) { ++ while (l >= (unsigned long)n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); ++ c2ln(in, d0, d1, n); ++ in += n; ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (numbits == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (numbits == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { ++#ifndef L_ENDIAN ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); ++#else ++ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; ++#endif ++ if (rem == 0) ++ memmove(ovec, ovec + num, 8); ++ else ++ for (i = 0; i < 8; ++i) ++ ovec[i] = ovec[i + num] << rem | ++ ovec[i + num + 1] >> (8 - rem); ++#ifdef L_ENDIAN ++ v0 = sh[0], v1 = sh[1]; ++#else ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++#endif ++ } ++ } ++ } else { ++ while (l >= (unsigned long)n) { ++ l -= n; ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); ++ c2ln(in, d0, d1, n); ++ in += n; ++ /* ++ * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under ++ * gcc :-( ++ */ ++ if (numbits == 32) { ++ v0 = v1; ++ v1 = d0; ++ } else if (numbits == 64) { ++ v0 = d0; ++ v1 = d1; ++ } else { ++#ifndef L_ENDIAN ++ iv = &ovec[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ l2c(d0, iv); ++ l2c(d1, iv); ++#else ++ sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1; ++#endif ++ if (rem == 0) ++ memmove(ovec, ovec + num, 8); ++ else ++ for (i = 0; i < 8; ++i) ++ ovec[i] = ovec[i + num] << rem | ++ ovec[i + num + 1] >> (8 - rem); ++#ifdef L_ENDIAN ++ v0 = sh[0], v1 = sh[1]; ++#else ++ iv = &ovec[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++#endif ++ } ++ d0 ^= ti[0]; ++ d1 ^= ti[1]; ++ l2cn(d0, d1, out, n); ++ out += n; ++ } ++ } ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c +new file mode 100644 +index 0000000..c0b062d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/des_enc.c +@@ -0,0 +1,389 @@ ++/* crypto/des/des_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++#include "spr.h" ++ ++void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) ++{ ++ register DES_LONG l, r, t, u; ++#ifdef DES_PTR ++ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; ++#endif ++#ifndef DES_UNROLL ++ register int i; ++#endif ++ register DES_LONG *s; ++ ++ r = data[0]; ++ l = data[1]; ++ ++ IP(r, l); ++ /* ++ * Things have been modified so that the initial rotate is done outside ++ * the loop. This required the DES_SPtrans values in sp.h to be rotated ++ * 1 bit to the right. One perl script later and things have a 5% speed ++ * up on a sparc2. Thanks to Richard Outerbridge ++ * <71755.204@CompuServe.COM> for pointing this out. ++ */ ++ /* clear the top bits on machines with 8byte longs */ ++ /* shift left by 2 */ ++ r = ROTATE(r, 29) & 0xffffffffL; ++ l = ROTATE(l, 29) & 0xffffffffL; ++ ++ s = ks->ks->deslong; ++ /* ++ * I don't know if it is worth the effort of loop unrolling the inner ++ * loop ++ */ ++ if (enc) { ++#ifdef DES_UNROLL ++ D_ENCRYPT(l, r, 0); /* 1 */ ++ D_ENCRYPT(r, l, 2); /* 2 */ ++ D_ENCRYPT(l, r, 4); /* 3 */ ++ D_ENCRYPT(r, l, 6); /* 4 */ ++ D_ENCRYPT(l, r, 8); /* 5 */ ++ D_ENCRYPT(r, l, 10); /* 6 */ ++ D_ENCRYPT(l, r, 12); /* 7 */ ++ D_ENCRYPT(r, l, 14); /* 8 */ ++ D_ENCRYPT(l, r, 16); /* 9 */ ++ D_ENCRYPT(r, l, 18); /* 10 */ ++ D_ENCRYPT(l, r, 20); /* 11 */ ++ D_ENCRYPT(r, l, 22); /* 12 */ ++ D_ENCRYPT(l, r, 24); /* 13 */ ++ D_ENCRYPT(r, l, 26); /* 14 */ ++ D_ENCRYPT(l, r, 28); /* 15 */ ++ D_ENCRYPT(r, l, 30); /* 16 */ ++#else ++ for (i = 0; i < 32; i += 4) { ++ D_ENCRYPT(l, r, i + 0); /* 1 */ ++ D_ENCRYPT(r, l, i + 2); /* 2 */ ++ } ++#endif ++ } else { ++#ifdef DES_UNROLL ++ D_ENCRYPT(l, r, 30); /* 16 */ ++ D_ENCRYPT(r, l, 28); /* 15 */ ++ D_ENCRYPT(l, r, 26); /* 14 */ ++ D_ENCRYPT(r, l, 24); /* 13 */ ++ D_ENCRYPT(l, r, 22); /* 12 */ ++ D_ENCRYPT(r, l, 20); /* 11 */ ++ D_ENCRYPT(l, r, 18); /* 10 */ ++ D_ENCRYPT(r, l, 16); /* 9 */ ++ D_ENCRYPT(l, r, 14); /* 8 */ ++ D_ENCRYPT(r, l, 12); /* 7 */ ++ D_ENCRYPT(l, r, 10); /* 6 */ ++ D_ENCRYPT(r, l, 8); /* 5 */ ++ D_ENCRYPT(l, r, 6); /* 4 */ ++ D_ENCRYPT(r, l, 4); /* 3 */ ++ D_ENCRYPT(l, r, 2); /* 2 */ ++ D_ENCRYPT(r, l, 0); /* 1 */ ++#else ++ for (i = 30; i > 0; i -= 4) { ++ D_ENCRYPT(l, r, i - 0); /* 16 */ ++ D_ENCRYPT(r, l, i - 2); /* 15 */ ++ } ++#endif ++ } ++ ++ /* rotate and clear the top bits on machines with 8byte longs */ ++ l = ROTATE(l, 3) & 0xffffffffL; ++ r = ROTATE(r, 3) & 0xffffffffL; ++ ++ FP(r, l); ++ data[0] = l; ++ data[1] = r; ++ l = r = t = u = 0; ++} ++ ++void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) ++{ ++ register DES_LONG l, r, t, u; ++#ifdef DES_PTR ++ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; ++#endif ++#ifndef DES_UNROLL ++ register int i; ++#endif ++ register DES_LONG *s; ++ ++ r = data[0]; ++ l = data[1]; ++ ++ /* ++ * Things have been modified so that the initial rotate is done outside ++ * the loop. This required the DES_SPtrans values in sp.h to be rotated ++ * 1 bit to the right. One perl script later and things have a 5% speed ++ * up on a sparc2. Thanks to Richard Outerbridge ++ * <71755.204@CompuServe.COM> for pointing this out. ++ */ ++ /* clear the top bits on machines with 8byte longs */ ++ r = ROTATE(r, 29) & 0xffffffffL; ++ l = ROTATE(l, 29) & 0xffffffffL; ++ ++ s = ks->ks->deslong; ++ /* ++ * I don't know if it is worth the effort of loop unrolling the inner ++ * loop ++ */ ++ if (enc) { ++#ifdef DES_UNROLL ++ D_ENCRYPT(l, r, 0); /* 1 */ ++ D_ENCRYPT(r, l, 2); /* 2 */ ++ D_ENCRYPT(l, r, 4); /* 3 */ ++ D_ENCRYPT(r, l, 6); /* 4 */ ++ D_ENCRYPT(l, r, 8); /* 5 */ ++ D_ENCRYPT(r, l, 10); /* 6 */ ++ D_ENCRYPT(l, r, 12); /* 7 */ ++ D_ENCRYPT(r, l, 14); /* 8 */ ++ D_ENCRYPT(l, r, 16); /* 9 */ ++ D_ENCRYPT(r, l, 18); /* 10 */ ++ D_ENCRYPT(l, r, 20); /* 11 */ ++ D_ENCRYPT(r, l, 22); /* 12 */ ++ D_ENCRYPT(l, r, 24); /* 13 */ ++ D_ENCRYPT(r, l, 26); /* 14 */ ++ D_ENCRYPT(l, r, 28); /* 15 */ ++ D_ENCRYPT(r, l, 30); /* 16 */ ++#else ++ for (i = 0; i < 32; i += 4) { ++ D_ENCRYPT(l, r, i + 0); /* 1 */ ++ D_ENCRYPT(r, l, i + 2); /* 2 */ ++ } ++#endif ++ } else { ++#ifdef DES_UNROLL ++ D_ENCRYPT(l, r, 30); /* 16 */ ++ D_ENCRYPT(r, l, 28); /* 15 */ ++ D_ENCRYPT(l, r, 26); /* 14 */ ++ D_ENCRYPT(r, l, 24); /* 13 */ ++ D_ENCRYPT(l, r, 22); /* 12 */ ++ D_ENCRYPT(r, l, 20); /* 11 */ ++ D_ENCRYPT(l, r, 18); /* 10 */ ++ D_ENCRYPT(r, l, 16); /* 9 */ ++ D_ENCRYPT(l, r, 14); /* 8 */ ++ D_ENCRYPT(r, l, 12); /* 7 */ ++ D_ENCRYPT(l, r, 10); /* 6 */ ++ D_ENCRYPT(r, l, 8); /* 5 */ ++ D_ENCRYPT(l, r, 6); /* 4 */ ++ D_ENCRYPT(r, l, 4); /* 3 */ ++ D_ENCRYPT(l, r, 2); /* 2 */ ++ D_ENCRYPT(r, l, 0); /* 1 */ ++#else ++ for (i = 30; i > 0; i -= 4) { ++ D_ENCRYPT(l, r, i - 0); /* 16 */ ++ D_ENCRYPT(r, l, i - 2); /* 15 */ ++ } ++#endif ++ } ++ /* rotate and clear the top bits on machines with 8byte longs */ ++ data[0] = ROTATE(l, 3) & 0xffffffffL; ++ data[1] = ROTATE(r, 3) & 0xffffffffL; ++ l = r = t = u = 0; ++} ++ ++void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3) ++{ ++ register DES_LONG l, r; ++ ++ l = data[0]; ++ r = data[1]; ++ IP(l, r); ++ data[0] = l; ++ data[1] = r; ++ DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT); ++ DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT); ++ DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT); ++ l = data[0]; ++ r = data[1]; ++ FP(r, l); ++ data[0] = l; ++ data[1] = r; ++} ++ ++void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3) ++{ ++ register DES_LONG l, r; ++ ++ l = data[0]; ++ r = data[1]; ++ IP(l, r); ++ data[0] = l; ++ data[1] = r; ++ DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT); ++ DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT); ++ DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT); ++ l = data[0]; ++ r = data[1]; ++ FP(r, l); ++ data[0] = l; ++ data[1] = r; ++} ++ ++#ifndef DES_DEFAULT_OPTIONS ++ ++# undef CBC_ENC_C__DONT_UPDATE_IV ++# include "ncbc_enc.c" /* DES_ncbc_encrypt */ ++ ++void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1; ++ register const unsigned char *in; ++ unsigned char *out; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *iv; ++ ++ in = input; ++ out = output; ++ iv = &(*ivec)[0]; ++ ++ if (enc) { ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ if (l != -8) { ++ c2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ iv = &(*ivec)[0]; ++ l2c(tout0, iv); ++ l2c(tout1, iv); ++ } else { ++ register DES_LONG t0, t1; ++ ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ ++ t0 = tin0; ++ t1 = tin1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ tout0 ^= xor0; ++ tout1 ^= xor1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ xor0 = t0; ++ xor1 = t1; ++ } ++ if (l != -8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ ++ t0 = tin0; ++ t1 = tin1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ tout0 ^= xor0; ++ tout1 ^= xor1; ++ l2cn(tout0, tout1, out, l + 8); ++ xor0 = t0; ++ xor1 = t1; ++ } ++ ++ iv = &(*ivec)[0]; ++ l2c(xor0, iv); ++ l2c(xor1, iv); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} ++ ++#endif /* DES_DEFAULT_OPTIONS */ +diff --git a/Cryptlib/OpenSSL/crypto/des/des_locl.h b/Cryptlib/OpenSSL/crypto/des/des_locl.h +new file mode 100644 +index 0000000..23ea9d3 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/des_locl.h +@@ -0,0 +1,443 @@ ++/* crypto/des/des_locl.h */ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#ifndef HEADER_DES_LOCL_H ++# define HEADER_DES_LOCL_H ++ ++# include ++ ++# if defined(OPENSSL_SYS_WIN32) ++# ifndef OPENSSL_SYS_MSDOS ++# define OPENSSL_SYS_MSDOS ++# endif ++# endif ++ ++# include ++# include ++ ++# ifndef OPENSSL_SYS_MSDOS ++# if !defined(OPENSSL_SYS_VMS) || defined(__DECC) ++# ifdef OPENSSL_UNISTD ++# include OPENSSL_UNISTD ++# else ++# include ++# endif ++# include ++# endif ++# endif ++# include ++ ++# ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */ ++# include ++# include ++# include ++# include ++# endif ++ ++# if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) ++# include ++# endif ++ ++# ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++# endif ++ ++# define ITERATIONS 16 ++# define HALF_ITERATIONS 8 ++ ++/* used in des_read and des_write */ ++# define MAXWRITE (1024*16) ++# define BSIZE (MAXWRITE+4) ++ ++# define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ ++ l|=((DES_LONG)(*((c)++)))<< 8L, \ ++ l|=((DES_LONG)(*((c)++)))<<16L, \ ++ l|=((DES_LONG)(*((c)++)))<<24L) ++ ++/* NOTE - c is not incremented as per c2l */ ++# define c2ln(c,l1,l2,n) { \ ++ c+=n; \ ++ l1=l2=0; \ ++ switch (n) { \ ++ case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \ ++ case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \ ++ case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \ ++ case 5: l2|=((DES_LONG)(*(--(c)))); \ ++ case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \ ++ case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \ ++ case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \ ++ case 1: l1|=((DES_LONG)(*(--(c)))); \ ++ } \ ++ } ++ ++# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>24L)&0xff)) ++ ++/* ++ * replacements for htonl and ntohl since I have no idea what to do when ++ * faced with machines with 8 byte longs. ++ */ ++# define HDRSIZE 4 ++ ++# define n2l(c,l) (l =((DES_LONG)(*((c)++)))<<24L, \ ++ l|=((DES_LONG)(*((c)++)))<<16L, \ ++ l|=((DES_LONG)(*((c)++)))<< 8L, \ ++ l|=((DES_LONG)(*((c)++)))) ++ ++# define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ ++ *((c)++)=(unsigned char)(((l) )&0xff)) ++ ++/* NOTE - c is not incremented as per l2c */ ++# define l2cn(l1,l2,c,n) { \ ++ c+=n; \ ++ switch (n) { \ ++ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ ++ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ ++ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ ++ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ ++ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ ++ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ ++ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ ++ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ ++ } \ ++ } ++ ++# if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) ++# define ROTATE(a,n) (_lrotr(a,n)) ++# elif defined(__ICC) ++# define ROTATE(a,n) (_rotr(a,n)) ++# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) ++# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ("rorl %1,%0" \ ++ : "=r"(ret) \ ++ : "I"(n),"0"(a) \ ++ : "cc"); \ ++ ret; \ ++ }) ++# endif ++# endif ++# ifndef ROTATE ++# define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) ++# endif ++ ++/* ++ * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add ++ * it's little bit to the front ++ */ ++ ++# ifdef DES_FCRYPT ++ ++# define LOAD_DATA_tmp(R,S,u,t,E0,E1) \ ++ { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); } ++ ++# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ ++ t=R^(R>>16L); \ ++ u=t&E0; t&=E1; \ ++ tmp=(u<<16); u^=R^s[S ]; u^=tmp; \ ++ tmp=(t<<16); t^=R^s[S+1]; t^=tmp ++# else ++# define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) ++# define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ ++ u=R^s[S ]; \ ++ t=R^s[S+1] ++# endif ++ ++/* ++ * The changes to this macro may help or hinder, depending on the compiler ++ * and the architecture. gcc2 always seems to do well :-). Inspired by Dana ++ * How DO NOT use the alternative version on machines ++ * with 8 byte longs. It does not seem to work on the Alpha, even when ++ * DES_LONG is 4 bytes, probably an issue of accessing non-word aligned ++ * objects :-( ++ */ ++# ifdef DES_PTR ++ ++/* ++ * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason ++ * to not xor all the sub items together. This potentially saves a register ++ * since things can be xored directly into L ++ */ ++ ++# if defined(DES_RISC1) || defined(DES_RISC2) ++# ifdef DES_RISC1 ++# define D_ENCRYPT(LL,R,S) { \ ++ unsigned int u1,u2,u3; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0xfc; \ ++ u2&=0xfc; \ ++ t=ROTATE(t,4); \ ++ u>>=16L; \ ++ LL^= *(const DES_LONG *)(des_SP +u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ ++ u3=(int)(u>>8L); \ ++ u1=(int)u&0xfc; \ ++ u3&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x400+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x600+u3); \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0xfc; \ ++ u2&=0xfc; \ ++ t>>=16L; \ ++ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ ++ u3=(int)t>>8L; \ ++ u1=(int)t&0xfc; \ ++ u3&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x500+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x700+u3); } ++# endif ++# ifdef DES_RISC2 ++# define D_ENCRYPT(LL,R,S) { \ ++ unsigned int u1,u2,s1,s2; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0xfc; \ ++ u2&=0xfc; \ ++ t=ROTATE(t,4); \ ++ LL^= *(const DES_LONG *)(des_SP +u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x200+u2); \ ++ s1=(int)(u>>16L); \ ++ s2=(int)(u>>24L); \ ++ s1&=0xfc; \ ++ s2&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x400+s1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x600+s2); \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0xfc; \ ++ u2&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x100+u1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x300+u2); \ ++ s1=(int)(t>>16L); \ ++ s2=(int)(t>>24L); \ ++ s1&=0xfc; \ ++ s2&=0xfc; \ ++ LL^= *(const DES_LONG *)(des_SP+0x500+s1); \ ++ LL^= *(const DES_LONG *)(des_SP+0x700+s2); } ++# endif ++# else ++# define D_ENCRYPT(LL,R,S) { \ ++ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ ++ t=ROTATE(t,4); \ ++ LL^= \ ++ *(const DES_LONG *)(des_SP +((u )&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x100+((t )&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \ ++ *(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); } ++# endif ++ ++# else /* original version */ ++ ++# if defined(DES_RISC1) || defined(DES_RISC2) ++# ifdef DES_RISC1 ++# define D_ENCRYPT(LL,R,S) {\ ++ unsigned int u1,u2,u3; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u>>=2L; \ ++ t=ROTATE(t,6); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0x3f; \ ++ u2&=0x3f; \ ++ u>>=16L; \ ++ LL^=DES_SPtrans[0][u1]; \ ++ LL^=DES_SPtrans[2][u2]; \ ++ u3=(int)u>>8L; \ ++ u1=(int)u&0x3f; \ ++ u3&=0x3f; \ ++ LL^=DES_SPtrans[4][u1]; \ ++ LL^=DES_SPtrans[6][u3]; \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0x3f; \ ++ u2&=0x3f; \ ++ t>>=16L; \ ++ LL^=DES_SPtrans[1][u1]; \ ++ LL^=DES_SPtrans[3][u2]; \ ++ u3=(int)t>>8L; \ ++ u1=(int)t&0x3f; \ ++ u3&=0x3f; \ ++ LL^=DES_SPtrans[5][u1]; \ ++ LL^=DES_SPtrans[7][u3]; } ++# endif ++# ifdef DES_RISC2 ++# define D_ENCRYPT(LL,R,S) {\ ++ unsigned int u1,u2,s1,s2; \ ++ LOAD_DATA(R,S,u,t,E0,E1,u1); \ ++ u>>=2L; \ ++ t=ROTATE(t,6); \ ++ u2=(int)u>>8L; \ ++ u1=(int)u&0x3f; \ ++ u2&=0x3f; \ ++ LL^=DES_SPtrans[0][u1]; \ ++ LL^=DES_SPtrans[2][u2]; \ ++ s1=(int)u>>16L; \ ++ s2=(int)u>>24L; \ ++ s1&=0x3f; \ ++ s2&=0x3f; \ ++ LL^=DES_SPtrans[4][s1]; \ ++ LL^=DES_SPtrans[6][s2]; \ ++ u2=(int)t>>8L; \ ++ u1=(int)t&0x3f; \ ++ u2&=0x3f; \ ++ LL^=DES_SPtrans[1][u1]; \ ++ LL^=DES_SPtrans[3][u2]; \ ++ s1=(int)t>>16; \ ++ s2=(int)t>>24L; \ ++ s1&=0x3f; \ ++ s2&=0x3f; \ ++ LL^=DES_SPtrans[5][s1]; \ ++ LL^=DES_SPtrans[7][s2]; } ++# endif ++ ++# else ++ ++# define D_ENCRYPT(LL,R,S) {\ ++ LOAD_DATA_tmp(R,S,u,t,E0,E1); \ ++ t=ROTATE(t,4); \ ++ LL^=\ ++ DES_SPtrans[0][(u>> 2L)&0x3f]^ \ ++ DES_SPtrans[2][(u>>10L)&0x3f]^ \ ++ DES_SPtrans[4][(u>>18L)&0x3f]^ \ ++ DES_SPtrans[6][(u>>26L)&0x3f]^ \ ++ DES_SPtrans[1][(t>> 2L)&0x3f]^ \ ++ DES_SPtrans[3][(t>>10L)&0x3f]^ \ ++ DES_SPtrans[5][(t>>18L)&0x3f]^ \ ++ DES_SPtrans[7][(t>>26L)&0x3f]; } ++# endif ++# endif ++ ++ /*- ++ * IP and FP ++ * The problem is more of a geometric problem that random bit fiddling. ++ 0 1 2 3 4 5 6 7 62 54 46 38 30 22 14 6 ++ 8 9 10 11 12 13 14 15 60 52 44 36 28 20 12 4 ++ 16 17 18 19 20 21 22 23 58 50 42 34 26 18 10 2 ++ 24 25 26 27 28 29 30 31 to 56 48 40 32 24 16 8 0 ++ ++ 32 33 34 35 36 37 38 39 63 55 47 39 31 23 15 7 ++ 40 41 42 43 44 45 46 47 61 53 45 37 29 21 13 5 ++ 48 49 50 51 52 53 54 55 59 51 43 35 27 19 11 3 ++ 56 57 58 59 60 61 62 63 57 49 41 33 25 17 9 1 ++ ++ The output has been subject to swaps of the form ++ 0 1 -> 3 1 but the odd and even bits have been put into ++ 2 3 2 0 ++ different words. The main trick is to remember that ++ t=((l>>size)^r)&(mask); ++ r^=t; ++ l^=(t<>(n))^(b))&(m)),\ ++ (b)^=(t),\ ++ (a)^=((t)<<(n))) ++ ++# define IP(l,r) \ ++ { \ ++ register DES_LONG tt; \ ++ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ ++ PERM_OP(l,r,tt,16,0x0000ffffL); \ ++ PERM_OP(r,l,tt, 2,0x33333333L); \ ++ PERM_OP(l,r,tt, 8,0x00ff00ffL); \ ++ PERM_OP(r,l,tt, 1,0x55555555L); \ ++ } ++ ++# define FP(l,r) \ ++ { \ ++ register DES_LONG tt; \ ++ PERM_OP(l,r,tt, 1,0x55555555L); \ ++ PERM_OP(r,l,tt, 8,0x00ff00ffL); \ ++ PERM_OP(l,r,tt, 2,0x33333333L); \ ++ PERM_OP(r,l,tt,16,0x0000ffffL); \ ++ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ ++ } ++ ++extern const DES_LONG DES_SPtrans[8][64]; ++ ++void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, ++ DES_LONG Eswap0, DES_LONG Eswap1); ++ ++# ifdef OPENSSL_SMALL_FOOTPRINT ++# undef DES_UNROLL ++# endif ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c +new file mode 100644 +index 0000000..c5c5a00 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/des_old.c +@@ -0,0 +1,345 @@ ++/* crypto/des/des_old.c */ ++ ++/*- ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ++ * ++ * The function names in here are deprecated and are only present to ++ * provide an interface compatible with libdes. OpenSSL now provides ++ * functions where "des_" has been replaced with "DES_" in the names, ++ * to make it possible to make incompatible changes that are needed ++ * for C type security and other stuff. ++ * ++ * Please consider starting to use the DES_ functions rather than the ++ * des_ ones. The des_ functions will dissapear completely before ++ * OpenSSL 1.0! ++ * ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING ++ */ ++ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#define OPENSSL_DES_LIBDES_COMPATIBILITY ++#include ++#include ++ ++const char *_ossl_old_des_options(void) ++{ ++ return DES_options(); ++} ++ ++void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ des_key_schedule ks1, des_key_schedule ks2, ++ des_key_schedule ks3, int enc) ++{ ++ DES_ecb3_encrypt((const_DES_cblock *)input, output, ++ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3, enc); ++} ++ ++DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec) ++{ ++ return DES_cbc_cksum((unsigned char *)input, output, length, ++ (DES_key_schedule *)schedule, ivec); ++} ++ ++void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, ++ _ossl_old_des_cblock *inw, ++ _ossl_old_des_cblock *outw, int enc) ++{ ++ DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, inw, outw, ++ enc); ++} ++ ++void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_cfb_encrypt(in, out, numbits, length, ++ (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, ++ des_key_schedule ks, int enc) ++{ ++ DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); ++} ++ ++void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc) ++{ ++ DES_encrypt1(data, (DES_key_schedule *)ks, enc); ++} ++ ++void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc) ++{ ++ DES_encrypt2(data, (DES_key_schedule *)ks, enc); ++} ++ ++void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1, ++ des_key_schedule ks2, des_key_schedule ks3) ++{ ++ DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3); ++} ++ ++void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, ++ des_key_schedule ks2, des_key_schedule ks3) ++{ ++ DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3); ++} ++ ++void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule ks1, ++ des_key_schedule ks2, ++ des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)ks1, ++ (DES_key_schedule *)ks2, (DES_key_schedule *)ks3, ++ ivec, enc); ++} ++ ++void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, des_key_schedule ks1, ++ des_key_schedule ks2, ++ des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc) ++{ ++ DES_ede3_cfb64_encrypt(in, out, length, ++ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3, ivec, num, enc); ++} ++ ++void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, des_key_schedule ks1, ++ des_key_schedule ks2, ++ des_key_schedule ks3, ++ _ossl_old_des_cblock *ivec, int *num) ++{ ++ DES_ede3_ofb64_encrypt(in, out, length, ++ (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, ++ (DES_key_schedule *)ks3, ivec, num); ++} ++ ++#if 0 /* broken code, preserved just in case anyone ++ * specifically looks for this */ ++void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), ++ _ossl_old_des_cblock (*in_white), ++ _ossl_old_des_cblock (*out_white)) ++{ ++ DES_xwhite_in2out(des_key, in_white, out_white); ++} ++#endif ++ ++int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched, ++ _ossl_old_des_cblock *iv) ++{ ++ return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); ++} ++ ++int _ossl_old_des_enc_write(int fd, char *buf, int len, ++ des_key_schedule sched, _ossl_old_des_cblock *iv) ++{ ++ return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); ++} ++ ++char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret) ++{ ++ return DES_fcrypt(buf, salt, ret); ++} ++ ++char *_ossl_old_des_crypt(const char *buf, const char *salt) ++{ ++ return DES_crypt(buf, salt); ++} ++ ++char *_ossl_old_crypt(const char *buf, const char *salt) ++{ ++ return DES_crypt(buf, salt); ++} ++ ++void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out, ++ int numbits, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec) ++{ ++ DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, ++ ivec); ++} ++ ++void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int enc) ++{ ++ DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, ++ length, (DES_key_schedule *)schedule, ivec, enc); ++} ++ ++DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input, ++ _ossl_old_des_cblock *output, long length, ++ int out_count, _ossl_old_des_cblock *seed) ++{ ++ return DES_quad_cksum((unsigned char *)input, output, length, ++ out_count, seed); ++} ++ ++void _ossl_old_des_random_seed(_ossl_old_des_cblock key) ++{ ++ RAND_seed(key, sizeof(_ossl_old_des_cblock)); ++} ++ ++void _ossl_old_des_random_key(_ossl_old_des_cblock ret) ++{ ++ DES_random_key((DES_cblock *)ret); ++} ++ ++int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, ++ int verify) ++{ ++ return DES_read_password(key, prompt, verify); ++} ++ ++int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2, ++ const char *prompt, int verify) ++{ ++ return DES_read_2passwords(key1, key2, prompt, verify); ++} ++ ++void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key) ++{ ++ DES_set_odd_parity(key); ++} ++ ++int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) ++{ ++ return DES_is_weak_key(key); ++} ++ ++int _ossl_old_des_set_key(_ossl_old_des_cblock *key, ++ des_key_schedule schedule) ++{ ++ return DES_set_key(key, (DES_key_schedule *)schedule); ++} ++ ++int _ossl_old_des_key_sched(_ossl_old_des_cblock *key, ++ des_key_schedule schedule) ++{ ++ return DES_key_sched(key, (DES_key_schedule *)schedule); ++} ++ ++void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key) ++{ ++ DES_string_to_key(str, key); ++} ++ ++void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1, ++ _ossl_old_des_cblock *key2) ++{ ++ DES_string_to_2keys(str, key1, key2); ++} ++ ++void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num, ++ int enc) ++{ ++ DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, ++ ivec, num, enc); ++} ++ ++void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, ++ long length, des_key_schedule schedule, ++ _ossl_old_des_cblock *ivec, int *num) ++{ ++ DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, ++ ivec, num); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c +new file mode 100644 +index 0000000..247ff8d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/des_old2.c +@@ -0,0 +1,80 @@ ++/* crypto/des/des_old.c */ ++ ++/* ++ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The ++ * function names in here are deprecated and are only present to provide an ++ * interface compatible with OpenSSL 0.9.6c. OpenSSL now provides functions ++ * where "des_" has been replaced with "DES_" in the names, to make it ++ * possible to make incompatible changes that are needed for C type security ++ * and other stuff. Please consider starting to use the DES_ functions ++ * rather than the des_ ones. The des_ functions will dissapear completely ++ * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING ++ * WARNING WARNING ++ */ ++ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#undef OPENSSL_DES_LIBDES_COMPATIBILITY ++#include ++#include ++ ++void _ossl_096_des_random_seed(DES_cblock *key) ++{ ++ RAND_seed(key, sizeof(DES_cblock)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/des_ver.h b/Cryptlib/OpenSSL/crypto/des/des_ver.h +new file mode 100644 +index 0000000..276de2b +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/des_ver.h +@@ -0,0 +1,73 @@ ++/* crypto/des/des_ver.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++ ++#ifdef OPENSSL_BUILD_SHLIBCRYPTO ++# undef OPENSSL_EXTERN ++# define OPENSSL_EXTERN OPENSSL_EXPORT ++#endif ++ ++/* The following macros make sure the names are different from libdes names */ ++#define DES_version OSSL_DES_version ++#define libdes_version OSSL_libdes_version ++ ++/* SSLeay version string */ ++OPENSSL_EXTERN const char OSSL_DES_version[]; ++/* old libdes version string */ ++OPENSSL_EXTERN const char OSSL_libdes_version[]; +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c +new file mode 100644 +index 0000000..c49fbd4 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c +@@ -0,0 +1,82 @@ ++/* crypto/des/ecb3_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, ++ DES_key_schedule *ks1, DES_key_schedule *ks2, ++ DES_key_schedule *ks3, int enc) ++{ ++ register DES_LONG l0, l1; ++ DES_LONG ll[2]; ++ const unsigned char *in = &(*input)[0]; ++ unsigned char *out = &(*output)[0]; ++ ++ c2l(in, l0); ++ c2l(in, l1); ++ ll[0] = l0; ++ ll[1] = l1; ++ if (enc) ++ DES_encrypt3(ll, ks1, ks2, ks3); ++ else ++ DES_decrypt3(ll, ks1, ks2, ks3); ++ l0 = ll[0]; ++ l1 = ll[1]; ++ l2c(l0, out); ++ l2c(l1, out); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +new file mode 100644 +index 0000000..f97fd97 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c +@@ -0,0 +1,124 @@ ++/* crypto/des/ecb_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++#include "des_ver.h" ++#include ++#include ++ ++OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT; ++OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT; ++ ++const char *DES_options(void) ++{ ++ static int init = 1; ++ static char buf[32]; ++ ++ if (init) { ++ const char *ptr, *unroll, *risc, *size; ++ ++#ifdef DES_PTR ++ ptr = "ptr"; ++#else ++ ptr = "idx"; ++#endif ++#if defined(DES_RISC1) || defined(DES_RISC2) ++# ifdef DES_RISC1 ++ risc = "risc1"; ++# endif ++# ifdef DES_RISC2 ++ risc = "risc2"; ++# endif ++#else ++ risc = "cisc"; ++#endif ++#ifdef DES_UNROLL ++ unroll = "16"; ++#else ++ unroll = "2"; ++#endif ++ if (sizeof(DES_LONG) != sizeof(long)) ++ size = "int"; ++ else ++ size = "long"; ++ BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll, ++ size); ++ init = 0; ++ } ++ return (buf); ++} ++ ++void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, ++ DES_key_schedule *ks, int enc) ++{ ++ register DES_LONG l; ++ DES_LONG ll[2]; ++ const unsigned char *in = &(*input)[0]; ++ unsigned char *out = &(*output)[0]; ++ ++ c2l(in, l); ++ ll[0] = l; ++ c2l(in, l); ++ ll[1] = l; ++ DES_encrypt1(ll, ks, enc); ++ l = ll[0]; ++ l2c(l, out); ++ l = ll[1]; ++ l2c(l, out); ++ l = ll[0] = ll[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c +new file mode 100644 +index 0000000..86f27d0 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c +@@ -0,0 +1,189 @@ ++/* ede_cbcm_enc.c */ ++/* ++ * Written by Ben Laurie for the OpenSSL project 13 Feb ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * ++ * This is an implementation of Triple DES Cipher Block Chaining with Output ++ * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). ++ * ++ * Note that there is a known attack on this by Biham and Knudsen but it ++ * takes a lot of work: ++ * ++ * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz ++ * ++ */ ++ ++#include /* To see if OPENSSL_NO_DESCBCM is defined */ ++ ++#ifndef OPENSSL_NO_DESCBCM ++# include "des_locl.h" ++ ++void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *ks1, ++ DES_key_schedule *ks2, DES_key_schedule *ks3, ++ DES_cblock *ivec1, DES_cblock *ivec2, int enc) ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1, m0, m1; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *iv1, *iv2; ++ ++ iv1 = &(*ivec1)[0]; ++ iv2 = &(*ivec2)[0]; ++ ++ if (enc) { ++ c2l(iv1, m0); ++ c2l(iv1, m1); ++ c2l(iv2, tout0); ++ c2l(iv2, tout1); ++ for (l -= 8; l >= -7; l -= 8) { ++ tin[0] = m0; ++ tin[1] = m1; ++ DES_encrypt1(tin, ks3, 1); ++ m0 = tin[0]; ++ m1 = tin[1]; ++ ++ if (l < 0) { ++ c2ln(in, tin0, tin1, l + 8); ++ } else { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ } ++ tin0 ^= tout0; ++ tin1 ^= tout1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt1(tin, ks1, 1); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks2, 0); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks1, 1); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ iv1 = &(*ivec1)[0]; ++ l2c(m0, iv1); ++ l2c(m1, iv1); ++ ++ iv2 = &(*ivec2)[0]; ++ l2c(tout0, iv2); ++ l2c(tout1, iv2); ++ } else { ++ register DES_LONG t0, t1; ++ ++ c2l(iv1, m0); ++ c2l(iv1, m1); ++ c2l(iv2, xor0); ++ c2l(iv2, xor1); ++ for (l -= 8; l >= -7; l -= 8) { ++ tin[0] = m0; ++ tin[1] = m1; ++ DES_encrypt1(tin, ks3, 1); ++ m0 = tin[0]; ++ m1 = tin[1]; ++ ++ c2l(in, tin0); ++ c2l(in, tin1); ++ ++ t0 = tin0; ++ t1 = tin1; ++ ++ tin[0] = tin0; ++ tin[1] = tin1; ++ DES_encrypt1(tin, ks1, 0); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks2, 1); ++ tin[0] ^= m0; ++ tin[1] ^= m1; ++ DES_encrypt1(tin, ks1, 0); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ ++ tout0 ^= xor0; ++ tout1 ^= xor1; ++ if (l < 0) { ++ l2cn(tout0, tout1, out, l + 8); ++ } else { ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ xor0 = t0; ++ xor1 = t1; ++ } ++ ++ iv1 = &(*ivec1)[0]; ++ l2c(m0, iv1); ++ l2c(m1, iv1); ++ ++ iv2 = &(*ivec2)[0]; ++ l2c(xor0, iv2); ++ l2c(xor1, iv2); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c +new file mode 100644 +index 0000000..fcb6654 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/enc_read.c +@@ -0,0 +1,235 @@ ++/* crypto/des/enc_read.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include "des_locl.h" ++ ++/* This has some uglies in it but it works - even over sockets. */ ++/* ++ * extern int errno; ++ */ ++OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode, DES_PCBC_MODE) ++ ++/*- ++ * WARNINGS: ++ * ++ * - The data format used by DES_enc_write() and DES_enc_read() ++ * has a cryptographic weakness: When asked to write more ++ * than MAXWRITE bytes, DES_enc_write will split the data ++ * into several chunks that are all encrypted ++ * using the same IV. So don't use these functions unless you ++ * are sure you know what you do (in which case you might ++ * not want to use them anyway). ++ * ++ * - This code cannot handle non-blocking sockets. ++ * ++ * - This function uses an internal state and thus cannot be ++ * used on multiple files. ++ */ ++int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, ++ DES_cblock *iv) ++{ ++#if defined(OPENSSL_NO_POSIX_IO) ++ return (0); ++#else ++ /* data to be unencrypted */ ++ int net_num = 0; ++ static unsigned char *net = NULL; ++ /* ++ * extra unencrypted data for when a block of 100 comes in but is ++ * des_read one byte at a time. ++ */ ++ static unsigned char *unnet = NULL; ++ static int unnet_start = 0; ++ static int unnet_left = 0; ++ static unsigned char *tmpbuf = NULL; ++ int i; ++ long num = 0, rnum; ++ unsigned char *p; ++ ++ if (tmpbuf == NULL) { ++ tmpbuf = OPENSSL_malloc(BSIZE); ++ if (tmpbuf == NULL) ++ return (-1); ++ } ++ if (net == NULL) { ++ net = OPENSSL_malloc(BSIZE); ++ if (net == NULL) ++ return (-1); ++ } ++ if (unnet == NULL) { ++ unnet = OPENSSL_malloc(BSIZE); ++ if (unnet == NULL) ++ return (-1); ++ } ++ /* left over data from last decrypt */ ++ if (unnet_left != 0) { ++ if (unnet_left < len) { ++ /* ++ * we still still need more data but will return with the number ++ * of bytes we have - should always check the return value ++ */ ++ memcpy(buf, &(unnet[unnet_start]), unnet_left); ++ /* ++ * eay 26/08/92 I had the next 2 lines reversed :-( ++ */ ++ i = unnet_left; ++ unnet_start = unnet_left = 0; ++ } else { ++ memcpy(buf, &(unnet[unnet_start]), len); ++ unnet_start += len; ++ unnet_left -= len; ++ i = len; ++ } ++ return (i); ++ } ++ ++ /* We need to get more data. */ ++ if (len > MAXWRITE) ++ len = MAXWRITE; ++ ++ /* first - get the length */ ++ while (net_num < HDRSIZE) { ++# ifndef OPENSSL_SYS_WIN32 ++ i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); ++# else ++ i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num); ++# endif ++# ifdef EINTR ++ if ((i == -1) && (errno == EINTR)) ++ continue; ++# endif ++ if (i <= 0) ++ return (0); ++ net_num += i; ++ } ++ ++ /* we now have at net_num bytes in net */ ++ p = net; ++ /* num=0; */ ++ n2l(p, num); ++ /* ++ * num should be rounded up to the next group of eight we make sure that ++ * we have read a multiple of 8 bytes from the net. ++ */ ++ if ((num > MAXWRITE) || (num < 0)) /* error */ ++ return (-1); ++ rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8); ++ ++ net_num = 0; ++ while (net_num < rnum) { ++# ifndef OPENSSL_SYS_WIN32 ++ i = read(fd, (void *)&(net[net_num]), rnum - net_num); ++# else ++ i = _read(fd, (void *)&(net[net_num]), rnum - net_num); ++# endif ++# ifdef EINTR ++ if ((i == -1) && (errno == EINTR)) ++ continue; ++# endif ++ if (i <= 0) ++ return (0); ++ net_num += i; ++ } ++ ++ /* Check if there will be data left over. */ ++ if (len < num) { ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); ++ else ++ DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT); ++ memcpy(buf, unnet, len); ++ unnet_start = len; ++ unnet_left = num - len; ++ ++ /* ++ * The following line is done because we return num as the number of ++ * bytes read. ++ */ ++ num = len; ++ } else { ++ /*- ++ * >output is a multiple of 8 byes, if len < rnum ++ * >we must be careful. The user must be aware that this ++ * >routine will write more bytes than he asked for. ++ * >The length of the buffer must be correct. ++ * FIXED - Should be ok now 18-9-90 - eay */ ++ if (len < rnum) { ++ ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); ++ else ++ DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT); ++ ++ /* ++ * eay 26/08/92 fix a bug that returned more bytes than you asked ++ * for (returned len bytes :-( ++ */ ++ memcpy(buf, tmpbuf, num); ++ } else { ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); ++ else ++ DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT); ++ } ++ } ++ return num; ++#endif /* OPENSSL_NO_POSIX_IO */ ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +new file mode 100644 +index 0000000..c2aaa8e +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/enc_writ.c +@@ -0,0 +1,182 @@ ++/* crypto/des/enc_writ.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include ++#include "cryptlib.h" ++#include "des_locl.h" ++#include ++ ++/*- ++ * WARNINGS: ++ * ++ * - The data format used by DES_enc_write() and DES_enc_read() ++ * has a cryptographic weakness: When asked to write more ++ * than MAXWRITE bytes, DES_enc_write will split the data ++ * into several chunks that are all encrypted ++ * using the same IV. So don't use these functions unless you ++ * are sure you know what you do (in which case you might ++ * not want to use them anyway). ++ * ++ * - This code cannot handle non-blocking sockets. ++ */ ++ ++int DES_enc_write(int fd, const void *_buf, int len, ++ DES_key_schedule *sched, DES_cblock *iv) ++{ ++#if defined(OPENSSL_NO_POSIX_IO) ++ return (-1); ++#else ++# ifdef _LIBC ++ extern unsigned long time(); ++ extern int write(); ++# endif ++ const unsigned char *buf = _buf; ++ long rnum; ++ int i, j, k, outnum; ++ static unsigned char *outbuf = NULL; ++ unsigned char shortbuf[8]; ++ unsigned char *p; ++ const unsigned char *cp; ++ static int start = 1; ++ ++ if (len < 0) ++ return -1; ++ ++ if (outbuf == NULL) { ++ outbuf = OPENSSL_malloc(BSIZE + HDRSIZE); ++ if (outbuf == NULL) ++ return (-1); ++ } ++ /* ++ * If we are sending less than 8 bytes, the same char will look the same ++ * if we don't pad it out with random bytes ++ */ ++ if (start) { ++ start = 0; ++ } ++ ++ /* lets recurse if we want to send the data in small chunks */ ++ if (len > MAXWRITE) { ++ j = 0; ++ for (i = 0; i < len; i += k) { ++ k = DES_enc_write(fd, &(buf[i]), ++ ((len - i) > MAXWRITE) ? MAXWRITE : (len - i), ++ sched, iv); ++ if (k < 0) ++ return (k); ++ else ++ j += k; ++ } ++ return (j); ++ } ++ ++ /* write length first */ ++ p = outbuf; ++ l2n(len, p); ++ ++ /* pad short strings */ ++ if (len < 8) { ++ cp = shortbuf; ++ memcpy(shortbuf, buf, len); ++ if (RAND_bytes(shortbuf + len, 8 - len) <= 0) { ++ return -1; ++ } ++ rnum = 8; ++ } else { ++ cp = buf; ++ rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */ ++ } ++ ++ if (DES_rw_mode & DES_PCBC_MODE) ++ DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, ++ iv, DES_ENCRYPT); ++ else ++ DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched, ++ iv, DES_ENCRYPT); ++ ++ /* output */ ++ outnum = rnum + HDRSIZE; ++ ++ for (j = 0; j < outnum; j += i) { ++ /* ++ * eay 26/08/92 I was not doing writing from where we got up to. ++ */ ++# ifndef _WIN32 ++ i = write(fd, (void *)&(outbuf[j]), outnum - j); ++# else ++ i = _write(fd, (void *)&(outbuf[j]), outnum - j); ++# endif ++ if (i == -1) { ++# ifdef EINTR ++ if (errno == EINTR) ++ i = 0; ++ else ++# endif ++ /* ++ * This is really a bad error - very bad It will stuff-up ++ * both ends. ++ */ ++ return (-1); ++ } ++ } ++ ++ return (len); ++#endif /* OPENSSL_NO_POSIX_IO */ ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c +new file mode 100644 +index 0000000..111f1e4 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/fcrypt.c +@@ -0,0 +1,167 @@ ++/* NOCW */ ++#include ++#ifdef _OSD_POSIX ++# ifndef CHARSET_EBCDIC ++# define CHARSET_EBCDIC 1 ++# endif ++#endif ++#ifdef CHARSET_EBCDIC ++# include ++#endif ++ ++/* ++ * This version of crypt has been developed from my MIT compatible DES ++ * library. Eric Young (eay@cryptsoft.com) ++ */ ++ ++/* ++ * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for ++ * shared memory computers. I have included a directive LONGCRYPT to using ++ * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it ++ * used. The MAXPLEN definition is the maximum of length of password and can ++ * changed. I have defined 24. ++ */ ++ ++#include "des_locl.h" ++ ++/* ++ * Added more values to handle illegal salt values the way normal crypt() ++ * implementations do. The patch was sent by Bjorn Gronvall ++ */ ++static unsigned const char con_salt[128] = { ++ 0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, ++ 0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1, ++ 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, ++ 0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1, ++ 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, ++ 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01, ++ 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, ++ 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, ++ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, ++ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, ++ 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, ++ 0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24, ++ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, ++ 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, ++ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, ++ 0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44, ++}; ++ ++static unsigned const char cov_2char[64] = { ++ 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, ++ 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, ++ 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, ++ 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, ++ 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62, ++ 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, ++ 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, ++ 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A ++}; ++ ++char *DES_crypt(const char *buf, const char *salt) ++{ ++ static char buff[14]; ++ ++#ifndef CHARSET_EBCDIC ++ return (DES_fcrypt(buf, salt, buff)); ++#else ++ char e_salt[2 + 1]; ++ char e_buf[32 + 1]; /* replace 32 by 8 ? */ ++ char *ret; ++ ++ /* Copy at most 2 chars of salt */ ++ if ((e_salt[0] = salt[0]) != '\0') ++ e_salt[1] = salt[1]; ++ ++ /* Copy at most 32 chars of password */ ++ strncpy(e_buf, buf, sizeof(e_buf)); ++ ++ /* Make sure we have a delimiter */ ++ e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0'; ++ ++ /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ ++ ebcdic2ascii(e_salt, e_salt, sizeof e_salt); ++ ++ /* Convert the cleartext password to ASCII */ ++ ebcdic2ascii(e_buf, e_buf, sizeof e_buf); ++ ++ /* Encrypt it (from/to ASCII) */ ++ ret = DES_fcrypt(e_buf, e_salt, buff); ++ ++ /* Convert the result back to EBCDIC */ ++ ascii2ebcdic(ret, ret, strlen(ret)); ++ ++ return ret; ++#endif ++} ++ ++char *DES_fcrypt(const char *buf, const char *salt, char *ret) ++{ ++ unsigned int i, j, x, y; ++ DES_LONG Eswap0, Eswap1; ++ DES_LONG out[2], ll; ++ DES_cblock key; ++ DES_key_schedule ks; ++ unsigned char bb[9]; ++ unsigned char *b = bb; ++ unsigned char c, u; ++ ++ /* ++ * eay 25/08/92 If you call crypt("pwd","*") as often happens when you ++ * have * as the pwd field in /etc/passwd, the function returns ++ * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would ++ * crypt to "*". This was found when replacing the crypt in our shared ++ * libraries. People found that the disabled accounts effectively had no ++ * passwd :-(. ++ */ ++#ifndef CHARSET_EBCDIC ++ x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]); ++ Eswap0 = con_salt[x] << 2; ++ x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]); ++ Eswap1 = con_salt[x] << 6; ++#else ++ x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]); ++ Eswap0 = con_salt[x] << 2; ++ x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]); ++ Eswap1 = con_salt[x] << 6; ++#endif ++ ++ /* ++ * EAY r=strlen(buf); r=(r+7)/8; ++ */ ++ for (i = 0; i < 8; i++) { ++ c = *(buf++); ++ if (!c) ++ break; ++ key[i] = (c << 1); ++ } ++ for (; i < 8; i++) ++ key[i] = 0; ++ ++ DES_set_key_unchecked(&key, &ks); ++ fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1); ++ ++ ll = out[0]; ++ l2c(ll, b); ++ ll = out[1]; ++ l2c(ll, b); ++ y = 0; ++ u = 0x80; ++ bb[8] = 0; ++ for (i = 2; i < 13; i++) { ++ c = 0; ++ for (j = 0; j < 6; j++) { ++ c <<= 1; ++ if (bb[y] & u) ++ c |= 1; ++ u >>= 1; ++ if (!u) { ++ y++; ++ u = 0x80; ++ } ++ } ++ ret[i] = cov_2char[c]; ++ } ++ ret[13] = '\0'; ++ return (ret); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +new file mode 100644 +index 0000000..b9e8738 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c +@@ -0,0 +1,140 @@ ++/* crypto/des/fcrypt_b.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++ ++/* ++ * This version of crypt has been developed from my MIT compatible DES ++ * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au ++ * Eric Young (eay@cryptsoft.com) ++ */ ++ ++#define DES_FCRYPT ++#include "des_locl.h" ++#undef DES_FCRYPT ++ ++#undef PERM_OP ++#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ ++ (b)^=(t),\ ++ (a)^=((t)<<(n))) ++ ++#undef HPERM_OP ++#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ ++ (a)=(a)^(t)^(t>>(16-(n))))\ ++ ++void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, ++ DES_LONG Eswap1) ++{ ++ register DES_LONG l, r, t, u; ++#ifdef DES_PTR ++ register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans; ++#endif ++ register DES_LONG *s; ++ register int j; ++ register DES_LONG E0, E1; ++ ++ l = 0; ++ r = 0; ++ ++ s = (DES_LONG *)ks; ++ E0 = Eswap0; ++ E1 = Eswap1; ++ ++ for (j = 0; j < 25; j++) { ++#ifndef DES_UNROLL ++ register int i; ++ ++ for (i = 0; i < 32; i += 4) { ++ D_ENCRYPT(l, r, i + 0); /* 1 */ ++ D_ENCRYPT(r, l, i + 2); /* 2 */ ++ } ++#else ++ D_ENCRYPT(l, r, 0); /* 1 */ ++ D_ENCRYPT(r, l, 2); /* 2 */ ++ D_ENCRYPT(l, r, 4); /* 3 */ ++ D_ENCRYPT(r, l, 6); /* 4 */ ++ D_ENCRYPT(l, r, 8); /* 5 */ ++ D_ENCRYPT(r, l, 10); /* 6 */ ++ D_ENCRYPT(l, r, 12); /* 7 */ ++ D_ENCRYPT(r, l, 14); /* 8 */ ++ D_ENCRYPT(l, r, 16); /* 9 */ ++ D_ENCRYPT(r, l, 18); /* 10 */ ++ D_ENCRYPT(l, r, 20); /* 11 */ ++ D_ENCRYPT(r, l, 22); /* 12 */ ++ D_ENCRYPT(l, r, 24); /* 13 */ ++ D_ENCRYPT(r, l, 26); /* 14 */ ++ D_ENCRYPT(l, r, 28); /* 15 */ ++ D_ENCRYPT(r, l, 30); /* 16 */ ++#endif ++ ++ t = l; ++ l = r; ++ r = t; ++ } ++ l = ROTATE(l, 3) & 0xffffffffL; ++ r = ROTATE(r, 3) & 0xffffffffL; ++ ++ PERM_OP(l, r, t, 1, 0x55555555L); ++ PERM_OP(r, l, t, 8, 0x00ff00ffL); ++ PERM_OP(l, r, t, 2, 0x33333333L); ++ PERM_OP(r, l, t, 16, 0x0000ffffL); ++ PERM_OP(l, r, t, 4, 0x0f0f0f0fL); ++ ++ out[0] = r; ++ out[1] = l; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c b/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c +new file mode 100644 +index 0000000..ab267cb +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/ncbc_enc.c +@@ -0,0 +1,154 @@ ++/* crypto/des/ncbc_enc.c */ ++/*- ++ * #included by: ++ * cbc_enc.c (DES_cbc_encrypt) ++ * des_enc.c (DES_ncbc_encrypt) ++ */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++#ifdef CBC_ENC_C__DONT_UPDATE_IV ++void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, ++ DES_key_schedule *_schedule, DES_cblock *ivec, int enc) ++#else ++void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *_schedule, ++ DES_cblock *ivec, int enc) ++#endif ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *iv; ++ ++ iv = &(*ivec)[0]; ++ ++ if (enc) { ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ tin0 ^= tout0; ++ tin[0] = tin0; ++ tin1 ^= tout1; ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); ++ tout0 = tin[0]; ++ l2c(tout0, out); ++ tout1 = tin[1]; ++ l2c(tout1, out); ++ } ++ if (l != -8) { ++ c2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0; ++ tin[0] = tin0; ++ tin1 ^= tout1; ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT); ++ tout0 = tin[0]; ++ l2c(tout0, out); ++ tout1 = tin[1]; ++ l2c(tout1, out); ++ } ++#ifndef CBC_ENC_C__DONT_UPDATE_IV ++ iv = &(*ivec)[0]; ++ l2c(tout0, iv); ++ l2c(tout1, iv); ++#endif ++ } else { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ tin[0] = tin0; ++ c2l(in, tin1); ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ c2l(in, tin0); ++ tin[0] = tin0; ++ c2l(in, tin1); ++ tin[1] = tin1; ++ DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ l2cn(tout0, tout1, out, l + 8); ++#ifndef CBC_ENC_C__DONT_UPDATE_IV ++ xor0 = tin0; ++ xor1 = tin1; ++#endif ++ } ++#ifndef CBC_ENC_C__DONT_UPDATE_IV ++ iv = &(*ivec)[0]; ++ l2c(xor0, iv); ++ l2c(xor1, iv); ++#endif ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ tin[0] = tin[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c +new file mode 100644 +index 0000000..45c6750 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c +@@ -0,0 +1,123 @@ ++/* crypto/des/ofb64ede.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; ++ */ ++void DES_ede3_ofb64_encrypt(register const unsigned char *in, ++ register unsigned char *out, long length, ++ DES_key_schedule *k1, DES_key_schedule *k2, ++ DES_key_schedule *k3, DES_cblock *ivec, int *num) ++{ ++ register DES_LONG v0, v1; ++ register int n = *num; ++ register long l = length; ++ DES_cblock d; ++ register char *dp; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++ int save = 0; ++ ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = (char *)d; ++ l2c(v0, dp); ++ l2c(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ /* ti[0]=v0; */ ++ /* ti[1]=v1; */ ++ DES_encrypt3(ti, k1, k2, k3); ++ v0 = ti[0]; ++ v1 = ti[1]; ++ ++ dp = (char *)d; ++ l2c(v0, dp); ++ l2c(v1, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++/*- v0=ti[0]; ++ v1=ti[1];*/ ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ } ++ v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} ++ ++#ifdef undef /* MACRO */ ++void DES_ede2_ofb64_encrypt(register unsigned char *in, ++ register unsigned char *out, long length, ++ DES_key_schedule k1, DES_key_schedule k2, ++ DES_cblock (*ivec), int *num) ++{ ++ DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c +new file mode 100644 +index 0000000..8e72dec +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c +@@ -0,0 +1,109 @@ ++/* crypto/des/ofb64enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++/* ++ * The input and output encrypted as though 64bit ofb mode is being used. ++ * The extra state information to record how much of the 64bit block we have ++ * used is contained in *num; ++ */ ++void DES_ofb64_encrypt(register const unsigned char *in, ++ register unsigned char *out, long length, ++ DES_key_schedule *schedule, DES_cblock *ivec, int *num) ++{ ++ register DES_LONG v0, v1, t; ++ register int n = *num; ++ register long l = length; ++ DES_cblock d; ++ register unsigned char *dp; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++ int save = 0; ++ ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ dp = d; ++ l2c(v0, dp); ++ l2c(v1, dp); ++ while (l--) { ++ if (n == 0) { ++ DES_encrypt1(ti, schedule, DES_ENCRYPT); ++ dp = d; ++ t = ti[0]; ++ l2c(t, dp); ++ t = ti[1]; ++ l2c(t, dp); ++ save++; ++ } ++ *(out++) = *(in++) ^ d[n]; ++ n = (n + 1) & 0x07; ++ } ++ if (save) { ++ v0 = ti[0]; ++ v1 = ti[1]; ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ } ++ t = v0 = v1 = ti[0] = ti[1] = 0; ++ *num = n; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c +new file mode 100644 +index 0000000..02a7877 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c +@@ -0,0 +1,131 @@ ++/* crypto/des/ofb_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++/* ++ * The input and output are loaded in multiples of 8 bits. What this means is ++ * that if you hame numbits=12 and length=2 the first 12 bits will be ++ * retrieved from the first byte and half the second. The second 12 bits ++ * will come from the 3rd and half the 4th byte. ++ */ ++void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec) ++{ ++ register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8; ++ register DES_LONG mask0, mask1; ++ register long l = length; ++ register int num = numbits; ++ DES_LONG ti[2]; ++ unsigned char *iv; ++ ++ if (num > 64) ++ return; ++ if (num > 32) { ++ mask0 = 0xffffffffL; ++ if (num >= 64) ++ mask1 = mask0; ++ else ++ mask1 = (1L << (num - 32)) - 1; ++ } else { ++ if (num == 32) ++ mask0 = 0xffffffffL; ++ else ++ mask0 = (1L << num) - 1; ++ mask1 = 0x00000000L; ++ } ++ ++ iv = &(*ivec)[0]; ++ c2l(iv, v0); ++ c2l(iv, v1); ++ ti[0] = v0; ++ ti[1] = v1; ++ while (l-- > 0) { ++ ti[0] = v0; ++ ti[1] = v1; ++ DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT); ++ vv0 = ti[0]; ++ vv1 = ti[1]; ++ c2ln(in, d0, d1, n); ++ in += n; ++ d0 = (d0 ^ vv0) & mask0; ++ d1 = (d1 ^ vv1) & mask1; ++ l2cn(d0, d1, out, n); ++ out += n; ++ ++ if (num == 32) { ++ v0 = v1; ++ v1 = vv0; ++ } else if (num == 64) { ++ v0 = vv0; ++ v1 = vv1; ++ } else if (num > 32) { /* && num != 64 */ ++ v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL; ++ v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL; ++ } else { /* num < 32 */ ++ ++ v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL; ++ v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL; ++ } ++ } ++ iv = &(*ivec)[0]; ++ l2c(v0, iv); ++ l2c(v1, iv); ++ v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c +new file mode 100644 +index 0000000..144d5ed +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c +@@ -0,0 +1,115 @@ ++/* crypto/des/pcbc_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, int enc) ++{ ++ register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1; ++ DES_LONG tin[2]; ++ const unsigned char *in; ++ unsigned char *out, *iv; ++ ++ in = input; ++ out = output; ++ iv = &(*ivec)[0]; ++ ++ if (enc) { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (; length > 0; length -= 8) { ++ if (length >= 8) { ++ c2l(in, sin0); ++ c2l(in, sin1); ++ } else ++ c2ln(in, sin0, sin1, length); ++ tin[0] = sin0 ^ xor0; ++ tin[1] = sin1 ^ xor1; ++ DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT); ++ tout0 = tin[0]; ++ tout1 = tin[1]; ++ xor0 = sin0 ^ tout0; ++ xor1 = sin1 ^ tout1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } ++ } else { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (; length > 0; length -= 8) { ++ c2l(in, sin0); ++ c2l(in, sin1); ++ tin[0] = sin0; ++ tin[1] = sin1; ++ DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0; ++ tout1 = tin[1] ^ xor1; ++ if (length >= 8) { ++ l2c(tout0, out); ++ l2c(tout1, out); ++ } else ++ l2cn(tout0, tout1, out, length); ++ xor0 = tout0 ^ sin0; ++ xor1 = tout1 ^ sin1; ++ } ++ } ++ tin[0] = tin[1] = 0; ++ sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c +new file mode 100644 +index 0000000..2a168a5 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c +@@ -0,0 +1,143 @@ ++/* crypto/des/qud_cksm.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++/* ++ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE ++ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in ++ * only based on the code in this paper and is almost definitely not the same ++ * as the MIT implementation. ++ */ ++#include "des_locl.h" ++ ++/* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */ ++#define Q_B0(a) (((DES_LONG)(a))) ++#define Q_B1(a) (((DES_LONG)(a))<<8) ++#define Q_B2(a) (((DES_LONG)(a))<<16) ++#define Q_B3(a) (((DES_LONG)(a))<<24) ++ ++/* used to scramble things a bit */ ++/* Got the value MIT uses via brute force :-) 2/10/90 eay */ ++#define NOISE ((DES_LONG)83653421L) ++ ++DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], ++ long length, int out_count, DES_cblock *seed) ++{ ++ DES_LONG z0, z1, t0, t1; ++ int i; ++ long l; ++ const unsigned char *cp; ++#ifdef _CRAY ++ struct lp_st { ++ int a:32; ++ int b:32; ++ } *lp; ++#else ++ DES_LONG *lp; ++#endif ++ ++ if (out_count < 1) ++ out_count = 1; ++#ifdef _CRAY ++ lp = (struct lp_st *)&(output[0])[0]; ++#else ++ lp = (DES_LONG *)&(output[0])[0]; ++#endif ++ ++ z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) | ++ Q_B3((*seed)[3]); ++ z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) | ++ Q_B3((*seed)[7]); ++ ++ for (i = 0; ((i < 4) && (i < out_count)); i++) { ++ cp = input; ++ l = length; ++ while (l > 0) { ++ if (l > 1) { ++ t0 = (DES_LONG)(*(cp++)); ++ t0 |= (DES_LONG)Q_B1(*(cp++)); ++ l--; ++ } else ++ t0 = (DES_LONG)(*(cp++)); ++ l--; ++ /* add */ ++ t0 += z0; ++ t0 &= 0xffffffffL; ++ t1 = z1; ++ /* square, well sort of square */ ++ z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL)) ++ & 0xffffffffL) % 0x7fffffffL; ++ z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) % ++ 0x7fffffffL; ++ } ++ if (lp != NULL) { ++ /* ++ * The MIT library assumes that the checksum is composed of ++ * 2*out_count 32 bit ints ++ */ ++#ifdef _CRAY ++ (*lp).a = z0; ++ (*lp).b = z1; ++ lp++; ++#else ++ *lp++ = z0; ++ *lp++ = z1; ++#endif ++ } ++ } ++ return (z0); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c +new file mode 100644 +index 0000000..b75cc5f +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/rand_key.c +@@ -0,0 +1,67 @@ ++/* crypto/des/rand_key.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++ ++int DES_random_key(DES_cblock *ret) ++{ ++ do { ++ if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) ++ return (0); ++ } while (DES_is_weak_key(ret)); ++ DES_set_odd_parity(ret); ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c +new file mode 100644 +index 0000000..7633139 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/read2pwd.c +@@ -0,0 +1,144 @@ ++/* crypto/des/read2pwd.c */ ++/* ==================================================================== ++ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef BUFSIZ ++#define BUFSIZ 256 ++#endif ++ ++int DES_read_password(DES_cblock *key, const char *prompt, int verify) ++{ ++ int ok; ++ char buf[BUFSIZ], buff[BUFSIZ]; ++ ++ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) ++ DES_string_to_key(buf, key); ++ OPENSSL_cleanse(buf, BUFSIZ); ++ OPENSSL_cleanse(buff, BUFSIZ); ++ return (ok); ++} ++ ++int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, ++ const char *prompt, int verify) ++{ ++ int ok; ++ char buf[BUFSIZ], buff[BUFSIZ]; ++ ++ if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0) ++ DES_string_to_2keys(buf, key1, key2); ++ OPENSSL_cleanse(buf, BUFSIZ); ++ OPENSSL_cleanse(buff, BUFSIZ); ++ return (ok); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_des.h b/Cryptlib/OpenSSL/crypto/des/rpc_des.h +new file mode 100644 +index 0000000..4db9062 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/rpc_des.h +@@ -0,0 +1,130 @@ ++/* crypto/des/rpc_des.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++/* @(#)des.h 2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI */ ++/*- ++ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for ++ * unrestricted use provided that this legend is included on all tape ++ * media and as a part of the software program in whole or part. Users ++ * may copy or modify Sun RPC without charge, but are not authorized ++ * to license or distribute it to anyone else except as part of a product or ++ * program developed by the user. ++ * ++ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE ++ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. ++ * ++ * Sun RPC is provided with no support and without any obligation on the ++ * part of Sun Microsystems, Inc. to assist in its use, correction, ++ * modification or enhancement. ++ * ++ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE ++ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC ++ * OR ANY PART THEREOF. ++ * ++ * In no event will Sun Microsystems, Inc. be liable for any lost revenue ++ * or profits or other special, indirect and consequential damages, even if ++ * Sun has been advised of the possibility of such damages. ++ * ++ * Sun Microsystems, Inc. ++ * 2550 Garcia Avenue ++ * Mountain View, California 94043 ++ */ ++/* ++ * Generic DES driver interface ++ * Keep this file hardware independent! ++ * Copyright (c) 1986 by Sun Microsystems, Inc. ++ */ ++ ++#define DES_MAXLEN 65536 /* maximum # of bytes to encrypt */ ++#define DES_QUICKLEN 16 /* maximum # of bytes to encrypt quickly */ ++ ++#ifdef HEADER_DES_H ++# undef ENCRYPT ++# undef DECRYPT ++#endif ++ ++enum desdir { ENCRYPT, DECRYPT }; ++enum desmode { CBC, ECB }; ++ ++/* ++ * parameters to ioctl call ++ */ ++struct desparams { ++ unsigned char des_key[8]; /* key (with low bit parity) */ ++ enum desdir des_dir; /* direction */ ++ enum desmode des_mode; /* mode */ ++ unsigned char des_ivec[8]; /* input vector */ ++ unsigned des_len; /* number of bytes to crypt */ ++ union { ++ unsigned char UDES_data[DES_QUICKLEN]; ++ unsigned char *UDES_buf; ++ } UDES; ++#define des_data UDES.UDES_data /* direct data here if quick */ ++#define des_buf UDES.UDES_buf /* otherwise, pointer to data */ ++}; ++ ++/* ++ * Encrypt an arbitrary sized buffer ++ */ ++#define DESIOCBLOCK _IOWR('d', 6, struct desparams) ++ ++/* ++ * Encrypt of small amount of data, quickly ++ */ ++#define DESIOCQUICK _IOWR('d', 7, struct desparams) +diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c +new file mode 100644 +index 0000000..f5a84c5 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c +@@ -0,0 +1,100 @@ ++/* crypto/des/rpc_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "rpc_des.h" ++#include "des_locl.h" ++#include "des_ver.h" ++ ++int _des_crypt(char *buf, int len, struct desparams *desp); ++int _des_crypt(char *buf, int len, struct desparams *desp) ++{ ++ DES_key_schedule ks; ++ int enc; ++ ++ DES_set_key_unchecked(&desp->des_key, &ks); ++ enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT; ++ ++ if (desp->des_mode == CBC) ++ DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, ++ (DES_cblock *)desp->UDES.UDES_buf, &ks, enc); ++ else { ++ DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf, ++ len, &ks, &desp->des_ivec, enc); ++#ifdef undef ++ /* ++ * len will always be %8 if called from common_crypt in secure_rpc. ++ * Libdes's cbc encrypt does not copy back the iv, so we have to do ++ * it here. ++ */ ++ /* It does now :-) eay 20/09/95 */ ++ ++ a = (char *)&(desp->UDES.UDES_buf[len - 8]); ++ b = (char *)&(desp->des_ivec[0]); ++ ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++ *(a++) = *(b++); ++#endif ++ } ++ return (1); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c +new file mode 100644 +index 0000000..8fd8fe1 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/set_key.c +@@ -0,0 +1,447 @@ ++/* crypto/des/set_key.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++/*- ++ * set_key.c v 1.4 eay 24/9/91 ++ * 1.4 Speed up by 400% :-) ++ * 1.3 added register declarations. ++ * 1.2 unrolled make_key_sched a bit more ++ * 1.1 added norm_expand_bits ++ * 1.0 First working version ++ */ ++#include ++#include "des_locl.h" ++ ++OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) ++ /* ++ * defaults to false ++ */ ++static const unsigned char odd_parity[256] = { ++ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, ++ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, ++ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, ++ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, ++ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, ++ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, ++ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, ++ 110, ++ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, ++ 127, ++ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, ++ 143, ++ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, ++ 158, ++ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, ++ 174, ++ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, ++ 191, ++ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, ++ 206, ++ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, ++ 223, ++ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, ++ 239, ++ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, ++ 254 ++}; ++ ++void DES_set_odd_parity(DES_cblock *key) ++{ ++ unsigned int i; ++ ++ for (i = 0; i < DES_KEY_SZ; i++) ++ (*key)[i] = odd_parity[(*key)[i]]; ++} ++ ++int DES_check_key_parity(const_DES_cblock *key) ++{ ++ unsigned int i; ++ ++ for (i = 0; i < DES_KEY_SZ; i++) { ++ if ((*key)[i] != odd_parity[(*key)[i]]) ++ return (0); ++ } ++ return (1); ++} ++ ++/*- ++ * Weak and semi week keys as take from ++ * %A D.W. Davies ++ * %A W.L. Price ++ * %T Security for Computer Networks ++ * %I John Wiley & Sons ++ * %D 1984 ++ * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference ++ * (and actual cblock values). ++ */ ++#define NUM_WEAK_KEY 16 ++static const DES_cblock weak_keys[NUM_WEAK_KEY] = { ++ /* weak keys */ ++ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, ++ {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, ++ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, ++ {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, ++ /* semi-weak keys */ ++ {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, ++ {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, ++ {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, ++ {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, ++ {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, ++ {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, ++ {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, ++ {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, ++ {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, ++ {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, ++ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, ++ {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1} ++}; ++ ++int DES_is_weak_key(const_DES_cblock *key) ++{ ++ int i; ++ ++ for (i = 0; i < NUM_WEAK_KEY; i++) ++ /* ++ * Added == 0 to comparison, I obviously don't run this section very ++ * often :-(, thanks to engineering@MorningStar.Com for the fix eay ++ * 93/06/29 Another problem, I was comparing only the first 4 bytes, ++ * 97/03/18 ++ */ ++ if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0) ++ return (1); ++ return (0); ++} ++ ++/*- ++ * NOW DEFINED IN des_local.h ++ * See ecb_encrypt.c for a pseudo description of these macros. ++ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ ++ * (b)^=(t),\ ++ * (a)=((a)^((t)<<(n)))) ++ */ ++ ++#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ ++ (a)=(a)^(t)^(t>>(16-(n)))) ++ ++static const DES_LONG des_skb[8][64] = { ++ { ++ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ ++ 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, ++ 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, ++ 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, ++ 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, ++ 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, ++ 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, ++ 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, ++ 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, ++ 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, ++ 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, ++ 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, ++ 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, ++ 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, ++ 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, ++ 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, ++ 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, ++ }, ++ { ++ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ ++ 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, ++ 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, ++ 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, ++ 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, ++ 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, ++ 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, ++ 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, ++ 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, ++ 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, ++ 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, ++ 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, ++ 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, ++ 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, ++ 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, ++ 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, ++ 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, ++ }, ++ { ++ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ ++ 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, ++ 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, ++ 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, ++ 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, ++ 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, ++ 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, ++ 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, ++ 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, ++ 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, ++ 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, ++ 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, ++ 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, ++ 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, ++ 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, ++ 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, ++ 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, ++ }, ++ { ++ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ ++ 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, ++ 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, ++ 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, ++ 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, ++ 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, ++ 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, ++ 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, ++ 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, ++ 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, ++ 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, ++ 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, ++ 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, ++ 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, ++ 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, ++ 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, ++ 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ ++ 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, ++ 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, ++ 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, ++ 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, ++ 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, ++ 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, ++ 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, ++ 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, ++ 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, ++ 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, ++ 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, ++ 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, ++ 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, ++ 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, ++ 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, ++ 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ ++ 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, ++ 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, ++ 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, ++ 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, ++ 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, ++ 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, ++ 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, ++ 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, ++ 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, ++ 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, ++ 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, ++ 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, ++ 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, ++ 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, ++ 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, ++ 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ ++ 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, ++ 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, ++ 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, ++ 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, ++ 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, ++ 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, ++ 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, ++ 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, ++ 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, ++ 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, ++ 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, ++ 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, ++ 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, ++ 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, ++ 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, ++ 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, ++ }, ++ { ++ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ ++ 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, ++ 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, ++ 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, ++ 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, ++ 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, ++ 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, ++ 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, ++ 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, ++ 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, ++ 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, ++ 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, ++ 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, ++ 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, ++ 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, ++ 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, ++ 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, ++ } ++}; ++ ++int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) ++{ ++ if (DES_check_key) { ++ return DES_set_key_checked(key, schedule); ++ } else { ++ DES_set_key_unchecked(key, schedule); ++ return 0; ++ } ++} ++ ++/*- ++ * return 0 if key parity is odd (correct), ++ * return -1 if key parity error, ++ * return -2 if illegal weak key. ++ */ ++int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) ++{ ++ if (!DES_check_key_parity(key)) ++ return (-1); ++ if (DES_is_weak_key(key)) ++ return (-2); ++ DES_set_key_unchecked(key, schedule); ++ return 0; ++} ++ ++void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) ++#ifdef OPENSSL_FIPS ++{ ++ fips_cipher_abort(DES); ++ private_DES_set_key_unchecked(key, schedule); ++} ++ ++void private_DES_set_key_unchecked(const_DES_cblock *key, ++ DES_key_schedule *schedule) ++#endif ++{ ++ static const int shifts2[16] = ++ { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; ++ register DES_LONG c, d, t, s, t2; ++ register const unsigned char *in; ++ register DES_LONG *k; ++ register int i; ++ ++#ifdef OPENBSD_DEV_CRYPTO ++ memcpy(schedule->key, key, sizeof schedule->key); ++ schedule->session = NULL; ++#endif ++ k = &schedule->ks->deslong[0]; ++ in = &(*key)[0]; ++ ++ c2l(in, c); ++ c2l(in, d); ++ ++ /* ++ * do PC1 in 47 simple operations :-) Thanks to John Fletcher ++ * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-) ++ */ ++ PERM_OP(d, c, t, 4, 0x0f0f0f0fL); ++ HPERM_OP(c, t, -2, 0xcccc0000L); ++ HPERM_OP(d, t, -2, 0xcccc0000L); ++ PERM_OP(d, c, t, 1, 0x55555555L); ++ PERM_OP(c, d, t, 8, 0x00ff00ffL); ++ PERM_OP(d, c, t, 1, 0x55555555L); ++ d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | ++ ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); ++ c &= 0x0fffffffL; ++ ++ for (i = 0; i < ITERATIONS; i++) { ++ if (shifts2[i]) { ++ c = ((c >> 2L) | (c << 26L)); ++ d = ((d >> 2L) | (d << 26L)); ++ } else { ++ c = ((c >> 1L) | (c << 27L)); ++ d = ((d >> 1L) | (d << 27L)); ++ } ++ c &= 0x0fffffffL; ++ d &= 0x0fffffffL; ++ /* ++ * could be a few less shifts but I am to lazy at this point in time ++ * to investigate ++ */ ++ s = des_skb[0][(c) & 0x3f] | ++ des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | ++ des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | ++ des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | ++ ((c >> 22L) & 0x38)]; ++ t = des_skb[4][(d) & 0x3f] | ++ des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | ++ des_skb[6][(d >> 15L) & 0x3f] | ++ des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; ++ ++ /* table contained 0213 4657 */ ++ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; ++ *(k++) = ROTATE(t2, 30) & 0xffffffffL; ++ ++ t2 = ((s >> 16L) | (t & 0xffff0000L)); ++ *(k++) = ROTATE(t2, 26) & 0xffffffffL; ++ } ++} ++ ++int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) ++{ ++ return (DES_set_key(key, schedule)); ++} ++ ++/*- ++#undef des_fixup_key_parity ++void des_fixup_key_parity(des_cblock *key) ++ { ++ des_set_odd_parity(key); ++ } ++*/ +diff --git a/Cryptlib/OpenSSL/crypto/des/spr.h b/Cryptlib/OpenSSL/crypto/des/spr.h +new file mode 100644 +index 0000000..e85d310 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/spr.h +@@ -0,0 +1,212 @@ ++/* crypto/des/spr.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64] = { ++ { ++ /* nibble 0 */ ++ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, ++ 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, ++ 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, ++ 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, ++ 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, ++ 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, ++ 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, ++ 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, ++ 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, ++ 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, ++ 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, ++ 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, ++ 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, ++ 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, ++ 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, ++ 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, ++ }, ++ { ++ /* nibble 1 */ ++ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, ++ 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, ++ 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, ++ 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, ++ 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, ++ 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, ++ 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, ++ 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, ++ 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, ++ 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, ++ 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, ++ 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, ++ 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, ++ 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, ++ 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, ++ 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, ++ }, ++ { ++ /* nibble 2 */ ++ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, ++ 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, ++ 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, ++ 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, ++ 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, ++ 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, ++ 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, ++ 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, ++ 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, ++ 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, ++ 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, ++ 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, ++ 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, ++ 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, ++ 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, ++ 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, ++ }, ++ { ++ /* nibble 3 */ ++ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, ++ 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, ++ 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, ++ 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, ++ 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, ++ 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, ++ 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, ++ 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, ++ 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, ++ 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, ++ 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, ++ 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, ++ 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, ++ 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, ++ 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, ++ 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, ++ }, ++ { ++ /* nibble 4 */ ++ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, ++ 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, ++ 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, ++ 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, ++ 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, ++ 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, ++ 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, ++ 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, ++ 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, ++ 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, ++ 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, ++ 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, ++ 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, ++ 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, ++ 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, ++ 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, ++ }, ++ { ++ /* nibble 5 */ ++ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, ++ 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, ++ 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, ++ 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, ++ 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, ++ 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, ++ 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, ++ 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, ++ 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, ++ 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, ++ 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, ++ 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, ++ 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, ++ 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, ++ 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, ++ 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, ++ }, ++ { ++ /* nibble 6 */ ++ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, ++ 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, ++ 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, ++ 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, ++ 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, ++ 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, ++ 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, ++ 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, ++ 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, ++ 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, ++ 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, ++ 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, ++ 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, ++ 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, ++ 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, ++ 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, ++ }, ++ { ++ /* nibble 7 */ ++ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, ++ 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, ++ 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, ++ 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, ++ 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, ++ 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, ++ 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, ++ 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, ++ 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, ++ 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, ++ 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, ++ 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, ++ 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, ++ 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, ++ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, ++ 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, ++ } ++}; +diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c +new file mode 100644 +index 0000000..38a478c +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/str2key.c +@@ -0,0 +1,164 @@ ++/* crypto/des/str2key.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "des_locl.h" ++ ++void DES_string_to_key(const char *str, DES_cblock *key) ++{ ++ DES_key_schedule ks; ++ int i, length; ++ register unsigned char j; ++ ++ memset(key, 0, 8); ++ length = strlen(str); ++#ifdef OLD_STR_TO_KEY ++ for (i = 0; i < length; i++) ++ (*key)[i % 8] ^= (str[i] << 1); ++#else /* MIT COMPATIBLE */ ++ for (i = 0; i < length; i++) { ++ j = str[i]; ++ if ((i % 16) < 8) ++ (*key)[i % 8] ^= (j << 1); ++ else { ++ /* Reverse the bit order 05/05/92 eay */ ++ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); ++ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); ++ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); ++ (*key)[7 - (i % 8)] ^= j; ++ } ++ } ++#endif ++ DES_set_odd_parity(key); ++#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY ++ if (DES_is_weak_key(key)) ++ (*key)[7] ^= 0xF0; ++ DES_set_key(key, &ks); ++#else ++ DES_set_key_unchecked(key, &ks); ++#endif ++ DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key); ++ OPENSSL_cleanse(&ks, sizeof(ks)); ++ DES_set_odd_parity(key); ++} ++ ++void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) ++{ ++ DES_key_schedule ks; ++ int i, length; ++ register unsigned char j; ++ ++ memset(key1, 0, 8); ++ memset(key2, 0, 8); ++ length = strlen(str); ++#ifdef OLD_STR_TO_KEY ++ if (length <= 8) { ++ for (i = 0; i < length; i++) { ++ (*key2)[i] = (*key1)[i] = (str[i] << 1); ++ } ++ } else { ++ for (i = 0; i < length; i++) { ++ if ((i / 8) & 1) ++ (*key2)[i % 8] ^= (str[i] << 1); ++ else ++ (*key1)[i % 8] ^= (str[i] << 1); ++ } ++ } ++#else /* MIT COMPATIBLE */ ++ for (i = 0; i < length; i++) { ++ j = str[i]; ++ if ((i % 32) < 16) { ++ if ((i % 16) < 8) ++ (*key1)[i % 8] ^= (j << 1); ++ else ++ (*key2)[i % 8] ^= (j << 1); ++ } else { ++ j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f); ++ j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33); ++ j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55); ++ if ((i % 16) < 8) ++ (*key1)[7 - (i % 8)] ^= j; ++ else ++ (*key2)[7 - (i % 8)] ^= j; ++ } ++ } ++ if (length <= 8) ++ memcpy(key2, key1, 8); ++#endif ++ DES_set_odd_parity(key1); ++ DES_set_odd_parity(key2); ++#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY ++ if (DES_is_weak_key(key1)) ++ (*key1)[7] ^= 0xF0; ++ DES_set_key(key1, &ks); ++#else ++ DES_set_key_unchecked(key1, &ks); ++#endif ++ DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1); ++#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY ++ if (DES_is_weak_key(key2)) ++ (*key2)[7] ^= 0xF0; ++ DES_set_key(key2, &ks); ++#else ++ DES_set_key_unchecked(key2, &ks); ++#endif ++ DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2); ++ OPENSSL_cleanse(&ks, sizeof(ks)); ++ DES_set_odd_parity(key1); ++ DES_set_odd_parity(key2); ++} +diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +new file mode 100644 +index 0000000..6fe021b +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c +@@ -0,0 +1,216 @@ ++/* crypto/des/xcbc_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include "des_locl.h" ++ ++/* RSA's DESX */ ++ ++#if 0 /* broken code, preserved just in case anyone ++ * specifically looks for this */ ++static const unsigned char desx_white_in2out[256] = { ++ 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C, ++ 0x1B, 0x33, 0xFD, 0xD0, ++ 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B, ++ 0x31, 0xBB, 0x21, 0x5A, ++ 0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3, ++ 0x27, 0x5F, 0x80, 0x36, ++ 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0, ++ 0xA6, 0x3F, 0xD8, 0x0C, ++ 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7, ++ 0xE8, 0x07, 0xB8, 0x60, ++ 0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E, ++ 0x86, 0x00, 0x84, 0xFA, ++ 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12, ++ 0xBA, 0x3C, 0x06, 0x4E, ++ 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71, ++ 0x74, 0xD3, 0xE4, 0xBF, ++ 0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03, ++ 0x79, 0x89, 0x62, 0xC6, ++ 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02, ++ 0x75, 0xD5, 0x61, 0xE3, ++ 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57, ++ 0x63, 0xCA, 0x3D, 0x6C, ++ 0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F, ++ 0x58, 0xE0, 0x01, 0xE2, ++ 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B, ++ 0x82, 0xF9, 0x40, 0xB5, ++ 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28, ++ 0xAA, 0x98, 0x9D, 0xA5, ++ 0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E, ++ 0xDD, 0x76, 0x5C, 0x2F, ++ 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9, ++ 0x4C, 0xFF, 0x43, 0xAB, ++}; ++ ++void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, ++ DES_cblock *out_white) ++{ ++ int out0, out1; ++ int i; ++ const unsigned char *key = &(*des_key)[0]; ++ const unsigned char *in = &(*in_white)[0]; ++ unsigned char *out = &(*out_white)[0]; ++ ++ out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0; ++ out0 = out1 = 0; ++ for (i = 0; i < 8; i++) { ++ out[i] = key[i] ^ desx_white_in2out[out0 ^ out1]; ++ out0 = out1; ++ out1 = (int)out[i & 0x07]; ++ } ++ ++ out0 = out[0]; ++ out1 = out[i]; /* BUG: out-of-bounds read */ ++ for (i = 0; i < 8; i++) { ++ out[i] = in[i] ^ desx_white_in2out[out0 ^ out1]; ++ out0 = out1; ++ out1 = (int)out[i & 0x07]; ++ } ++} ++#endif ++ ++void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, ++ long length, DES_key_schedule *schedule, ++ DES_cblock *ivec, const_DES_cblock *inw, ++ const_DES_cblock *outw, int enc) ++{ ++ register DES_LONG tin0, tin1; ++ register DES_LONG tout0, tout1, xor0, xor1; ++ register DES_LONG inW0, inW1, outW0, outW1; ++ register const unsigned char *in2; ++ register long l = length; ++ DES_LONG tin[2]; ++ unsigned char *iv; ++ ++ in2 = &(*inw)[0]; ++ c2l(in2, inW0); ++ c2l(in2, inW1); ++ in2 = &(*outw)[0]; ++ c2l(in2, outW0); ++ c2l(in2, outW1); ++ ++ iv = &(*ivec)[0]; ++ ++ if (enc) { ++ c2l(iv, tout0); ++ c2l(iv, tout1); ++ for (l -= 8; l >= 0; l -= 8) { ++ c2l(in, tin0); ++ c2l(in, tin1); ++ tin0 ^= tout0 ^ inW0; ++ tin[0] = tin0; ++ tin1 ^= tout1 ^ inW1; ++ tin[1] = tin1; ++ DES_encrypt1(tin, schedule, DES_ENCRYPT); ++ tout0 = tin[0] ^ outW0; ++ l2c(tout0, out); ++ tout1 = tin[1] ^ outW1; ++ l2c(tout1, out); ++ } ++ if (l != -8) { ++ c2ln(in, tin0, tin1, l + 8); ++ tin0 ^= tout0 ^ inW0; ++ tin[0] = tin0; ++ tin1 ^= tout1 ^ inW1; ++ tin[1] = tin1; ++ DES_encrypt1(tin, schedule, DES_ENCRYPT); ++ tout0 = tin[0] ^ outW0; ++ l2c(tout0, out); ++ tout1 = tin[1] ^ outW1; ++ l2c(tout1, out); ++ } ++ iv = &(*ivec)[0]; ++ l2c(tout0, iv); ++ l2c(tout1, iv); ++ } else { ++ c2l(iv, xor0); ++ c2l(iv, xor1); ++ for (l -= 8; l > 0; l -= 8) { ++ c2l(in, tin0); ++ tin[0] = tin0 ^ outW0; ++ c2l(in, tin1); ++ tin[1] = tin1 ^ outW1; ++ DES_encrypt1(tin, schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0 ^ inW0; ++ tout1 = tin[1] ^ xor1 ^ inW1; ++ l2c(tout0, out); ++ l2c(tout1, out); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ if (l != -8) { ++ c2l(in, tin0); ++ tin[0] = tin0 ^ outW0; ++ c2l(in, tin1); ++ tin[1] = tin1 ^ outW1; ++ DES_encrypt1(tin, schedule, DES_DECRYPT); ++ tout0 = tin[0] ^ xor0 ^ inW0; ++ tout1 = tin[1] ^ xor1 ^ inW1; ++ l2cn(tout0, tout1, out, l + 8); ++ xor0 = tin0; ++ xor1 = tin1; ++ } ++ ++ iv = &(*ivec)[0]; ++ l2c(xor0, iv); ++ l2c(xor1, iv); ++ } ++ tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; ++ inW0 = inW1 = outW0 = outW1 = 0; ++ tin[0] = tin[1] = 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c b/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c +index cd77867..4558283 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_ameth.c +@@ -1,21 +1,73 @@ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "dh_locl.h" ++#include + #include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" +-#include ++#include "asn1_locl.h" ++#ifndef OPENSSL_NO_CMS ++# include ++#endif ++ ++extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; + + /* + * i2d/d2i like DH parameter functions which use the appropriate routine for +@@ -47,8 +99,8 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; +- const void *pval; +- const ASN1_STRING *pstr; ++ void *pval; ++ ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + +@@ -67,18 +119,18 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + pm = pstr->data; + pmlen = pstr->length; + +- if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) { ++ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + +- if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { ++ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ +- if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { ++ if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); + goto err; + } +@@ -88,8 +140,10 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + return 1; + + err: +- ASN1_INTEGER_free(public_key); +- DH_free(dh); ++ if (public_key) ++ ASN1_INTEGER_free(public_key); ++ if (dh) ++ DH_free(dh); + return 0; + + } +@@ -106,7 +160,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + dh = pkey->pkey.dh; + + str = ASN1_STRING_new(); +- if (str == NULL) { ++ if (!str) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -135,26 +189,28 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + return 1; + + err: +- OPENSSL_free(penc); +- ASN1_STRING_free(str); ++ if (penc) ++ OPENSSL_free(penc); ++ if (str) ++ ASN1_STRING_free(str); + + return 0; + } + + /* + * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that +- * the AlgorithmIdentifier contains the parameters, the private key is +- * explicitly included and the pubkey must be recalculated. ++ * the AlgorithmIdentifier contains the paramaters, the private key is ++ * explcitly included and the pubkey must be recalculated. + */ + +-static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) ++static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; +- const void *pval; +- const ASN1_STRING *pstr; +- const X509_ALGOR *palg; ++ void *pval; ++ ASN1_STRING *pstr; ++ X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + + DH *dh = NULL; +@@ -166,18 +222,17 @@ static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) + + if (ptype != V_ASN1_SEQUENCE) + goto decerr; +- if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) ++ ++ if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; +- if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) ++ if (!(dh = d2i_dhp(pkey, &pm, pmlen))) + goto decerr; +- + /* We have parameters now set private key */ +- if ((dh->priv_key = BN_secure_new()) == NULL +- || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) { ++ if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { + DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); + goto dherr; + } +@@ -208,7 +263,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) + + params = ASN1_STRING_new(); + +- if (params == NULL) { ++ if (!params) { + DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -240,18 +295,29 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) + return 1; + + err: +- OPENSSL_free(dp); +- ASN1_STRING_free(params); +- ASN1_STRING_clear_free(prkey); ++ if (dp != NULL) ++ OPENSSL_free(dp); ++ if (params != NULL) ++ ASN1_STRING_free(params); ++ if (prkey != NULL) ++ ASN1_STRING_clear_free(prkey); + return 0; + } + ++static void update_buflen(const BIGNUM *b, size_t *pbuflen) ++{ ++ size_t i; ++ if (!b) ++ return; ++ if (*pbuflen < (i = (size_t)BN_num_bytes(b))) ++ *pbuflen = i; ++} ++ + static int dh_param_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + DH *dh; +- +- if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) { ++ if (!(dh = d2i_dhp(pkey, pder, derlen))) { + DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); + return 0; + } +@@ -264,10 +330,15 @@ static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) + return i2d_dhp(pkey, pkey->pkey.dh, pder); + } + +-static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) ++static int do_dh_print(BIO *bp, const DH *x, int indent, ++ ASN1_PCTX *ctx, int ptype) + { +- int reason = ERR_R_BUF_LIB; ++ unsigned char *m = NULL; ++ int reason = ERR_R_BUF_LIB, ret = 0; ++ size_t buf_len = 0; ++ + const char *ktype = NULL; ++ + BIGNUM *priv_key, *pub_key; + + if (ptype == 2) +@@ -280,12 +351,20 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) + else + pub_key = NULL; + +- if (x->p == NULL || (ptype == 2 && priv_key == NULL) +- || (ptype > 0 && pub_key == NULL)) { ++ update_buflen(x->p, &buf_len); ++ ++ if (buf_len == 0) { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + ++ update_buflen(x->g, &buf_len); ++ update_buflen(x->q, &buf_len); ++ update_buflen(x->j, &buf_len); ++ update_buflen(x->counter, &buf_len); ++ update_buflen(pub_key, &buf_len); ++ update_buflen(priv_key, &buf_len); ++ + if (ptype == 2) + ktype = "DH Private-Key"; + else if (ptype == 1) +@@ -293,23 +372,29 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) + else + ktype = "DH Parameters"; + ++ m = OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ reason = ERR_R_MALLOC_FAILURE; ++ goto err; ++ } ++ + BIO_indent(bp, indent, 128); + if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) + goto err; + indent += 4; + +- if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent)) ++ if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) + goto err; +- if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent)) ++ if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) + goto err; + +- if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent)) ++ if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) + goto err; +- if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent)) ++ if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) + goto err; +- if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent)) ++ if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, m, indent)) + goto err; +- if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent)) ++ if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, m, indent)) + goto err; + if (x->seed) { + int i; +@@ -328,7 +413,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) + if (BIO_write(bp, "\n", 1) <= 0) + return (0); + } +- if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent)) ++ if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, m, indent)) + goto err; + if (x->length != 0) { + BIO_indent(bp, indent, 128); +@@ -337,11 +422,14 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype) + goto err; + } + +- return 1; +- ++ ret = 1; ++ if (0) { + err: +- DHerr(DH_F_DO_DH_PRINT, reason); +- return 0; ++ DHerr(DH_F_DO_DH_PRINT, reason); ++ } ++ if (m != NULL) ++ OPENSSL_free(m); ++ return (ret); + } + + static int int_dh_size(const EVP_PKEY *pkey) +@@ -354,11 +442,6 @@ static int dh_bits(const EVP_PKEY *pkey) + return BN_num_bits(pkey->pkey.dh->p); + } + +-static int dh_security_bits(const EVP_PKEY *pkey) +-{ +- return DH_security_bits(pkey->pkey.dh); +-} +- + static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || +@@ -380,7 +463,8 @@ static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) + return 0; + } else + a = NULL; +- BN_free(*dst); ++ if (*dst) ++ BN_free(*dst); + *dst = a; + return 1; + } +@@ -398,11 +482,13 @@ static int int_dh_param_copy(DH *to, const DH *from, int is_x942) + return 0; + if (!int_dh_bn_cpy(&to->j, from->j)) + return 0; +- OPENSSL_free(to->seed); +- to->seed = NULL; +- to->seedlen = 0; ++ if (to->seed) { ++ OPENSSL_free(to->seed); ++ to->seed = NULL; ++ to->seedlen = 0; ++ } + if (from->seed) { +- to->seed = OPENSSL_memdup(from->seed, from->seedlen); ++ to->seed = BUF_memdup(from->seed, from->seedlen); + if (!to->seed) + return 0; + to->seedlen = from->seedlen; +@@ -416,7 +502,7 @@ DH *DHparams_dup(DH *dh) + { + DH *ret; + ret = DH_new(); +- if (ret == NULL) ++ if (!ret) + return NULL; + if (!int_dh_param_copy(ret, dh, -1)) { + DH_free(ret); +@@ -427,11 +513,6 @@ DH *DHparams_dup(DH *dh) + + static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { +- if (to->pkey.dh == NULL) { +- to->pkey.dh = DH_new(); +- if (to->pkey.dh == NULL) +- return 0; +- } + return int_dh_param_copy(to->pkey.dh, from->pkey.dh, + from->ameth == &dhx_asn1_meth); + } +@@ -456,24 +537,24 @@ static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { +- return do_dh_print(bp, pkey->pkey.dh, indent, 0); ++ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); + } + + static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { +- return do_dh_print(bp, pkey->pkey.dh, indent, 1); ++ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); + } + + static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { +- return do_dh_print(bp, pkey->pkey.dh, indent, 2); ++ return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); + } + + int DHparams_print(BIO *bp, const DH *x) + { +- return do_dh_print(bp, x, 4, 0); ++ return do_dh_print(bp, x, 4, NULL, 0); + } + + #ifndef OPENSSL_NO_CMS +@@ -522,7 +603,6 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { + + int_dh_size, + dh_bits, +- dh_security_bits, + + dh_param_decode, + dh_param_encode, +@@ -555,7 +635,6 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { + + int_dh_size, + dh_bits, +- dh_security_bits, + + dh_param_decode, + dh_param_encode, +@@ -574,9 +653,9 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = { + static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, + X509_ALGOR *alg, ASN1_BIT_STRING *pubkey) + { +- const ASN1_OBJECT *aoid; ++ ASN1_OBJECT *aoid; + int atype; +- const void *aval; ++ void *aval; + ASN1_INTEGER *public_key = NULL; + int rv = 0; + EVP_PKEY *pkpeer = NULL, *pk = NULL; +@@ -600,32 +679,35 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, + dhpeer = DHparams_dup(pk->pkey.dh); + /* We have parameters now set public key */ + plen = ASN1_STRING_length(pubkey); +- p = ASN1_STRING_get0_data(pubkey); ++ p = ASN1_STRING_data(pubkey); + if (!p || !plen) + goto err; + +- if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) { ++ if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) { + DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ +- if ((dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { ++ if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR); + goto err; + } + + pkpeer = EVP_PKEY_new(); +- if (pkpeer == NULL) ++ if (!pkpeer) + goto err; + EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer); + dhpeer = NULL; + if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0) + rv = 1; + err: +- ASN1_INTEGER_free(public_key); +- EVP_PKEY_free(pkpeer); +- DH_free(dhpeer); ++ if (public_key) ++ ASN1_INTEGER_free(public_key); ++ if (pkpeer) ++ EVP_PKEY_free(pkpeer); ++ if (dhpeer) ++ DH_free(dhpeer); + return rv; + } + +@@ -690,7 +772,7 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) + + if (ukm) { + dukmlen = ASN1_STRING_length(ukm); +- dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); ++ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); + if (!dukm) + goto err; + } +@@ -701,8 +783,10 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) + + rv = 1; + err: +- X509_ALGOR_free(kekalg); +- OPENSSL_free(dukm); ++ if (kekalg) ++ X509_ALGOR_free(kekalg); ++ if (dukm) ++ OPENSSL_free(dukm); + return rv; + } + +@@ -741,7 +825,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + EVP_CIPHER_CTX *ctx; + int keylen; + X509_ALGOR *talg, *wrap_alg = NULL; +- const ASN1_OBJECT *aoid; ++ ASN1_OBJECT *aoid; + ASN1_BIT_STRING *pubkey; + ASN1_STRING *wrap_str; + ASN1_OCTET_STRING *ukm; +@@ -762,7 +846,8 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + X509_ALGOR_get0(&aoid, NULL, NULL, talg); + /* Is everything uninitialised? */ + if (aoid == OBJ_nid2obj(NID_undef)) { +- ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); ++ ASN1_INTEGER *pubk; ++ pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL); + if (!pubk) + goto err; + /* Set the key */ +@@ -780,7 +865,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + V_ASN1_UNDEF, NULL); + } + +- /* See if custom parameters set */ ++ /* See if custom paraneters set */ + kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx); + if (kdf_type <= 0) + goto err; +@@ -816,11 +901,11 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + /* Package wrap algorithm in an AlgorithmIdentifier */ + + wrap_alg = X509_ALGOR_new(); +- if (wrap_alg == NULL) ++ if (!wrap_alg) + goto err; + wrap_alg->algorithm = OBJ_nid2obj(wrap_nid); + wrap_alg->parameter = ASN1_TYPE_new(); +- if (wrap_alg->parameter == NULL) ++ if (!wrap_alg->parameter) + goto err; + if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0) + goto err; +@@ -834,7 +919,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + + if (ukm) { + dukmlen = ASN1_STRING_length(ukm); +- dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen); ++ dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen); + if (!dukm) + goto err; + } +@@ -852,7 +937,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + if (!penc || !penclen) + goto err; + wrap_str = ASN1_STRING_new(); +- if (wrap_str == NULL) ++ if (!wrap_str) + goto err; + ASN1_STRING_set0(wrap_str, penc, penclen); + penc = NULL; +@@ -862,8 +947,10 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) + rv = 1; + + err: +- OPENSSL_free(penc); +- X509_ALGOR_free(wrap_alg); ++ if (penc) ++ OPENSSL_free(penc); ++ if (wrap_alg) ++ X509_ALGOR_free(wrap_alg); + return rv; + } + +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +index 7c72fd6..f470214 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c +@@ -1,16 +1,66 @@ ++/* dh_asn1.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "dh_locl.h" ++#include + #include + #include + +@@ -20,7 +70,7 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + { + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)DH_new(); +- if (*pval != NULL) ++ if (*pval) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { +@@ -60,7 +110,7 @@ typedef struct { + ASN1_SEQUENCE(DHvparams) = { + ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING), + ASN1_SIMPLE(int_dhvparams, counter, BIGNUM) +-} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) ++} ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams) + + ASN1_SEQUENCE(DHxparams) = { + ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM), +@@ -68,7 +118,7 @@ ASN1_SEQUENCE(DHxparams) = { + ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM), + ASN1_OPT(int_dhx942_dh, j, BIGNUM), + ASN1_OPT(int_dhx942_dh, vparams, DHvparams), +-} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) ++} ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams) + + int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, + const unsigned char **pp, long length); +@@ -76,23 +126,24 @@ int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp); + + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx) + +-/* Application public function: read in X9.42 DH parameters into DH structure */ ++/* Application leve function: read in X9.42 DH parameters into DH structure */ + + DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length) + { + int_dhx942_dh *dhx = NULL; + DH *dh = NULL; + dh = DH_new(); +- if (dh == NULL) ++ if (!dh) + return NULL; + dhx = d2i_int_dhx(NULL, pp, length); +- if (dhx == NULL) { ++ if (!dhx) { + DH_free(dh); + return NULL; + } + + if (a) { +- DH_free(*a); ++ if (*a) ++ DH_free(*a); + *a = dh; + } + +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +index 3b0fa59..0277041 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c +@@ -1,56 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dh/dh_check.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "dh_locl.h" +- +-/*- +- * Check that p and g are suitable enough +- * +- * p is odd +- * 1 < g < p - 1 +- */ +- +-int DH_check_params(const DH *dh, int *ret) +-{ +- int ok = 0; +- BIGNUM *tmp = NULL; +- BN_CTX *ctx = NULL; +- +- *ret = 0; +- ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto err; +- BN_CTX_start(ctx); +- tmp = BN_CTX_get(ctx); +- if (tmp == NULL) +- goto err; +- +- if (!BN_is_odd(dh->p)) +- *ret |= DH_CHECK_P_NOT_PRIME; +- if (BN_is_negative(dh->g) || BN_is_zero(dh->g) || BN_is_one(dh->g)) +- *ret |= DH_NOT_SUITABLE_GENERATOR; +- if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1)) +- goto err; +- if (BN_cmp(dh->g, tmp) >= 0) +- *ret |= DH_NOT_SUITABLE_GENERATOR; +- +- ok = 1; +- err: +- if (ctx != NULL) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- } +- return (ok); +-} ++#include + + /*- + * Check that p is a safe prime and +@@ -64,7 +73,7 @@ int DH_check_params(const DH *dh, int *ret) + + int DH_check(const DH *dh, int *ret) + { +- int ok = 0, r; ++ int ok = 0; + BN_CTX *ctx = NULL; + BN_ULONG l; + BIGNUM *t1 = NULL, *t2 = NULL; +@@ -93,10 +102,7 @@ int DH_check(const DH *dh, int *ret) + if (!BN_is_one(t1)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } +- r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL); +- if (r < 0) +- goto err; +- if (!r) ++ if (!BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_Q_NOT_PRIME; + /* Check p == 1 mod q i.e. q divides p - 1 */ + if (!BN_div(t1, t2, dh->p, dh->q, ctx)) +@@ -108,31 +114,29 @@ int DH_check(const DH *dh, int *ret) + + } else if (BN_is_word(dh->g, DH_GENERATOR_2)) { + l = BN_mod_word(dh->p, 24); +- if (l == (BN_ULONG)-1) +- goto err; + if (l != 11) + *ret |= DH_NOT_SUITABLE_GENERATOR; +- } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { ++ } ++#if 0 ++ else if (BN_is_word(dh->g, DH_GENERATOR_3)) { ++ l = BN_mod_word(dh->p, 12); ++ if (l != 5) ++ *ret |= DH_NOT_SUITABLE_GENERATOR; ++ } ++#endif ++ else if (BN_is_word(dh->g, DH_GENERATOR_5)) { + l = BN_mod_word(dh->p, 10); +- if (l == (BN_ULONG)-1) +- goto err; + if ((l != 3) && (l != 7)) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } else + *ret |= DH_UNABLE_TO_CHECK_GENERATOR; + +- r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); +- if (r < 0) +- goto err; +- if (!r) ++ if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_PRIME; + else if (!dh->q) { + if (!BN_rshift1(t1, dh->p)) + goto err; +- r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL); +- if (r < 0) +- goto err; +- if (!r) ++ if (!BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL)) + *ret |= DH_CHECK_P_NOT_SAFE_PRIME; + } + ok = 1; +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c +index f8ed1b7..b622119 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c +@@ -1,45 +1,81 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dh/dh_depr.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* This file contains deprecated functions as wrappers to the new ones */ + +-#include +-#if OPENSSL_API_COMPAT >= 0x00908000L +-NON_EMPTY_TRANSLATION_UNIT +-#else ++#include ++#include "cryptlib.h" ++#include ++#include + +-# include +-# include "internal/cryptlib.h" +-# include +-# include ++static void *dummy = &dummy; + ++#ifndef OPENSSL_NO_DEPRECATED + DH *DH_generate_parameters(int prime_len, int generator, + void (*callback) (int, int, void *), void *cb_arg) + { +- BN_GENCB *cb; ++ BN_GENCB cb; + DH *ret = NULL; + + if ((ret = DH_new()) == NULL) + return NULL; +- cb = BN_GENCB_new(); +- if (cb == NULL) { +- DH_free(ret); +- return NULL; +- } + +- BN_GENCB_set_old(cb, callback, cb_arg); ++ BN_GENCB_set_old(&cb, callback, cb_arg); + +- if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) { +- BN_GENCB_free(cb); ++ if (DH_generate_parameters_ex(ret, prime_len, generator, &cb)) + return ret; +- } +- BN_GENCB_free(cb); + DH_free(ret); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +index 4e21f28..b890cca 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_err.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dh/dh_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,25 +70,26 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) + + static ERR_STRING_DATA DH_str_functs[] = { +- {ERR_FUNC(DH_F_COMPUTE_KEY), "compute_key"}, ++ {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, + {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, +- {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "dh_builtin_genparams"}, +- {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "dh_cms_decrypt"}, +- {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "dh_cms_set_peerkey"}, +- {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "dh_cms_set_shared_info"}, +- {ERR_FUNC(DH_F_DH_METH_DUP), "DH_meth_dup"}, +- {ERR_FUNC(DH_F_DH_METH_NEW), "DH_meth_new"}, +- {ERR_FUNC(DH_F_DH_METH_SET1_NAME), "DH_meth_set1_name"}, ++ {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, ++ {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"}, ++ {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"}, ++ {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"}, ++ {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"}, ++ {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"}, ++ {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX), "DH_generate_parameters_ex"}, + {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, +- {ERR_FUNC(DH_F_DH_PARAM_DECODE), "dh_param_decode"}, +- {ERR_FUNC(DH_F_DH_PRIV_DECODE), "dh_priv_decode"}, +- {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "dh_priv_encode"}, +- {ERR_FUNC(DH_F_DH_PUB_DECODE), "dh_pub_decode"}, +- {ERR_FUNC(DH_F_DH_PUB_ENCODE), "dh_pub_encode"}, +- {ERR_FUNC(DH_F_DO_DH_PRINT), "do_dh_print"}, +- {ERR_FUNC(DH_F_GENERATE_KEY), "generate_key"}, +- {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "pkey_dh_derive"}, +- {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "pkey_dh_keygen"}, ++ {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, ++ {ERR_FUNC(DH_F_DH_PRIV_DECODE), "DH_PRIV_DECODE"}, ++ {ERR_FUNC(DH_F_DH_PRIV_ENCODE), "DH_PRIV_ENCODE"}, ++ {ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, ++ {ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, ++ {ERR_FUNC(DH_F_DO_DH_PRINT), "DO_DH_PRINT"}, ++ {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, ++ {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, ++ {ERR_FUNC(DH_F_PKEY_DH_DERIVE), "PKEY_DH_DERIVE"}, ++ {ERR_FUNC(DH_F_PKEY_DH_KEYGEN), "PKEY_DH_KEYGEN"}, + {0, NULL} + }; + +@@ -49,7 +101,9 @@ static ERR_STRING_DATA DH_str_reasons[] = { + {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"}, + {ERR_REASON(DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_REASON(DH_R_KEYS_NOT_SET), "keys not set"}, ++ {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"}, ++ {ERR_REASON(DH_R_NON_FIPS_METHOD), "non fips method"}, + {ERR_REASON(DH_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"}, + {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, +@@ -60,7 +114,7 @@ static ERR_STRING_DATA DH_str_reasons[] = { + + #endif + +-int ERR_load_DH_strings(void) ++void ERR_load_DH_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -69,5 +123,4 @@ int ERR_load_DH_strings(void) + ERR_load_strings(0, DH_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +index 27ecb98..5bedb66 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dh/dh_gen.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* +@@ -13,9 +62,13 @@ + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "dh_locl.h" ++#include ++ ++#ifdef OPENSSL_FIPS ++# include ++#endif + + static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb); +@@ -23,8 +76,19 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, + BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + if (ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_dh_generate_parameters_ex(ret, prime_len, generator, cb); ++#endif + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + +@@ -87,7 +151,17 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + if (!BN_set_word(t2, 11)) + goto err; + g = 2; +- } else if (generator == DH_GENERATOR_5) { ++ } ++#if 0 /* does not work for safe primes */ ++ else if (generator == DH_GENERATOR_3) { ++ if (!BN_set_word(t1, 12)) ++ goto err; ++ if (!BN_set_word(t2, 5)) ++ goto err; ++ g = 3; ++ } ++#endif ++ else if (generator == DH_GENERATOR_5) { + if (!BN_set_word(t1, 10)) + goto err; + if (!BN_set_word(t2, 3)) +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_kdf.c b/Cryptlib/OpenSSL/crypto/dh/dh_kdf.c +deleted file mode 100644 +index 2782eee..0000000 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_kdf.c ++++ /dev/null +@@ -1,150 +0,0 @@ +-/* +- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#ifndef OPENSSL_NO_CMS +-#include +-#include +-#include +-#include +-#include +- +- +-/* Key derivation from X9.42/RFC2631 */ +-/* Uses CMS functions, hence the #ifdef wrapper. */ +- +-#define DH_KDF_MAX (1L << 30) +- +-/* Skip past an ASN1 structure: for OBJECT skip content octets too */ +- +-static int skip_asn1(unsigned char **pp, long *plen, int exptag) +-{ +- const unsigned char *q = *pp; +- int i, tag, xclass; +- long tmplen; +- i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen); +- if (i & 0x80) +- return 0; +- if (tag != exptag || xclass != V_ASN1_UNIVERSAL) +- return 0; +- if (tag == V_ASN1_OBJECT) +- q += tmplen; +- *plen -= q - *pp; +- *pp = (unsigned char *)q; +- return 1; +-} +- +-/* +- * Encode the DH shared info structure, return an offset to the counter value +- * so we can update the structure without reencoding it. +- */ +- +-static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr, +- ASN1_OBJECT *key_oid, size_t outlen, +- const unsigned char *ukm, size_t ukmlen) +-{ +- unsigned char *p; +- int derlen; +- long tlen; +- /* "magic" value to check offset is sane */ +- static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 }; +- X509_ALGOR atmp; +- ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct; +- ASN1_TYPE ctr_atype; +- if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX) +- return 0; +- ctr_oct.data = ctr; +- ctr_oct.length = 4; +- ctr_oct.flags = 0; +- ctr_oct.type = V_ASN1_OCTET_STRING; +- ctr_atype.type = V_ASN1_OCTET_STRING; +- ctr_atype.value.octet_string = &ctr_oct; +- atmp.algorithm = key_oid; +- atmp.parameter = &ctr_atype; +- if (ukm) { +- ukm_oct.type = V_ASN1_OCTET_STRING; +- ukm_oct.flags = 0; +- ukm_oct.data = (unsigned char *)ukm; +- ukm_oct.length = ukmlen; +- pukm_oct = &ukm_oct; +- } else +- pukm_oct = NULL; +- derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen); +- if (derlen <= 0) +- return 0; +- p = *pder; +- tlen = derlen; +- if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) +- return 0; +- if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE)) +- return 0; +- if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT)) +- return 0; +- if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING)) +- return 0; +- if (CRYPTO_memcmp(p, ctr, 4)) +- return 0; +- *pctr = p; +- return derlen; +-} +- +-int DH_KDF_X9_42(unsigned char *out, size_t outlen, +- const unsigned char *Z, size_t Zlen, +- ASN1_OBJECT *key_oid, +- const unsigned char *ukm, size_t ukmlen, const EVP_MD *md) +-{ +- EVP_MD_CTX *mctx = NULL; +- int rv = 0; +- unsigned int i; +- size_t mdlen; +- unsigned char *der = NULL, *ctr; +- int derlen; +- if (Zlen > DH_KDF_MAX) +- return 0; +- mctx = EVP_MD_CTX_new(); +- if (mctx == NULL) +- return 0; +- mdlen = EVP_MD_size(md); +- derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen); +- if (derlen == 0) +- goto err; +- for (i = 1;; i++) { +- unsigned char mtmp[EVP_MAX_MD_SIZE]; +- if (!EVP_DigestInit_ex(mctx, md, NULL) +- || !EVP_DigestUpdate(mctx, Z, Zlen)) +- goto err; +- ctr[3] = i & 0xFF; +- ctr[2] = (i >> 8) & 0xFF; +- ctr[1] = (i >> 16) & 0xFF; +- ctr[0] = (i >> 24) & 0xFF; +- if (!EVP_DigestUpdate(mctx, der, derlen)) +- goto err; +- if (outlen >= mdlen) { +- if (!EVP_DigestFinal(mctx, out, NULL)) +- goto err; +- outlen -= mdlen; +- if (outlen == 0) +- break; +- out += mdlen; +- } else { +- if (!EVP_DigestFinal(mctx, mtmp, NULL)) +- goto err; +- memcpy(out, mtmp, outlen); +- OPENSSL_cleanse(mtmp, mdlen); +- break; +- } +- } +- rv = 1; +- err: +- OPENSSL_free(der); +- EVP_MD_CTX_free(mctx); +- return rv; +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +index 204e5a7..387558f 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_key.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_key.c +@@ -1,16 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dh/dh_key.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" +-#include "dh_locl.h" +-#include "internal/bn_int.h" ++#include "cryptlib.h" ++#include ++#include ++#include + + static int generate_key(DH *dh); + static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); +@@ -22,11 +72,25 @@ static int dh_finish(DH *dh); + + int DH_generate_key(DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->generate_key(dh); + } + + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD) ++ && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW)) { ++ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD); ++ return 0; ++ } ++#endif + return dh->meth->compute_key(key, pub_key, dh); + } + +@@ -51,7 +115,7 @@ static DH_METHOD dh_ossl = { + dh_bn_mod_exp, + dh_init, + dh_finish, +- DH_FLAG_FIPS_METHOD, ++ 0, + NULL, + NULL + }; +@@ -75,7 +139,7 @@ static int generate_key(DH *dh) + goto err; + + if (dh->priv_key == NULL) { +- priv_key = BN_secure_new(); ++ priv_key = BN_new(); + if (priv_key == NULL) + goto err; + generate_new_key = 1; +@@ -91,7 +155,7 @@ static int generate_key(DH *dh) + + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, +- dh->lock, dh->p, ctx); ++ CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; + } +@@ -106,24 +170,24 @@ static int generate_key(DH *dh) + } else { + /* secret exponent length */ + l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; +- if (!BN_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY)) ++ if (!BN_rand(priv_key, l, 0, 0)) + goto err; + } + } + + { +- BIGNUM *prk = BN_new(); ++ BIGNUM local_prk; ++ BIGNUM *prk; + +- if (prk == NULL) +- goto err; +- BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); ++ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { ++ BN_init(&local_prk); ++ prk = &local_prk; ++ BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); ++ } else ++ prk = priv_key; + +- if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) { +- BN_free(prk); ++ if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) + goto err; +- } +- /* We MUST free prk before any further use of priv_key */ +- BN_free(prk); + } + + dh->pub_key = pub_key; +@@ -133,9 +197,9 @@ static int generate_key(DH *dh) + if (ok != 1) + DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); + +- if (pub_key != dh->pub_key) ++ if ((pub_key != NULL) && (dh->pub_key == NULL)) + BN_free(pub_key); +- if (priv_key != dh->priv_key) ++ if ((priv_key != NULL) && (dh->priv_key == NULL)) + BN_free(priv_key); + BN_CTX_free(ctx); + return (ok); +@@ -169,8 +233,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) + + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, +- dh->lock, dh->p, ctx); +- BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); ++ CRYPTO_LOCK_DH, dh->p, ctx); ++ if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { ++ /* XXX */ ++ BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); ++ } + if (!mont) + goto err; + } +@@ -199,7 +266,15 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) + { +- return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); ++ /* ++ * If a is only one word long and constant time is false, use the faster ++ * exponenentiation function. ++ */ ++ if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { ++ BN_ULONG A = a->d[0]; ++ return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx); ++ } else ++ return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); + } + + static int dh_init(DH *dh) +@@ -210,6 +285,7 @@ static int dh_init(DH *dh) + + static int dh_finish(DH *dh) + { +- BN_MONT_CTX_free(dh->method_mont_p); ++ if (dh->method_mont_p) ++ BN_MONT_CTX_free(dh->method_mont_p); + return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +index adf1771..bebc160 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c +@@ -1,17 +1,74 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dh/dh_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "dh_locl.h" +-#include ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++ ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ ++const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT; + + static const DH_METHOD *default_DH_method = NULL; + +@@ -22,8 +79,16 @@ void DH_set_default_method(const DH_METHOD *meth) + + const DH_METHOD *DH_get_default_method(void) + { +- if (!default_DH_method) ++ if (!default_DH_method) { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_dh_openssl(); ++ else ++ return DH_OpenSSL(); ++#else + default_DH_method = DH_OpenSSL(); ++#endif ++ } + return default_DH_method; + } + +@@ -38,8 +103,10 @@ int DH_set_method(DH *dh, const DH_METHOD *meth) + if (mtmp->finish) + mtmp->finish(dh); + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(dh->engine); +- dh->engine = NULL; ++ if (dh->engine) { ++ ENGINE_finish(dh->engine); ++ dh->engine = NULL; ++ } + #endif + dh->meth = meth; + if (meth->init) +@@ -54,102 +121,132 @@ DH *DH_new(void) + + DH *DH_new_method(ENGINE *engine) + { +- DH *ret = OPENSSL_zalloc(sizeof(*ret)); ++ DH *ret; + ++ ret = (DH *)OPENSSL_malloc(sizeof(DH)); + if (ret == NULL) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- ret->references = 1; +- ret->lock = CRYPTO_THREAD_lock_new(); +- if (ret->lock == NULL) { +- DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(ret); +- return NULL; ++ return (NULL); + } + + ret->meth = DH_get_default_method(); + #ifndef OPENSSL_NO_ENGINE +- ret->flags = ret->meth->flags; /* early default init */ + if (engine) { + if (!ENGINE_init(engine)) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); +- goto err; ++ OPENSSL_free(ret); ++ return NULL; + } + ret->engine = engine; + } else + ret->engine = ENGINE_get_default_DH(); + if (ret->engine) { + ret->meth = ENGINE_get_DH(ret->engine); +- if (ret->meth == NULL) { ++ if (!ret->meth) { + DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); +- goto err; ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; + } + } + #endif + +- ret->flags = ret->meth->flags; +- +- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data)) +- goto err; +- ++ ret->pad = 0; ++ ret->version = 0; ++ ret->p = NULL; ++ ret->g = NULL; ++ ret->length = 0; ++ ret->pub_key = NULL; ++ ret->priv_key = NULL; ++ ret->q = NULL; ++ ret->j = NULL; ++ ret->seed = NULL; ++ ret->seedlen = 0; ++ ret->counter = NULL; ++ ret->method_mont_p = NULL; ++ ret->references = 1; ++ ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +- DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL); +-err: +- DH_free(ret); ++#ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++#endif ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); ++ OPENSSL_free(ret); + ret = NULL; + } +- +- return ret; ++ return (ret); + } + + void DH_free(DH *r) + { + int i; +- + if (r == NULL) + return; +- +- CRYPTO_atomic_add(&r->references, -1, &i, r->lock); +- REF_PRINT_COUNT("DH", r); ++ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); ++#ifdef REF_PRINT ++ REF_PRINT("DH", r); ++#endif + if (i > 0) + return; +- REF_ASSERT_ISNT(i < 0); ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "DH_free, bad reference count\n"); ++ abort(); ++ } ++#endif + + if (r->meth->finish) + r->meth->finish(r); + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(r->engine); ++ if (r->engine) ++ ENGINE_finish(r->engine); + #endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); + +- CRYPTO_THREAD_lock_free(r->lock); +- +- BN_clear_free(r->p); +- BN_clear_free(r->g); +- BN_clear_free(r->q); +- BN_clear_free(r->j); +- OPENSSL_free(r->seed); +- BN_clear_free(r->counter); +- BN_clear_free(r->pub_key); +- BN_clear_free(r->priv_key); ++ if (r->p != NULL) ++ BN_clear_free(r->p); ++ if (r->g != NULL) ++ BN_clear_free(r->g); ++ if (r->q != NULL) ++ BN_clear_free(r->q); ++ if (r->j != NULL) ++ BN_clear_free(r->j); ++ if (r->seed) ++ OPENSSL_free(r->seed); ++ if (r->counter != NULL) ++ BN_clear_free(r->counter); ++ if (r->pub_key != NULL) ++ BN_clear_free(r->pub_key); ++ if (r->priv_key != NULL) ++ BN_clear_free(r->priv_key); + OPENSSL_free(r); + } + + int DH_up_ref(DH *r) + { +- int i; +- +- if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("DH", r); +- REF_ASSERT_ISNT(i < 2); ++ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); ++#ifdef REF_PRINT ++ REF_PRINT("DH", r); ++#endif ++#ifdef REF_CHECK ++ if (i < 2) { ++ fprintf(stderr, "DH_up, bad reference count\n"); ++ abort(); ++ } ++#endif + return ((i > 1) ? 1 : 0); + } + ++int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, ++ new_func, dup_func, free_func); ++} ++ + int DH_set_ex_data(DH *d, int idx, void *arg) + { + return (CRYPTO_set_ex_data(&d->ex_data, idx, arg)); +@@ -160,125 +257,7 @@ void *DH_get_ex_data(DH *d, int idx) + return (CRYPTO_get_ex_data(&d->ex_data, idx)); + } + +-int DH_bits(const DH *dh) +-{ +- return BN_num_bits(dh->p); +-} +- + int DH_size(const DH *dh) + { + return (BN_num_bytes(dh->p)); + } +- +-int DH_security_bits(const DH *dh) +-{ +- int N; +- if (dh->q) +- N = BN_num_bits(dh->q); +- else if (dh->length) +- N = dh->length; +- else +- N = -1; +- return BN_security_bits(BN_num_bits(dh->p), N); +-} +- +- +-void DH_get0_pqg(const DH *dh, +- const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +-{ +- if (p != NULL) +- *p = dh->p; +- if (q != NULL) +- *q = dh->q; +- if (g != NULL) +- *g = dh->g; +-} +- +-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +-{ +- /* If the fields p and g in d are NULL, the corresponding input +- * parameters MUST be non-NULL. q may remain NULL. +- */ +- if ((dh->p == NULL && p == NULL) +- || (dh->g == NULL && g == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(dh->p); +- dh->p = p; +- } +- if (q != NULL) { +- BN_free(dh->q); +- dh->q = q; +- } +- if (g != NULL) { +- BN_free(dh->g); +- dh->g = g; +- } +- +- if (q != NULL) { +- dh->length = BN_num_bits(q); +- } +- +- return 1; +-} +- +-long DH_get_length(const DH *dh) +-{ +- return dh->length; +-} +- +-int DH_set_length(DH *dh, long length) +-{ +- dh->length = length; +- return 1; +-} +- +-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +-{ +- if (pub_key != NULL) +- *pub_key = dh->pub_key; +- if (priv_key != NULL) +- *priv_key = dh->priv_key; +-} +- +-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +-{ +- /* If the field pub_key in dh is NULL, the corresponding input +- * parameters MUST be non-NULL. The priv_key field may +- * be left NULL. +- */ +- if (dh->pub_key == NULL && pub_key == NULL) +- return 0; +- +- if (pub_key != NULL) { +- BN_free(dh->pub_key); +- dh->pub_key = pub_key; +- } +- if (priv_key != NULL) { +- BN_free(dh->priv_key); +- dh->priv_key = priv_key; +- } +- +- return 1; +-} +- +-void DH_clear_flags(DH *dh, int flags) +-{ +- dh->flags &= ~flags; +-} +- +-int DH_test_flags(const DH *dh, int flags) +-{ +- return dh->flags & flags; +-} +- +-void DH_set_flags(DH *dh, int flags) +-{ +- dh->flags |= flags; +-} +- +-ENGINE *DH_get0_engine(DH *dh) +-{ +- return dh->engine; +-} +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_locl.h b/Cryptlib/OpenSSL/crypto/dh/dh_locl.h +deleted file mode 100644 +index 19301c3..0000000 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_locl.h ++++ /dev/null +@@ -1,56 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-struct dh_st { +- /* +- * This first argument is used to pick up errors when a DH is passed +- * instead of a EVP_PKEY +- */ +- int pad; +- int version; +- BIGNUM *p; +- BIGNUM *g; +- long length; /* optional */ +- BIGNUM *pub_key; /* g^x % p */ +- BIGNUM *priv_key; /* x */ +- int flags; +- BN_MONT_CTX *method_mont_p; +- /* Place holders if we want to do X9.42 DH */ +- BIGNUM *q; +- BIGNUM *j; +- unsigned char *seed; +- int seedlen; +- BIGNUM *counter; +- int references; +- CRYPTO_EX_DATA ex_data; +- const DH_METHOD *meth; +- ENGINE *engine; +- CRYPTO_RWLOCK *lock; +-}; +- +-struct dh_method { +- char *name; +- /* Methods here */ +- int (*generate_key) (DH *dh); +- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh); +- +- /* Can be null */ +- int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a, +- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, +- BN_MONT_CTX *m_ctx); +- int (*init) (DH *dh); +- int (*finish) (DH *dh); +- int flags; +- char *app_data; +- /* If this is non-NULL, it will be used to generate parameters */ +- int (*generate_params) (DH *dh, int prime_len, int generator, +- BN_GENCB *cb); +-}; +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_meth.c b/Cryptlib/OpenSSL/crypto/dh/dh_meth.c +deleted file mode 100644 +index ce6114c..0000000 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_meth.c ++++ /dev/null +@@ -1,173 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "dh_locl.h" +-#include +-#include +- +-DH_METHOD *DH_meth_new(const char *name, int flags) +-{ +- DH_METHOD *dhm = OPENSSL_zalloc(sizeof(*dhm)); +- +- if (dhm != NULL) { +- dhm->flags = flags; +- +- dhm->name = OPENSSL_strdup(name); +- if (dhm->name != NULL) +- return dhm; +- +- OPENSSL_free(dhm); +- } +- +- DHerr(DH_F_DH_METH_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +-} +- +-void DH_meth_free(DH_METHOD *dhm) +-{ +- if (dhm != NULL) { +- OPENSSL_free(dhm->name); +- OPENSSL_free(dhm); +- } +-} +- +-DH_METHOD *DH_meth_dup(const DH_METHOD *dhm) +-{ +- DH_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); +- +- if (ret != NULL) { +- memcpy(ret, dhm, sizeof(*dhm)); +- +- ret->name = OPENSSL_strdup(dhm->name); +- if (ret->name != NULL) +- return ret; +- +- OPENSSL_free(ret); +- } +- +- DHerr(DH_F_DH_METH_DUP, ERR_R_MALLOC_FAILURE); +- return NULL; +-} +- +-const char *DH_meth_get0_name(const DH_METHOD *dhm) +-{ +- return dhm->name; +-} +- +-int DH_meth_set1_name(DH_METHOD *dhm, const char *name) +-{ +- char *tmpname = OPENSSL_strdup(name); +- +- if (tmpname == NULL) { +- DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- OPENSSL_free(dhm->name); +- dhm->name = tmpname; +- +- return 1; +-} +- +-int DH_meth_get_flags(DH_METHOD *dhm) +-{ +- return dhm->flags; +-} +- +-int DH_meth_set_flags(DH_METHOD *dhm, int flags) +-{ +- dhm->flags = flags; +- return 1; +-} +- +-void *DH_meth_get0_app_data(const DH_METHOD *dhm) +-{ +- return dhm->app_data; +-} +- +-int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data) +-{ +- dhm->app_data = app_data; +- return 1; +-} +- +-int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *) +-{ +- return dhm->generate_key; +-} +- +-int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *)) +-{ +- dhm->generate_key = generate_key; +- return 1; +-} +- +-int (*DH_meth_get_compute_key(const DH_METHOD *dhm)) +- (unsigned char *key, const BIGNUM *pub_key, DH *dh) +-{ +- return dhm->compute_key; +-} +- +-int DH_meth_set_compute_key(DH_METHOD *dhm, +- int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh)) +-{ +- dhm->compute_key = compute_key; +- return 1; +-} +- +- +-int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm)) +- (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, +- BN_CTX *, BN_MONT_CTX *) +-{ +- return dhm->bn_mod_exp; +-} +- +-int DH_meth_set_bn_mod_exp(DH_METHOD *dhm, +- int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, +- const BIGNUM *, BN_CTX *, BN_MONT_CTX *)) +-{ +- dhm->bn_mod_exp = bn_mod_exp; +- return 1; +-} +- +-int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *) +-{ +- return dhm->init; +-} +- +-int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *)) +-{ +- dhm->init = init; +- return 1; +-} +- +-int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *) +-{ +- return dhm->finish; +-} +- +-int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *)) +-{ +- dhm->finish = finish; +- return 1; +-} +- +-int (*DH_meth_get_generate_params(const DH_METHOD *dhm)) +- (DH *, int, int, BN_GENCB *) +-{ +- return dhm->generate_params; +-} +- +-int DH_meth_set_generate_params(DH_METHOD *dhm, +- int (*generate_params) (DH *, int, int, BN_GENCB *)) +-{ +- dhm->generate_params = generate_params; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c b/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c +index c3e03c7..926be98 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_pmeth.c +@@ -1,22 +1,73 @@ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "dh_locl.h" ++#include + #include +-#include ++#ifndef OPENSSL_NO_DSA ++# include ++#endif + #include +-#include "internal/evp_int.h" ++#include "evp_locl.h" + + /* DH pkey context structure */ + +@@ -47,14 +98,22 @@ typedef struct { + static int pkey_dh_init(EVP_PKEY_CTX *ctx) + { + DH_PKEY_CTX *dctx; +- +- dctx = OPENSSL_zalloc(sizeof(*dctx)); +- if (dctx == NULL) ++ dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); ++ if (!dctx) + return 0; + dctx->prime_len = 1024; + dctx->subprime_len = -1; + dctx->generator = 2; ++ dctx->use_dsa = 0; ++ dctx->md = NULL; ++ dctx->rfc5114_param = 0; ++ + dctx->kdf_type = EVP_PKEY_DH_KDF_NONE; ++ dctx->kdf_oid = NULL; ++ dctx->kdf_md = NULL; ++ dctx->kdf_ukm = NULL; ++ dctx->kdf_ukmlen = 0; ++ dctx->kdf_outlen = 0; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; +@@ -63,17 +122,6 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx) + return 1; + } + +-static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) +-{ +- DH_PKEY_CTX *dctx = ctx->data; +- if (dctx != NULL) { +- OPENSSL_free(dctx->kdf_ukm); +- ASN1_OBJECT_free(dctx->kdf_oid); +- OPENSSL_free(dctx); +- } +-} +- +- + static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + DH_PKEY_CTX *dctx, *sctx; +@@ -90,19 +138,29 @@ static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + + dctx->kdf_type = sctx->kdf_type; + dctx->kdf_oid = OBJ_dup(sctx->kdf_oid); +- if (dctx->kdf_oid == NULL) ++ if (!dctx->kdf_oid) + return 0; + dctx->kdf_md = sctx->kdf_md; +- if (sctx->kdf_ukm != NULL) { +- dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); +- if (dctx->kdf_ukm == NULL) +- return 0; ++ if (dctx->kdf_ukm) { ++ dctx->kdf_ukm = BUF_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen); + dctx->kdf_ukmlen = sctx->kdf_ukmlen; + } + dctx->kdf_outlen = sctx->kdf_outlen; + return 1; + } + ++static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) ++{ ++ DH_PKEY_CTX *dctx = ctx->data; ++ if (dctx) { ++ if (dctx->kdf_ukm) ++ OPENSSL_free(dctx->kdf_ukm); ++ if (dctx->kdf_oid) ++ ASN1_OBJECT_free(dctx->kdf_oid); ++ OPENSSL_free(dctx); ++ } ++} ++ + static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + { + DH_PKEY_CTX *dctx = ctx->data; +@@ -177,7 +235,8 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + return 1; + + case EVP_PKEY_CTRL_DH_KDF_UKM: +- OPENSSL_free(dctx->kdf_ukm); ++ if (dctx->kdf_ukm) ++ OPENSSL_free(dctx->kdf_ukm); + dctx->kdf_ukm = p2; + if (p2) + dctx->kdf_ukmlen = p1; +@@ -190,7 +249,8 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + return dctx->kdf_ukmlen; + + case EVP_PKEY_CTRL_DH_KDF_OID: +- ASN1_OBJECT_free(dctx->kdf_oid); ++ if (dctx->kdf_oid) ++ ASN1_OBJECT_free(dctx->kdf_oid); + dctx->kdf_oid = p2; + return 1; + +@@ -207,12 +267,12 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) + { +- if (strcmp(type, "dh_paramgen_prime_len") == 0) { ++ if (!strcmp(type, "dh_paramgen_prime_len")) { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); + } +- if (strcmp(type, "dh_rfc5114") == 0) { ++ if (!strcmp(type, "dh_rfc5114")) { + DH_PKEY_CTX *dctx = ctx->data; + int len; + len = atoi(value); +@@ -221,17 +281,17 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, + dctx->rfc5114_param = len; + return 1; + } +- if (strcmp(type, "dh_paramgen_generator") == 0) { ++ if (!strcmp(type, "dh_paramgen_generator")) { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); + } +- if (strcmp(type, "dh_paramgen_subprime_len") == 0) { ++ if (!strcmp(type, "dh_paramgen_subprime_len")) { + int len; + len = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len); + } +- if (strcmp(type, "dh_paramgen_type") == 0) { ++ if (!strcmp(type, "dh_paramgen_type")) { + int typ; + typ = atoi(value); + return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); +@@ -264,7 +324,7 @@ static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb) + if (dctx->use_dsa > 2) + return NULL; + ret = DSA_new(); +- if (ret == NULL) ++ if (!ret) + return NULL; + if (subprime_len == -1) { + if (prime_len >= 2048) +@@ -297,7 +357,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + DH *dh = NULL; + DH_PKEY_CTX *dctx = ctx->data; +- BN_GENCB *pcb; ++ BN_GENCB *pcb, cb; + int ret; + if (dctx->rfc5114_param) { + switch (dctx->rfc5114_param) { +@@ -321,9 +381,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + } + + if (ctx->pkey_gencb) { +- pcb = BN_GENCB_new(); +- if (pcb == NULL) +- return 0; ++ pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } else + pcb = NULL; +@@ -331,8 +389,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + if (dctx->use_dsa) { + DSA *dsa_dh; + dsa_dh = dsa_dh_generate(dctx, pcb); +- BN_GENCB_free(pcb); +- if (dsa_dh == NULL) ++ if (!dsa_dh) + return 0; + dh = DSA_dup_DH(dsa_dh); + DSA_free(dsa_dh); +@@ -343,13 +400,11 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + } + #endif + dh = DH_new(); +- if (dh == NULL) { +- BN_GENCB_free(pcb); ++ if (!dh) + return 0; +- } + ret = DH_generate_parameters_ex(dh, + dctx->prime_len, dctx->generator, pcb); +- BN_GENCB_free(pcb); ++ + if (ret) + EVP_PKEY_assign_DH(pkey, dh); + else +@@ -365,7 +420,7 @@ static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + return 0; + } + dh = DH_new(); +- if (dh == NULL) ++ if (!dh) + return 0; + EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh); + /* Note: if error return, pkey is freed by parent routine */ +@@ -400,7 +455,6 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + } + #ifndef OPENSSL_NO_CMS + else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { +- + unsigned char *Z = NULL; + size_t Zlen = 0; + if (!dctx->kdf_outlen || !dctx->kdf_oid) +@@ -414,7 +468,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + ret = 0; + Zlen = DH_size(dh); + Z = OPENSSL_malloc(Zlen); +- if (Z == NULL) { ++ if (!Z) { + goto err; + } + if (DH_compute_key_padded(Z, dhpub, dh) <= 0) +@@ -425,7 +479,10 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, + *keylen = dctx->kdf_outlen; + ret = 1; + err: +- OPENSSL_clear_free(Z, Zlen); ++ if (Z) { ++ OPENSSL_cleanse(Z, Zlen); ++ OPENSSL_free(Z); ++ } + return ret; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_prn.c b/Cryptlib/OpenSSL/crypto/dh/dh_prn.c +index 283fb0f..5d6c3a3 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_prn.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_prn.c +@@ -1,18 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/asn1/t_pkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int DHparams_print_fp(FILE *fp, const DH *x) + { + BIO *b; +diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c b/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c +index c4a2195..e96e2aa 100644 +--- a/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c ++++ b/Cryptlib/OpenSSL/crypto/dh/dh_rfc5114.c +@@ -1,40 +1,284 @@ + /* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" +-#include "dh_locl.h" ++#include "cryptlib.h" ++#include + #include +-#include "internal/bn_dh.h" ++ ++/* DH parameters from RFC5114 */ ++ ++#if BN_BITS2 == 64 ++static const BN_ULONG dh1024_160_p[] = { ++ 0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL, ++ 0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL, ++ 0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL, ++ 0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL, ++ 0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL, ++ 0xB10B8F96A080E01DULL ++}; ++ ++static const BN_ULONG dh1024_160_g[] = { ++ 0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL, ++ 0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL, ++ 0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL, ++ 0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL, ++ 0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL, ++ 0xA4D1CBD5C3FD3412ULL ++}; ++ ++static const BN_ULONG dh1024_160_q[] = { ++ 0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL ++}; ++ ++static const BN_ULONG dh2048_224_p[] = { ++ 0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL, ++ 0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL, ++ 0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL, ++ 0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL, ++ 0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL, ++ 0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL, ++ 0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL, ++ 0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL, ++ 0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL, ++ 0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL, ++ 0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL ++}; ++ ++static const BN_ULONG dh2048_224_g[] = { ++ 0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL, ++ 0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL, ++ 0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL, ++ 0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL, ++ 0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL, ++ 0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL, ++ 0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL, ++ 0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL, ++ 0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL, ++ 0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL, ++ 0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL ++}; ++ ++static const BN_ULONG dh2048_224_q[] = { ++ 0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL, ++ 0x00000000801C0D34ULL ++}; ++ ++static const BN_ULONG dh2048_256_p[] = { ++ 0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL, ++ 0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL, ++ 0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL, ++ 0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL, ++ 0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL, ++ 0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL, ++ 0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL, ++ 0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL, ++ 0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL, ++ 0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL, ++ 0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL ++}; ++ ++static const BN_ULONG dh2048_256_g[] = { ++ 0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL, ++ 0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL, ++ 0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL, ++ 0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL, ++ 0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL, ++ 0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL, ++ 0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL, ++ 0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL, ++ 0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL, ++ 0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL, ++ 0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL ++}; ++ ++static const BN_ULONG dh2048_256_q[] = { ++ 0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL, ++ 0x8CF83642A709A097ULL ++}; ++ ++#elif BN_BITS2 == 32 ++ ++static const BN_ULONG dh1024_160_p[] = { ++ 0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF, ++ 0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA, ++ 0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C, ++ 0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286, ++ 0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E, ++ 0xA080E01D, 0xB10B8F96 ++}; ++ ++static const BN_ULONG dh1024_160_g[] = { ++ 0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59, ++ 0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08, ++ 0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F, ++ 0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E, ++ 0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442, ++ 0xC3FD3412, 0xA4D1CBD5 ++}; ++ ++static const BN_ULONG dh1024_160_q[] = { ++ 0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87 ++}; ++ ++static const BN_ULONG dh2048_224_p[] = { ++ 0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2, ++ 0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E, ++ 0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1, ++ 0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A, ++ 0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714, ++ 0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0, ++ 0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0, ++ 0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152, ++ 0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40, ++ 0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5, ++ 0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E ++}; ++ ++static const BN_ULONG dh2048_224_g[] = { ++ 0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1, ++ 0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE, ++ 0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F, ++ 0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137, ++ 0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3, ++ 0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2, ++ 0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0, ++ 0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001, ++ 0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01, ++ 0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B, ++ 0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF ++}; ++ ++static const BN_ULONG dh2048_224_q[] = { ++ 0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE, ++ 0x801C0D34 ++}; ++ ++static const BN_ULONG dh2048_256_p[] = { ++ 0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227, ++ 0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A, ++ 0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79, ++ 0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5, ++ 0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267, ++ 0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF, ++ 0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF, ++ 0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64, ++ 0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45, ++ 0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608, ++ 0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D ++}; ++ ++static const BN_ULONG dh2048_256_g[] = { ++ 0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148, ++ 0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428, ++ 0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15, ++ 0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73, ++ 0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1, ++ 0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982, ++ 0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5, ++ 0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8, ++ 0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A, ++ 0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F, ++ 0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B ++}; ++ ++static const BN_ULONG dh2048_256_q[] = { ++ 0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976, ++ 0xA709A097, 0x8CF83642 ++}; ++ ++#else ++# error "unsupported BN_BITS2" ++#endif ++ ++/* Macro to make a BIGNUM from static data */ ++ ++#define make_dh_bn(x) static const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ ++ sizeof(x)/sizeof(BN_ULONG),\ ++ sizeof(x)/sizeof(BN_ULONG),\ ++ 0, BN_FLG_STATIC_DATA } + + /* + * Macro to make a DH structure from BIGNUM data. NB: although just copying +- * the BIGNUM static pointers would be more efficient, we can't do that +- * because they get wiped using BN_clear_free() when DH_free() is called. ++ * the BIGNUM static pointers would be more efficient we can't as they get ++ * wiped using BN_clear_free() when DH_free() is called. + */ + + #define make_dh(x) \ +-DH *DH_get_##x(void) \ +-{ \ +- DH *dh = DH_new(); \ +-\ +- if (dh == NULL) \ +- return NULL; \ +- dh->p = BN_dup(&_bignum_dh##x##_p); \ +- dh->g = BN_dup(&_bignum_dh##x##_g); \ +- dh->q = BN_dup(&_bignum_dh##x##_q); \ +- if (dh->p == NULL || dh->q == NULL || dh->g == NULL) {\ +- DH_free(dh); \ +- return NULL; \ +- } \ +- return dh; \ +-} ++DH * DH_get_##x(void) \ ++ { \ ++ DH *dh; \ ++ make_dh_bn(dh##x##_p); \ ++ make_dh_bn(dh##x##_q); \ ++ make_dh_bn(dh##x##_g); \ ++ dh = DH_new(); \ ++ if (!dh) \ ++ return NULL; \ ++ dh->p = BN_dup(&_bignum_dh##x##_p); \ ++ dh->g = BN_dup(&_bignum_dh##x##_g); \ ++ dh->q = BN_dup(&_bignum_dh##x##_q); \ ++ if (!dh->p || !dh->q || !dh->g) \ ++ { \ ++ DH_free(dh); \ ++ return NULL; \ ++ } \ ++ return dh; \ ++ } + + make_dh(1024_160) + make_dh(2048_224) +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_beos.c b/Cryptlib/OpenSSL/crypto/dso/dso_beos.c +new file mode 100644 +index 0000000..68ebcd8 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_beos.c +@@ -0,0 +1,253 @@ ++/* dso_beos.c */ ++/* ++ * Written by Marcin Konicki (ahwayakchih@neoni.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++#include "cryptlib.h" ++#include ++ ++#if !defined(OPENSSL_SYS_BEOS) ++DSO_METHOD *DSO_METHOD_beos(void) ++{ ++ return NULL; ++} ++#else ++ ++# include ++ ++static int beos_load(DSO *dso); ++static int beos_unload(DSO *dso); ++static void *beos_bind_var(DSO *dso, const char *symname); ++static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname); ++# if 0 ++static int beos_unbind_var(DSO *dso, char *symname, void *symptr); ++static int beos_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); ++static int beos_init(DSO *dso); ++static int beos_finish(DSO *dso); ++static long beos_ctrl(DSO *dso, int cmd, long larg, void *parg); ++# endif ++static char *beos_name_converter(DSO *dso, const char *filename); ++ ++static DSO_METHOD dso_meth_beos = { ++ "OpenSSL 'beos' shared library method", ++ beos_load, ++ beos_unload, ++ beos_bind_var, ++ beos_bind_func, ++/* For now, "unbind" doesn't exist */ ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif ++ NULL, /* ctrl */ ++ beos_name_converter, ++ NULL, /* init */ ++ NULL /* finish */ ++}; ++ ++DSO_METHOD *DSO_METHOD_beos(void) ++{ ++ return (&dso_meth_beos); ++} ++ ++/* ++ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to ++ * the handle (image_id) returned from load_add_on(). ++ */ ++ ++static int beos_load(DSO *dso) ++{ ++ image_id id; ++ /* See applicable comments from dso_dl.c */ ++ char *filename = DSO_convert_filename(dso, NULL); ++ ++ if (filename == NULL) { ++ DSOerr(DSO_F_BEOS_LOAD, DSO_R_NO_FILENAME); ++ goto err; ++ } ++ id = load_add_on(filename); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_LOAD, DSO_R_LOAD_FAILED); ++ ERR_add_error_data(3, "filename(", filename, ")"); ++ goto err; ++ } ++ if (!sk_push(dso->meth_data, (char *)id)) { ++ DSOerr(DSO_F_BEOS_LOAD, DSO_R_STACK_ERROR); ++ goto err; ++ } ++ /* Success */ ++ dso->loaded_filename = filename; ++ return (1); ++ err: ++ /* Cleanup ! */ ++ if (filename != NULL) ++ OPENSSL_free(filename); ++ if (id > 0) ++ unload_add_on(id); ++ return (0); ++} ++ ++static int beos_unload(DSO *dso) ++{ ++ image_id id; ++ if (dso == NULL) { ++ DSOerr(DSO_F_BEOS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (sk_num(dso->meth_data) < 1) ++ return (1); ++ id = (image_id) sk_pop(dso->meth_data); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_NULL_HANDLE); ++ return (0); ++ } ++ if (unload_add_on(id) != B_OK) { ++ DSOerr(DSO_F_BEOS_UNLOAD, DSO_R_UNLOAD_FAILED); ++ /* ++ * We should push the value back onto the stack in case of a retry. ++ */ ++ sk_push(dso->meth_data, (char *)id); ++ return (0); ++ } ++ return (1); ++} ++ ++static void *beos_bind_var(DSO *dso, const char *symname) ++{ ++ image_id id; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ if (get_image_symbol(id, symname, B_SYMBOL_TYPE_DATA, &sym) != B_OK) { ++ DSOerr(DSO_F_BEOS_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(3, "symname(", symname, ")"); ++ return (NULL); ++ } ++ return (sym); ++} ++ ++static DSO_FUNC_TYPE beos_bind_func(DSO *dso, const char *symname) ++{ ++ image_id id; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ id = (image_id) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (id < 1) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ if (get_image_symbol(id, symname, B_SYMBOL_TYPE_TEXT, &sym) != B_OK) { ++ DSOerr(DSO_F_BEOS_BIND_FUNC, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(3, "symname(", symname, ")"); ++ return (NULL); ++ } ++ return ((DSO_FUNC_TYPE)sym); ++} ++ ++/* This one is the same as the one in dlfcn */ ++static char *beos_name_converter(DSO *dso, const char *filename) ++{ ++ char *translated; ++ int len, rsize, transform; ++ ++ len = strlen(filename); ++ rsize = len + 1; ++ transform = (strstr(filename, "/") == NULL); ++ if (transform) { ++ /* We will convert this to "%s.so" or "lib%s.so" */ ++ rsize += 3; /* The length of ".so" */ ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ rsize += 3; /* The length of "lib" */ ++ } ++ translated = OPENSSL_malloc(rsize); ++ if (translated == NULL) { ++ DSOerr(DSO_F_BEOS_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED); ++ return (NULL); ++ } ++ if (transform) { ++ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) ++ sprintf(translated, "lib%s.so", filename); ++ else ++ sprintf(translated, "%s.so", filename); ++ } else ++ sprintf(translated, "%s", filename); ++ return (translated); ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +index d80bf56..ceedf66 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c +@@ -1,15 +1,72 @@ ++/* dso_dl.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "dso_locl.h" ++#include ++#include "cryptlib.h" ++#include + +-#ifdef DSO_DL ++#ifndef DSO_DL ++DSO_METHOD *DSO_METHOD_dl(void) ++{ ++ return NULL; ++} ++#else + + # include + +@@ -18,7 +75,15 @@ + + static int dl_load(DSO *dso); + static int dl_unload(DSO *dso); ++static void *dl_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); ++# if 0 ++static int dl_unbind_var(DSO *dso, char *symname, void *symptr); ++static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); ++static int dl_init(DSO *dso); ++static int dl_finish(DSO *dso); ++static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); ++# endif + static char *dl_name_converter(DSO *dso, const char *filename); + static char *dl_merger(DSO *dso, const char *filespec1, + const char *filespec2); +@@ -29,7 +94,13 @@ static DSO_METHOD dso_meth_dl = { + "OpenSSL 'dl' shared library method", + dl_load, + dl_unload, ++ dl_bind_var, + dl_bind_func, ++/* For now, "unbind" doesn't exist */ ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif + NULL, /* ctrl */ + dl_name_converter, + dl_merger, +@@ -39,9 +110,9 @@ static DSO_METHOD dso_meth_dl = { + dl_globallookup + }; + +-DSO_METHOD *DSO_METHOD_openssl(void) ++DSO_METHOD *DSO_METHOD_dl(void) + { +- return &dso_meth_dl; ++ return (&dso_meth_dl); + } + + /* +@@ -56,7 +127,7 @@ static int dl_load(DSO *dso) + /* + * We don't do any fancy retries or anything, just take the method's (or + * DSO's if it has the callback set) best translation of the +- * platform-independent filename and try once with that. ++ * platform-independant filename and try once with that. + */ + char *filename = DSO_convert_filename(dso, NULL); + +@@ -68,10 +139,8 @@ static int dl_load(DSO *dso) + (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 : + DYNAMIC_PATH), 0L); + if (ptr == NULL) { +- char errbuf[160]; + DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED); +- if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) +- ERR_add_error_data(4, "filename(", filename, "): ", errbuf); ++ ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno)); + goto err; + } + if (!sk_push(dso->meth_data, (char *)ptr)) { +@@ -86,7 +155,8 @@ static int dl_load(DSO *dso) + return (1); + err: + /* Cleanup! */ +- OPENSSL_free(filename); ++ if (filename != NULL) ++ OPENSSL_free(filename); + if (ptr != NULL) + shl_unload(ptr); + return (0); +@@ -115,6 +185,32 @@ static int dl_unload(DSO *dso) + return (1); + } + ++static void *dl_bind_var(DSO *dso, const char *symname) ++{ ++ shl_t ptr; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { ++ DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); ++ return (NULL); ++ } ++ return (sym); ++} ++ + static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) + { + shl_t ptr; +@@ -134,10 +230,8 @@ static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) + return (NULL); + } + if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) { +- char errbuf[160]; + DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE); +- if (openssl_strerror_r(errno, errbuf, sizeof(errbuf))) +- ERR_add_error_data(4, "symname(", symname, "): ", errbuf); ++ ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno)); + return (NULL); + } + return ((DSO_FUNC_TYPE)sym); +@@ -156,21 +250,23 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) + * if the second file specification is missing. + */ + if (!filespec2 || filespec1[0] == '/') { +- merged = OPENSSL_strdup(filespec1); +- if (merged == NULL) { ++ merged = OPENSSL_malloc(strlen(filespec1) + 1); ++ if (!merged) { + DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ strcpy(merged, filespec1); + } + /* + * If the first file specification is missing, the second one rules. + */ + else if (!filespec1) { +- merged = OPENSSL_strdup(filespec2); +- if (merged == NULL) { ++ merged = OPENSSL_malloc(strlen(filespec2) + 1); ++ if (!merged) { + DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ strcpy(merged, filespec2); + } else + /* + * This part isn't as trivial as it looks. It assumes that the +@@ -185,12 +281,12 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) + spec2len = (filespec2 ? strlen(filespec2) : 0); + len = spec2len + (filespec1 ? strlen(filespec1) : 0); + +- if (spec2len && filespec2[spec2len - 1] == '/') { ++ if (filespec2 && filespec2[spec2len - 1] == '/') { + spec2len--; + len--; + } + merged = OPENSSL_malloc(len + 2); +- if (merged == NULL) { ++ if (!merged) { + DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } +@@ -206,8 +302,13 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2) + * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at + * the same time, there's no great duplicating the code. Figuring out an + * elegant way to share one copy of the code would be more difficult and +- * would not leave the implementations independent. ++ * would not leave the implementations independant. + */ ++# if defined(__hpux) ++static const char extension[] = ".sl"; ++# else ++static const char extension[] = ".so"; ++# endif + static char *dl_name_converter(DSO *dso, const char *filename) + { + char *translated; +@@ -218,7 +319,7 @@ static char *dl_name_converter(DSO *dso, const char *filename) + transform = (strstr(filename, "/") == NULL); + { + /* We will convert this to "%s.s?" or "lib%s.s?" */ +- rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */ ++ rsize += strlen(extension); /* The length of ".s?" */ + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + rsize += 3; /* The length of "lib" */ + } +@@ -229,9 +330,9 @@ static char *dl_name_converter(DSO *dso, const char *filename) + } + if (transform) { + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) +- sprintf(translated, "lib%s%s", filename, DSO_EXTENSION); ++ sprintf(translated, "lib%s%s", filename, extension); + else +- sprintf(translated, "%s%s", filename, DSO_EXTENSION); ++ sprintf(translated, "%s%s", filename, extension); + } else + sprintf(translated, "%s", filename); + return (translated); +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +index a4b0cdd..78df723 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c +@@ -1,10 +1,60 @@ ++/* dso_dlfcn.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -16,9 +66,16 @@ + # define _GNU_SOURCE /* make sure dladdr is declared */ + #endif + +-#include "dso_locl.h" ++#include ++#include "cryptlib.h" ++#include + +-#ifdef DSO_DLFCN ++#ifndef DSO_DLFCN ++DSO_METHOD *DSO_METHOD_dlfcn(void) ++{ ++ return NULL; ++} ++#else + + # ifdef HAVE_DLFCN_H + # ifdef __osf__ +@@ -40,7 +97,14 @@ + + static int dlfcn_load(DSO *dso); + static int dlfcn_unload(DSO *dso); ++static void *dlfcn_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); ++# if 0 ++static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); ++static int dlfcn_init(DSO *dso); ++static int dlfcn_finish(DSO *dso); ++static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); ++# endif + static char *dlfcn_name_converter(DSO *dso, const char *filename); + static char *dlfcn_merger(DSO *dso, const char *filespec1, + const char *filespec2); +@@ -51,7 +115,13 @@ static DSO_METHOD dso_meth_dlfcn = { + "OpenSSL 'dlfcn' shared library method", + dlfcn_load, + dlfcn_unload, ++ dlfcn_bind_var, + dlfcn_bind_func, ++/* For now, "unbind" doesn't exist */ ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif + NULL, /* ctrl */ + dlfcn_name_converter, + dlfcn_merger, +@@ -61,9 +131,9 @@ static DSO_METHOD dso_meth_dlfcn = { + dlfcn_globallookup + }; + +-DSO_METHOD *DSO_METHOD_openssl(void) ++DSO_METHOD *DSO_METHOD_dlfcn(void) + { +- return &dso_meth_dlfcn; ++ return (&dso_meth_dlfcn); + } + + /* +@@ -85,7 +155,11 @@ DSO_METHOD *DSO_METHOD_openssl(void) + # endif + # endif + # else +-# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ ++# ifdef OPENSSL_SYS_SUNOS ++# define DLOPEN_FLAG 1 ++# else ++# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ ++# endif + # endif + + /* +@@ -123,7 +197,8 @@ static int dlfcn_load(DSO *dso) + return (1); + err: + /* Cleanup! */ +- OPENSSL_free(filename); ++ if (filename != NULL) ++ OPENSSL_free(filename); + if (ptr != NULL) + dlclose(ptr); + return (0); +@@ -152,6 +227,32 @@ static int dlfcn_unload(DSO *dso) + return (1); + } + ++static void *dlfcn_bind_var(DSO *dso, const char *symname) ++{ ++ void *ptr, *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_void_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ sym = dlsym(ptr, symname); ++ if (sym == NULL) { ++ DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); ++ return (NULL); ++ } ++ return (sym); ++} ++ + static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) + { + void *ptr; +@@ -196,21 +297,23 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, + * if the second file specification is missing. + */ + if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) { +- merged = OPENSSL_strdup(filespec1); +- if (merged == NULL) { ++ merged = OPENSSL_malloc(strlen(filespec1) + 1); ++ if (!merged) { + DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ strcpy(merged, filespec1); + } + /* + * If the first file specification is missing, the second one rules. + */ + else if (!filespec1) { +- merged = OPENSSL_strdup(filespec2); +- if (merged == NULL) { ++ merged = OPENSSL_malloc(strlen(filespec2) + 1); ++ if (!merged) { + DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ strcpy(merged, filespec2); + } else { + /* + * This part isn't as trivial as it looks. It assumes that the +@@ -229,7 +332,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, + len--; + } + merged = OPENSSL_malloc(len + 2); +- if (merged == NULL) { ++ if (!merged) { + DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } +@@ -240,6 +343,14 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, + return (merged); + } + ++# ifdef OPENSSL_SYS_MACOSX ++# define DSO_ext ".dylib" ++# define DSO_extlen 6 ++# else ++# define DSO_ext ".so" ++# define DSO_extlen 3 ++# endif ++ + static char *dlfcn_name_converter(DSO *dso, const char *filename) + { + char *translated; +@@ -250,7 +361,7 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) + transform = (strstr(filename, "/") == NULL); + if (transform) { + /* We will convert this to "%s.so" or "lib%s.so" etc */ +- rsize += strlen(DSO_EXTENSION); /* The length of ".so" */ ++ rsize += DSO_extlen; /* The length of ".so" */ + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) + rsize += 3; /* The length of "lib" */ + } +@@ -261,9 +372,9 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename) + } + if (transform) { + if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) +- sprintf(translated, "lib%s" DSO_EXTENSION, filename); ++ sprintf(translated, "lib%s" DSO_ext, filename); + else +- sprintf(translated, "%s" DSO_EXTENSION, filename); ++ sprintf(translated, "%s" DSO_ext, filename); + } else + sprintf(translated, "%s", filename); + return (translated); +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +index 07588d5..e143cc0 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_err.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_err.c +@@ -1,16 +1,67 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/dso/dso_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include + #include +-#include "internal/dso.h" ++#include + + /* BEGIN ERROR CODES */ + #ifndef OPENSSL_NO_ERR +@@ -19,41 +70,55 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) + + static ERR_STRING_DATA DSO_str_functs[] = { +- {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "dlfcn_bind_func"}, +- {ERR_FUNC(DSO_F_DLFCN_LOAD), "dlfcn_load"}, +- {ERR_FUNC(DSO_F_DLFCN_MERGER), "dlfcn_merger"}, +- {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "dlfcn_name_converter"}, +- {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "dlfcn_unload"}, +- {ERR_FUNC(DSO_F_DL_BIND_FUNC), "dl_bind_func"}, +- {ERR_FUNC(DSO_F_DL_LOAD), "dl_load"}, +- {ERR_FUNC(DSO_F_DL_MERGER), "dl_merger"}, +- {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "dl_name_converter"}, +- {ERR_FUNC(DSO_F_DL_UNLOAD), "dl_unload"}, ++ {ERR_FUNC(DSO_F_BEOS_BIND_FUNC), "BEOS_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_BEOS_BIND_VAR), "BEOS_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_BEOS_LOAD), "BEOS_LOAD"}, ++ {ERR_FUNC(DSO_F_BEOS_NAME_CONVERTER), "BEOS_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_BEOS_UNLOAD), "BEOS_UNLOAD"}, ++ {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"}, ++ {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"}, ++ {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"}, ++ {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"}, ++ {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"}, ++ {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"}, + {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"}, ++ {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"}, + {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"}, + {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"}, + {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"}, + {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"}, ++ {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"}, + {ERR_FUNC(DSO_F_DSO_GLOBAL_LOOKUP), "DSO_global_lookup"}, + {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"}, + {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"}, + {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"}, + {ERR_FUNC(DSO_F_DSO_PATHBYADDR), "DSO_pathbyaddr"}, + {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"}, ++ {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"}, + {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"}, +- {ERR_FUNC(DSO_F_VMS_BIND_SYM), "vms_bind_sym"}, +- {ERR_FUNC(DSO_F_VMS_LOAD), "vms_load"}, +- {ERR_FUNC(DSO_F_VMS_MERGER), "vms_merger"}, +- {ERR_FUNC(DSO_F_VMS_UNLOAD), "vms_unload"}, +- {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "win32_bind_func"}, +- {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "win32_globallookup"}, +- {ERR_FUNC(DSO_F_WIN32_JOINER), "win32_joiner"}, +- {ERR_FUNC(DSO_F_WIN32_LOAD), "win32_load"}, +- {ERR_FUNC(DSO_F_WIN32_MERGER), "win32_merger"}, +- {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "win32_name_converter"}, +- {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "win32_pathbyaddr"}, +- {ERR_FUNC(DSO_F_WIN32_SPLITTER), "win32_splitter"}, +- {ERR_FUNC(DSO_F_WIN32_UNLOAD), "win32_unload"}, ++ {ERR_FUNC(DSO_F_GLOBAL_LOOKUP_FUNC), "GLOBAL_LOOKUP_FUNC"}, ++ {ERR_FUNC(DSO_F_PATHBYADDR), "PATHBYADDR"}, ++ {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"}, ++ {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"}, ++ {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"}, ++ {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"}, ++ {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"}, ++ {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"}, ++ {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP), "WIN32_GLOBALLOOKUP"}, ++ {ERR_FUNC(DSO_F_WIN32_GLOBALLOOKUP_FUNC), "WIN32_GLOBALLOOKUP_FUNC"}, ++ {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"}, ++ {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"}, ++ {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"}, ++ {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"}, ++ {ERR_FUNC(DSO_F_WIN32_PATHBYADDR), "WIN32_PATHBYADDR"}, ++ {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"}, ++ {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"}, + {0, NULL} + }; + +@@ -68,6 +133,7 @@ static ERR_STRING_DATA DSO_str_reasons[] = { + {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"}, + {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"}, + {ERR_REASON(DSO_R_NO_FILENAME), "no filename"}, ++ {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION), "no file specification"}, + {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"}, + {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"}, + {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"}, +@@ -80,7 +146,7 @@ static ERR_STRING_DATA DSO_str_reasons[] = { + + #endif + +-int ERR_load_DSO_strings(void) ++void ERR_load_DSO_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -89,5 +155,4 @@ int ERR_load_DSO_strings(void) + ERR_load_strings(0, DSO_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +index f58237d..2beb7c1 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c +@@ -1,33 +1,114 @@ ++/* dso_lib.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "dso_locl.h" ++#include ++#include ++#include "cryptlib.h" ++#include + + static DSO_METHOD *default_DSO_meth = NULL; + +-static DSO *DSO_new_method(DSO_METHOD *meth) ++DSO *DSO_new(void) ++{ ++ return (DSO_new_method(NULL)); ++} ++ ++void DSO_set_default_method(DSO_METHOD *meth) ++{ ++ default_DSO_meth = meth; ++} ++ ++DSO_METHOD *DSO_get_default_method(void) ++{ ++ return (default_DSO_meth); ++} ++ ++DSO_METHOD *DSO_get_method(DSO *dso) ++{ ++ return (dso->meth); ++} ++ ++DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth) ++{ ++ DSO_METHOD *mtmp; ++ mtmp = dso->meth; ++ dso->meth = meth; ++ return (mtmp); ++} ++ ++DSO *DSO_new_method(DSO_METHOD *meth) + { + DSO *ret; + +- if (default_DSO_meth == NULL) { ++ if (default_DSO_meth == NULL) + /* + * We default to DSO_METH_openssl() which in turn defaults to + * stealing the "best available" method. Will fallback to + * DSO_METH_null() in the worst case. + */ + default_DSO_meth = DSO_METHOD_openssl(); +- } +- ret = OPENSSL_zalloc(sizeof(*ret)); ++ ret = (DSO *)OPENSSL_malloc(sizeof(DSO)); + if (ret == NULL) { + DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ memset(ret, 0, sizeof(DSO)); + ret->meth_data = sk_void_new_null(); + if (ret->meth_data == NULL) { + /* sk_new doesn't generate any errors so we do */ +@@ -35,62 +116,59 @@ static DSO *DSO_new_method(DSO_METHOD *meth) + OPENSSL_free(ret); + return (NULL); + } +- ret->meth = default_DSO_meth; ++ if (meth == NULL) ++ ret->meth = default_DSO_meth; ++ else ++ ret->meth = meth; + ret->references = 1; +- ret->lock = CRYPTO_THREAD_lock_new(); +- if (ret->lock == NULL) { +- DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + sk_void_free(ret->meth_data); + OPENSSL_free(ret); +- return NULL; +- } +- +- if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +- DSO_free(ret); + ret = NULL; + } +- +- return ret; +-} +- +-DSO *DSO_new(void) +-{ +- return DSO_new_method(NULL); ++ return (ret); + } + + int DSO_free(DSO *dso) + { + int i; + +- if (dso == NULL) +- return (1); +- +- if (CRYPTO_atomic_add(&dso->references, -1, &i, dso->lock) <= 0) +- return 0; ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } + +- REF_PRINT_COUNT("DSO", dso); ++ i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO); ++#ifdef REF_PRINT ++ REF_PRINT("DSO", dso); ++#endif + if (i > 0) +- return 1; +- REF_ASSERT_ISNT(i < 0); ++ return (1); ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "DSO_free, bad reference count\n"); ++ abort(); ++ } ++#endif + +- if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) { +- if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { +- DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); +- return 0; +- } ++ if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { ++ DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED); ++ return (0); + } + + if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { + DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED); +- return 0; ++ return (0); + } + + sk_void_free(dso->meth_data); +- OPENSSL_free(dso->filename); +- OPENSSL_free(dso->loaded_filename); +- CRYPTO_THREAD_lock_free(dso->lock); ++ if (dso->filename != NULL) ++ OPENSSL_free(dso->filename); ++ if (dso->loaded_filename != NULL) ++ OPENSSL_free(dso->loaded_filename); ++ + OPENSSL_free(dso); +- return 1; ++ return (1); + } + + int DSO_flags(DSO *dso) +@@ -100,19 +178,13 @@ int DSO_flags(DSO *dso) + + int DSO_up_ref(DSO *dso) + { +- int i; +- + if (dso == NULL) { + DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER); +- return 0; ++ return (0); + } + +- if (CRYPTO_atomic_add(&dso->references, 1, &i, dso->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("DSO", r); +- REF_ASSERT_ISNT(i < 2); +- return ((i > 1) ? 1 : 0); ++ CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO); ++ return (1); + } + + DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) +@@ -169,6 +241,26 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) + return (NULL); + } + ++void *DSO_bind_var(DSO *dso, const char *symname) ++{ ++ void *ret = NULL; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (dso->meth->dso_bind_var == NULL) { ++ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED); ++ return (NULL); ++ } ++ if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) { ++ DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE); ++ return (NULL); ++ } ++ /* Success */ ++ return (ret); ++} ++ + DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) + { + DSO_FUNC_TYPE ret = NULL; +@@ -227,6 +319,19 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) + return (dso->meth->dso_ctrl(dso, cmd, larg, parg)); + } + ++int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, ++ DSO_NAME_CONVERTER_FUNC *oldcb) ++{ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER); ++ return (0); ++ } ++ if (oldcb) ++ *oldcb = dso->name_converter; ++ dso->name_converter = cb; ++ return (1); ++} ++ + const char *DSO_get_filename(DSO *dso) + { + if (dso == NULL) { +@@ -249,12 +354,14 @@ int DSO_set_filename(DSO *dso, const char *filename) + return (0); + } + /* We'll duplicate filename */ +- copied = OPENSSL_strdup(filename); ++ copied = OPENSSL_malloc(strlen(filename) + 1); + if (copied == NULL) { + DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE); + return (0); + } +- OPENSSL_free(dso->filename); ++ BUF_strlcpy(copied, filename, strlen(filename) + 1); ++ if (dso->filename) ++ OPENSSL_free(dso->filename); + dso->filename = copied; + return (1); + } +@@ -297,15 +404,25 @@ char *DSO_convert_filename(DSO *dso, const char *filename) + result = dso->meth->dso_name_converter(dso, filename); + } + if (result == NULL) { +- result = OPENSSL_strdup(filename); ++ result = OPENSSL_malloc(strlen(filename) + 1); + if (result == NULL) { + DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE); + return (NULL); + } ++ BUF_strlcpy(result, filename, strlen(filename) + 1); + } + return (result); + } + ++const char *DSO_get_loaded_filename(DSO *dso) ++{ ++ if (dso == NULL) { ++ DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ return (dso->loaded_filename); ++} ++ + int DSO_pathbyaddr(void *addr, char *path, int sz) + { + DSO_METHOD *meth = default_DSO_meth; +@@ -318,24 +435,6 @@ int DSO_pathbyaddr(void *addr, char *path, int sz) + return (*meth->pathbyaddr) (addr, path, sz); + } + +-DSO *DSO_dsobyaddr(void *addr, int flags) +-{ +- DSO *ret = NULL; +- char *filename = NULL; +- int len = DSO_pathbyaddr(addr, NULL, 0); +- +- if (len < 0) +- return NULL; +- +- filename = OPENSSL_malloc(len); +- if (filename != NULL +- && DSO_pathbyaddr(addr, filename, len) == len) +- ret = DSO_load(NULL, filename, NULL, flags); +- +- OPENSSL_free(filename); +- return ret; +-} +- + void *DSO_global_lookup(const char *name) + { + DSO_METHOD *meth = default_DSO_meth; +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_locl.h b/Cryptlib/OpenSSL/crypto/dso/dso_locl.h +deleted file mode 100644 +index fbfad05..0000000 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_locl.h ++++ /dev/null +@@ -1,106 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include "internal/dso.h" +-#include "internal/dso_conf.h" +- +-/**********************************************************************/ +-/* The low-level handle type used to refer to a loaded shared library */ +- +-struct dso_st { +- DSO_METHOD *meth; +- /* +- * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use +- * anything but will need to cache the filename for use in the dso_bind +- * handler. All in all, let each method control its own destiny. +- * "Handles" and such go in a STACK. +- */ +- STACK_OF(void) *meth_data; +- int references; +- int flags; +- /* +- * For use by applications etc ... use this for your bits'n'pieces, don't +- * touch meth_data! +- */ +- CRYPTO_EX_DATA ex_data; +- /* +- * If this callback function pointer is set to non-NULL, then it will be +- * used in DSO_load() in place of meth->dso_name_converter. NB: This +- * should normally set using DSO_set_name_converter(). +- */ +- DSO_NAME_CONVERTER_FUNC name_converter; +- /* +- * If this callback function pointer is set to non-NULL, then it will be +- * used in DSO_load() in place of meth->dso_merger. NB: This should +- * normally set using DSO_set_merger(). +- */ +- DSO_MERGER_FUNC merger; +- /* +- * This is populated with (a copy of) the platform-independent filename +- * used for this DSO. +- */ +- char *filename; +- /* +- * This is populated with (a copy of) the translated filename by which +- * the DSO was actually loaded. It is NULL iff the DSO is not currently +- * loaded. NB: This is here because the filename translation process may +- * involve a callback being invoked more than once not only to convert to +- * a platform-specific form, but also to try different filenames in the +- * process of trying to perform a load. As such, this variable can be +- * used to indicate (a) whether this DSO structure corresponds to a +- * loaded library or not, and (b) the filename with which it was actually +- * loaded. +- */ +- char *loaded_filename; +- CRYPTO_RWLOCK *lock; +-}; +- +-struct dso_meth_st { +- const char *name; +- /* +- * Loads a shared library, NB: new DSO_METHODs must ensure that a +- * successful load populates the loaded_filename field, and likewise a +- * successful unload OPENSSL_frees and NULLs it out. +- */ +- int (*dso_load) (DSO *dso); +- /* Unloads a shared library */ +- int (*dso_unload) (DSO *dso); +- /* +- * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should +- * be cast to the real function prototype by the caller. Platforms that +- * don't have compatible representations for different prototypes (this +- * is possible within ANSI C) are highly unlikely to have shared +- * libraries at all, let alone a DSO_METHOD implemented for them. +- */ +- DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); +- /* +- * The generic (yuck) "ctrl()" function. NB: Negative return values +- * (rather than zero) indicate errors. +- */ +- long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg); +- /* +- * The default DSO_METHOD-specific function for converting filenames to a +- * canonical native form. +- */ +- DSO_NAME_CONVERTER_FUNC dso_name_converter; +- /* +- * The default DSO_METHOD-specific function for converting filenames to a +- * canonical native form. +- */ +- DSO_MERGER_FUNC dso_merger; +- /* [De]Initialisation handlers. */ +- int (*init) (DSO *dso); +- int (*finish) (DSO *dso); +- /* Return pathname of the module containing location */ +- int (*pathbyaddr) (void *addr, char *path, int sz); +- /* Perform global symbol lookup, i.e. among *all* modules */ +- void *(*globallookup) (const char *symname); +-}; +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +new file mode 100644 +index 0000000..20122d1 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_null.c +@@ -0,0 +1,92 @@ ++/* dso_null.c */ ++/* ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * This "NULL" method is provided as the fallback for systems that have no ++ * appropriate support for "shared-libraries". ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++ ++static DSO_METHOD dso_meth_null = { ++ "NULL shared library method", ++ NULL, /* load */ ++ NULL, /* unload */ ++ NULL, /* bind_var */ ++ NULL, /* bind_func */ ++/* For now, "unbind" doesn't exist */ ++#if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++#endif ++ NULL, /* ctrl */ ++ NULL, /* dso_name_converter */ ++ NULL, /* dso_merger */ ++ NULL, /* init */ ++ NULL, /* finish */ ++ NULL, /* pathbyaddr */ ++ NULL /* globallookup */ ++}; ++ ++DSO_METHOD *DSO_METHOD_null(void) ++{ ++ return (&dso_meth_null); ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +index 6626331..087e989 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c +@@ -1,22 +1,83 @@ ++/* dso_openssl.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "dso_locl.h" ++#include ++#include "cryptlib.h" ++#include + +-#if !defined(DSO_VMS) && !defined(DSO_DLCFN) && !defined(DSO_DL) && !defined(DSO_WIN32) && !defined(DSO_DLFCN) +- +-static DSO_METHOD dso_meth_null = { +- "NULL shared library method" +-}; ++/* We just pinch the method from an appropriate "default" method. */ + + DSO_METHOD *DSO_METHOD_openssl(void) + { +- return &dso_meth_null; +-} ++#ifdef DEF_DSO_METHOD ++ return (DEF_DSO_METHOD()); ++#elif defined(DSO_DLFCN) ++ return (DSO_METHOD_dlfcn()); ++#elif defined(DSO_DL) ++ return (DSO_METHOD_dl()); ++#elif defined(DSO_WIN32) ++ return (DSO_METHOD_win32()); ++#elif defined(DSO_VMS) ++ return (DSO_METHOD_vms()); ++#elif defined(DSO_BEOS) ++ return (DSO_METHOD_beos()); ++#else ++ return (DSO_METHOD_null()); + #endif ++} +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +index b9a98dd..1efd84b 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c +@@ -1,25 +1,82 @@ ++/* dso_vms.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "dso_locl.h" ++#include ++#include ++#include ++#include "cryptlib.h" ++#include + +-#ifdef OPENSSL_SYS_VMS ++#ifndef OPENSSL_SYS_VMS ++DSO_METHOD *DSO_METHOD_vms(void) ++{ ++ return NULL; ++} ++#else + + # pragma message disable DOLLARID +-# include + # include + # include +-# include + # include + # include + # include +-# include "../vms_rms.h" ++# include "vms_rms.h" + + /* Some compiler options may mask the declaration of "_malloc32". */ + # if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE +@@ -36,7 +93,15 @@ void *_malloc32(__size_t); + + static int vms_load(DSO *dso); + static int vms_unload(DSO *dso); ++static void *vms_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); ++# if 0 ++static int vms_unbind_var(DSO *dso, char *symname, void *symptr); ++static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); ++static int vms_init(DSO *dso); ++static int vms_finish(DSO *dso); ++static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); ++# endif + static char *vms_name_converter(DSO *dso, const char *filename); + static char *vms_merger(DSO *dso, const char *filespec1, + const char *filespec2); +@@ -45,14 +110,18 @@ static DSO_METHOD dso_meth_vms = { + "OpenSSL 'VMS' shared library method", + vms_load, + NULL, /* unload */ ++ vms_bind_var, + vms_bind_func, ++/* For now, "unbind" doesn't exist */ ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif + NULL, /* ctrl */ + vms_name_converter, + vms_merger, + NULL, /* init */ +- NULL, /* finish */ +- NULL, /* pathbyaddr */ +- NULL /* globallookup */ ++ NULL /* finish */ + }; + + /* +@@ -76,9 +145,9 @@ typedef struct dso_internal_st { + char imagename[NAMX_MAXRSS + 1]; + } DSO_VMS_INTERNAL; + +-DSO_METHOD *DSO_METHOD_openssl(void) ++DSO_METHOD *DSO_METHOD_vms(void) + { +- return &dso_meth_vms; ++ return (&dso_meth_vms); + } + + static int vms_load(DSO *dso) +@@ -103,7 +172,7 @@ static int vms_load(DSO *dso) + # endif /* __INITIAL_POINTER_SIZE == 64 */ + + const char *sp1, *sp2; /* Search result */ +- const char *ext = NULL; /* possible extension to add */ ++ const char *ext = NULL; /* possible extension to add */ + + if (filename == NULL) { + DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); +@@ -173,7 +242,7 @@ static int vms_load(DSO *dso) + goto err; + } + +- p = DSO_MALLOC(sizeof(*p)); ++ p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); + if (p == NULL) { + DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE); + goto err; +@@ -210,8 +279,10 @@ static int vms_load(DSO *dso) + return (1); + err: + /* Cleanup! */ +- OPENSSL_free(p); +- OPENSSL_free(filename); ++ if (p != NULL) ++ OPENSSL_free(p); ++ if (filename != NULL) ++ OPENSSL_free(filename); + return (0); + } + +@@ -267,10 +338,11 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) + { + DSO_VMS_INTERNAL *ptr; + int status; +-# ifdef LIB$M_FIS_MIXEDCASE +- int flags = LIB$M_FIS_MIXEDCASE; ++# if 0 ++ int flags = (1 << 4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't ++ * defined in VMS older than 7.0 or so */ + # else +- int flags = (1 << 4); ++ int flags = 0; + # endif + struct dsc$descriptor_s symname_dsc; + +@@ -355,6 +427,13 @@ void vms_bind_sym(DSO *dso, const char *symname, void **sym) + return; + } + ++static void *vms_bind_var(DSO *dso, const char *symname) ++{ ++ void *sym = 0; ++ vms_bind_sym(dso, symname, &sym); ++ return sym; ++} ++ + static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) + { + DSO_FUNC_TYPE sym = 0; +@@ -447,7 +526,7 @@ static char *vms_merger(DSO *dso, const char *filespec1, + } + + merged = OPENSSL_malloc(nam.NAMX_ESL + 1); +- if (merged == NULL) ++ if (!merged) + goto malloc_err; + strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL); + merged[nam.NAMX_ESL] = '\0'; +@@ -460,7 +539,7 @@ static char *vms_name_converter(DSO *dso, const char *filename) + { + int len = strlen(filename); + char *not_translated = OPENSSL_malloc(len + 1); +- if (not_translated != NULL) ++ if (not_translated) + strcpy(not_translated, filename); + return (not_translated); + } +diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +index 4a4c34a..706e754 100644 +--- a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c ++++ b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c +@@ -1,15 +1,73 @@ ++/* dso_win32.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "dso_locl.h" ++#include ++#include ++#include "cryptlib.h" ++#include + +-#if defined(DSO_WIN32) ++#if !defined(DSO_WIN32) ++DSO_METHOD *DSO_METHOD_win32(void) ++{ ++ return NULL; ++} ++#else + + # ifdef _WIN32_WCE + # if _WIN32_WCE < 300 +@@ -59,10 +117,19 @@ static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName) + + static int win32_load(DSO *dso); + static int win32_unload(DSO *dso); ++static void *win32_bind_var(DSO *dso, const char *symname); + static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); ++# if 0 ++static int win32_unbind_var(DSO *dso, char *symname, void *symptr); ++static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); ++static int win32_init(DSO *dso); ++static int win32_finish(DSO *dso); ++static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); ++# endif + static char *win32_name_converter(DSO *dso, const char *filename); + static char *win32_merger(DSO *dso, const char *filespec1, + const char *filespec2); ++static int win32_pathbyaddr(void *addr, char *path, int sz); + static void *win32_globallookup(const char *name); + + static const char *openssl_strnchr(const char *string, int c, size_t len); +@@ -71,19 +138,25 @@ static DSO_METHOD dso_meth_win32 = { + "OpenSSL 'win32' shared library method", + win32_load, + win32_unload, ++ win32_bind_var, + win32_bind_func, ++/* For now, "unbind" doesn't exist */ ++# if 0 ++ NULL, /* unbind_var */ ++ NULL, /* unbind_func */ ++# endif + NULL, /* ctrl */ + win32_name_converter, + win32_merger, + NULL, /* init */ + NULL, /* finish */ +- NULL, /* pathbyaddr */ ++ win32_pathbyaddr, + win32_globallookup + }; + +-DSO_METHOD *DSO_METHOD_openssl(void) ++DSO_METHOD *DSO_METHOD_win32(void) + { +- return &dso_meth_win32; ++ return (&dso_meth_win32); + } + + /* +@@ -107,7 +180,7 @@ static int win32_load(DSO *dso) + ERR_add_error_data(3, "filename(", filename, ")"); + goto err; + } +- p = OPENSSL_malloc(sizeof(*p)); ++ p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE)); + if (p == NULL) { + DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE); + goto err; +@@ -122,8 +195,10 @@ static int win32_load(DSO *dso) + return (1); + err: + /* Cleanup ! */ +- OPENSSL_free(filename); +- OPENSSL_free(p); ++ if (filename != NULL) ++ OPENSSL_free(filename); ++ if (p != NULL) ++ OPENSSL_free(p); + if (h != NULL) + FreeLibrary(h); + return (0); +@@ -156,13 +231,41 @@ static int win32_unload(DSO *dso) + return (1); + } + ++/* ++ * Using GetProcAddress for variables? TODO: Check this out in the Win32 API ++ * docs, there's probably a variant for variables. ++ */ ++static void *win32_bind_var(DSO *dso, const char *symname) ++{ ++ HINSTANCE *ptr; ++ void *sym; ++ ++ if ((dso == NULL) || (symname == NULL)) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER); ++ return (NULL); ++ } ++ if (sk_void_num(dso->meth_data) < 1) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR); ++ return (NULL); ++ } ++ ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); ++ if (ptr == NULL) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE); ++ return (NULL); ++ } ++ sym = GetProcAddress(*ptr, symname); ++ if (sym == NULL) { ++ DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE); ++ ERR_add_error_data(3, "symname(", symname, ")"); ++ return (NULL); ++ } ++ return (sym); ++} ++ + static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) + { + HINSTANCE *ptr; +- union { +- void *p; +- FARPROC f; +- } sym; ++ void *sym; + + if ((dso == NULL) || (symname == NULL)) { + DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER); +@@ -177,13 +280,13 @@ static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) + DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE); + return (NULL); + } +- sym.f = GetProcAddress(*ptr, symname); +- if (sym.p == NULL) { ++ sym = GetProcAddress(*ptr, symname); ++ if (sym == NULL) { + DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE); + ERR_add_error_data(3, "symname(", symname, ")"); + return (NULL); + } +- return ((DSO_FUNC_TYPE)sym.f); ++ return ((DSO_FUNC_TYPE)sym); + } + + struct file_st { +@@ -215,12 +318,13 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, + return (NULL); + } + +- result = OPENSSL_zalloc(sizeof(*result)); ++ result = OPENSSL_malloc(sizeof(struct file_st)); + if (result == NULL) { + DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); + return (NULL); + } + ++ memset(result, 0, sizeof(struct file_st)); + position = IN_DEVICE; + + if ((filename[0] == '\\' && filename[1] == '\\') +@@ -338,7 +442,7 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + } + + result = OPENSSL_malloc(len + 1); +- if (result == NULL) { ++ if (!result) { + DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE); + return (NULL); + } +@@ -372,6 +476,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + offset++; + start = end + 1; + } ++# if 0 /* Not needed, since the directory converter ++ * above already appeneded a backslash */ ++ if (file_split->predir && (file_split->dir || file_split->file)) { ++ result[offset] = '\\'; ++ offset++; ++ } ++# endif + start = file_split->dir; + while (file_split->dirlen > (start - file_split->dir)) { + const char *end = openssl_strnchr(start, '/', +@@ -385,6 +496,13 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) + offset++; + start = end + 1; + } ++# if 0 /* Not needed, since the directory converter ++ * above already appeneded a backslash */ ++ if (file_split->dir && file_split->file) { ++ result[offset] = '\\'; ++ offset++; ++ } ++# endif + strncpy(&result[offset], file_split->file, file_split->filelen); + offset += file_split->filelen; + result[offset] = '\0'; +@@ -404,14 +522,14 @@ static char *win32_merger(DSO *dso, const char *filespec1, + } + if (!filespec2) { + merged = OPENSSL_malloc(strlen(filespec1) + 1); +- if (merged == NULL) { ++ if (!merged) { + DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } + strcpy(merged, filespec1); + } else if (!filespec1) { + merged = OPENSSL_malloc(strlen(filespec2) + 1); +- if (merged == NULL) { ++ if (!merged) { + DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE); + return (NULL); + } +@@ -507,6 +625,106 @@ typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD); + typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE); + typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *); + ++static int win32_pathbyaddr(void *addr, char *path, int sz) ++{ ++ HMODULE dll; ++ HANDLE hModuleSnap = INVALID_HANDLE_VALUE; ++ MODULEENTRY32 me32; ++ CREATETOOLHELP32SNAPSHOT create_snap; ++ CLOSETOOLHELP32SNAPSHOT close_snap; ++ MODULE32 module_first, module_next; ++ ++ if (addr == NULL) { ++ union { ++ int (*f) (void *, char *, int); ++ void *p; ++ } t = { ++ win32_pathbyaddr ++ }; ++ addr = t.p; ++ } ++ ++ dll = LoadLibrary(TEXT(DLLNAME)); ++ if (dll == NULL) { ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); ++ return -1; ++ } ++ ++ create_snap = (CREATETOOLHELP32SNAPSHOT) ++ GetProcAddress(dll, "CreateToolhelp32Snapshot"); ++ if (create_snap == NULL) { ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); ++ return -1; ++ } ++ /* We take the rest for granted... */ ++# ifdef _WIN32_WCE ++ close_snap = (CLOSETOOLHELP32SNAPSHOT) ++ GetProcAddress(dll, "CloseToolhelp32Snapshot"); ++# else ++ close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle; ++# endif ++ module_first = (MODULE32) GetProcAddress(dll, "Module32First"); ++ module_next = (MODULE32) GetProcAddress(dll, "Module32Next"); ++ ++ hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0); ++ if (hModuleSnap == INVALID_HANDLE_VALUE) { ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED); ++ return -1; ++ } ++ ++ me32.dwSize = sizeof(me32); ++ ++ if (!(*module_first) (hModuleSnap, &me32)) { ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++ DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_FAILURE); ++ return -1; ++ } ++ ++ do { ++ if ((BYTE *) addr >= me32.modBaseAddr && ++ (BYTE *) addr < me32.modBaseAddr + me32.modBaseSize) { ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++# ifdef _WIN32_WCE ++# if _WIN32_WCE >= 101 ++ return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1, ++ path, sz, NULL, NULL); ++# else ++ { ++ int i, len = (int)wcslen(me32.szExePath); ++ if (sz <= 0) ++ return len + 1; ++ if (len >= sz) ++ len = sz - 1; ++ for (i = 0; i < len; i++) ++ path[i] = (char)me32.szExePath[i]; ++ path[len++] = 0; ++ return len; ++ } ++# endif ++# else ++ { ++ int len = (int)strlen(me32.szExePath); ++ if (sz <= 0) ++ return len + 1; ++ if (len >= sz) ++ len = sz - 1; ++ memcpy(path, me32.szExePath, len); ++ path[len++] = 0; ++ return len; ++ } ++# endif ++ } ++ } while ((*module_next) (hModuleSnap, &me32)); ++ ++ (*close_snap) (hModuleSnap); ++ FreeLibrary(dll); ++ return 0; ++} ++ + static void *win32_globallookup(const char *name) + { + HMODULE dll; +@@ -515,10 +733,7 @@ static void *win32_globallookup(const char *name) + CREATETOOLHELP32SNAPSHOT create_snap; + CLOSETOOLHELP32SNAPSHOT close_snap; + MODULE32 module_first, module_next; +- union { +- void *p; +- FARPROC f; +- } ret = { NULL }; ++ FARPROC ret = NULL; + + dll = LoadLibrary(TEXT(DLLNAME)); + if (dll == NULL) { +@@ -559,10 +774,10 @@ static void *win32_globallookup(const char *name) + } + + do { +- if ((ret.f = GetProcAddress(me32.hModule, name))) { ++ if ((ret = GetProcAddress(me32.hModule, name))) { + (*close_snap) (hModuleSnap); + FreeLibrary(dll); +- return ret.p; ++ return ret; + } + } while ((*module_next) (hModuleSnap, &me32)); + +diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c +index 6871953..fd6df92 100644 +--- a/Cryptlib/OpenSSL/crypto/ebcdic.c ++++ b/Cryptlib/OpenSSL/crypto/ebcdic.c +@@ -1,103 +1,21 @@ +-/* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ ++/* crypto/ebcdic.c */ + +-# include + #ifndef CHARSET_EBCDIC +-NON_EMPTY_TRANSLATION_UNIT +-#else + +-# include ++# include ++# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) || defined(__clang__) ++static void *dummy = &dummy; ++# endif ++ ++#else /* CHARSET_EBCDIC */ + ++# include "ebcdic.h" + /*- + * Initial Port for Apache-1.3 by + * Adapted for OpenSSL-0.9.4 by + */ + +-# ifdef CHARSET_EBCDIC_TEST +-/* +- * Here we're looking to test the EBCDIC code on an ASCII system so we don't do +- * any translation in these tables at all. +- */ +- +-/* The ebcdic-to-ascii table: */ +-const unsigned char os_toascii[256] = { +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, +- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, +- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, +- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, +- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, +- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, +- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, +- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, +- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, +- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, +- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, +- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, +- 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, +- 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, +- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, +- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, +- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, +- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, +- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, +- 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, +- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, +- 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, +- 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, +- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, +- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, +- 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, +- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, +- 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, +- 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, +- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, +- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff +-}; +- +-/* The ascii-to-ebcdic table: */ +-const unsigned char os_toebcdic[256] = { +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, +- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, +- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, +- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, +- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, +- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, +- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, +- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, +- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, +- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, +- 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, +- 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, +- 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, +- 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, +- 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, +- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, +- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, +- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, +- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f, +- 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, +- 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, +- 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7, +- 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, +- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, +- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf, +- 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, +- 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, +- 0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7, +- 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, +- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, +- 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff +-}; +- +-# elif defined(_OSD_POSIX) ++# ifdef _OSD_POSIX + /* + * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens + * AG, Germany, for their BS2000 mainframe machines. Within the POSIX +@@ -255,7 +173,7 @@ const unsigned char os_toebcdic[256] = { + * systems. It is a modified version of the BS2000 table. + * + * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is +- * bijective - there are no ambiguous or duplicate characters. ++ * bijective - there are no ambigous or duplicate characters. + */ + const unsigned char os_toascii[256] = { + 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ +diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c +index 44a293a..52dc9a5 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err.c ++++ b/Cryptlib/OpenSSL/crypto/err/err.c +@@ -1,24 +1,126 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/err/err.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include +-#include +-#include +-#include ++#include "cryptlib.h" + #include + #include + #include + #include +-#include +-#include ++#include ++ ++DECLARE_LHASH_OF(ERR_STRING_DATA); ++DECLARE_LHASH_OF(ERR_STATE); + + static void err_load_strings(int lib, ERR_STRING_DATA *str); + +@@ -40,8 +142,6 @@ static ERR_STRING_DATA ERR_str_libraries[] = { + {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"}, + {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"}, + {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"}, +- {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"}, +- {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"}, + {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"}, + {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"}, + {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"}, +@@ -52,13 +152,9 @@ static ERR_STRING_DATA ERR_str_libraries[] = { + {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"}, + {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"}, + {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"}, +- {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"}, + {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, + {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, + {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, +- {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, +- {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, +- {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"}, + {0, NULL}, + }; + +@@ -76,12 +172,6 @@ static ERR_STRING_DATA ERR_str_functs[] = { + # endif + {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, + {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, +- {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"}, +- {ERR_PACK(0, SYS_F_GETNAMEINFO, 0), "getnameinfo"}, +- {ERR_PACK(0, SYS_F_SETSOCKOPT, 0), "setsockopt"}, +- {ERR_PACK(0, SYS_F_GETSOCKOPT, 0), "getsockopt"}, +- {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"}, +- {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"}, + {0, NULL}, + }; + +@@ -97,14 +187,25 @@ static ERR_STRING_DATA ERR_str_reasons[] = { + {ERR_R_DSA_LIB, "DSA lib"}, + {ERR_R_X509_LIB, "X509 lib"}, + {ERR_R_ASN1_LIB, "ASN1 lib"}, ++ {ERR_R_CONF_LIB, "CONF lib"}, ++ {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, + {ERR_R_EC_LIB, "EC lib"}, ++ {ERR_R_SSL_LIB, "SSL lib"}, + {ERR_R_BIO_LIB, "BIO lib"}, + {ERR_R_PKCS7_LIB, "PKCS7 lib"}, + {ERR_R_X509V3_LIB, "X509V3 lib"}, ++ {ERR_R_PKCS12_LIB, "PKCS12 lib"}, ++ {ERR_R_RAND_LIB, "RAND lib"}, ++ {ERR_R_DSO_LIB, "DSO lib"}, + {ERR_R_ENGINE_LIB, "ENGINE lib"}, +- {ERR_R_ECDSA_LIB, "ECDSA lib"}, ++ {ERR_R_OCSP_LIB, "OCSP lib"}, ++ {ERR_R_TS_LIB, "TS lib"}, + + {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, ++ {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"}, ++ {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"}, ++ {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"}, ++ {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"}, + {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, + + {ERR_R_FATAL, "fatal"}, +@@ -114,31 +215,125 @@ static ERR_STRING_DATA ERR_str_reasons[] = { + {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, + {ERR_R_INTERNAL_ERROR, "internal error"}, + {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, +- {ERR_R_INIT_FAIL, "init fail"}, + + {0, NULL}, + }; + #endif + +-static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT; +-static CRYPTO_THREAD_LOCAL err_thread_local; +- +-static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; +-static CRYPTO_RWLOCK *err_string_lock; ++/* Define the predeclared (but externally opaque) "ERR_FNS" type */ ++struct st_ERR_FNS { ++ /* Works on the "error_hash" string table */ ++ LHASH_OF(ERR_STRING_DATA) *(*cb_err_get) (int create); ++ void (*cb_err_del) (void); ++ ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *); ++ ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *); ++ ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *); ++ /* Works on the "thread_hash" error-state table */ ++ LHASH_OF(ERR_STATE) *(*cb_thread_get) (int create); ++ void (*cb_thread_release) (LHASH_OF(ERR_STATE) **hash); ++ ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *); ++ ERR_STATE *(*cb_thread_set_item) (ERR_STATE *); ++ void (*cb_thread_del_item) (const ERR_STATE *); ++ /* Returns the next available error "library" numbers */ ++ int (*cb_get_next_lib) (void); ++}; + ++/* Predeclarations of the "err_defaults" functions */ ++static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create); ++static void int_err_del(void); + static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); ++static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); ++static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); ++static LHASH_OF(ERR_STATE) *int_thread_get(int create); ++static void int_thread_release(LHASH_OF(ERR_STATE) **hash); ++static ERR_STATE *int_thread_get_item(const ERR_STATE *); ++static ERR_STATE *int_thread_set_item(ERR_STATE *); ++static void int_thread_del_item(const ERR_STATE *); ++static int int_err_get_next_lib(void); ++/* The static ERR_FNS table using these defaults functions */ ++static const ERR_FNS err_defaults = { ++ int_err_get, ++ int_err_del, ++ int_err_get_item, ++ int_err_set_item, ++ int_err_del_item, ++ int_thread_get, ++ int_thread_release, ++ int_thread_get_item, ++ int_thread_set_item, ++ int_thread_del_item, ++ int_err_get_next_lib ++}; ++ ++/* The replacable table of ERR_FNS functions we use at run-time */ ++static const ERR_FNS *err_fns = NULL; ++ ++/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ ++#define ERRFN(a) err_fns->cb_##a + + /* +- * The internal state ++ * The internal state used by "err_defaults" - as such, the setting, reading, ++ * creating, and deleting of this data should only be permitted via the ++ * "err_defaults" functions. This way, a linked module can completely defer ++ * all ERR state operation (together with requisite locking) to the ++ * implementations and state in the loading application. + */ +- + static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL; ++static LHASH_OF(ERR_STATE) *int_thread_hash = NULL; ++static int int_thread_hash_references = 0; + static int int_err_library_number = ERR_LIB_USER; + ++/* ++ * Internal function that checks whether "err_fns" is set and if not, sets it ++ * to the defaults. ++ */ ++static void err_fns_check(void) ++{ ++ if (err_fns) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!err_fns) ++ err_fns = &err_defaults; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} ++ ++/* API functions to get or set the underlying ERR functions. */ ++ ++const ERR_FNS *ERR_get_implementation(void) ++{ ++ err_fns_check(); ++ return err_fns; ++} ++ ++int ERR_set_implementation(const ERR_FNS *fns) ++{ ++ int ret = 0; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ /* ++ * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an ++ * error is there?! ++ */ ++ if (!err_fns) { ++ err_fns = fns; ++ ret = 1; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return ret; ++} ++ ++/* ++ * These are the callbacks provided to "lh_new()" when creating the LHASH ++ * tables internal to the "err_defaults" implementation. ++ */ ++ + static unsigned long get_error_values(int inc, int top, const char **file, + int *line, const char **data, + int *flags); + ++/* The internal functions used in the "err_defaults" implementation */ ++ + static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) + { + unsigned long ret, l; +@@ -148,24 +343,221 @@ static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) + return (ret ^ ret % 19 * 13); + } + ++static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA) ++ + static int err_string_data_cmp(const ERR_STRING_DATA *a, + const ERR_STRING_DATA *b) + { + return (int)(a->error - b->error); + } + ++static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA) ++ ++static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create) ++{ ++ LHASH_OF(ERR_STRING_DATA) *ret = NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!int_error_hash && create) { ++ CRYPTO_push_info("int_err_get (err.c)"); ++ int_error_hash = lh_ERR_STRING_DATA_new(); ++ CRYPTO_pop_info(); ++ } ++ if (int_error_hash) ++ ret = int_error_hash; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return ret; ++} ++ ++static void int_err_del(void) ++{ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (int_error_hash) { ++ lh_ERR_STRING_DATA_free(int_error_hash); ++ int_error_hash = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++} ++ + static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) + { +- ERR_STRING_DATA *p = NULL; ++ ERR_STRING_DATA *p; ++ LHASH_OF(ERR_STRING_DATA) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(err_get) (0); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STRING_DATA_retrieve(hash, d); ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ ++ return p; ++} ++ ++static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) ++{ ++ ERR_STRING_DATA *p; ++ LHASH_OF(ERR_STRING_DATA) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(err_get) (1); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STRING_DATA_insert(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return p; ++} ++ ++static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) ++{ ++ ERR_STRING_DATA *p; ++ LHASH_OF(ERR_STRING_DATA) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(err_get) (0); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STRING_DATA_delete(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return p; ++} ++ ++static unsigned long err_state_hash(const ERR_STATE *a) ++{ ++ return CRYPTO_THREADID_hash(&a->tid) * 13; ++} ++ ++static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE) ++ ++static int err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) ++{ ++ return CRYPTO_THREADID_cmp(&a->tid, &b->tid); ++} ++ ++static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE) ++ ++static LHASH_OF(ERR_STATE) *int_thread_get(int create) ++{ ++ LHASH_OF(ERR_STATE) *ret = NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!int_thread_hash && create) { ++ CRYPTO_push_info("int_thread_get (err.c)"); ++ int_thread_hash = lh_ERR_STATE_new(); ++ CRYPTO_pop_info(); ++ } ++ if (int_thread_hash) { ++ int_thread_hash_references++; ++ ret = int_thread_hash; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ return ret; ++} ++ ++static void int_thread_release(LHASH_OF(ERR_STATE) **hash) ++{ ++ int i; ++ ++ if (hash == NULL || *hash == NULL) ++ return; ++ ++ i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); ++ ++#ifdef REF_PRINT ++ fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR"); ++#endif ++ if (i > 0) ++ return; ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "int_thread_release, bad reference count\n"); ++ abort(); /* ok */ ++ } ++#endif ++ *hash = NULL; ++} ++ ++static ERR_STATE *int_thread_get_item(const ERR_STATE *d) ++{ ++ ERR_STATE *p; ++ LHASH_OF(ERR_STATE) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(thread_get) (0); ++ if (!hash) ++ return NULL; + +- CRYPTO_THREAD_read_lock(err_string_lock); +- if (int_error_hash != NULL) +- p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d); +- CRYPTO_THREAD_unlock(err_string_lock); ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STATE_retrieve(hash, d); ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + ++ ERRFN(thread_release) (&hash); + return p; + } + ++static ERR_STATE *int_thread_set_item(ERR_STATE *d) ++{ ++ ERR_STATE *p; ++ LHASH_OF(ERR_STATE) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(thread_get) (1); ++ if (!hash) ++ return NULL; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STATE_insert(hash, d); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ ERRFN(thread_release) (&hash); ++ return p; ++} ++ ++static void int_thread_del_item(const ERR_STATE *d) ++{ ++ ERR_STATE *p; ++ LHASH_OF(ERR_STATE) *hash; ++ ++ err_fns_check(); ++ hash = ERRFN(thread_get) (0); ++ if (!hash) ++ return; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ p = lh_ERR_STATE_delete(hash, d); ++ /* make sure we don't leak memory */ ++ if (int_thread_hash_references == 1 ++ && int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0) { ++ lh_ERR_STATE_free(int_thread_hash); ++ int_thread_hash = NULL; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ ERRFN(thread_release) (&hash); ++ if (p) ++ ERR_STATE_free(p); ++} ++ ++static int int_err_get_next_lib(void) ++{ ++ int ret; ++ ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ ret = int_err_library_number++; ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); ++ ++ return ret; ++} ++ + #ifndef OPENSSL_NO_ERR + # define NUM_SYS_STR_REASONS 127 + # define LEN_SYS_STR_REASON 32 +@@ -185,12 +577,19 @@ static void build_SYS_str_reasons(void) + { + /* OPENSSL_malloc cannot be used here, use static storage instead */ + static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; +- static int init = 1; + int i; ++ static int init = 1; + +- CRYPTO_THREAD_write_lock(err_string_lock); ++ CRYPTO_r_lock(CRYPTO_LOCK_ERR); + if (!init) { +- CRYPTO_THREAD_unlock(err_string_lock); ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ return; ++ } ++ ++ CRYPTO_r_unlock(CRYPTO_LOCK_ERR); ++ CRYPTO_w_lock(CRYPTO_LOCK_ERR); ++ if (!init) { ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + return; + } + +@@ -200,8 +599,12 @@ static void build_SYS_str_reasons(void) + str->error = (unsigned long)i; + if (str->string == NULL) { + char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); +- if (openssl_strerror_r(i, *dest, sizeof(*dest))) ++ char *src = strerror(i); ++ if (src != NULL) { ++ strncpy(*dest, src, sizeof *dest); ++ (*dest)[sizeof *dest - 1] = '\0'; + str->string = *dest; ++ } + } + if (str->string == NULL) + str->string = "unknown"; +@@ -214,13 +617,14 @@ static void build_SYS_str_reasons(void) + + init = 0; + +- CRYPTO_THREAD_unlock(err_string_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + } + #endif + + #define err_clear_data(p,i) \ + do { \ +- if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ ++ if (((p)->err_data[i] != NULL) && \ ++ (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ + { \ + OPENSSL_free((p)->err_data[i]); \ + (p)->err_data[i]=NULL; \ +@@ -250,85 +654,48 @@ static void ERR_STATE_free(ERR_STATE *s) + OPENSSL_free(s); + } + +-DEFINE_RUN_ONCE_STATIC(do_err_strings_init) +-{ +- OPENSSL_init_crypto(0, NULL); +- err_string_lock = CRYPTO_THREAD_lock_new(); +- return err_string_lock != NULL; +-} +- +-void err_cleanup(void) +-{ +- CRYPTO_THREAD_lock_free(err_string_lock); +- err_string_lock = NULL; +-} +- +-int ERR_load_ERR_strings(void) ++void ERR_load_ERR_strings(void) + { ++ err_fns_check(); + #ifndef OPENSSL_NO_ERR +- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) +- return 0; +- + err_load_strings(0, ERR_str_libraries); + err_load_strings(0, ERR_str_reasons); + err_load_strings(ERR_LIB_SYS, ERR_str_functs); + build_SYS_str_reasons(); + err_load_strings(ERR_LIB_SYS, SYS_str_reasons); + #endif +- return 1; + } + + static void err_load_strings(int lib, ERR_STRING_DATA *str) + { +- CRYPTO_THREAD_write_lock(err_string_lock); +- if (int_error_hash == NULL) +- int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, +- err_string_data_cmp); +- if (int_error_hash != NULL) { +- for (; str->error; str++) { +- if (lib) +- str->error |= ERR_PACK(lib, 0, 0); +- (void)lh_ERR_STRING_DATA_insert(int_error_hash, str); +- } ++ while (str->error) { ++ if (lib) ++ str->error |= ERR_PACK(lib, 0, 0); ++ ERRFN(err_set_item) (str); ++ str++; + } +- CRYPTO_THREAD_unlock(err_string_lock); + } + +-int ERR_load_strings(int lib, ERR_STRING_DATA *str) ++void ERR_load_strings(int lib, ERR_STRING_DATA *str) + { +- if (ERR_load_ERR_strings() == 0) +- return 0; ++ ERR_load_ERR_strings(); + err_load_strings(lib, str); +- return 1; + } + +-int ERR_unload_strings(int lib, ERR_STRING_DATA *str) ++void ERR_unload_strings(int lib, ERR_STRING_DATA *str) + { +- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) +- return 0; +- +- CRYPTO_THREAD_write_lock(err_string_lock); +- if (int_error_hash != NULL) { +- for (; str->error; str++) { +- if (lib) +- str->error |= ERR_PACK(lib, 0, 0); +- (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); +- } ++ while (str->error) { ++ if (lib) ++ str->error |= ERR_PACK(lib, 0, 0); ++ ERRFN(err_del_item) (str); ++ str++; + } +- CRYPTO_THREAD_unlock(err_string_lock); +- +- return 1; + } + +-void err_free_strings_int(void) ++void ERR_free_strings(void) + { +- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) +- return; +- +- CRYPTO_THREAD_write_lock(err_string_lock); +- lh_ERR_STRING_DATA_free(int_error_hash); +- int_error_hash = NULL; +- CRYPTO_THREAD_unlock(err_string_lock); ++ err_fns_check(); ++ ERRFN(err_del) (); + } + + /********************************************************/ +@@ -547,6 +914,7 @@ void ERR_error_string_n(unsigned long e, char *buf, size_t len) + } + } + ++/* BAD for multi-threading: uses a local buffer if ret == NULL */ + /* + * ERR_error_string_n should be used instead for ret != NULL as + * ERR_error_string cannot know how large the buffer is +@@ -562,18 +930,33 @@ char *ERR_error_string(unsigned long e, char *ret) + return ret; + } + ++LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void) ++{ ++ err_fns_check(); ++ return ERRFN(err_get) (0); ++} ++ ++LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void) ++{ ++ err_fns_check(); ++ return ERRFN(thread_get) (0); ++} ++ ++void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash) ++{ ++ err_fns_check(); ++ ERRFN(thread_release) (hash); ++} ++ + const char *ERR_lib_error_string(unsigned long e) + { + ERR_STRING_DATA d, *p; + unsigned long l; + +- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { +- return NULL; +- } +- ++ err_fns_check(); + l = ERR_GET_LIB(e); + d.error = ERR_PACK(l, 0, 0); +- p = int_err_get_item(&d); ++ p = ERRFN(err_get_item) (&d); + return ((p == NULL) ? NULL : p->string); + } + +@@ -582,14 +965,11 @@ const char *ERR_func_error_string(unsigned long e) + ERR_STRING_DATA d, *p; + unsigned long l, f; + +- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { +- return NULL; +- } +- ++ err_fns_check(); + l = ERR_GET_LIB(e); + f = ERR_GET_FUNC(e); + d.error = ERR_PACK(l, f, 0); +- p = int_err_get_item(&d); ++ p = ERRFN(err_get_item) (&d); + return ((p == NULL) ? NULL : p->string); + } + +@@ -598,87 +978,85 @@ const char *ERR_reason_error_string(unsigned long e) + ERR_STRING_DATA d, *p = NULL; + unsigned long l, r; + +- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { +- return NULL; +- } +- ++ err_fns_check(); + l = ERR_GET_LIB(e); + r = ERR_GET_REASON(e); + d.error = ERR_PACK(l, 0, r); +- p = int_err_get_item(&d); ++ p = ERRFN(err_get_item) (&d); + if (!p) { + d.error = ERR_PACK(0, 0, r); +- p = int_err_get_item(&d); ++ p = ERRFN(err_get_item) (&d); + } + return ((p == NULL) ? NULL : p->string); + } + +-void err_delete_thread_state(void) ++void ERR_remove_thread_state(const CRYPTO_THREADID *id) + { +- ERR_STATE *state = ERR_get_state(); +- if (state == NULL) +- return; +- +- CRYPTO_THREAD_set_local(&err_thread_local, NULL); +- ERR_STATE_free(state); +-} ++ ERR_STATE tmp; + +-#if OPENSSL_API_COMPAT < 0x10100000L +-void ERR_remove_thread_state(void *dummy) +-{ ++ if (id) ++ CRYPTO_THREADID_cpy(&tmp.tid, id); ++ else ++ CRYPTO_THREADID_current(&tmp.tid); ++ err_fns_check(); ++ /* ++ * thread_del_item automatically destroys the LHASH if the number of ++ * items reaches zero. ++ */ ++ ERRFN(thread_del_item) (&tmp); + } +-#endif + +-#if OPENSSL_API_COMPAT < 0x10000000L ++#ifndef OPENSSL_NO_DEPRECATED + void ERR_remove_state(unsigned long pid) + { ++ ERR_remove_thread_state(NULL); + } + #endif + +-DEFINE_RUN_ONCE_STATIC(err_do_init) +-{ +- return CRYPTO_THREAD_init_local(&err_thread_local, NULL); +-} +- + ERR_STATE *ERR_get_state(void) + { +- ERR_STATE *state = NULL; +- +- if (!RUN_ONCE(&err_init, err_do_init)) +- return NULL; +- +- state = CRYPTO_THREAD_get_local(&err_thread_local); +- +- if (state == NULL) { +- state = OPENSSL_zalloc(sizeof(*state)); +- if (state == NULL) +- return NULL; +- +- if (!CRYPTO_THREAD_set_local(&err_thread_local, state)) { +- ERR_STATE_free(state); +- return NULL; ++ static ERR_STATE fallback; ++ ERR_STATE *ret, tmp, *tmpp = NULL; ++ int i; ++ CRYPTO_THREADID tid; ++ ++ err_fns_check(); ++ CRYPTO_THREADID_current(&tid); ++ CRYPTO_THREADID_cpy(&tmp.tid, &tid); ++ ret = ERRFN(thread_get_item) (&tmp); ++ ++ /* ret == the error state, if NULL, make a new one */ ++ if (ret == NULL) { ++ ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); ++ if (ret == NULL) ++ return (&fallback); ++ CRYPTO_THREADID_cpy(&ret->tid, &tid); ++ ret->top = 0; ++ ret->bottom = 0; ++ for (i = 0; i < ERR_NUM_ERRORS; i++) { ++ ret->err_data[i] = NULL; ++ ret->err_data_flags[i] = 0; + } +- +- /* Ignore failures from these */ +- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +- ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE); ++ tmpp = ERRFN(thread_set_item) (ret); ++ /* To check if insertion failed, do a get. */ ++ if (ERRFN(thread_get_item) (ret) != ret) { ++ ERR_STATE_free(ret); /* could not insert it */ ++ return (&fallback); ++ } ++ /* ++ * If a race occured in this function and we came second, tmpp is the ++ * first one that we just replaced. ++ */ ++ if (tmpp) ++ ERR_STATE_free(tmpp); + } +- +- return state; ++ return ret; + } + + int ERR_get_next_error_library(void) + { +- int ret; +- +- if (!RUN_ONCE(&err_string_init, do_err_strings_init)) { +- return 0; +- } +- +- CRYPTO_THREAD_write_lock(err_string_lock); +- ret = int_err_library_number++; +- CRYPTO_THREAD_unlock(err_string_lock); +- return ret; ++ err_fns_check(); ++ return ERRFN(get_next_lib) (); + } + + void ERR_set_error_data(char *data, int flags) +@@ -728,10 +1106,10 @@ void ERR_add_error_vdata(int num, va_list args) + if (p == NULL) { + OPENSSL_free(str); + return; +- } +- str = p; ++ } else ++ str = p; + } +- OPENSSL_strlcat(str, a, (size_t)s + 1); ++ BUF_strlcat(str, a, (size_t)s + 1); + } + } + ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING); +diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c +index 3b1304f..d7575a7 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_all.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_all.c +@@ -1,23 +1,87 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/err/err_all.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/err_int.h" + #include + #include +-#include ++#ifndef OPENSSL_NO_EC ++# include ++#endif + #include + #include +-#include +-#include +-#include +-#include ++#ifndef OPENSSL_NO_COMP ++# include ++#endif ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DH ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++#ifndef OPENSSL_NO_ECDSA ++# include ++#endif ++#ifndef OPENSSL_NO_ECDH ++# include ++#endif + #include + #include + #include +@@ -26,8 +90,10 @@ + #include + #include + #include +-#include "internal/dso.h" +-#include ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + #include + #include + #include +@@ -35,75 +101,68 @@ + # include + #endif + #include +-#include +-#include +-#include +-#include ++#ifndef OPENSSL_NO_CMS ++# include ++#endif ++#ifndef OPENSSL_NO_JPAKE ++# include ++#endif + +-int err_load_crypto_strings_int(void) ++void ERR_load_crypto_strings(void) + { +- if ( +-#ifdef OPENSSL_FIPS +- FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata) == 0 || +-#endif + #ifndef OPENSSL_NO_ERR +- ERR_load_ERR_strings() == 0 || /* include error strings for SYSerr */ +- ERR_load_BN_strings() == 0 || ++ ERR_load_ERR_strings(); /* include error strings for SYSerr */ ++ ERR_load_BN_strings(); + # ifndef OPENSSL_NO_RSA +- ERR_load_RSA_strings() == 0 || ++ ERR_load_RSA_strings(); + # endif + # ifndef OPENSSL_NO_DH +- ERR_load_DH_strings() == 0 || ++ ERR_load_DH_strings(); + # endif +- ERR_load_EVP_strings() == 0 || +- ERR_load_BUF_strings() == 0 || +- ERR_load_OBJ_strings() == 0 || +- ERR_load_PEM_strings() == 0 || ++ ERR_load_EVP_strings(); ++ ERR_load_BUF_strings(); ++ ERR_load_OBJ_strings(); ++ ERR_load_PEM_strings(); + # ifndef OPENSSL_NO_DSA +- ERR_load_DSA_strings() == 0 || ++ ERR_load_DSA_strings(); + # endif +- ERR_load_X509_strings() == 0 || +- ERR_load_ASN1_strings() == 0 || +- ERR_load_CONF_strings() == 0 || +- ERR_load_CRYPTO_strings() == 0 || ++ ERR_load_X509_strings(); ++ ERR_load_ASN1_strings(); ++ ERR_load_CONF_strings(); ++ ERR_load_CRYPTO_strings(); + # ifndef OPENSSL_NO_COMP +- ERR_load_COMP_strings() == 0 || ++ ERR_load_COMP_strings(); + # endif + # ifndef OPENSSL_NO_EC +- ERR_load_EC_strings() == 0 || ++ ERR_load_EC_strings(); + # endif +- /* skip ERR_load_SSL_strings() because it is not in this library */ +- ERR_load_BIO_strings() == 0 || +- ERR_load_PKCS7_strings() == 0 || +- ERR_load_X509V3_strings() == 0 || +- ERR_load_PKCS12_strings() == 0 || +- ERR_load_RAND_strings() == 0 || +- ERR_load_DSO_strings() == 0 || +-# ifndef OPENSSL_NO_TS +- ERR_load_TS_strings() == 0 || ++# ifndef OPENSSL_NO_ECDSA ++ ERR_load_ECDSA_strings(); + # endif +-# ifndef OPENSSL_NO_ENGINE +- ERR_load_ENGINE_strings() == 0 || ++# ifndef OPENSSL_NO_ECDH ++ ERR_load_ECDH_strings(); + # endif +-# ifndef OPENSSL_NO_OCSP +- ERR_load_OCSP_strings() == 0 || ++ /* skip ERR_load_SSL_strings() because it is not in this library */ ++ ERR_load_BIO_strings(); ++ ERR_load_PKCS7_strings(); ++ ERR_load_X509V3_strings(); ++ ERR_load_PKCS12_strings(); ++ ERR_load_RAND_strings(); ++ ERR_load_DSO_strings(); ++ ERR_load_TS_strings(); ++# ifndef OPENSSL_NO_ENGINE ++ ERR_load_ENGINE_strings(); + # endif +-#ifndef OPENSSL_NO_UI +- ERR_load_UI_strings() == 0 || +-#endif ++ ERR_load_OCSP_strings(); ++ ERR_load_UI_strings(); + # ifdef OPENSSL_FIPS +- ERR_load_FIPS_strings() == 0 || ++ ERR_load_FIPS_strings(); + # endif + # ifndef OPENSSL_NO_CMS +- ERR_load_CMS_strings() == 0 || ++ ERR_load_CMS_strings(); + # endif +-# ifndef OPENSSL_NO_CT +- ERR_load_CT_strings() == 0 || ++# ifndef OPENSSL_NO_JPAKE ++ ERR_load_JPAKE_strings(); + # endif +- ERR_load_ASYNC_strings() == 0 || + #endif +- ERR_load_KDF_strings() == 0) +- return 0; +- +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c +index c7dc1d1..6e352ef 100644 +--- a/Cryptlib/OpenSSL/crypto/err/err_prn.c ++++ b/Cryptlib/OpenSSL/crypto/err/err_prn.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/err/err_prn.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -22,45 +71,43 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), + char buf2[4096]; + const char *file, *data; + int line, flags; +- /* +- * We don't know what kind of thing CRYPTO_THREAD_ID is. Here is our best +- * attempt to convert it into something we can print. +- */ +- union { +- CRYPTO_THREAD_ID tid; +- unsigned long ltid; +- } tid; +- +- tid.ltid = 0; +- tid.tid = CRYPTO_THREAD_get_current_id(); ++ unsigned long es; ++ CRYPTO_THREADID cur; + ++ CRYPTO_THREADID_current(&cur); ++ es = CRYPTO_THREADID_hash(&cur); + while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) { + ERR_error_string_n(l, buf, sizeof buf); +- BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf, ++ BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, + file, line, (flags & ERR_TXT_STRING) ? data : ""); + if (cb(buf2, strlen(buf2), u) <= 0) + break; /* abort outputting the error report */ + } + } + +-static int print_bio(const char *str, size_t len, void *bp) ++#ifndef OPENSSL_NO_FP_API ++static int print_fp(const char *str, size_t len, void *fp) + { +- return BIO_write((BIO *)bp, str, len); ++ BIO bio; ++ ++ BIO_set(&bio, BIO_s_file()); ++ BIO_set_fp(&bio, fp, BIO_NOCLOSE); ++ ++ return BIO_printf(&bio, "%s", str); + } + +-void ERR_print_errors(BIO *bp) ++void ERR_print_errors_fp(FILE *fp) + { +- ERR_print_errors_cb(print_bio, bp); ++ ERR_print_errors_cb(print_fp, fp); + } ++#endif + +-#ifndef OPENSSL_NO_STDIO +-void ERR_print_errors_fp(FILE *fp) ++static int print_bio(const char *str, size_t len, void *bp) + { +- BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE); +- if (bio == NULL) +- return; ++ return BIO_write((BIO *)bp, str, len); ++} + +- ERR_print_errors_cb(print_bio, bio); +- BIO_free(bio); ++void ERR_print_errors(BIO *bp) ++{ ++ ERR_print_errors_cb(print_bio, bp); + } +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +index 32a884a..538b520 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/bio_b64.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/bio.h" + + static int b64_write(BIO *h, const char *buf, int num); + static int b64_read(BIO *h, char *buf, int size); +@@ -41,12 +89,12 @@ typedef struct b64_struct { + int encode; + int start; /* have we started decoding yet? */ + int cont; /* <= 0 when finished */ +- EVP_ENCODE_CTX *base64; ++ EVP_ENCODE_CTX base64; + char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; + char tmp[B64_BLOCK_SIZE]; + } BIO_B64_CTX; + +-static const BIO_METHOD methods_b64 = { ++static BIO_METHOD methods_b64 = { + BIO_TYPE_BASE64, "base64 encoding", + b64_write, + b64_read, +@@ -58,50 +106,43 @@ static const BIO_METHOD methods_b64 = { + b64_callback_ctrl, + }; + +- +-const BIO_METHOD *BIO_f_base64(void) ++BIO_METHOD *BIO_f_base64(void) + { +- return &methods_b64; ++ return (&methods_b64); + } + + static int b64_new(BIO *bi) + { + BIO_B64_CTX *ctx; + +- ctx = OPENSSL_zalloc(sizeof(*ctx)); ++ ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); + if (ctx == NULL) +- return 0; ++ return (0); + ++ ctx->buf_len = 0; ++ ctx->tmp_len = 0; ++ ctx->tmp_nl = 0; ++ ctx->buf_off = 0; + ctx->cont = 1; + ctx->start = 1; +- ctx->base64 = EVP_ENCODE_CTX_new(); +- if (ctx->base64 == NULL) { +- OPENSSL_free(ctx); +- return 0; +- } +- +- BIO_set_data(bi, ctx); +- BIO_set_init(bi, 1); ++ ctx->encode = 0; + +- return 1; ++ bi->init = 1; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ bi->num = 0; ++ return (1); + } + + static int b64_free(BIO *a) + { +- BIO_B64_CTX *ctx; + if (a == NULL) +- return 0; +- +- ctx = BIO_get_data(a); +- if (ctx == NULL) +- return 0; +- +- EVP_ENCODE_CTX_free(ctx->base64); +- OPENSSL_free(ctx); +- BIO_set_data(a, NULL); +- BIO_set_init(a, 0); +- +- return 1; ++ return (0); ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); + } + + static int b64_read(BIO *b, char *out, int outl) +@@ -109,15 +150,13 @@ static int b64_read(BIO *b, char *out, int outl) + int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; + BIO_B64_CTX *ctx; + unsigned char *p, *q; +- BIO *next; + + if (out == NULL) + return (0); +- ctx = (BIO_B64_CTX *)BIO_get_data(b); ++ ctx = (BIO_B64_CTX *)b->ptr; + +- next = BIO_next(b); +- if ((ctx == NULL) || (next == NULL)) +- return 0; ++ if ((ctx == NULL) || (b->next_bio == NULL)) ++ return (0); + + BIO_clear_retry_flags(b); + +@@ -126,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl) + ctx->buf_len = 0; + ctx->buf_off = 0; + ctx->tmp_len = 0; +- EVP_DecodeInit(ctx->base64); ++ EVP_DecodeInit(&(ctx->base64)); + } + + /* First check if there are bytes decoded/encoded */ +@@ -157,14 +196,14 @@ static int b64_read(BIO *b, char *out, int outl) + if (ctx->cont <= 0) + break; + +- i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]), ++ i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]), + B64_BLOCK_SIZE - ctx->tmp_len); + + if (i <= 0) { + ret_code = i; + + /* Should we continue next time we are called? */ +- if (!BIO_should_retry(next)) { ++ if (!BIO_should_retry(b->next_bio)) { + ctx->cont = i; + /* If buffer empty break */ + if (ctx->tmp_len == 0) +@@ -205,11 +244,11 @@ static int b64_read(BIO *b, char *out, int outl) + continue; + } + +- k = EVP_DecodeUpdate(ctx->base64, ++ k = EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf, + &num, p, q - p); + if ((k <= 0) && (num == 0) && (ctx->start)) +- EVP_DecodeInit(ctx->base64); ++ EVP_DecodeInit(&ctx->base64); + else { + if (p != (unsigned char *) + &(ctx->tmp[0])) { +@@ -218,7 +257,7 @@ static int b64_read(BIO *b, char *out, int outl) + for (x = 0; x < i; x++) + ctx->tmp[x] = p[x]; + } +- EVP_DecodeInit(ctx->base64); ++ EVP_DecodeInit(&ctx->base64); + ctx->start = 0; + break; + } +@@ -259,7 +298,11 @@ static int b64_read(BIO *b, char *out, int outl) + if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { + int z, jj; + ++#if 0 ++ jj = (i >> 2) << 2; ++#else + jj = i & ~3; /* process per 4 */ ++#endif + z = EVP_DecodeBlock((unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp, jj); + if (jj > 2) { +@@ -282,7 +325,7 @@ static int b64_read(BIO *b, char *out, int outl) + } + i = z; + } else { +- i = EVP_DecodeUpdate(ctx->base64, ++ i = EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)ctx->tmp, i); + ctx->tmp_len = 0; +@@ -320,13 +363,8 @@ static int b64_write(BIO *b, const char *in, int inl) + int n; + int i; + BIO_B64_CTX *ctx; +- BIO *next; +- +- ctx = (BIO_B64_CTX *)BIO_get_data(b); +- next = BIO_next(b); +- if ((ctx == NULL) || (next == NULL)) +- return 0; + ++ ctx = (BIO_B64_CTX *)b->ptr; + BIO_clear_retry_flags(b); + + if (ctx->encode != B64_ENCODE) { +@@ -334,7 +372,7 @@ static int b64_write(BIO *b, const char *in, int inl) + ctx->buf_len = 0; + ctx->buf_off = 0; + ctx->tmp_len = 0; +- EVP_EncodeInit(ctx->base64); ++ EVP_EncodeInit(&(ctx->base64)); + } + + OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); +@@ -342,7 +380,7 @@ static int b64_write(BIO *b, const char *in, int inl) + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + n = ctx->buf_len - ctx->buf_off; + while (n > 0) { +- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { + BIO_copy_next_retry(b); + return (i); +@@ -403,10 +441,9 @@ static int b64_write(BIO *b, const char *in, int inl) + ret += n; + } + } else { +- if (!EVP_EncodeUpdate(ctx->base64, +- (unsigned char *)ctx->buf, &ctx->buf_len, +- (unsigned char *)in, n)) +- return ((ret == 0) ? -1 : ret); ++ EVP_EncodeUpdate(&(ctx->base64), ++ (unsigned char *)ctx->buf, &ctx->buf_len, ++ (unsigned char *)in, n); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; +@@ -417,7 +454,7 @@ static int b64_write(BIO *b, const char *in, int inl) + ctx->buf_off = 0; + n = ctx->buf_len; + while (n > 0) { +- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { + BIO_copy_next_retry(b); + return ((ret == 0) ? i : ret); +@@ -439,40 +476,36 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) + BIO_B64_CTX *ctx; + long ret = 1; + int i; +- BIO *next; + +- ctx = (BIO_B64_CTX *)BIO_get_data(b); +- next = BIO_next(b); +- if ((ctx == NULL) || (next == NULL)) +- return 0; ++ ctx = (BIO_B64_CTX *)b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: + ctx->cont = 1; + ctx->start = 1; + ctx->encode = B64_NONE; +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_EOF: /* More to read */ + if (ctx->cont <= 0) + ret = 1; + else +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_WPENDING: /* More to write in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret = ctx->buf_len - ctx->buf_off; + if ((ret == 0) && (ctx->encode != B64_NONE) +- && (EVP_ENCODE_CTX_num(ctx->base64) != 0)) ++ && (ctx->base64.num != 0)) + ret = 1; + else if (ret <= 0) +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_PENDING: /* More to read in buffer */ + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret = ctx->buf_len - ctx->buf_off; + if (ret <= 0) +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_FLUSH: + /* do a final write */ +@@ -491,21 +524,20 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) + ctx->tmp_len = 0; + goto again; + } +- } else if (ctx->encode != B64_NONE +- && EVP_ENCODE_CTX_num(ctx->base64) != 0) { ++ } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { + ctx->buf_off = 0; +- EVP_EncodeFinal(ctx->base64, ++ EVP_EncodeFinal(&(ctx->base64), + (unsigned char *)ctx->buf, &(ctx->buf_len)); + /* push out the bytes */ + goto again; + } + /* Finally flush the underlying BIO */ +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + +@@ -515,22 +547,21 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_CTRL_GET: + case BIO_CTRL_SET: + default: +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + } +- return ret; ++ return (ret); + } + + static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret = 1; +- BIO *next = BIO_next(b); + +- if (next == NULL) +- return 0; ++ if (b->next_bio == NULL) ++ return (0); + switch (cmd) { + default: +- ret = BIO_callback_ctrl(next, cmd, fp); ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + break; + } + return (ret); +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +index 5a3beef..0806f23 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/bio_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/bio.h" + + static int enc_write(BIO *h, const char *buf, int num); + static int enc_read(BIO *h, char *buf, int size); +@@ -27,8 +75,7 @@ static int enc_new(BIO *h); + static int enc_free(BIO *data); + static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); + #define ENC_BLOCK_SIZE (1024*4) +-#define ENC_MIN_CHUNK (256) +-#define BUF_OFFSET (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH) ++#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) + + typedef struct enc_struct { + int buf_len; +@@ -36,16 +83,15 @@ typedef struct enc_struct { + int cont; /* <= 0 when finished */ + int finished; + int ok; /* bad decrypt */ +- EVP_CIPHER_CTX *cipher; +- unsigned char *read_start, *read_end; ++ EVP_CIPHER_CTX cipher; + /* + * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return + * up to a block more data than is presented to it + */ +- unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE]; ++ char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; + } BIO_ENC_CTX; + +-static const BIO_METHOD methods_enc = { ++static BIO_METHOD methods_enc = { + BIO_TYPE_CIPHER, "cipher", + enc_write, + enc_read, +@@ -57,7 +103,7 @@ static const BIO_METHOD methods_enc = { + enc_callback_ctrl, + }; + +-const BIO_METHOD *BIO_f_cipher(void) ++BIO_METHOD *BIO_f_cipher(void) + { + return (&methods_enc); + } +@@ -66,22 +112,21 @@ static int enc_new(BIO *bi) + { + BIO_ENC_CTX *ctx; + +- ctx = OPENSSL_zalloc(sizeof(*ctx)); ++ ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); + if (ctx == NULL) +- return 0; ++ return (0); ++ EVP_CIPHER_CTX_init(&ctx->cipher); + +- ctx->cipher = EVP_CIPHER_CTX_new(); +- if (ctx->cipher == NULL) { +- OPENSSL_free(ctx); +- return 0; +- } ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; + ctx->cont = 1; ++ ctx->finished = 0; + ctx->ok = 1; +- ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); +- BIO_set_data(bi, ctx); +- BIO_set_init(bi, 1); + +- return 1; ++ bi->init = 0; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return (1); + } + + static int enc_free(BIO *a) +@@ -89,33 +134,28 @@ static int enc_free(BIO *a) + BIO_ENC_CTX *b; + + if (a == NULL) +- return 0; +- +- b = BIO_get_data(a); +- if (b == NULL) +- return 0; +- +- EVP_CIPHER_CTX_free(b->cipher); +- OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX)); +- BIO_set_data(a, NULL); +- BIO_set_init(a, 0); +- +- return 1; ++ return (0); ++ b = (BIO_ENC_CTX *)a->ptr; ++ EVP_CIPHER_CTX_cleanup(&(b->cipher)); ++ OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX)); ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); + } + + static int enc_read(BIO *b, char *out, int outl) + { +- int ret = 0, i, blocksize; ++ int ret = 0, i; + BIO_ENC_CTX *ctx; +- BIO *next; + + if (out == NULL) + return (0); +- ctx = BIO_get_data(b); ++ ctx = (BIO_ENC_CTX *)b->ptr; + +- next = BIO_next(b); +- if ((ctx == NULL) || (next == NULL)) +- return 0; ++ if ((ctx == NULL) || (b->next_bio == NULL)) ++ return (0); + + /* First check if there are bytes decoded/encoded */ + if (ctx->buf_len > 0) { +@@ -133,10 +173,6 @@ static int enc_read(BIO *b, char *out, int outl) + } + } + +- blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher); +- if (blocksize == 1) +- blocksize = 0; +- + /* + * At this point, we have room of outl bytes and an empty buffer, so we + * should read in some more. +@@ -146,21 +182,18 @@ static int enc_read(BIO *b, char *out, int outl) + if (ctx->cont <= 0) + break; + +- if (ctx->read_start == ctx->read_end) { /* time to read more data */ +- ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]); +- i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE); +- if (i > 0) +- ctx->read_end += i; +- } else { +- i = ctx->read_end - ctx->read_start; +- } ++ /* ++ * read in at IV offset, read the EVP_Cipher documentation about why ++ */ ++ i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); + + if (i <= 0) { + /* Should be continue next time we are called? */ +- if (!BIO_should_retry(next)) { ++ if (!BIO_should_retry(b->next_bio)) { + ctx->cont = i; +- i = EVP_CipherFinal_ex(ctx->cipher, +- ctx->buf, &(ctx->buf_len)); ++ i = EVP_CipherFinal_ex(&(ctx->cipher), ++ (unsigned char *)ctx->buf, ++ &(ctx->buf_len)); + ctx->ok = i; + ctx->buf_off = 0; + } else { +@@ -168,40 +201,14 @@ static int enc_read(BIO *b, char *out, int outl) + break; + } + } else { +- if (outl > ENC_MIN_CHUNK) { +- /* +- * Depending on flags block cipher decrypt can write +- * one extra block and then back off, i.e. output buffer +- * has to accommodate extra block... +- */ +- int j = outl - blocksize, buf_len; +- +- if (!EVP_CipherUpdate(ctx->cipher, +- (unsigned char *)out, &buf_len, +- ctx->read_start, i > j ? j : i)) { +- BIO_clear_retry_flags(b); +- return 0; +- } +- ret += buf_len; +- out += buf_len; +- outl -= buf_len; +- +- if ((i -= j) <= 0) { +- ctx->read_start = ctx->read_end; +- continue; +- } +- ctx->read_start += j; +- } +- if (i > ENC_MIN_CHUNK) +- i = ENC_MIN_CHUNK; +- if (!EVP_CipherUpdate(ctx->cipher, +- ctx->buf, &ctx->buf_len, +- ctx->read_start, i)) { ++ if (!EVP_CipherUpdate(&ctx->cipher, ++ (unsigned char *)ctx->buf, &ctx->buf_len, ++ (unsigned char *)&(ctx->buf[BUF_OFFSET]), ++ i)) { + BIO_clear_retry_flags(b); + ctx->ok = 0; + return 0; + } +- ctx->read_start += i; + ctx->cont = 1; + /* + * Note: it is possible for EVP_CipherUpdate to decrypt zero +@@ -235,19 +242,14 @@ static int enc_write(BIO *b, const char *in, int inl) + { + int ret = 0, n, i; + BIO_ENC_CTX *ctx; +- BIO *next; +- +- ctx = BIO_get_data(b); +- next = BIO_next(b); +- if ((ctx == NULL) || (next == NULL)) +- return 0; + ++ ctx = (BIO_ENC_CTX *)b->ptr; + ret = inl; + + BIO_clear_retry_flags(b); + n = ctx->buf_len - ctx->buf_off; + while (n > 0) { +- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { + BIO_copy_next_retry(b); + return (i); +@@ -263,9 +265,9 @@ static int enc_write(BIO *b, const char *in, int inl) + ctx->buf_off = 0; + while (inl > 0) { + n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; +- if (!EVP_CipherUpdate(ctx->cipher, +- ctx->buf, &ctx->buf_len, +- (const unsigned char *)in, n)) { ++ if (!EVP_CipherUpdate(&ctx->cipher, ++ (unsigned char *)ctx->buf, &ctx->buf_len, ++ (unsigned char *)in, n)) { + BIO_clear_retry_flags(b); + ctx->ok = 0; + return 0; +@@ -276,7 +278,7 @@ static int enc_write(BIO *b, const char *in, int inl) + ctx->buf_off = 0; + n = ctx->buf_len; + while (n > 0) { +- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { + BIO_copy_next_retry(b); + return (ret == inl) ? i : ret - inl; +@@ -298,37 +300,32 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) + long ret = 1; + int i; + EVP_CIPHER_CTX **c_ctx; +- BIO *next; + +- ctx = BIO_get_data(b); +- next = BIO_next(b); +- if (ctx == NULL) +- return 0; ++ ctx = (BIO_ENC_CTX *)b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: + ctx->ok = 1; + ctx->finished = 0; +- if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL, +- EVP_CIPHER_CTX_encrypting(ctx->cipher))) +- return 0; +- ret = BIO_ctrl(next, cmd, num, ptr); ++ EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, ++ ctx->cipher.encrypt); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_EOF: /* More to read */ + if (ctx->cont <= 0) + ret = 1; + else +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_WPENDING: + ret = ctx->buf_len - ctx->buf_off; + if (ret <= 0) +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_PENDING: /* More to read in buffer */ + ret = ctx->buf_len - ctx->buf_off; + if (ret <= 0) +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_FLUSH: + /* do a final write */ +@@ -342,7 +339,7 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) + if (!ctx->finished) { + ctx->finished = 1; + ctx->buf_off = 0; +- ret = EVP_CipherFinal_ex(ctx->cipher, ++ ret = EVP_CipherFinal_ex(&(ctx->cipher), + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + ctx->ok = (int)ret; +@@ -354,33 +351,31 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) + } + + /* Finally flush the underlying BIO */ +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_C_GET_CIPHER_STATUS: + ret = (long)ctx->ok; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + case BIO_C_GET_CIPHER_CTX: + c_ctx = (EVP_CIPHER_CTX **)ptr; +- *c_ctx = ctx->cipher; +- BIO_set_init(b, 1); ++ (*c_ctx) = &(ctx->cipher); ++ b->init = 1; + break; + case BIO_CTRL_DUP: + dbio = (BIO *)ptr; +- dctx = BIO_get_data(dbio); +- dctx->cipher = EVP_CIPHER_CTX_new(); +- if (dctx->cipher == NULL) +- return 0; +- ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher); ++ dctx = (BIO_ENC_CTX *)dbio->ptr; ++ EVP_CIPHER_CTX_init(&dctx->cipher); ++ ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); + if (ret) +- BIO_set_init(dbio, 1); ++ dbio->init = 1; + break; + default: +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + } + return (ret); +@@ -389,13 +384,12 @@ static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) + static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret = 1; +- BIO *next = BIO_next(b); + +- if (next == NULL) ++ if (b->next_bio == NULL) + return (0); + switch (cmd) { + default: +- ret = BIO_callback_ctrl(next, cmd, fp); ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + break; + } + return (ret); +@@ -421,29 +415,23 @@ EVP_CIPHER_ctx *c; + } + */ + +-int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, +- const unsigned char *i, int e) ++void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, ++ const unsigned char *i, int e) + { + BIO_ENC_CTX *ctx; +- long (*callback) (struct bio_st *, int, const char *, int, long, long); +- +- ctx = BIO_get_data(b); +- if (ctx == NULL) +- return 0; +- +- callback = BIO_get_callback(b); + +- if ((callback != NULL) && +- (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, +- 0L) <= 0)) +- return 0; ++ if (b == NULL) ++ return; + +- BIO_set_init(b, 1); ++ if ((b->callback != NULL) && ++ (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <= ++ 0)) ++ return; + +- if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e)) +- return 0; ++ b->init = 1; ++ ctx = (BIO_ENC_CTX *)b->ptr; ++ EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e); + +- if (callback != NULL) +- return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); +- return 1; ++ if (b->callback != NULL) ++ b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +index cd968ec..f0b0c0c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_md.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_md.c +@@ -1,20 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/bio_md.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/evp_int.h" +-#include "evp_locl.h" +-#include "internal/bio.h" + + /* + * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest +@@ -31,7 +77,7 @@ static int md_new(BIO *h); + static int md_free(BIO *data); + static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + +-static const BIO_METHOD methods_md = { ++static BIO_METHOD methods_md = { + BIO_TYPE_MD, "message digest", + md_write, + md_read, +@@ -43,7 +89,7 @@ static const BIO_METHOD methods_md = { + md_callback_ctrl, + }; + +-const BIO_METHOD *BIO_f_md(void) ++BIO_METHOD *BIO_f_md(void) + { + return (&methods_md); + } +@@ -52,44 +98,41 @@ static int md_new(BIO *bi) + { + EVP_MD_CTX *ctx; + +- ctx = EVP_MD_CTX_new(); ++ ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + return (0); + +- BIO_set_init(bi, 1); +- BIO_set_data(bi, ctx); +- +- return 1; ++ bi->init = 0; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return (1); + } + + static int md_free(BIO *a) + { + if (a == NULL) + return (0); +- EVP_MD_CTX_free(BIO_get_data(a)); +- BIO_set_data(a, NULL); +- BIO_set_init(a, 0); +- +- return 1; ++ EVP_MD_CTX_destroy(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); + } + + static int md_read(BIO *b, char *out, int outl) + { + int ret = 0; + EVP_MD_CTX *ctx; +- BIO *next; + + if (out == NULL) + return (0); ++ ctx = b->ptr; + +- ctx = BIO_get_data(b); +- next = BIO_next(b); +- +- if ((ctx == NULL) || (next == NULL)) ++ if ((ctx == NULL) || (b->next_bio == NULL)) + return (0); + +- ret = BIO_read(next, out, outl); +- if (BIO_get_init(b)) { ++ ret = BIO_read(b->next_bio, out, outl); ++ if (b->init) { + if (ret > 0) { + if (EVP_DigestUpdate(ctx, (unsigned char *)out, + (unsigned int)ret) <= 0) +@@ -105,17 +148,14 @@ static int md_write(BIO *b, const char *in, int inl) + { + int ret = 0; + EVP_MD_CTX *ctx; +- BIO *next; + + if ((in == NULL) || (inl <= 0)) +- return 0; +- +- ctx = BIO_get_data(b); +- next = BIO_next(b); +- if ((ctx != NULL) && (next != NULL)) +- ret = BIO_write(next, in, inl); ++ return (0); ++ ctx = b->ptr; + +- if (BIO_get_init(b)) { ++ if ((ctx != NULL) && (b->next_bio != NULL)) ++ ret = BIO_write(b->next_bio, in, inl); ++ if (b->init) { + if (ret > 0) { + if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, + (unsigned int)ret)) { +@@ -124,11 +164,11 @@ static int md_write(BIO *b, const char *in, int inl) + } + } + } +- if (next != NULL) { ++ if (b->next_bio != NULL) { + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + } +- return ret; ++ return (ret); + } + + static long md_ctrl(BIO *b, int cmd, long num, void *ptr) +@@ -137,23 +177,21 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) + const EVP_MD **ppmd; + EVP_MD *md; + long ret = 1; +- BIO *dbio, *next; +- ++ BIO *dbio; + +- ctx = BIO_get_data(b); +- next = BIO_next(b); ++ ctx = b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: +- if (BIO_get_init(b)) ++ if (b->init) + ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL); + else + ret = 0; + if (ret > 0) +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_C_GET_MD: +- if (BIO_get_init(b)) { ++ if (b->init) { + ppmd = ptr; + *ppmd = ctx->digest; + } else +@@ -162,17 +200,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) + case BIO_C_GET_MD_CTX: + pctx = ptr; + *pctx = ctx; +- BIO_set_init(b, 1); ++ b->init = 1; + break; + case BIO_C_SET_MD_CTX: +- if (BIO_get_init(b)) +- BIO_set_data(b, ptr); ++ if (b->init) ++ b->ptr = ptr; + else + ret = 0; + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + +@@ -180,17 +218,17 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) + md = ptr; + ret = EVP_DigestInit_ex(ctx, md, NULL); + if (ret > 0) +- BIO_set_init(b, 1); ++ b->init = 1; + break; + case BIO_CTRL_DUP: + dbio = ptr; +- dctx = BIO_get_data(dbio); ++ dctx = dbio->ptr; + if (!EVP_MD_CTX_copy_ex(dctx, ctx)) + return 0; +- BIO_set_init(b, 1); ++ b->init = 1; + break; + default: +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + } + return (ret); +@@ -199,16 +237,12 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) + static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret = 1; +- BIO *next; +- +- next = BIO_next(b); +- +- if (next == NULL) +- return 0; + ++ if (b->next_bio == NULL) ++ return (0); + switch (cmd) { + default: +- ret = BIO_callback_ctrl(next, cmd, fp); ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + break; + } + return (ret); +@@ -219,13 +253,20 @@ static int md_gets(BIO *bp, char *buf, int size) + EVP_MD_CTX *ctx; + unsigned int ret; + +- ctx = BIO_get_data(bp); +- ++ ctx = bp->ptr; + if (size < ctx->digest->md_size) +- return 0; +- ++ return (0); + if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) + return -1; + + return ((int)ret); + } ++ ++/*- ++static int md_puts(bp,str) ++BIO *bp; ++char *str; ++ { ++ return(-1); ++ } ++*/ +diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +index 7974b96..16e151f 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c ++++ b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/bio_ok.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /*- +@@ -71,12 +120,11 @@ + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "internal/bio.h" ++#include + #include + #include +-#include "internal/evp_int.h" + + static int ok_write(BIO *h, const char *buf, int num); + static int ok_read(BIO *h, char *buf, int size); +@@ -85,10 +133,10 @@ static int ok_new(BIO *h); + static int ok_free(BIO *data); + static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + +-static __owur int sig_out(BIO *b); +-static __owur int sig_in(BIO *b); +-static __owur int block_out(BIO *b); +-static __owur int block_in(BIO *b); ++static int sig_out(BIO *b); ++static int sig_in(BIO *b); ++static int block_out(BIO *b); ++static int block_in(BIO *b); + #define OK_BLOCK_SIZE (1024*4) + #define OK_BLOCK_BLOCK 4 + #define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) +@@ -101,13 +149,13 @@ typedef struct ok_struct { + size_t buf_off_save; + int cont; /* <= 0 when finished */ + int finished; +- EVP_MD_CTX *md; ++ EVP_MD_CTX md; + int blockout; /* output block is ready */ + int sigio; /* must process signature */ + unsigned char buf[IOBS]; + } BIO_OK_CTX; + +-static const BIO_METHOD methods_ok = { ++static BIO_METHOD methods_ok = { + BIO_TYPE_CIPHER, "reliable", + ok_write, + ok_read, +@@ -119,7 +167,7 @@ static const BIO_METHOD methods_ok = { + ok_callback_ctrl, + }; + +-const BIO_METHOD *BIO_f_reliable(void) ++BIO_METHOD *BIO_f_reliable(void) + { + return (&methods_ok); + } +@@ -128,54 +176,51 @@ static int ok_new(BIO *bi) + { + BIO_OK_CTX *ctx; + +- ctx = OPENSSL_zalloc(sizeof(*ctx)); ++ ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); + if (ctx == NULL) +- return 0; ++ return (0); + ++ ctx->buf_len = 0; ++ ctx->buf_off = 0; ++ ctx->buf_len_save = 0; ++ ctx->buf_off_save = 0; + ctx->cont = 1; ++ ctx->finished = 0; ++ ctx->blockout = 0; + ctx->sigio = 1; +- ctx->md = EVP_MD_CTX_new(); +- if (ctx->md == NULL) { +- OPENSSL_free(ctx); +- return 0; +- } +- BIO_set_init(bi, 0); +- BIO_set_data(bi, ctx); + +- return 1; ++ EVP_MD_CTX_init(&ctx->md); ++ ++ bi->init = 0; ++ bi->ptr = (char *)ctx; ++ bi->flags = 0; ++ return (1); + } + + static int ok_free(BIO *a) + { +- BIO_OK_CTX *ctx; +- + if (a == NULL) +- return 0; +- +- ctx = BIO_get_data(a); +- +- EVP_MD_CTX_free(ctx->md); +- OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX)); +- BIO_set_data(a, NULL); +- BIO_set_init(a, 0); +- +- return 1; ++ return (0); ++ EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); ++ OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX)); ++ OPENSSL_free(a->ptr); ++ a->ptr = NULL; ++ a->init = 0; ++ a->flags = 0; ++ return (1); + } + + static int ok_read(BIO *b, char *out, int outl) + { + int ret = 0, i, n; + BIO_OK_CTX *ctx; +- BIO *next; + + if (out == NULL) +- return 0; +- +- ctx = BIO_get_data(b); +- next = BIO_next(b); ++ return (0); ++ ctx = (BIO_OK_CTX *)b->ptr; + +- if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) +- return 0; ++ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) ++ return (0); + + while (outl > 0) { + +@@ -214,7 +259,7 @@ static int ok_read(BIO *b, char *out, int outl) + + /* no clean bytes in buffer -- fill it */ + n = IOBS - ctx->buf_len; +- i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n); ++ i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n); + + if (i <= 0) + break; /* nothing new */ +@@ -245,23 +290,21 @@ static int ok_read(BIO *b, char *out, int outl) + + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); +- return ret; ++ return (ret); + } + + static int ok_write(BIO *b, const char *in, int inl) + { + int ret = 0, n, i; + BIO_OK_CTX *ctx; +- BIO *next; + + if (inl <= 0) + return inl; + +- ctx = BIO_get_data(b); +- next = BIO_next(b); ++ ctx = (BIO_OK_CTX *)b->ptr; + ret = inl; + +- if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0)) ++ if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) + return (0); + + if (ctx->sigio && !sig_out(b)) +@@ -271,7 +314,7 @@ static int ok_write(BIO *b, const char *in, int inl) + BIO_clear_retry_flags(b); + n = ctx->buf_len - ctx->buf_off; + while (ctx->blockout && n > 0) { +- i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n); ++ i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { + BIO_copy_next_retry(b); + if (!BIO_should_retry(b)) +@@ -295,7 +338,8 @@ static int ok_write(BIO *b, const char *in, int inl) + n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? + (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; + +- memcpy(&ctx->buf[ctx->buf_len], in, n); ++ memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])), ++ (unsigned char *)in, n); + ctx->buf_len += n; + inl -= n; + in += n; +@@ -320,10 +364,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) + const EVP_MD **ppmd; + long ret = 1; + int i; +- BIO *next; + +- ctx = BIO_get_data(b); +- next = BIO_next(b); ++ ctx = b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: +@@ -335,19 +377,19 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) + ctx->finished = 0; + ctx->blockout = 0; + ctx->sigio = 1; +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_EOF: /* More to read */ + if (ctx->cont <= 0) + ret = 1; + else +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_PENDING: /* More to read in buffer */ + case BIO_CTRL_WPENDING: /* More to read in buffer */ + ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0; + if (ret <= 0) +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_CTRL_FLUSH: + /* do a final write */ +@@ -368,11 +410,11 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) + ctx->cont = (int)ret; + + /* Finally flush the underlying BIO */ +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + case BIO_CTRL_INFO: +@@ -380,41 +422,36 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) + break; + case BIO_C_SET_MD: + md = ptr; +- if (!EVP_DigestInit_ex(ctx->md, md, NULL)) ++ if (!EVP_DigestInit_ex(&ctx->md, md, NULL)) + return 0; +- BIO_set_init(b, 1); ++ b->init = 1; + break; + case BIO_C_GET_MD: +- if (BIO_get_init(b)) { ++ if (b->init) { + ppmd = ptr; +- *ppmd = EVP_MD_CTX_md(ctx->md); ++ *ppmd = ctx->md.digest; + } else + ret = 0; + break; + default: +- ret = BIO_ctrl(next, cmd, num, ptr); ++ ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + } +- return ret; ++ return (ret); + } + + static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) + { + long ret = 1; +- BIO *next; +- +- next = BIO_next(b); +- +- if (next == NULL) +- return 0; + ++ if (b->next_bio == NULL) ++ return (0); + switch (cmd) { + default: +- ret = BIO_callback_ctrl(next, cmd, fp); ++ ret = BIO_callback_ctrl(b->next_bio, cmd, fp); + break; + } +- +- return ret; ++ return (ret); + } + + static void longswap(void *_ptr, size_t len) +@@ -441,36 +478,30 @@ static int sig_out(BIO *b) + { + BIO_OK_CTX *ctx; + EVP_MD_CTX *md; +- const EVP_MD *digest; +- int md_size; +- void *md_data; + +- ctx = BIO_get_data(b); +- md = ctx->md; +- digest = EVP_MD_CTX_md(md); +- md_size = EVP_MD_size(digest); +- md_data = EVP_MD_CTX_md_data(md); ++ ctx = b->ptr; ++ md = &ctx->md; + +- if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE) ++ if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE) + return 1; + +- if (!EVP_DigestInit_ex(md, digest, NULL)) ++ if (!EVP_DigestInit_ex(md, md->digest, NULL)) + goto berr; + /* + * FIXME: there's absolutely no guarantee this makes any sense at all, + * particularly now EVP_MD_CTX has been restructured. + */ +- if (RAND_bytes(md_data, md_size) <= 0) ++ if (RAND_bytes(md->md_data, md->digest->md_size) <= 0) + goto berr; +- memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size); +- longswap(&(ctx->buf[ctx->buf_len]), md_size); +- ctx->buf_len += md_size; ++ memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); ++ longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); ++ ctx->buf_len += md->digest->md_size; + + if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) + goto berr; + if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) + goto berr; +- ctx->buf_len += md_size; ++ ctx->buf_len += md->digest->md_size; + ctx->blockout = 1; + ctx->sigio = 0; + return 1; +@@ -485,31 +516,25 @@ static int sig_in(BIO *b) + EVP_MD_CTX *md; + unsigned char tmp[EVP_MAX_MD_SIZE]; + int ret = 0; +- const EVP_MD *digest; +- int md_size; +- void *md_data; + +- ctx = BIO_get_data(b); +- md = ctx->md; +- digest = EVP_MD_CTX_md(md); +- md_size = EVP_MD_size(digest); +- md_data = EVP_MD_CTX_md_data(md); ++ ctx = b->ptr; ++ md = &ctx->md; + +- if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size) ++ if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size) + return 1; + +- if (!EVP_DigestInit_ex(md, digest, NULL)) ++ if (!EVP_DigestInit_ex(md, md->digest, NULL)) + goto berr; +- memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size); +- longswap(md_data, md_size); +- ctx->buf_off += md_size; ++ memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); ++ longswap(md->md_data, md->digest->md_size); ++ ctx->buf_off += md->digest->md_size; + + if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN))) + goto berr; + if (!EVP_DigestFinal_ex(md, tmp, NULL)) + goto berr; +- ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0; +- ctx->buf_off += md_size; ++ ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; ++ ctx->buf_off += md->digest->md_size; + if (ret == 1) { + ctx->sigio = 0; + if (ctx->buf_len != ctx->buf_off) { +@@ -532,13 +557,9 @@ static int block_out(BIO *b) + BIO_OK_CTX *ctx; + EVP_MD_CTX *md; + unsigned long tl; +- const EVP_MD *digest; +- int md_size; + +- ctx = BIO_get_data(b); +- md = ctx->md; +- digest = EVP_MD_CTX_md(md); +- md_size = EVP_MD_size(digest); ++ ctx = b->ptr; ++ md = &ctx->md; + + tl = ctx->buf_len - OK_BLOCK_BLOCK; + ctx->buf[0] = (unsigned char)(tl >> 24); +@@ -550,7 +571,7 @@ static int block_out(BIO *b) + goto berr; + if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL)) + goto berr; +- ctx->buf_len += md_size; ++ ctx->buf_len += md->digest->md_size; + ctx->blockout = 1; + return 1; + berr: +@@ -564,11 +585,9 @@ static int block_in(BIO *b) + EVP_MD_CTX *md; + unsigned long tl = 0; + unsigned char tmp[EVP_MAX_MD_SIZE]; +- int md_size; + +- ctx = BIO_get_data(b); +- md = ctx->md; +- md_size = EVP_MD_size(EVP_MD_CTX_md(md)); ++ ctx = b->ptr; ++ md = &ctx->md; + + assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */ + tl = ctx->buf[0]; +@@ -579,7 +598,7 @@ static int block_in(BIO *b) + tl <<= 8; + tl |= ctx->buf[3]; + +- if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size) ++ if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size) + return 1; + + if (!EVP_DigestUpdate(md, +@@ -587,9 +606,10 @@ static int block_in(BIO *b) + goto berr; + if (!EVP_DigestFinal_ex(md, tmp, NULL)) + goto berr; +- if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) { ++ if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == ++ 0) { + /* there might be parts from next block lurking around ! */ +- ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size; ++ ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size; + ctx->buf_len_save = ctx->buf_len; + ctx->buf_off = OK_BLOCK_BLOCK; + ctx->buf_len = tl + OK_BLOCK_BLOCK; +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c +new file mode 100644 +index 0000000..719e34d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/c_all.c +@@ -0,0 +1,85 @@ ++/* crypto/evp/c_all.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++ ++#if 0 ++# undef OpenSSL_add_all_algorithms ++ ++void OpenSSL_add_all_algorithms(void) ++{ ++ OPENSSL_add_all_algorithms_noconf(); ++} ++#endif ++ ++void OPENSSL_add_all_algorithms_noconf(void) ++{ ++ /* ++ * For the moment OPENSSL_cpuid_setup does something ++ * only on IA-32, but we reserve the option for all ++ * platforms... ++ */ ++ OPENSSL_cpuid_setup(); ++ OpenSSL_add_all_ciphers(); ++ OpenSSL_add_all_digests(); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +index 6ed31ed..280e584 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c +@@ -1,20 +1,68 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/c_allc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include + #include + #include + +-void openssl_add_all_ciphers_int(void) ++void OpenSSL_add_all_ciphers(void) + { + + #ifndef OPENSSL_NO_DES +@@ -44,13 +92,8 @@ void openssl_add_all_ciphers_int(void) + + EVP_add_cipher(EVP_des_ecb()); + EVP_add_cipher(EVP_des_ede()); +- EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB"); +- EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb"); + EVP_add_cipher(EVP_des_ede3()); +- EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB"); +- EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb"); + EVP_add_cipher(EVP_des_ede3_wrap()); +- EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap"); + #endif + + #ifndef OPENSSL_NO_RC4 +@@ -88,9 +131,6 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher(EVP_rc2_64_cbc()); + EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); + EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); +- EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128"); +- EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64"); +- EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40"); + #endif + + #ifndef OPENSSL_NO_BF +@@ -123,6 +163,7 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher_alias(SN_rc5_cbc, "RC5"); + #endif + ++#ifndef OPENSSL_NO_AES + EVP_add_cipher(EVP_aes_128_ecb()); + EVP_add_cipher(EVP_aes_128_cbc()); + EVP_add_cipher(EVP_aes_128_cfb()); +@@ -131,14 +172,9 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher(EVP_aes_128_ofb()); + EVP_add_cipher(EVP_aes_128_ctr()); + EVP_add_cipher(EVP_aes_128_gcm()); +-#ifndef OPENSSL_NO_OCB +- EVP_add_cipher(EVP_aes_128_ocb()); +-#endif + EVP_add_cipher(EVP_aes_128_xts()); + EVP_add_cipher(EVP_aes_128_ccm()); + EVP_add_cipher(EVP_aes_128_wrap()); +- EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap"); +- EVP_add_cipher(EVP_aes_128_wrap_pad()); + EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); + EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); + EVP_add_cipher(EVP_aes_192_ecb()); +@@ -149,13 +185,8 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher(EVP_aes_192_ofb()); + EVP_add_cipher(EVP_aes_192_ctr()); + EVP_add_cipher(EVP_aes_192_gcm()); +-#ifndef OPENSSL_NO_OCB +- EVP_add_cipher(EVP_aes_192_ocb()); +-#endif + EVP_add_cipher(EVP_aes_192_ccm()); + EVP_add_cipher(EVP_aes_192_wrap()); +- EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap"); +- EVP_add_cipher(EVP_aes_192_wrap_pad()); + EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); + EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); + EVP_add_cipher(EVP_aes_256_ecb()); +@@ -166,20 +197,20 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher(EVP_aes_256_ofb()); + EVP_add_cipher(EVP_aes_256_ctr()); + EVP_add_cipher(EVP_aes_256_gcm()); +-#ifndef OPENSSL_NO_OCB +- EVP_add_cipher(EVP_aes_256_ocb()); +-#endif + EVP_add_cipher(EVP_aes_256_xts()); + EVP_add_cipher(EVP_aes_256_ccm()); + EVP_add_cipher(EVP_aes_256_wrap()); +- EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap"); +- EVP_add_cipher(EVP_aes_256_wrap_pad()); + EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); + EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); + EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); ++# endif ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); + EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); ++# endif ++#endif + + #ifndef OPENSSL_NO_CAMELLIA + EVP_add_cipher(EVP_camellia_128_ecb()); +@@ -206,15 +237,5 @@ void openssl_add_all_ciphers_int(void) + EVP_add_cipher(EVP_camellia_256_ofb()); + EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); + EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); +- EVP_add_cipher(EVP_camellia_128_ctr()); +- EVP_add_cipher(EVP_camellia_192_ctr()); +- EVP_add_cipher(EVP_camellia_256_ctr()); +-#endif +- +-#ifndef OPENSSL_NO_CHACHA +- EVP_add_cipher(EVP_chacha20()); +-# ifndef OPENSSL_NO_POLY1305 +- EVP_add_cipher(EVP_chacha20_poly1305()); +-# endif + #endif + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +index ec79734..fdbe3ee 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c ++++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c +@@ -1,49 +1,114 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/c_alld.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include + #include + #include + +-void openssl_add_all_digests_int(void) ++void OpenSSL_add_all_digests(void) + { + #ifndef OPENSSL_NO_MD4 + EVP_add_digest(EVP_md4()); + #endif + #ifndef OPENSSL_NO_MD5 + EVP_add_digest(EVP_md5()); ++ EVP_add_digest_alias(SN_md5, "ssl2-md5"); + EVP_add_digest_alias(SN_md5, "ssl3-md5"); +- EVP_add_digest(EVP_md5_sha1()); + #endif ++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) ++ EVP_add_digest(EVP_sha()); ++# ifndef OPENSSL_NO_DSA ++ EVP_add_digest(EVP_dss()); ++# endif ++#endif ++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + EVP_add_digest(EVP_sha1()); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); ++# ifndef OPENSSL_NO_DSA ++ EVP_add_digest(EVP_dss1()); ++ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); ++ EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); ++ EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); ++# endif ++# ifndef OPENSSL_NO_ECDSA ++ EVP_add_digest(EVP_ecdsa()); ++# endif ++#endif + #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) + EVP_add_digest(EVP_mdc2()); + #endif +-#ifndef OPENSSL_NO_RMD160 ++#ifndef OPENSSL_NO_RIPEMD + EVP_add_digest(EVP_ripemd160()); + EVP_add_digest_alias(SN_ripemd160, "ripemd"); + EVP_add_digest_alias(SN_ripemd160, "rmd160"); + #endif ++#ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); ++#endif ++#ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); ++#endif + #ifndef OPENSSL_NO_WHIRLPOOL + EVP_add_digest(EVP_whirlpool()); + #endif +-#ifndef OPENSSL_NO_BLAKE2 +- EVP_add_digest(EVP_blake2b512()); +- EVP_add_digest(EVP_blake2s256()); +-#endif + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c b/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c +deleted file mode 100644 +index e2295c4..0000000 +--- a/Cryptlib/OpenSSL/crypto/evp/cmeth_lib.c ++++ /dev/null +@@ -1,151 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#include +-#include "internal/evp_int.h" +-#include "evp_locl.h" +- +-EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) +-{ +- EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); +- +- if (cipher != NULL) { +- cipher->nid = cipher_type; +- cipher->block_size = block_size; +- cipher->key_len = key_len; +- } +- return cipher; +-} +- +-EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher) +-{ +- EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size, +- cipher->key_len); +- +- if (to != NULL) +- memcpy(to, cipher, sizeof(*to)); +- return to; +-} +- +-void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) +-{ +- OPENSSL_free(cipher); +-} +- +-int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) +-{ +- cipher->iv_len = iv_len; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) +-{ +- cipher->flags = flags; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size) +-{ +- cipher->ctx_size = ctx_size; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, +- int (*init) (EVP_CIPHER_CTX *ctx, +- const unsigned char *key, +- const unsigned char *iv, +- int enc)) +-{ +- cipher->init = init; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, +- int (*do_cipher) (EVP_CIPHER_CTX *ctx, +- unsigned char *out, +- const unsigned char *in, +- size_t inl)) +-{ +- cipher->do_cipher = do_cipher; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, +- int (*cleanup) (EVP_CIPHER_CTX *)) +-{ +- cipher->cleanup = cleanup; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, +- int (*set_asn1_parameters) (EVP_CIPHER_CTX *, +- ASN1_TYPE *)) +-{ +- cipher->set_asn1_parameters = set_asn1_parameters; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, +- int (*get_asn1_parameters) (EVP_CIPHER_CTX *, +- ASN1_TYPE *)) +-{ +- cipher->get_asn1_parameters = get_asn1_parameters; +- return 1; +-} +- +-int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, +- int (*ctrl) (EVP_CIPHER_CTX *, int type, +- int arg, void *ptr)) +-{ +- cipher->ctrl = ctrl; +- return 1; +-} +- +- +-int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +- const unsigned char *key, +- const unsigned char *iv, +- int enc) +-{ +- return cipher->init; +-} +-int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, +- unsigned char *out, +- const unsigned char *in, +- size_t inl) +-{ +- return cipher->do_cipher; +-} +- +-int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *) +-{ +- return cipher->cleanup; +-} +- +-int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +- ASN1_TYPE *) +-{ +- return cipher->set_asn1_parameters; +-} +- +-int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +- ASN1_TYPE *) +-{ +- return cipher->get_asn1_parameters; +-} +- +-int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, +- int type, int arg, +- void *ptr) +-{ +- return cipher->ctrl; +-} +- +diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c +index 65eff7c..4db1796 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/digest.c ++++ b/Cryptlib/OpenSSL/crypto/evp/digest.c +@@ -1,75 +1,173 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/digest.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include +-#include "internal/evp_int.h" +-#include "evp_locl.h" +- +-/* This call frees resources associated with the context */ +-int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +-{ +- if (ctx == NULL) +- return 1; +- +- /* +- * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because +- * sometimes only copies of the context are ever finalised. +- */ +- if (ctx->digest && ctx->digest->cleanup +- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) +- ctx->digest->cleanup(ctx); +- if (ctx->digest && ctx->digest->ctx_size && ctx->md_data +- && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { +- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); +- } +- EVP_PKEY_CTX_free(ctx->pctx); + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(ctx->engine); ++# include + #endif +- OPENSSL_cleanse(ctx, sizeof(*ctx)); + +- return 1; +-} ++#ifdef OPENSSL_FIPS ++# include ++# include "evp_locl.h" ++#endif + +-EVP_MD_CTX *EVP_MD_CTX_new(void) ++void EVP_MD_CTX_init(EVP_MD_CTX *ctx) + { +- return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); ++ memset(ctx, '\0', sizeof *ctx); + } + +-void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++EVP_MD_CTX *EVP_MD_CTX_create(void) + { +- EVP_MD_CTX_reset(ctx); +- OPENSSL_free(ctx); ++ EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); ++ ++ if (ctx) ++ EVP_MD_CTX_init(ctx); ++ ++ return ctx; + } + + int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) + { +- EVP_MD_CTX_reset(ctx); ++ EVP_MD_CTX_init(ctx); + return EVP_DigestInit_ex(ctx, type, NULL); + } + + int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + { + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); ++#ifdef OPENSSL_FIPS ++ /* If FIPS mode switch to approved implementation if possible */ ++ if (FIPS_mode()) { ++ const EVP_MD *fipsmd; ++ if (type) { ++ fipsmd = evp_get_fips_md(type); ++ if (fipsmd) ++ type = fipsmd; ++ } ++ } ++#endif + #ifndef OPENSSL_NO_ENGINE + /* + * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so + * this context may already have an ENGINE! Try to avoid releasing the + * previous handle, re-querying for an ENGINE, and having a +- * reinitialisation, when it may all be unnecessary. ++ * reinitialisation, when it may all be unecessary. + */ +- if (ctx->engine && ctx->digest && +- (type == NULL || (type->type == ctx->digest->type))) ++ if (ctx->engine && ctx->digest && (!type || ++ (type ++ && (type->type == ++ ctx->digest->type)))) + goto skip_to_init; + if (type) { + /* +@@ -77,21 +175,21 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + * previous check attempted to avoid this if the same ENGINE and + * EVP_MD could be used). + */ +- ENGINE_finish(ctx->engine); +- if (impl != NULL) { ++ if (ctx->engine) ++ ENGINE_finish(ctx->engine); ++ if (impl) { + if (!ENGINE_init(impl)) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } +- } else { ++ } else + /* Ask if an ENGINE is reserved for this job */ + impl = ENGINE_get_digest_engine(type->type); +- } +- if (impl != NULL) { ++ if (impl) { + /* There's an ENGINE for this job ... (apparently) */ + const EVP_MD *d = ENGINE_get_digest(impl, type->type); +- +- if (d == NULL) { ++ if (!d) { ++ /* Same comment from evp_enc.c */ + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR); + ENGINE_finish(impl); + return 0; +@@ -115,13 +213,13 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + #endif + if (ctx->digest != type) { + if (ctx->digest && ctx->digest->ctx_size) { +- OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); ++ OPENSSL_free(ctx->md_data); + ctx->md_data = NULL; + } + ctx->digest = type; + if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { + ctx->update = type->update; +- ctx->md_data = OPENSSL_zalloc(type->ctx_size); ++ ctx->md_data = OPENSSL_malloc(type->ctx_size); + if (ctx->md_data == NULL) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE); + return 0; +@@ -140,11 +238,24 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) + } + if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) + return 1; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ if (FIPS_digestinit(ctx, type)) ++ return 1; ++ OPENSSL_free(ctx->md_data); ++ ctx->md_data = NULL; ++ return 0; ++ } ++#endif + return ctx->digest->init(ctx); + } + + int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_digestupdate(ctx, data, count); ++#endif + return ctx->update(ctx, data, count); + } + +@@ -153,7 +264,7 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + { + int ret; + ret = EVP_DigestFinal_ex(ctx, md, size); +- EVP_MD_CTX_reset(ctx); ++ EVP_MD_CTX_cleanup(ctx); + return ret; + } + +@@ -161,6 +272,10 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + { + int ret; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_digestfinal(ctx, md, size); ++#endif + + OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE); + ret = ctx->digest->final(ctx, md); +@@ -176,7 +291,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) + + int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) + { +- EVP_MD_CTX_reset(out); ++ EVP_MD_CTX_init(out); + return EVP_MD_CTX_copy_ex(out, in); + } + +@@ -200,22 +315,15 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) + EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); + } else + tmp_buf = NULL; +- EVP_MD_CTX_reset(out); +- memcpy(out, in, sizeof(*out)); +- +- /* Null these variables, since they are getting fixed up +- * properly below. Anything else may cause a memleak and/or +- * double free if any of the memory allocations below fail +- */ +- out->md_data = NULL; +- out->pctx = NULL; ++ EVP_MD_CTX_cleanup(out); ++ memcpy(out, in, sizeof *out); + + if (in->md_data && out->digest->ctx_size) { + if (tmp_buf) + out->md_data = tmp_buf; + else { + out->md_data = OPENSSL_malloc(out->digest->ctx_size); +- if (out->md_data == NULL) { ++ if (!out->md_data) { + EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -228,7 +336,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) + if (in->pctx) { + out->pctx = EVP_PKEY_CTX_dup(in->pctx); + if (!out->pctx) { +- EVP_MD_CTX_reset(out); ++ EVP_MD_CTX_cleanup(out); + return 0; + } + } +@@ -243,27 +351,58 @@ int EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, const EVP_MD *type, + ENGINE *impl) + { +- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX ctx; + int ret; + +- if (ctx == NULL) +- return 0; +- EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT); +- ret = EVP_DigestInit_ex(ctx, type, impl) +- && EVP_DigestUpdate(ctx, data, count) +- && EVP_DigestFinal_ex(ctx, md, size); +- EVP_MD_CTX_free(ctx); ++ EVP_MD_CTX_init(&ctx); ++ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); ++ ret = EVP_DigestInit_ex(&ctx, type, impl) ++ && EVP_DigestUpdate(&ctx, data, count) ++ && EVP_DigestFinal_ex(&ctx, md, size); ++ EVP_MD_CTX_cleanup(&ctx); + + return ret; + } + +-int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) ++void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) + { +- if (ctx->digest && ctx->digest->md_ctrl) { +- int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2); +- if (ret <= 0) +- return 0; +- return 1; ++ if (ctx) { ++ EVP_MD_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } ++} ++ ++/* This call frees resources associated with the context */ ++int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) ++{ ++#ifndef OPENSSL_FIPS ++ /* ++ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because ++ * sometimes only copies of the context are ever finalised. ++ */ ++ if (ctx->digest && ctx->digest->cleanup ++ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) ++ ctx->digest->cleanup(ctx); ++ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data ++ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { ++ OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size); ++ OPENSSL_free(ctx->md_data); + } +- return 0; ++#endif ++ if (ctx->pctx) ++ EVP_PKEY_CTX_free(ctx->pctx); ++#ifndef OPENSSL_NO_ENGINE ++ if (ctx->engine) ++ /* ++ * The EVP_MD we used belongs to an ENGINE, release the functional ++ * reference we held for this reason. ++ */ ++ ENGINE_finish(ctx->engine); ++#endif ++#ifdef OPENSSL_FIPS ++ FIPS_md_ctx_cleanup(ctx); ++#endif ++ memset(ctx, '\0', sizeof *ctx); ++ ++ return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +index 17822f2..7c62d32 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_aes.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_aes.c +@@ -1,23 +1,67 @@ +-/* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include ++#ifndef OPENSSL_NO_AES + #include +-#include +-#include +-#include +-#include +-#include +-#include "internal/evp_int.h" +-#include "modes_lcl.h" +-#include +-#include "evp_locl.h" ++# include ++# include ++# include ++# include ++# include ++# include "evp_locl.h" ++# include "modes_lcl.h" ++# include ++ ++# undef EVP_CIPH_FLAG_FIPS ++# define EVP_CIPH_FLAG_FIPS 0 + + typedef struct { + union { +@@ -69,38 +113,13 @@ typedef struct { + int tag_set; /* Set if tag is valid */ + int len_set; /* Set if message length set */ + int L, M; /* L and M parameters from RFC3610 */ +- int tls_aad_len; /* TLS AAD length */ + CCM128_CONTEXT ccm; + ccm128_f str; + } EVP_AES_CCM_CTX; + +-#ifndef OPENSSL_NO_OCB +-typedef struct { +- union { +- double align; +- AES_KEY ks; +- } ksenc; /* AES key schedule to use for encryption */ +- union { +- double align; +- AES_KEY ks; +- } ksdec; /* AES key schedule to use for decryption */ +- int key_set; /* Set if key initialised */ +- int iv_set; /* Set if an iv is set */ +- OCB128_CONTEXT ocb; +- unsigned char *iv; /* Temporary IV store */ +- unsigned char tag[16]; +- unsigned char data_buf[16]; /* Store partial data blocks */ +- unsigned char aad_buf[16]; /* Store partial AAD blocks */ +- int data_buf_len; +- int aad_buf_len; +- int ivlen; /* IV length */ +- int taglen; +-} EVP_AES_OCB_CTX; +-#endif +- +-#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) ++# define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) + +-#ifdef VPAES_ASM ++# ifdef VPAES_ASM + int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, +@@ -115,8 +134,8 @@ void vpaes_cbc_encrypt(const unsigned char *in, + unsigned char *out, + size_t length, + const AES_KEY *key, unsigned char *ivec, int enc); +-#endif +-#ifdef BSAES_ASM ++# endif ++# ifdef BSAES_ASM + void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char ivec[16], int enc); +@@ -129,55 +148,54 @@ void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, + void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, + const AES_KEY *key2, const unsigned char iv[16]); +-#endif +-#ifdef AES_CTR_ASM ++# endif ++# ifdef AES_CTR_ASM + void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + const unsigned char ivec[AES_BLOCK_SIZE]); +-#endif +-#ifdef AES_XTS_ASM +-void AES_xts_encrypt(const char *inp, char *out, size_t len, ++# endif ++# ifdef AES_XTS_ASM ++void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +-void AES_xts_decrypt(const char *inp, char *out, size_t len, ++void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +-#endif ++# endif + +-#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) +-# include "ppc_arch.h" +-# ifdef VPAES_ASM +-# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) ++# if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) ++# include "ppc_arch.h" ++# ifdef VPAES_ASM ++# define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC) ++# endif ++# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) ++# define HWAES_set_encrypt_key aes_p8_set_encrypt_key ++# define HWAES_set_decrypt_key aes_p8_set_decrypt_key ++# define HWAES_encrypt aes_p8_encrypt ++# define HWAES_decrypt aes_p8_decrypt ++# define HWAES_cbc_encrypt aes_p8_cbc_encrypt ++# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks + # endif +-# define HWAES_CAPABLE (OPENSSL_ppccap_P & PPC_CRYPTO207) +-# define HWAES_set_encrypt_key aes_p8_set_encrypt_key +-# define HWAES_set_decrypt_key aes_p8_set_decrypt_key +-# define HWAES_encrypt aes_p8_encrypt +-# define HWAES_decrypt aes_p8_decrypt +-# define HWAES_cbc_encrypt aes_p8_cbc_encrypt +-# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks +-# define HWAES_xts_encrypt aes_p8_xts_encrypt +-# define HWAES_xts_decrypt aes_p8_xts_decrypt +-#endif + +-#if defined(AES_ASM) && !defined(I386_ONLY) && ( \ ++# if defined(AES_ASM) && !defined(I386_ONLY) && ( \ + ((defined(__i386) || defined(__i386__) || \ + defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ + defined(__x86_64) || defined(__x86_64__) || \ +- defined(_M_AMD64) || defined(_M_X64) ) ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) + + extern unsigned int OPENSSL_ia32cap_P[]; + +-# ifdef VPAES_ASM +-# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +-# endif +-# ifdef BSAES_ASM +-# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) +-# endif ++# ifdef VPAES_ASM ++# define VPAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) ++# endif ++# ifdef BSAES_ASM ++# define BSAES_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(41-32))) ++# endif + /* + * AES-NI section + */ +-# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) ++# define AESNI_CAPABLE (OPENSSL_ia32cap_P[1]&(1<<(57-32))) + + int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +@@ -228,43 +246,41 @@ void aesni_ccm64_decrypt_blocks(const unsigned char *in, + const unsigned char ivec[16], + unsigned char cmac[16]); + +-# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) ++# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) + size_t aesni_gcm_encrypt(const unsigned char *in, + unsigned char *out, + size_t len, + const void *key, unsigned char ivec[16], u64 *Xi); +-# define AES_gcm_encrypt aesni_gcm_encrypt ++# define AES_gcm_encrypt aesni_gcm_encrypt + size_t aesni_gcm_decrypt(const unsigned char *in, + unsigned char *out, + size_t len, + const void *key, unsigned char ivec[16], u64 *Xi); +-# define AES_gcm_decrypt aesni_gcm_decrypt ++# define AES_gcm_decrypt aesni_gcm_decrypt + void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in, + size_t len); +-# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ ++# define AES_GCM_ASM(gctx) (gctx->ctr==aesni_ctr32_encrypt_blocks && \ + gctx->gcm.ghash==gcm_ghash_avx) +-# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ ++# define AES_GCM_ASM2(gctx) (gctx->gcm.block==(block128_f)aesni_encrypt && \ + gctx->gcm.ghash==gcm_ghash_avx) +-# undef AES_GCM_ASM2 /* minor size optimization */ +-# endif ++# undef AES_GCM_ASM2 /* minor size optimization */ ++# endif + + static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + int ret, mode; +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- mode = EVP_CIPHER_CTX_mode(ctx); ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; + if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) + && !enc) { +- ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = aesni_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + dat->block = (block128_f) aesni_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) aesni_cbc_encrypt : NULL; + } else { +- ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = aesni_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + dat->block = (block128_f) aesni_encrypt; + if (mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt; +@@ -285,9 +301,7 @@ static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, ctx->encrypt); + + return 1; + } +@@ -295,46 +309,44 @@ static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- size_t bl = EVP_CIPHER_CTX_block_size(ctx); ++ size_t bl = ctx->cipher->block_size; + + if (len < bl) + return 1; + +- aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks, +- EVP_CIPHER_CTX_encrypting(ctx)); ++ aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); + + return 1; + } + +-# define aesni_ofb_cipher aes_ofb_cipher ++# define aesni_ofb_cipher aes_ofb_cipher + static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aesni_cfb_cipher aes_cfb_cipher ++# define aesni_cfb_cipher aes_cfb_cipher + static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aesni_cfb8_cipher aes_cfb8_cipher ++# define aesni_cfb8_cipher aes_cfb8_cipher + static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aesni_cfb1_cipher aes_cfb1_cipher ++# define aesni_cfb1_cipher aes_cfb1_cipher + static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aesni_ctr_cipher aes_ctr_cipher ++# define aesni_ctr_cipher aes_ctr_cipher + static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + + static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) { +- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &gctx->ks.ks); ++ aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt); + gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; + /* +@@ -359,34 +371,31 @@ static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + return 1; + } + +-# define aesni_gcm_cipher aes_gcm_cipher ++# define aesni_gcm_cipher aes_gcm_cipher + static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + + static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + if (!iv && !key) + return 1; + + if (key) { + /* key_len is two AES keys */ + if (enc) { +- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aesni_encrypt; + xctx->stream = aesni_xts_encrypt; + } else { +- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aesni_decrypt; + xctx->stream = aesni_xts_decrypt; + } + +- aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ aesni_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) aesni_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -394,25 +403,24 @@ static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + + if (iv) { + xctx->xts.key2 = &xctx->ks2; +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); ++ memcpy(ctx->iv, iv, 16); + } + + return 1; + } + +-# define aesni_xts_cipher aes_xts_cipher ++# define aesni_xts_cipher aes_xts_cipher + static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + + static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) { +- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &cctx->ks.ks); ++ aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) aesni_encrypt); + cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks : +@@ -420,86 +428,17 @@ static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + cctx->key_set = 1; + } + if (iv) { +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); ++ memcpy(ctx->iv, iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; + } + +-# define aesni_ccm_cipher aes_ccm_cipher ++# define aesni_ccm_cipher aes_ccm_cipher + static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# ifndef OPENSSL_NO_OCB +-void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out, +- size_t blocks, const void *key, +- size_t start_block_num, +- unsigned char offset_i[16], +- const unsigned char L_[][16], +- unsigned char checksum[16]); +-void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out, +- size_t blocks, const void *key, +- size_t start_block_num, +- unsigned char offset_i[16], +- const unsigned char L_[][16], +- unsigned char checksum[16]); +- +-static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); +- if (!iv && !key) +- return 1; +- if (key) { +- do { +- /* +- * We set both the encrypt and decrypt key here because decrypt +- * needs both. We could possibly optimise to remove setting the +- * decrypt for an encryption operation. +- */ +- aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksenc.ks); +- aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksdec.ks); +- if (!CRYPTO_ocb128_init(&octx->ocb, +- &octx->ksenc.ks, &octx->ksdec.ks, +- (block128_f) aesni_encrypt, +- (block128_f) aesni_decrypt, +- enc ? aesni_ocb_encrypt +- : aesni_ocb_decrypt)) +- return 0; +- } +- while (0); +- +- /* +- * If we have an iv we can set it directly, otherwise use saved IV. +- */ +- if (iv == NULL && octx->iv_set) +- iv = octx->iv; +- if (iv) { +- if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) +- != 1) +- return 0; +- octx->iv_set = 1; +- } +- octx->key_set = 1; +- } else { +- /* If key set use IV, otherwise copy */ +- if (octx->key_set) +- CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); +- else +- memcpy(octx->iv, iv, octx->ivlen); +- octx->iv_set = 1; +- } +- return 1; +-} +- +-# define aesni_ocb_cipher aes_ocb_cipher +-static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t len); +-# endif /* OPENSSL_NO_OCB */ +- +-# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ + static const EVP_CIPHER aesni_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ +@@ -520,7 +459,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } + +-# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ ++# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ + static const EVP_CIPHER aesni_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ +@@ -542,24 +481,13 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; } + +-#elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) ++# elif defined(AES_ASM) && (defined(__sparc) || defined(__sparc__)) + +-# include "sparc_arch.h" ++# include "sparc_arch.h" + + extern unsigned int OPENSSL_sparcv9cap_P[]; + +-/* +- * Initial Fujitsu SPARC64 X support +- */ +-# define HWAES_CAPABLE (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX) +-# define HWAES_set_encrypt_key aes_fx_set_encrypt_key +-# define HWAES_set_decrypt_key aes_fx_set_decrypt_key +-# define HWAES_encrypt aes_fx_encrypt +-# define HWAES_decrypt aes_fx_decrypt +-# define HWAES_cbc_encrypt aes_fx_cbc_encrypt +-# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks +- +-# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) ++# define SPARC_AES_CAPABLE (OPENSSL_sparcv9cap_P[1] & CFR_AES) + + void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks); + void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks); +@@ -576,7 +504,7 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out, + * non-key-length specific routines would require conditional branches + * either in inner loops or on subroutines' entries. Former is hardly + * acceptable, while latter means code size increase to size occupied +- * by multiple key-length specific subroutines, so why fight? ++ * by multiple key-length specfic subroutines, so why fight? + */ + void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, +@@ -622,14 +550,14 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + int ret, mode, bits; +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- mode = EVP_CIPHER_CTX_mode(ctx); +- bits = EVP_CIPHER_CTX_key_length(ctx) * 8; ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ bits = ctx->key_len * 8; + if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) + && !enc) { + ret = 0; +- aes_t4_set_decrypt_key(key, bits, &dat->ks.ks); ++ aes_t4_set_decrypt_key(key, bits, ctx->cipher_data); + dat->block = (block128_f) aes_t4_decrypt; + switch (bits) { + case 128: +@@ -649,7 +577,7 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + } else { + ret = 0; +- aes_t4_set_encrypt_key(key, bits, &dat->ks.ks); ++ aes_t4_set_encrypt_key(key, bits, ctx->cipher_data); + dat->block = (block128_f) aes_t4_encrypt; + switch (bits) { + case 128: +@@ -689,42 +617,42 @@ static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + return 1; + } + +-# define aes_t4_cbc_cipher aes_cbc_cipher ++# define aes_t4_cbc_cipher aes_cbc_cipher + static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aes_t4_ecb_cipher aes_ecb_cipher ++# define aes_t4_ecb_cipher aes_ecb_cipher + static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aes_t4_ofb_cipher aes_ofb_cipher ++# define aes_t4_ofb_cipher aes_ofb_cipher + static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aes_t4_cfb_cipher aes_cfb_cipher ++# define aes_t4_cfb_cipher aes_cfb_cipher + static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aes_t4_cfb8_cipher aes_cfb8_cipher ++# define aes_t4_cfb8_cipher aes_cfb8_cipher + static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aes_t4_cfb1_cipher aes_cfb1_cipher ++# define aes_t4_cfb1_cipher aes_cfb1_cipher + static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# define aes_t4_ctr_cipher aes_ctr_cipher ++# define aes_t4_ctr_cipher aes_ctr_cipher + static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + + static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) { +- int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; ++ int bits = ctx->key_len * 8; + aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) aes_t4_encrypt); +@@ -763,19 +691,19 @@ static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + return 1; + } + +-# define aes_t4_gcm_cipher aes_gcm_cipher ++# define aes_t4_gcm_cipher aes_gcm_cipher + static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + + static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + if (!iv && !key) + return 1; + + if (key) { +- int bits = EVP_CIPHER_CTX_key_length(ctx) * 4; ++ int bits = ctx->key_len * 4; + xctx->stream = NULL; + /* key_len is two AES keys */ + if (enc) { +@@ -785,6 +713,11 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + case 128: + xctx->stream = aes128_t4_xts_encrypt; + break; ++# if 0 /* not yet */ ++ case 192: ++ xctx->stream = aes192_t4_xts_encrypt; ++ break; ++# endif + case 256: + xctx->stream = aes256_t4_xts_encrypt; + break; +@@ -792,13 +725,17 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + return 0; + } + } else { +- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ aes_t4_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) aes_t4_decrypt; + switch (bits) { + case 128: + xctx->stream = aes128_t4_xts_decrypt; + break; ++# if 0 /* not yet */ ++ case 192: ++ xctx->stream = aes192_t4_xts_decrypt; ++ break; ++# endif + case 256: + xctx->stream = aes256_t4_xts_decrypt; + break; +@@ -807,9 +744,8 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + } + +- aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ aes_t4_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) aes_t4_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -817,97 +753,61 @@ static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + + if (iv) { + xctx->xts.key2 = &xctx->ks2; +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); ++ memcpy(ctx->iv, iv, 16); + } + + return 1; + } + +-# define aes_t4_xts_cipher aes_xts_cipher ++# define aes_t4_xts_cipher aes_xts_cipher + static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + + static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) { +- int bits = EVP_CIPHER_CTX_key_length(ctx) * 8; ++ int bits = ctx->key_len * 8; + aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) aes_t4_encrypt); ++# if 0 /* not yet */ ++ switch (bits) { ++ case 128: ++ cctx->str = enc ? (ccm128_f) aes128_t4_ccm64_encrypt : ++ (ccm128_f) ae128_t4_ccm64_decrypt; ++ break; ++ case 192: ++ cctx->str = enc ? (ccm128_f) aes192_t4_ccm64_encrypt : ++ (ccm128_f) ae192_t4_ccm64_decrypt; ++ break; ++ case 256: ++ cctx->str = enc ? (ccm128_f) aes256_t4_ccm64_encrypt : ++ (ccm128_f) ae256_t4_ccm64_decrypt; ++ break; ++ default: ++ return 0; ++ } ++# else + cctx->str = NULL; ++# endif + cctx->key_set = 1; + } + if (iv) { +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); ++ memcpy(ctx->iv, iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; + } + +-# define aes_t4_ccm_cipher aes_ccm_cipher ++# define aes_t4_ccm_cipher aes_ccm_cipher + static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +-# ifndef OPENSSL_NO_OCB +-static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); +- if (!iv && !key) +- return 1; +- if (key) { +- do { +- /* +- * We set both the encrypt and decrypt key here because decrypt +- * needs both. We could possibly optimise to remove setting the +- * decrypt for an encryption operation. +- */ +- aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksenc.ks); +- aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksdec.ks); +- if (!CRYPTO_ocb128_init(&octx->ocb, +- &octx->ksenc.ks, &octx->ksdec.ks, +- (block128_f) aes_t4_encrypt, +- (block128_f) aes_t4_decrypt, +- NULL)) +- return 0; +- } +- while (0); +- +- /* +- * If we have an iv we can set it directly, otherwise use saved IV. +- */ +- if (iv == NULL && octx->iv_set) +- iv = octx->iv; +- if (iv) { +- if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) +- != 1) +- return 0; +- octx->iv_set = 1; +- } +- octx->key_set = 1; +- } else { +- /* If key set use IV, otherwise copy */ +- if (octx->key_set) +- CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); +- else +- memcpy(octx->iv, iv, octx->ivlen); +- octx->iv_set = 1; +- } +- return 1; +-} +- +-# define aes_t4_ocb_cipher aes_ocb_cipher +-static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t len); +-# endif /* OPENSSL_NO_OCB */ +- +-# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ + static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ +@@ -928,7 +828,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } + +-# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ ++# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ + static const EVP_CIPHER aes_t4_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ +@@ -950,9 +850,9 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; } + +-#else ++# else + +-# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ ++# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \ + flags|EVP_CIPH_##MODE##_MODE, \ +@@ -964,7 +864,7 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { return &aes_##keylen##_##mode; } + +-# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ ++# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \ + static const EVP_CIPHER aes_##keylen##_##mode = { \ + nid##_##keylen##_##mode,blocksize, \ + (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \ +@@ -976,29 +876,25 @@ static const EVP_CIPHER aes_##keylen##_##mode = { \ + NULL,NULL,aes_##mode##_ctrl,NULL }; \ + const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ + { return &aes_##keylen##_##mode; } ++# endif + +-#endif +- +-#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) +-# include "arm_arch.h" +-# if __ARM_MAX_ARCH__>=7 +-# if defined(BSAES_ASM) +-# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) ++# if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) ++# include "arm_arch.h" ++# if __ARM_MAX_ARCH__>=7 ++# if defined(BSAES_ASM) ++# define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) ++# endif ++# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) ++# define HWAES_set_encrypt_key aes_v8_set_encrypt_key ++# define HWAES_set_decrypt_key aes_v8_set_decrypt_key ++# define HWAES_encrypt aes_v8_encrypt ++# define HWAES_decrypt aes_v8_decrypt ++# define HWAES_cbc_encrypt aes_v8_cbc_encrypt ++# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks + # endif +-# if defined(VPAES_ASM) +-# define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +-# endif +-# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +-# define HWAES_set_encrypt_key aes_v8_set_encrypt_key +-# define HWAES_set_decrypt_key aes_v8_set_decrypt_key +-# define HWAES_encrypt aes_v8_encrypt +-# define HWAES_decrypt aes_v8_decrypt +-# define HWAES_cbc_encrypt aes_v8_cbc_encrypt +-# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks + # endif +-#endif + +-#if defined(HWAES_CAPABLE) ++# if defined(HWAES_CAPABLE) + int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, +@@ -1013,15 +909,9 @@ void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, + void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, + const unsigned char ivec[16]); +-void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out, +- size_t len, const AES_KEY *key1, +- const AES_KEY *key2, const unsigned char iv[16]); +-void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out, +- size_t len, const AES_KEY *key1, +- const AES_KEY *key2, const unsigned char iv[16]); +-#endif ++# endif + +-#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ ++# define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ + BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ +@@ -1034,97 +924,85 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + int ret, mode; +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- mode = EVP_CIPHER_CTX_mode(ctx); ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; + if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) +- && !enc) { +-#ifdef HWAES_CAPABLE ++ && !enc) ++# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { +- ret = HWAES_set_decrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = HWAES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) HWAES_decrypt; + dat->stream.cbc = NULL; +-# ifdef HWAES_cbc_encrypt ++# ifdef HWAES_cbc_encrypt + if (mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; +-# endif ++# endif + } else +-#endif +-#ifdef BSAES_CAPABLE ++# endif ++# ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { +- ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) AES_decrypt; + dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt; + } else +-#endif +-#ifdef VPAES_CAPABLE ++# endif ++# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- ret = vpaes_set_decrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) vpaes_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) vpaes_cbc_encrypt : NULL; + } else +-#endif ++# endif + { +- ret = AES_set_decrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = AES_set_decrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) AES_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) AES_cbc_encrypt : NULL; +- } + } else +-#ifdef HWAES_CAPABLE ++# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { +- ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = HWAES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) HWAES_encrypt; + dat->stream.cbc = NULL; +-# ifdef HWAES_cbc_encrypt ++# ifdef HWAES_cbc_encrypt + if (mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt; + else +-# endif +-# ifdef HWAES_ctr32_encrypt_blocks ++# endif ++# ifdef HWAES_ctr32_encrypt_blocks + if (mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; + else +-# endif ++# endif + (void)0; /* terminate potentially open 'else' */ + } else +-#endif +-#ifdef BSAES_CAPABLE ++# endif ++# ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { +- ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) AES_encrypt; + dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; + } else +-#endif +-#ifdef VPAES_CAPABLE ++# endif ++# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) vpaes_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) vpaes_cbc_encrypt : NULL; + } else +-#endif ++# endif + { +- ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &dat->ks.ks); ++ ret = AES_set_encrypt_key(key, ctx->key_len * 8, &dat->ks.ks); + dat->block = (block128_f) AES_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f) AES_cbc_encrypt : NULL; +-#ifdef AES_CTR_ASM ++# ifdef AES_CTR_ASM + if (mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt; +-#endif ++# endif + } + + if (ret < 0) { +@@ -1138,18 +1016,14 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + + if (dat->stream.cbc) +- (*dat->stream.cbc) (in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); +- else if (EVP_CIPHER_CTX_encrypting(ctx)) +- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); ++ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); ++ else if (ctx->encrypt) ++ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + else +- CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); ++ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + + return 1; + } +@@ -1157,9 +1031,9 @@ static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- size_t bl = EVP_CIPHER_CTX_block_size(ctx); ++ size_t bl = ctx->cipher->block_size; + size_t i; +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + + if (len < bl) + return 1; +@@ -1173,70 +1047,52 @@ static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, dat->block); + return 1; + } + + static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, +- EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + return 1; + } + + static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, +- EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + return 1; + } + + static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + +- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { +- int num = EVP_CIPHER_CTX_num(ctx); ++ if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { + CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, +- EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + return 1; + } + + while (len >= MAXBITCHUNK) { +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, +- EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + len -= MAXBITCHUNK; + } +- if (len) { +- int num = EVP_CIPHER_CTX_num(ctx); ++ if (len) + CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, +- EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); +- } ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + + return 1; + } +@@ -1244,34 +1100,28 @@ static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- unsigned int num = EVP_CIPHER_CTX_num(ctx); +- EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx); ++ unsigned int num = ctx->num; ++ EVP_AES_KEY *dat = (EVP_AES_KEY *) ctx->cipher_data; + + if (dat->stream.ctr) + CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_buf_noconst(ctx), +- &num, dat->stream.ctr); ++ ctx->iv, ctx->buf, &num, dat->stream.ctr); + else + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_buf_noconst(ctx), &num, +- dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, ctx->buf, &num, dat->block); ++ ctx->num = (size_t)num; + return 1; + } + +-BLOCK_CIPHER_generic_pack(NID_aes, 128, 0) +- BLOCK_CIPHER_generic_pack(NID_aes, 192, 0) +- BLOCK_CIPHER_generic_pack(NID_aes, 256, 0) ++BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) ++ BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) + + static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) + { +- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); +- if (gctx == NULL) +- return 0; ++ EVP_AES_GCM_CTX *gctx = c->cipher_data; + OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm)); +- if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) ++ if (gctx->iv != c->iv) + OPENSSL_free(gctx->iv); + return 1; + } +@@ -1294,44 +1144,43 @@ static void ctr64_inc(unsigned char *counter) + + static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { +- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); ++ EVP_AES_GCM_CTX *gctx = c->cipher_data; + switch (type) { + case EVP_CTRL_INIT: + gctx->key_set = 0; + gctx->iv_set = 0; +- gctx->ivlen = EVP_CIPHER_CTX_iv_length(c); +- gctx->iv = EVP_CIPHER_CTX_iv_noconst(c); ++ gctx->ivlen = c->cipher->iv_len; ++ gctx->iv = c->iv; + gctx->taglen = -1; + gctx->iv_gen = 0; + gctx->tls_aad_len = -1; + return 1; + +- case EVP_CTRL_AEAD_SET_IVLEN: ++ case EVP_CTRL_GCM_SET_IVLEN: + if (arg <= 0) + return 0; + /* Allocate memory for IV if needed */ + if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { +- if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c)) ++ if (gctx->iv != c->iv) + OPENSSL_free(gctx->iv); + gctx->iv = OPENSSL_malloc(arg); +- if (gctx->iv == NULL) ++ if (!gctx->iv) + return 0; + } + gctx->ivlen = arg; + return 1; + +- case EVP_CTRL_AEAD_SET_TAG: +- if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c)) ++ case EVP_CTRL_GCM_SET_TAG: ++ if (arg <= 0 || arg > 16 || c->encrypt) + return 0; +- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); ++ memcpy(c->buf, ptr, arg); + gctx->taglen = arg; + return 1; + +- case EVP_CTRL_AEAD_GET_TAG: +- if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c) +- || gctx->taglen < 0) ++ case EVP_CTRL_GCM_GET_TAG: ++ if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) + return 0; +- memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg); ++ memcpy(ptr, c->buf, arg); + return 1; + + case EVP_CTRL_GCM_SET_IV_FIXED: +@@ -1349,8 +1198,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + return 0; + if (arg) + memcpy(gctx->iv, ptr, arg); +- if (EVP_CIPHER_CTX_encrypting(c) +- && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) ++ if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0) + return 0; + gctx->iv_gen = 1; + return 1; +@@ -1371,8 +1219,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + return 1; + + case EVP_CTRL_GCM_SET_IV_INV: +- if (gctx->iv_gen == 0 || gctx->key_set == 0 +- || EVP_CIPHER_CTX_encrypting(c)) ++ if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) + return 0; + memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); + CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); +@@ -1383,24 +1230,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + /* Save the AAD for later use */ + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return 0; +- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); ++ memcpy(c->buf, ptr, arg); + gctx->tls_aad_len = arg; + { +- unsigned int len = +- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 +- | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; ++ unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1]; + /* Correct length for explicit IV */ +- if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) +- return 0; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; + /* If decrypting correct for tag too */ +- if (!EVP_CIPHER_CTX_encrypting(c)) { +- if (len < EVP_GCM_TLS_TAG_LEN) +- return 0; ++ if (!c->encrypt) + len -= EVP_GCM_TLS_TAG_LEN; +- } +- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; +- EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; ++ c->buf[arg - 2] = len >> 8; ++ c->buf[arg - 1] = len & 0xff; + } + /* Extra padding: tag appended to record */ + return EVP_GCM_TLS_TAG_LEN; +@@ -1408,17 +1248,17 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + case EVP_CTRL_COPY: + { + EVP_CIPHER_CTX *out = ptr; +- EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out); ++ EVP_AES_GCM_CTX *gctx_out = out->cipher_data; + if (gctx->gcm.key) { + if (gctx->gcm.key != &gctx->ks) + return 0; + gctx_out->gcm.key = &gctx_out->ks; + } +- if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c)) +- gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out); ++ if (gctx->iv == c->iv) ++ gctx_out->iv = out->iv; + else { + gctx_out->iv = OPENSSL_malloc(gctx->ivlen); +- if (gctx_out->iv == NULL) ++ if (!gctx_out->iv) + return 0; + memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); + } +@@ -1434,56 +1274,52 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) { + do { +-#ifdef HWAES_CAPABLE ++# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { +- HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &gctx->ks.ks); ++ HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) HWAES_encrypt); +-# ifdef HWAES_ctr32_encrypt_blocks ++# ifdef HWAES_ctr32_encrypt_blocks + gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks; +-# else ++# else + gctx->ctr = NULL; +-# endif ++# endif + break; + } else +-#endif +-#ifdef BSAES_CAPABLE ++# endif ++# ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) { +- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &gctx->ks.ks); ++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) AES_encrypt); + gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks; + break; + } else +-#endif +-#ifdef VPAES_CAPABLE ++# endif ++# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &gctx->ks.ks); ++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) vpaes_encrypt); + gctx->ctr = NULL; + break; + } else +-#endif ++# endif + (void)0; /* terminate potentially open 'else' */ + +- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &gctx->ks.ks); ++ AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f) AES_encrypt); +-#ifdef AES_CTR_ASM ++# ifdef AES_CTR_ASM + gctx->ctr = (ctr128_f) AES_ctr32_encrypt; +-#else ++# else + gctx->ctr = NULL; +-#endif ++# endif + } while (0); + + /* +@@ -1518,7 +1354,7 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + int rv = -1; + /* Encrypt/decrypt must be performed in place */ + if (out != in +@@ -1528,23 +1364,22 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + * Set IV from start of buffer or generate IV and write to start of + * buffer. + */ +- if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ? ++ if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? + EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + goto err; + /* Use saved AAD */ +- if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), +- gctx->tls_aad_len)) ++ if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) + goto err; + /* Fix buffer and length to point to payload */ + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + /* Encrypt payload */ + if (gctx->ctr) { + size_t bulk = 0; +-#if defined(AES_GCM_ASM) ++# if defined(AES_GCM_ASM) + if (len >= 32 && AES_GCM_ASM(gctx)) { + if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) + return -1; +@@ -1554,7 +1389,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.len.u[1] += bulk; + } +-#endif ++# endif + if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, + in + bulk, + out + bulk, +@@ -1562,7 +1397,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + goto err; + } else { + size_t bulk = 0; +-#if defined(AES_GCM_ASM2) ++# if defined(AES_GCM_ASM2) + if (len >= 32 && AES_GCM_ASM2(gctx)) { + if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0)) + return -1; +@@ -1572,7 +1407,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.len.u[1] += bulk; + } +-#endif ++# endif + if (CRYPTO_gcm128_encrypt(&gctx->gcm, + in + bulk, out + bulk, len - bulk)) + goto err; +@@ -1585,7 +1420,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + /* Decrypt */ + if (gctx->ctr) { + size_t bulk = 0; +-#if defined(AES_GCM_ASM) ++# if defined(AES_GCM_ASM) + if (len >= 16 && AES_GCM_ASM(gctx)) { + if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) + return -1; +@@ -1595,7 +1430,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.len.u[1] += bulk; + } +-#endif ++# endif + if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, + in + bulk, + out + bulk, +@@ -1603,7 +1438,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + goto err; + } else { + size_t bulk = 0; +-#if defined(AES_GCM_ASM2) ++# if defined(AES_GCM_ASM2) + if (len >= 16 && AES_GCM_ASM2(gctx)) { + if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0)) + return -1; +@@ -1613,17 +1448,15 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.Yi.c, gctx->gcm.Xi.u); + gctx->gcm.len.u[1] += bulk; + } +-#endif ++# endif + if (CRYPTO_gcm128_decrypt(&gctx->gcm, + in + bulk, out + bulk, len - bulk)) + goto err; + } + /* Retrieve tag */ +- CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), +- EVP_GCM_TLS_TAG_LEN); ++ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); + /* If tag mismatch wipe buffer */ +- if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len, +- EVP_GCM_TLS_TAG_LEN)) { ++ if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + OPENSSL_cleanse(out, len); + goto err; + } +@@ -1639,7 +1472,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx); ++ EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + /* If not set up, return error */ + if (!gctx->key_set) + return -1; +@@ -1653,10 +1486,10 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + if (out == NULL) { + if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) + return -1; +- } else if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ } else if (ctx->encrypt) { + if (gctx->ctr) { + size_t bulk = 0; +-#if defined(AES_GCM_ASM) ++# if defined(AES_GCM_ASM) + if (len >= 32 && AES_GCM_ASM(gctx)) { + size_t res = (16 - gctx->gcm.mres) % 16; + +@@ -1670,7 +1503,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.len.u[1] += bulk; + bulk += res; + } +-#endif ++# endif + if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, + in + bulk, + out + bulk, +@@ -1678,7 +1511,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + return -1; + } else { + size_t bulk = 0; +-#if defined(AES_GCM_ASM2) ++# if defined(AES_GCM_ASM2) + if (len >= 32 && AES_GCM_ASM2(gctx)) { + size_t res = (16 - gctx->gcm.mres) % 16; + +@@ -1692,7 +1525,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.len.u[1] += bulk; + bulk += res; + } +-#endif ++# endif + if (CRYPTO_gcm128_encrypt(&gctx->gcm, + in + bulk, out + bulk, len - bulk)) + return -1; +@@ -1700,7 +1533,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + } else { + if (gctx->ctr) { + size_t bulk = 0; +-#if defined(AES_GCM_ASM) ++# if defined(AES_GCM_ASM) + if (len >= 16 && AES_GCM_ASM(gctx)) { + size_t res = (16 - gctx->gcm.mres) % 16; + +@@ -1714,7 +1547,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.len.u[1] += bulk; + bulk += res; + } +-#endif ++# endif + if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, + in + bulk, + out + bulk, +@@ -1722,7 +1555,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + return -1; + } else { + size_t bulk = 0; +-#if defined(AES_GCM_ASM2) ++# if defined(AES_GCM_ASM2) + if (len >= 16 && AES_GCM_ASM2(gctx)) { + size_t res = (16 - gctx->gcm.mres) % 16; + +@@ -1736,7 +1569,7 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + gctx->gcm.len.u[1] += bulk; + bulk += res; + } +-#endif ++# endif + if (CRYPTO_gcm128_decrypt(&gctx->gcm, + in + bulk, out + bulk, len - bulk)) + return -1; +@@ -1744,17 +1577,15 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + } + return len; + } else { +- if (!EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (!ctx->encrypt) { + if (gctx->taglen < 0) + return -1; +- if (CRYPTO_gcm128_finish(&gctx->gcm, +- EVP_CIPHER_CTX_buf_noconst(ctx), +- gctx->taglen) != 0) ++ if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0) + return -1; + gctx->iv_set = 0; + return 0; + } +- CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16); ++ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); + gctx->taglen = 16; + /* Don't reuse the IV */ + gctx->iv_set = 0; +@@ -1763,24 +1594,27 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + + } + +-#define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ ++# define CUSTOM_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 \ + | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) + + BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_AEAD_CIPHER | ++ CUSTOM_FLAGS) + + static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { +- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,c); ++ EVP_AES_XTS_CTX *xctx = c->cipher_data; + if (type == EVP_CTRL_COPY) { + EVP_CIPHER_CTX *out = ptr; +- EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out); ++ EVP_AES_XTS_CTX *xctx_out = out->cipher_data; + if (xctx->xts.key1) { + if (xctx->xts.key1 != &xctx->ks1) + return 0; +@@ -1803,90 +1637,75 @@ static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + if (!iv && !key) + return 1; + + if (key) + do { +-#ifdef AES_XTS_ASM ++# ifdef AES_XTS_ASM + xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; +-#else ++# else + xctx->stream = NULL; +-#endif ++# endif + /* key_len is two AES keys */ +-#ifdef HWAES_CAPABLE ++# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { + if (enc) { +- HWAES_set_encrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, ++ HWAES_set_encrypt_key(key, ctx->key_len * 4, + &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) HWAES_encrypt; +-# ifdef HWAES_xts_encrypt +- xctx->stream = HWAES_xts_encrypt; +-# endif + } else { +- HWAES_set_decrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, ++ HWAES_set_decrypt_key(key, ctx->key_len * 4, + &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) HWAES_decrypt; +-# ifdef HWAES_xts_decrypt +- xctx->stream = HWAES_xts_decrypt; +-#endif + } + +- HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ HWAES_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) HWAES_encrypt; + + xctx->xts.key1 = &xctx->ks1; + break; + } else +-#endif +-#ifdef BSAES_CAPABLE ++# endif ++# ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) + xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt; + else +-#endif +-#ifdef VPAES_CAPABLE ++# endif ++# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + if (enc) { +- vpaes_set_encrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, ++ vpaes_set_encrypt_key(key, ctx->key_len * 4, + &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) vpaes_encrypt; + } else { +- vpaes_set_decrypt_key(key, +- EVP_CIPHER_CTX_key_length(ctx) * 4, ++ vpaes_set_decrypt_key(key, ctx->key_len * 4, + &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) vpaes_decrypt; + } + +- vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ vpaes_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) vpaes_encrypt; + + xctx->xts.key1 = &xctx->ks1; + break; + } else +-#endif ++# endif + (void)0; /* terminate potentially open 'else' */ + + if (enc) { +- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) AES_encrypt; + } else { +- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks1.ks); ++ AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1.ks); + xctx->xts.block1 = (block128_f) AES_decrypt; + } + +- AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2, +- EVP_CIPHER_CTX_key_length(ctx) * 4, +- &xctx->ks2.ks); ++ AES_set_encrypt_key(key + ctx->key_len / 2, ++ ctx->key_len * 4, &xctx->ks2.ks); + xctx->xts.block2 = (block128_f) AES_encrypt; + + xctx->xts.key1 = &xctx->ks1; +@@ -1894,7 +1713,7 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + + if (iv) { + xctx->xts.key2 = &xctx->ks2; +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16); ++ memcpy(ctx->iv, iv, 16); + } + + return 1; +@@ -1903,34 +1722,34 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx); ++ EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + if (!xctx->xts.key1 || !xctx->xts.key2) + return 0; + if (!out || !in || len < AES_BLOCK_SIZE) + return 0; + if (xctx->stream) + (*xctx->stream) (in, out, len, +- xctx->xts.key1, xctx->xts.key2, +- EVP_CIPHER_CTX_iv_noconst(ctx)); +- else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx), +- in, out, len, +- EVP_CIPHER_CTX_encrypting(ctx))) ++ xctx->xts.key1, xctx->xts.key2, ctx->iv); ++ else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, ++ ctx->encrypt)) + return 0; + return 1; + } + +-#define aes_xts_cleanup NULL ++# define aes_xts_cleanup NULL + +-#define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ ++# define XTS_FLAGS (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \ + | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \ + | EVP_CIPH_CUSTOM_COPY) + +-BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS) +- BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS) ++BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) ++ BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, ++ EVP_CIPH_FLAG_FIPS | XTS_FLAGS) + + static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { +- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c); ++ EVP_AES_CCM_CTX *cctx = c->cipher_data; + switch (type) { + case EVP_CTRL_INIT: + cctx->key_set = 0; +@@ -1939,44 +1758,9 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + cctx->M = 12; + cctx->tag_set = 0; + cctx->len_set = 0; +- cctx->tls_aad_len = -1; + return 1; + +- case EVP_CTRL_AEAD_TLS1_AAD: +- /* Save the AAD for later use */ +- if (arg != EVP_AEAD_TLS1_AAD_LEN) +- return 0; +- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); +- cctx->tls_aad_len = arg; +- { +- uint16_t len = +- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8 +- | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1]; +- /* Correct length for explicit IV */ +- if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) +- return 0; +- len -= EVP_CCM_TLS_EXPLICIT_IV_LEN; +- /* If decrypting correct for tag too */ +- if (!EVP_CIPHER_CTX_encrypting(c)) { +- if (len < cctx->M) +- return 0; +- len -= cctx->M; +- } +- EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8; +- EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff; +- } +- /* Extra padding: tag appended to record */ +- return cctx->M; +- +- case EVP_CTRL_CCM_SET_IV_FIXED: +- /* Sanity check length */ +- if (arg != EVP_CCM_TLS_FIXED_IV_LEN) +- return 0; +- /* Just copy to first part of IV */ +- memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg); +- return 1; +- +- case EVP_CTRL_AEAD_SET_IVLEN: ++ case EVP_CTRL_CCM_SET_IVLEN: + arg = 15 - arg; + case EVP_CTRL_CCM_SET_L: + if (arg < 2 || arg > 8) +@@ -1984,20 +1768,20 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + cctx->L = arg; + return 1; + +- case EVP_CTRL_AEAD_SET_TAG: ++ case EVP_CTRL_CCM_SET_TAG: + if ((arg & 1) || arg < 4 || arg > 16) + return 0; +- if (EVP_CIPHER_CTX_encrypting(c) && ptr) ++ if (c->encrypt && ptr) + return 0; + if (ptr) { + cctx->tag_set = 1; +- memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg); ++ memcpy(c->buf, ptr, arg); + } + cctx->M = arg; + return 1; + +- case EVP_CTRL_AEAD_GET_TAG: +- if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set) ++ case EVP_CTRL_CCM_GET_TAG: ++ if (!c->encrypt || !cctx->tag_set) + return 0; + if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) + return 0; +@@ -2009,7 +1793,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + case EVP_CTRL_COPY: + { + EVP_CIPHER_CTX *out = ptr; +- EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out); ++ EVP_AES_CCM_CTX *cctx_out = out->cipher_data; + if (cctx->ccm.key) { + if (cctx->ccm.key != &cctx->ks) + return 0; +@@ -2027,15 +1811,14 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) + do { +-#ifdef HWAES_CAPABLE ++# ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) { +- HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &cctx->ks.ks); ++ HWAES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) HWAES_encrypt); +@@ -2043,101 +1826,43 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + cctx->key_set = 1; + break; + } else +-#endif +-#ifdef VPAES_CAPABLE ++# endif ++# ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { +- vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &cctx->ks.ks); ++ vpaes_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) vpaes_encrypt); + cctx->str = NULL; + cctx->key_set = 1; + break; + } +-#endif +- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &cctx->ks.ks); ++# endif ++ AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks.ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f) AES_encrypt); + cctx->str = NULL; + cctx->key_set = 1; + } while (0); + if (iv) { +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L); ++ memcpy(ctx->iv, iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; + } + +-static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t len) +-{ +- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); +- CCM128_CONTEXT *ccm = &cctx->ccm; +- /* Encrypt/decrypt must be performed in place */ +- if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M)) +- return -1; +- /* If encrypting set explicit IV from sequence number (start of AAD) */ +- if (EVP_CIPHER_CTX_encrypting(ctx)) +- memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx), +- EVP_CCM_TLS_EXPLICIT_IV_LEN); +- /* Get rest of IV from explicit IV */ +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in, +- EVP_CCM_TLS_EXPLICIT_IV_LEN); +- /* Correct length value */ +- len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; +- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L, +- len)) +- return -1; +- /* Use saved AAD */ +- CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len); +- /* Fix buffer to point to payload */ +- in += EVP_CCM_TLS_EXPLICIT_IV_LEN; +- out += EVP_CCM_TLS_EXPLICIT_IV_LEN; +- if (EVP_CIPHER_CTX_encrypting(ctx)) { +- if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, +- cctx->str) : +- CRYPTO_ccm128_encrypt(ccm, in, out, len)) +- return -1; +- if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M)) +- return -1; +- return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M; +- } else { +- if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, +- cctx->str) : +- !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { +- unsigned char tag[16]; +- if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { +- if (!CRYPTO_memcmp(tag, in + len, cctx->M)) +- return len; +- } +- } +- OPENSSL_cleanse(out, len); +- return -1; +- } +-} +- + static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx); ++ EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + CCM128_CONTEXT *ccm = &cctx->ccm; + /* If not set up, return error */ +- if (!cctx->key_set) ++ if (!cctx->iv_set && !cctx->key_set) + return -1; +- +- if (cctx->tls_aad_len >= 0) +- return aes_ccm_tls_cipher(ctx, out, in, len); +- +- if (!cctx->iv_set) +- return -1; +- +- if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set) ++ if (!ctx->encrypt && !cctx->tag_set) + return -1; + if (!out) { + if (!in) { +- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), +- 15 - cctx->L, len)) ++ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) + return -1; + cctx->len_set = 1; + return len; +@@ -2153,12 +1878,11 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + return 0; + /* If not set length yet do it */ + if (!cctx->len_set) { +- if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), +- 15 - cctx->L, len)) ++ if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) + return -1; + cctx->len_set = 1; + } +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, + cctx->str) : + CRYPTO_ccm128_encrypt(ccm, in, out, len)) +@@ -2172,8 +1896,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + unsigned char tag[16]; + if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { +- if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx), +- cctx->M)) ++ if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) + rv = len; + } + } +@@ -2184,17 +1907,18 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + cctx->len_set = 0; + return rv; + } ++ + } + +-#define aes_ccm_cleanup NULL ++# define aes_ccm_cleanup NULL + + BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) ++ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) + BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +- ++ EVP_CIPH_FLAG_FIPS | CUSTOM_FLAGS) ++#endif + typedef struct { + union { + double align; +@@ -2207,22 +1931,20 @@ typedef struct { + static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); ++ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; + if (!iv && !key) + return 1; + if (key) { +- if (EVP_CIPHER_CTX_encrypting(ctx)) +- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &wctx->ks.ks); ++ if (ctx->encrypt) ++ AES_set_encrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); + else +- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &wctx->ks.ks); ++ AES_set_decrypt_key(key, ctx->key_len * 8, &wctx->ks.ks); + if (!iv) + wctx->iv = NULL; + } + if (iv) { +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx)); +- wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx); ++ memcpy(ctx->iv, iv, 8); ++ wctx->iv = ctx->iv; + } + return 1; + } +@@ -2230,59 +1952,28 @@ static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inlen) + { +- EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx); ++ EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; + size_t rv; +- /* AES wrap with padding has IV length of 4, without padding 8 */ +- int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4; +- /* No final operation so always return zero length */ + if (!in) + return 0; +- /* Input length must always be non-zero */ +- if (!inlen) ++ if (inlen % 8) + return -1; +- /* If decrypting need at least 16 bytes and multiple of 8 */ +- if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7)) ++ if (ctx->encrypt && inlen < 8) + return -1; +- /* If not padding input must be multiple of 8 */ +- if (!pad && inlen & 0x7) ++ if (!ctx->encrypt && inlen < 16) + return -1; +- if (is_partially_overlapping(out, in, inlen)) { +- EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); +- return 0; +- } + if (!out) { +- if (EVP_CIPHER_CTX_encrypting(ctx)) { +- /* If padding round up to multiple of 8 */ +- if (pad) +- inlen = (inlen + 7) / 8 * 8; +- /* 8 byte prefix */ ++ if (ctx->encrypt) + return inlen + 8; +- } else { +- /* +- * If not padding output will be exactly 8 bytes smaller than +- * input. If padding it will be at least 8 bytes smaller but we +- * don't know how much. +- */ +- return inlen - 8; +- } +- } +- if (pad) { +- if (EVP_CIPHER_CTX_encrypting(ctx)) +- rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv, +- out, in, inlen, +- (block128_f) AES_encrypt); + else +- rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv, +- out, in, inlen, +- (block128_f) AES_decrypt); +- } else { +- if (EVP_CIPHER_CTX_encrypting(ctx)) +- rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, +- out, in, inlen, (block128_f) AES_encrypt); +- else +- rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, +- out, in, inlen, (block128_f) AES_decrypt); ++ return inlen - 8; + } ++ if (ctx->encrypt) ++ rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv, out, in, inlen, ++ (block128_f) AES_encrypt); ++ else ++ rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv, out, in, inlen, ++ (block128_f) AES_decrypt); + return rv ? (int)rv : -1; + } + +@@ -2331,372 +2022,3 @@ const EVP_CIPHER *EVP_aes_256_wrap(void) + { + return &aes_256_wrap; + } +- +-static const EVP_CIPHER aes_128_wrap_pad = { +- NID_id_aes128_wrap_pad, +- 8, 16, 4, WRAP_FLAGS, +- aes_wrap_init_key, aes_wrap_cipher, +- NULL, +- sizeof(EVP_AES_WRAP_CTX), +- NULL, NULL, NULL, NULL +-}; +- +-const EVP_CIPHER *EVP_aes_128_wrap_pad(void) +-{ +- return &aes_128_wrap_pad; +-} +- +-static const EVP_CIPHER aes_192_wrap_pad = { +- NID_id_aes192_wrap_pad, +- 8, 24, 4, WRAP_FLAGS, +- aes_wrap_init_key, aes_wrap_cipher, +- NULL, +- sizeof(EVP_AES_WRAP_CTX), +- NULL, NULL, NULL, NULL +-}; +- +-const EVP_CIPHER *EVP_aes_192_wrap_pad(void) +-{ +- return &aes_192_wrap_pad; +-} +- +-static const EVP_CIPHER aes_256_wrap_pad = { +- NID_id_aes256_wrap_pad, +- 8, 32, 4, WRAP_FLAGS, +- aes_wrap_init_key, aes_wrap_cipher, +- NULL, +- sizeof(EVP_AES_WRAP_CTX), +- NULL, NULL, NULL, NULL +-}; +- +-const EVP_CIPHER *EVP_aes_256_wrap_pad(void) +-{ +- return &aes_256_wrap_pad; +-} +- +-#ifndef OPENSSL_NO_OCB +-static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +-{ +- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); +- EVP_CIPHER_CTX *newc; +- EVP_AES_OCB_CTX *new_octx; +- +- switch (type) { +- case EVP_CTRL_INIT: +- octx->key_set = 0; +- octx->iv_set = 0; +- octx->ivlen = EVP_CIPHER_CTX_iv_length(c); +- octx->iv = EVP_CIPHER_CTX_iv_noconst(c); +- octx->taglen = 16; +- octx->data_buf_len = 0; +- octx->aad_buf_len = 0; +- return 1; +- +- case EVP_CTRL_AEAD_SET_IVLEN: +- /* IV len must be 1 to 15 */ +- if (arg <= 0 || arg > 15) +- return 0; +- +- octx->ivlen = arg; +- return 1; +- +- case EVP_CTRL_AEAD_SET_TAG: +- if (!ptr) { +- /* Tag len must be 0 to 16 */ +- if (arg < 0 || arg > 16) +- return 0; +- +- octx->taglen = arg; +- return 1; +- } +- if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c)) +- return 0; +- memcpy(octx->tag, ptr, arg); +- return 1; +- +- case EVP_CTRL_AEAD_GET_TAG: +- if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c)) +- return 0; +- +- memcpy(ptr, octx->tag, arg); +- return 1; +- +- case EVP_CTRL_COPY: +- newc = (EVP_CIPHER_CTX *)ptr; +- new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc); +- return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb, +- &new_octx->ksenc.ks, +- &new_octx->ksdec.ks); +- +- default: +- return -1; +- +- } +-} +- +-# ifdef HWAES_CAPABLE +-# ifdef HWAES_ocb_encrypt +-void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out, +- size_t blocks, const void *key, +- size_t start_block_num, +- unsigned char offset_i[16], +- const unsigned char L_[][16], +- unsigned char checksum[16]); +-# else +-# define HWAES_ocb_encrypt ((ocb128_f)NULL) +-# endif +-# ifdef HWAES_ocb_decrypt +-void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out, +- size_t blocks, const void *key, +- size_t start_block_num, +- unsigned char offset_i[16], +- const unsigned char L_[][16], +- unsigned char checksum[16]); +-# else +-# define HWAES_ocb_decrypt ((ocb128_f)NULL) +-# endif +-# endif +- +-static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc) +-{ +- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); +- if (!iv && !key) +- return 1; +- if (key) { +- do { +- /* +- * We set both the encrypt and decrypt key here because decrypt +- * needs both. We could possibly optimise to remove setting the +- * decrypt for an encryption operation. +- */ +-# ifdef HWAES_CAPABLE +- if (HWAES_CAPABLE) { +- HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksenc.ks); +- HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksdec.ks); +- if (!CRYPTO_ocb128_init(&octx->ocb, +- &octx->ksenc.ks, &octx->ksdec.ks, +- (block128_f) HWAES_encrypt, +- (block128_f) HWAES_decrypt, +- enc ? HWAES_ocb_encrypt +- : HWAES_ocb_decrypt)) +- return 0; +- break; +- } +-# endif +-# ifdef VPAES_CAPABLE +- if (VPAES_CAPABLE) { +- vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksenc.ks); +- vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksdec.ks); +- if (!CRYPTO_ocb128_init(&octx->ocb, +- &octx->ksenc.ks, &octx->ksdec.ks, +- (block128_f) vpaes_encrypt, +- (block128_f) vpaes_decrypt, +- NULL)) +- return 0; +- break; +- } +-# endif +- AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksenc.ks); +- AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, +- &octx->ksdec.ks); +- if (!CRYPTO_ocb128_init(&octx->ocb, +- &octx->ksenc.ks, &octx->ksdec.ks, +- (block128_f) AES_encrypt, +- (block128_f) AES_decrypt, +- NULL)) +- return 0; +- } +- while (0); +- +- /* +- * If we have an iv we can set it directly, otherwise use saved IV. +- */ +- if (iv == NULL && octx->iv_set) +- iv = octx->iv; +- if (iv) { +- if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen) +- != 1) +- return 0; +- octx->iv_set = 1; +- } +- octx->key_set = 1; +- } else { +- /* If key set use IV, otherwise copy */ +- if (octx->key_set) +- CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen); +- else +- memcpy(octx->iv, iv, octx->ivlen); +- octx->iv_set = 1; +- } +- return 1; +-} +- +-static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t len) +-{ +- unsigned char *buf; +- int *buf_len; +- int written_len = 0; +- size_t trailing_len; +- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx); +- +- /* If IV or Key not set then return error */ +- if (!octx->iv_set) +- return -1; +- +- if (!octx->key_set) +- return -1; +- +- if (in != NULL) { +- /* +- * Need to ensure we are only passing full blocks to low level OCB +- * routines. We do it here rather than in EVP_EncryptUpdate/ +- * EVP_DecryptUpdate because we need to pass full blocks of AAD too +- * and those routines don't support that +- */ +- +- /* Are we dealing with AAD or normal data here? */ +- if (out == NULL) { +- buf = octx->aad_buf; +- buf_len = &(octx->aad_buf_len); +- } else { +- buf = octx->data_buf; +- buf_len = &(octx->data_buf_len); +- +- if (is_partially_overlapping(out + *buf_len, in, len)) { +- EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); +- return 0; +- } +- } +- +- /* +- * If we've got a partially filled buffer from a previous call then +- * use that data first +- */ +- if (*buf_len > 0) { +- unsigned int remaining; +- +- remaining = AES_BLOCK_SIZE - (*buf_len); +- if (remaining > len) { +- memcpy(buf + (*buf_len), in, len); +- *(buf_len) += len; +- return 0; +- } +- memcpy(buf + (*buf_len), in, remaining); +- +- /* +- * If we get here we've filled the buffer, so process it +- */ +- len -= remaining; +- in += remaining; +- if (out == NULL) { +- if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE)) +- return -1; +- } else if (EVP_CIPHER_CTX_encrypting(ctx)) { +- if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out, +- AES_BLOCK_SIZE)) +- return -1; +- } else { +- if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out, +- AES_BLOCK_SIZE)) +- return -1; +- } +- written_len = AES_BLOCK_SIZE; +- *buf_len = 0; +- if (out != NULL) +- out += AES_BLOCK_SIZE; +- } +- +- /* Do we have a partial block to handle at the end? */ +- trailing_len = len % AES_BLOCK_SIZE; +- +- /* +- * If we've got some full blocks to handle, then process these first +- */ +- if (len != trailing_len) { +- if (out == NULL) { +- if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len)) +- return -1; +- } else if (EVP_CIPHER_CTX_encrypting(ctx)) { +- if (!CRYPTO_ocb128_encrypt +- (&octx->ocb, in, out, len - trailing_len)) +- return -1; +- } else { +- if (!CRYPTO_ocb128_decrypt +- (&octx->ocb, in, out, len - trailing_len)) +- return -1; +- } +- written_len += len - trailing_len; +- in += len - trailing_len; +- } +- +- /* Handle any trailing partial block */ +- if (trailing_len > 0) { +- memcpy(buf, in, trailing_len); +- *buf_len = trailing_len; +- } +- +- return written_len; +- } else { +- /* +- * First of all empty the buffer of any partial block that we might +- * have been provided - both for data and AAD +- */ +- if (octx->data_buf_len > 0) { +- if (EVP_CIPHER_CTX_encrypting(ctx)) { +- if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out, +- octx->data_buf_len)) +- return -1; +- } else { +- if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out, +- octx->data_buf_len)) +- return -1; +- } +- written_len = octx->data_buf_len; +- octx->data_buf_len = 0; +- } +- if (octx->aad_buf_len > 0) { +- if (!CRYPTO_ocb128_aad +- (&octx->ocb, octx->aad_buf, octx->aad_buf_len)) +- return -1; +- octx->aad_buf_len = 0; +- } +- /* If decrypting then verify */ +- if (!EVP_CIPHER_CTX_encrypting(ctx)) { +- if (octx->taglen < 0) +- return -1; +- if (CRYPTO_ocb128_finish(&octx->ocb, +- octx->tag, octx->taglen) != 0) +- return -1; +- octx->iv_set = 0; +- return written_len; +- } +- /* If encrypting then just get the tag */ +- if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1) +- return -1; +- /* Don't reuse the IV */ +- octx->iv_set = 0; +- return written_len; +- } +-} +- +-static int aes_ocb_cleanup(EVP_CIPHER_CTX *c) +-{ +- EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c); +- CRYPTO_ocb128_cleanup(&octx->ocb); +- return 1; +-} +- +-BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +-BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +-BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB, +- EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS) +-#endif /* OPENSSL_NO_OCB */ +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c +index 52c7c74..6dfd590 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha1.c +@@ -1,10 +1,50 @@ +-/* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include +@@ -12,14 +52,31 @@ + #include + #include + +-#include +-#include +-#include +-#include +-#include +-#include "modes_lcl.h" +-#include "internal/evp_int.h" +-#include "internal/constant_time_locl.h" ++#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) ++ ++# include ++# include ++# include ++# include ++# include ++# include "modes_lcl.h" ++# include "constant_time_locl.h" ++ ++# ifndef EVP_CIPH_FLAG_AEAD_CIPHER ++# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 ++# define EVP_CTRL_AEAD_TLS1_AAD 0x16 ++# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) ++# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) ++# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 ++# endif ++ ++# define TLS1_1_VERSION 0x0302 + + typedef struct { + AES_KEY ks; +@@ -31,14 +88,15 @@ typedef struct { + } aux; + } EVP_AES_HMAC_SHA1; + +-#define NO_PAYLOAD_LENGTH ((size_t)-1) ++# define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++# if defined(AES_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ +- defined(_M_AMD64) || defined(_M_X64) ) ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) + + extern unsigned int OPENSSL_ia32cap_P[]; +-# define AESNI_CAPABLE (1<<(57-32)) ++# define AESNI_CAPABLE (1<<(57-32)) + + int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +@@ -58,7 +116,7 @@ void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks, + const AES_KEY *key, unsigned char iv[16], + SHA_CTX *ctx, const void *in0); + +-# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) ++# define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) + + static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *inkey, +@@ -68,13 +126,9 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, + int ret; + + if (enc) +- ret = aesni_set_encrypt_key(inkey, +- EVP_CIPHER_CTX_key_length(ctx) * 8, +- &key->ks); ++ ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); + else +- ret = aesni_set_decrypt_key(inkey, +- EVP_CIPHER_CTX_key_length(ctx) * 8, +- &key->ks); ++ ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); + + SHA1_Init(&key->head); /* handy when benchmarking */ + key->tail = key->head; +@@ -85,12 +139,12 @@ static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, + return ret < 0 ? 0 : 1; + } + +-# define STITCHED_CALL +-# undef STITCHED_DECRYPT_CALL ++# define STITCHED_CALL ++# undef STITCHED_DECRYPT_CALL + +-# if !defined(STITCHED_CALL) +-# define aes_off 0 +-# endif ++# if !defined(STITCHED_CALL) ++# define aes_off 0 ++# endif + + void sha1_block_data_order(void *c, const void *p, size_t len); + +@@ -125,12 +179,12 @@ static void sha1_update(SHA_CTX *c, const void *data, size_t len) + SHA1_Update(c, ptr, res); + } + +-# ifdef SHA1_Update +-# undef SHA1_Update +-# endif +-# define SHA1_Update sha1_update ++# ifdef SHA1_Update ++# undef SHA1_Update ++# endif ++# define SHA1_Update sha1_update + +-# if !defined(OPENSSL_NO_MULTIBLOCK) ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + + typedef struct { + unsigned int A[8], B[8], C[8], D[8], E[8]; +@@ -169,9 +223,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + 0; + size_t ret = 0; + u8 *IVs; +-# if defined(BSWAP8) ++# if defined(BSWAP8) + u64 seqnum; +-# endif ++# endif + + /* ask for IVs in bulk */ + if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) +@@ -205,15 +259,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + IVs += 16; + } + +-# if defined(BSWAP8) ++# if defined(BSWAP8) + memcpy(blocks[0].c, key->md.data, 8); + seqnum = BSWAP8(blocks[0].q[0]); +-# endif ++# endif + for (i = 0; i < x4; i++) { + unsigned int len = (i == (x4 - 1) ? last : frag); +-# if !defined(BSWAP8) ++# if !defined(BSWAP8) + unsigned int carry, j; +-# endif ++# endif + + ctx->A[i] = key->md.h0; + ctx->B[i] = key->md.h1; +@@ -222,14 +276,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + ctx->E[i] = key->md.h4; + + /* fix seqnum */ +-# if defined(BSWAP8) ++# if defined(BSWAP8) + blocks[i].q[0] = BSWAP8(seqnum + i); +-# else ++# else + for (carry = i, j = 8; j--;) { + blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; + carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); + } +-# endif ++# endif + blocks[i].c[8] = ((u8 *)key->md.data)[8]; + blocks[i].c[9] = ((u8 *)key->md.data)[9]; + blocks[i].c[10] = ((u8 *)key->md.data)[10]; +@@ -248,10 +302,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + /* hash 13-byte headers and first 64-13 bytes of inputs */ + sha1_multi_block(ctx, edges, n4x); + /* hash bulk inputs */ +-# define MAXCHUNKSIZE 2048 +-# if MAXCHUNKSIZE%64 +-# error "MAXCHUNKSIZE is not divisible by 64" +-# elif MAXCHUNKSIZE ++# define MAXCHUNKSIZE 2048 ++# if MAXCHUNKSIZE%64 ++# error "MAXCHUNKSIZE is not divisible by 64" ++# elif MAXCHUNKSIZE + /* + * goal is to minimize pressure on L1 cache by moving in shorter steps, + * so that hashed data is still in the cache by the time we encrypt it +@@ -280,8 +334,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + minblocks -= MAXCHUNKSIZE / 64; + } while (minblocks > MAXCHUNKSIZE / 64); + } +-# endif +-# undef MAXCHUNKSIZE ++# endif ++# undef MAXCHUNKSIZE + sha1_multi_block(ctx, hash_d, n4x); + + memset(blocks, 0, sizeof(blocks)); +@@ -296,18 +350,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + len += 64 + 13; /* 64 is HMAC header */ + len *= 8; /* convert to bits */ + if (off < (64 - 8)) { +-# ifdef BSWAP4 ++# ifdef BSWAP4 + blocks[i].d[15] = BSWAP4(len); +-# else ++# else + PUTU32(blocks[i].c + 60, len); +-# endif ++# endif + edges[i].blocks = 1; + } else { +-# ifdef BSWAP4 ++# ifdef BSWAP4 + blocks[i].d[31] = BSWAP4(len); +-# else ++# else + PUTU32(blocks[i].c + 124, len); +-# endif ++# endif + edges[i].blocks = 2; + } + edges[i].ptr = blocks[i].c; +@@ -318,7 +372,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + + memset(blocks, 0, sizeof(blocks)); + for (i = 0; i < x4; i++) { +-# ifdef BSWAP4 ++# ifdef BSWAP4 + blocks[i].d[0] = BSWAP4(ctx->A[i]); + ctx->A[i] = key->tail.h0; + blocks[i].d[1] = BSWAP4(ctx->B[i]); +@@ -331,7 +385,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + ctx->E[i] = key->tail.h4; + blocks[i].c[20] = 0x80; + blocks[i].d[15] = BSWAP4((64 + 20) * 8); +-# else ++# else + PUTU32(blocks[i].c + 0, ctx->A[i]); + ctx->A[i] = key->tail.h0; + PUTU32(blocks[i].c + 4, ctx->B[i]); +@@ -344,7 +398,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + ctx->E[i] = key->tail.h4; + blocks[i].c[20] = 0x80; + PUTU32(blocks[i].c + 60, (64 + 20) * 8); +-# endif ++# endif + edges[i].ptr = blocks[i].c; + edges[i].blocks = 1; + } +@@ -397,7 +451,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key, + + return ret; + } +-# endif ++# endif + + static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +@@ -407,18 +461,18 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and + * later */ + sha_off = 0; +-# if defined(STITCHED_CALL) ++# if defined(STITCHED_CALL) + size_t aes_off = 0, blocks; + + sha_off = SHA_CBLOCK - key->md.num; +-# endif ++# endif + + key->payload_length = NO_PAYLOAD_LENGTH; + + if (len % AES_BLOCK_SIZE) + return 0; + +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + if (plen == NO_PAYLOAD_LENGTH) + plen = len; + else if (len != +@@ -428,14 +482,13 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + else if (key->aux.tls_ver >= TLS1_1_VERSION) + iv = AES_BLOCK_SIZE; + +-# if defined(STITCHED_CALL) ++# if defined(STITCHED_CALL) + if (plen > (sha_off + iv) + && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { + SHA1_Update(&key->md, in + iv, sha_off); + + aesni_cbc_sha1_enc(in, out, blocks, &key->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- &key->md, in + iv + sha_off); ++ ctx->iv, &key->md, in + iv + sha_off); + blocks *= SHA_CBLOCK; + aes_off += blocks; + sha_off += blocks; +@@ -446,7 +499,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + } else { + sha_off = 0; + } +-# endif ++# endif + sha_off += iv; + SHA1_Update(&key->md, in + sha_off, plen - sha_off); + +@@ -466,10 +519,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + out[plen] = l; + /* encrypt HMAC|padding at once */ + aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, +- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); ++ &key->ks, ctx->iv, 1); + } else { + aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, +- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); ++ &key->ks, ctx->iv, 1); + } + } else { + union { +@@ -488,10 +541,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + unsigned int u[SHA_LBLOCK]; + unsigned char c[SHA_CBLOCK]; + } *data = (void *)key->md.data; +-# if defined(STITCHED_DECRYPT_CALL) ++# if defined(STITCHED_DECRYPT_CALL) + unsigned char tail_iv[AES_BLOCK_SIZE]; + int stitch = 0; +-# endif ++# endif + + if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3]) + >= TLS1_1_VERSION) { +@@ -499,15 +552,14 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + return 0; + + /* omit explicit iv */ +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE); +- ++ memcpy(ctx->iv, in, AES_BLOCK_SIZE); + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + len -= AES_BLOCK_SIZE; + } else if (len < (SHA_DIGEST_LENGTH + 1)) + return 0; + +-# if defined(STITCHED_DECRYPT_CALL) ++# if defined(STITCHED_DECRYPT_CALL) + if (len >= 1024 && ctx->key_len == 32) { + /* decrypt last block */ + memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE, +@@ -517,10 +569,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + &key->ks, tail_iv, 0); + stitch = 1; + } else +-# endif ++# endif + /* decrypt HMAC|padding at once */ +- aesni_cbc_encrypt(in, out, len, &key->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), 0); ++ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + + /* figure out payload length */ + pad = out[len - 1]; +@@ -542,7 +593,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + key->md = key->head; + SHA1_Update(&key->md, key->aux.tls_aad, plen); + +-# if defined(STITCHED_DECRYPT_CALL) ++# if defined(STITCHED_DECRYPT_CALL) + if (stitch) { + blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK; + aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK; +@@ -563,9 +614,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + key->md.Nl += (blocks << 3); /* at most 18 bits */ + memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE); + } +-# endif ++# endif + +-# if 1 ++# if 1 + len -= SHA_DIGEST_LENGTH; /* amend mac */ + if (len >= (256 + SHA_CBLOCK)) { + j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK); +@@ -578,15 +629,15 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + + /* but pretend as if we hashed padded payload */ + bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ +-# ifdef BSWAP4 ++# ifdef BSWAP4 + bitlen = BSWAP4(bitlen); +-# else ++# else + mac.c[0] = 0; + mac.c[1] = (unsigned char)(bitlen >> 16); + mac.c[2] = (unsigned char)(bitlen >> 8); + mac.c[3] = (unsigned char)bitlen; + bitlen = mac.u[0]; +-# endif ++# endif + + pmac->u[0] = 0; + pmac->u[1] = 0; +@@ -643,13 +694,13 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + pmac->u[3] |= key->md.h3 & mask; + pmac->u[4] |= key->md.h4 & mask; + +-# ifdef BSWAP4 ++# ifdef BSWAP4 + pmac->u[0] = BSWAP4(pmac->u[0]); + pmac->u[1] = BSWAP4(pmac->u[1]); + pmac->u[2] = BSWAP4(pmac->u[2]); + pmac->u[3] = BSWAP4(pmac->u[3]); + pmac->u[4] = BSWAP4(pmac->u[4]); +-# else ++# else + for (i = 0; i < 5; i++) { + res = pmac->u[i]; + pmac->c[4 * i + 0] = (unsigned char)(res >> 24); +@@ -657,9 +708,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + pmac->c[4 * i + 2] = (unsigned char)(res >> 8); + pmac->c[4 * i + 3] = (unsigned char)res; + } +-# endif ++# endif + len += SHA_DIGEST_LENGTH; +-# else ++# else + SHA1_Update(&key->md, out, inp_len); + res = key->md.num; + SHA1_Final(pmac->c, &key->md); +@@ -678,7 +729,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + for (; inp_blocks < pad_blocks; inp_blocks++) + sha1_block_data_order(&key->md, data, 1); + } +-# endif ++# endif + key->md = key->tail; + SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); + SHA1_Final(pmac->c, &key->md); +@@ -686,7 +737,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + /* verify HMAC */ + out += inp_len; + len -= inp_len; +-# if 1 ++# if 1 + { + unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH; + size_t off = out - p; +@@ -708,7 +759,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); + ret &= (int)~res; + } +-# else ++# else + for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) + res |= out[i] ^ pmac->c[i]; + res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); +@@ -722,10 +773,10 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + + res = (0 - res) >> (sizeof(res) * 8 - 1); + ret &= (int)~res; +-# endif ++# endif + return ret; + } else { +-# if defined(STITCHED_DECRYPT_CALL) ++# if defined(STITCHED_DECRYPT_CALL) + if (len >= 1024 && ctx->key_len == 32) { + if (sha_off %= SHA_CBLOCK) + blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK; +@@ -748,10 +799,9 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + if (key->md.Nl < (unsigned int)blocks) + key->md.Nh++; + } else +-# endif ++# endif + /* decrypt HMAC|padding at once */ +- aesni_cbc_encrypt(in, out, len, &key->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), 0); ++ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + + SHA1_Update(&key->md, out, len); + } +@@ -802,10 +852,10 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; +- ++ + len = p[arg - 2] << 8 | p[arg - 1]; + +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + key->payload_length = len; + if ((key->aux.tls_ver = + p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { +@@ -826,7 +876,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + return SHA_DIGEST_LENGTH; + } + } +-# if !defined(OPENSSL_NO_MULTIBLOCK) ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: + return (int)(5 + 16 + ((arg + 20 + 16) & -16)); + case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: +@@ -841,7 +891,7 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + + inp_len = param->inp[11] << 8 | param->inp[12]; + +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) + return -1; + +@@ -889,19 +939,19 @@ static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + param->interleave / 4); + } + case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: +-# endif ++# endif + default: + return -1; + } + } + + static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { +-# ifdef NID_aes_128_cbc_hmac_sha1 ++# ifdef NID_aes_128_cbc_hmac_sha1 + NID_aes_128_cbc_hmac_sha1, +-# else ++# else + NID_undef, +-# endif +- AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, ++# endif ++ 16, 16, 16, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + aesni_cbc_hmac_sha1_init_key, +@@ -915,12 +965,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { + }; + + static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { +-# ifdef NID_aes_256_cbc_hmac_sha1 ++# ifdef NID_aes_256_cbc_hmac_sha1 + NID_aes_256_cbc_hmac_sha1, +-# else ++# else + NID_undef, +-# endif +- AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, ++# endif ++ 16, 32, 16, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + aesni_cbc_hmac_sha1_init_key, +@@ -944,7 +994,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) + return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ? + &aesni_256_cbc_hmac_sha1_cipher : NULL); + } +-#else ++# else + const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void) + { + return NULL; +@@ -954,4 +1004,5 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void) + { + return NULL; + } ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c +index 5a92e0b..46c9d03 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_aes_cbc_hmac_sha256.c +@@ -1,10 +1,50 @@ +-/* +- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include +@@ -12,15 +52,31 @@ + #include + #include + ++#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256) ++ ++# include ++# include ++# include ++# include ++# include ++# include "modes_lcl.h" ++# include "constant_time_locl.h" + +-#include +-#include +-#include +-#include +-#include +-#include "modes_lcl.h" +-#include "internal/constant_time_locl.h" +-#include "internal/evp_int.h" ++# ifndef EVP_CIPH_FLAG_AEAD_CIPHER ++# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 ++# define EVP_CTRL_AEAD_TLS1_AAD 0x16 ++# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_DEFAULT_ASN1) ++# define EVP_CIPH_FLAG_DEFAULT_ASN1 0 ++# endif ++ ++# if !defined(EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) ++# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0 ++# endif ++ ++# define TLS1_1_VERSION 0x0302 + + typedef struct { + AES_KEY ks; +@@ -34,12 +90,13 @@ typedef struct { + + # define NO_PAYLOAD_LENGTH ((size_t)-1) + +-#if defined(AES_ASM) && ( \ ++# if defined(AES_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ +- defined(_M_AMD64) || defined(_M_X64) ) ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) + + extern unsigned int OPENSSL_ia32cap_P[]; +-# define AESNI_CAPABLE (1<<(57-32)) ++# define AESNI_CAPABLE (1<<(57-32)) + + int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +@@ -55,7 +112,7 @@ int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks, + const AES_KEY *key, unsigned char iv[16], + SHA256_CTX *ctx, const void *in0); + +-# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) ++# define data(ctx) ((EVP_AES_HMAC_SHA256 *)(ctx)->cipher_data) + + static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *inkey, +@@ -65,13 +122,10 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, + int ret; + + if (enc) +- ret = aesni_set_encrypt_key(inkey, +- EVP_CIPHER_CTX_key_length(ctx) * 8, +- &key->ks); ++ memset(&key->ks, 0, sizeof(key->ks.rd_key)), ++ ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); + else +- ret = aesni_set_decrypt_key(inkey, +- EVP_CIPHER_CTX_key_length(ctx) * 8, +- &key->ks); ++ ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); + + SHA256_Init(&key->head); /* handy when benchmarking */ + key->tail = key->head; +@@ -82,11 +136,11 @@ static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx, + return ret < 0 ? 0 : 1; + } + +-# define STITCHED_CALL ++# define STITCHED_CALL + +-# if !defined(STITCHED_CALL) +-# define aes_off 0 +-# endif ++# if !defined(STITCHED_CALL) ++# define aes_off 0 ++# endif + + void sha256_block_data_order(void *c, const void *p, size_t len); + +@@ -121,12 +175,12 @@ static void sha256_update(SHA256_CTX *c, const void *data, size_t len) + SHA256_Update(c, ptr, res); + } + +-# ifdef SHA256_Update +-# undef SHA256_Update +-# endif +-# define SHA256_Update sha256_update ++# ifdef SHA256_Update ++# undef SHA256_Update ++# endif ++# define SHA256_Update sha256_update + +-# if !defined(OPENSSL_NO_MULTIBLOCK) ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + + typedef struct { + unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8]; +@@ -165,9 +219,9 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + 0; + size_t ret = 0; + u8 *IVs; +-# if defined(BSWAP8) ++# if defined(BSWAP8) + u64 seqnum; +-# endif ++# endif + + /* ask for IVs in bulk */ + if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0) +@@ -202,15 +256,15 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + IVs += 16; + } + +-# if defined(BSWAP8) ++# if defined(BSWAP8) + memcpy(blocks[0].c, key->md.data, 8); + seqnum = BSWAP8(blocks[0].q[0]); +-# endif ++# endif + for (i = 0; i < x4; i++) { + unsigned int len = (i == (x4 - 1) ? last : frag); +-# if !defined(BSWAP8) ++# if !defined(BSWAP8) + unsigned int carry, j; +-# endif ++# endif + + ctx->A[i] = key->md.h[0]; + ctx->B[i] = key->md.h[1]; +@@ -222,14 +276,14 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + ctx->H[i] = key->md.h[7]; + + /* fix seqnum */ +-# if defined(BSWAP8) ++# if defined(BSWAP8) + blocks[i].q[0] = BSWAP8(seqnum + i); +-# else ++# else + for (carry = i, j = 8; j--;) { + blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry; + carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1); + } +-# endif ++# endif + blocks[i].c[8] = ((u8 *)key->md.data)[8]; + blocks[i].c[9] = ((u8 *)key->md.data)[9]; + blocks[i].c[10] = ((u8 *)key->md.data)[10]; +@@ -248,10 +302,10 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + /* hash 13-byte headers and first 64-13 bytes of inputs */ + sha256_multi_block(ctx, edges, n4x); + /* hash bulk inputs */ +-# define MAXCHUNKSIZE 2048 +-# if MAXCHUNKSIZE%64 +-# error "MAXCHUNKSIZE is not divisible by 64" +-# elif MAXCHUNKSIZE ++# define MAXCHUNKSIZE 2048 ++# if MAXCHUNKSIZE%64 ++# error "MAXCHUNKSIZE is not divisible by 64" ++# elif MAXCHUNKSIZE + /* + * goal is to minimize pressure on L1 cache by moving in shorter steps, + * so that hashed data is still in the cache by the time we encrypt it +@@ -280,8 +334,8 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + minblocks -= MAXCHUNKSIZE / 64; + } while (minblocks > MAXCHUNKSIZE / 64); + } +-# endif +-# undef MAXCHUNKSIZE ++# endif ++# undef MAXCHUNKSIZE + sha256_multi_block(ctx, hash_d, n4x); + + memset(blocks, 0, sizeof(blocks)); +@@ -296,18 +350,18 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + len += 64 + 13; /* 64 is HMAC header */ + len *= 8; /* convert to bits */ + if (off < (64 - 8)) { +-# ifdef BSWAP4 ++# ifdef BSWAP4 + blocks[i].d[15] = BSWAP4(len); +-# else ++# else + PUTU32(blocks[i].c + 60, len); +-# endif ++# endif + edges[i].blocks = 1; + } else { +-# ifdef BSWAP4 ++# ifdef BSWAP4 + blocks[i].d[31] = BSWAP4(len); +-# else ++# else + PUTU32(blocks[i].c + 124, len); +-# endif ++# endif + edges[i].blocks = 2; + } + edges[i].ptr = blocks[i].c; +@@ -318,7 +372,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + + memset(blocks, 0, sizeof(blocks)); + for (i = 0; i < x4; i++) { +-# ifdef BSWAP4 ++# ifdef BSWAP4 + blocks[i].d[0] = BSWAP4(ctx->A[i]); + ctx->A[i] = key->tail.h[0]; + blocks[i].d[1] = BSWAP4(ctx->B[i]); +@@ -337,7 +391,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + ctx->H[i] = key->tail.h[7]; + blocks[i].c[32] = 0x80; + blocks[i].d[15] = BSWAP4((64 + 32) * 8); +-# else ++# else + PUTU32(blocks[i].c + 0, ctx->A[i]); + ctx->A[i] = key->tail.h[0]; + PUTU32(blocks[i].c + 4, ctx->B[i]); +@@ -356,7 +410,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + ctx->H[i] = key->tail.h[7]; + blocks[i].c[32] = 0x80; + PUTU32(blocks[i].c + 60, (64 + 32) * 8); +-# endif ++# endif + edges[i].ptr = blocks[i].c; + edges[i].blocks = 1; + } +@@ -412,7 +466,7 @@ static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key, + + return ret; + } +-# endif ++# endif + + static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + unsigned char *out, +@@ -423,18 +477,18 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and + * later */ + sha_off = 0; +-# if defined(STITCHED_CALL) ++# if defined(STITCHED_CALL) + size_t aes_off = 0, blocks; + + sha_off = SHA256_CBLOCK - key->md.num; +-# endif ++# endif + + key->payload_length = NO_PAYLOAD_LENGTH; + + if (len % AES_BLOCK_SIZE) + return 0; + +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + if (plen == NO_PAYLOAD_LENGTH) + plen = len; + else if (len != +@@ -444,7 +498,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + else if (key->aux.tls_ver >= TLS1_1_VERSION) + iv = AES_BLOCK_SIZE; + +-# if defined(STITCHED_CALL) ++# if defined(STITCHED_CALL) + /* + * Assembly stitch handles AVX-capable processors, but its + * performance is not optimal on AMD Jaguar, ~40% worse, for +@@ -462,8 +516,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + SHA256_Update(&key->md, in + iv, sha_off); + + (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- &key->md, in + iv + sha_off); ++ ctx->iv, &key->md, in + iv + sha_off); + blocks *= SHA256_CBLOCK; + aes_off += blocks; + sha_off += blocks; +@@ -474,7 +527,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + } else { + sha_off = 0; + } +-# endif ++# endif + sha_off += iv; + SHA256_Update(&key->md, in + sha_off, plen - sha_off); + +@@ -494,10 +547,10 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + out[plen] = l; + /* encrypt HMAC|padding at once */ + aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off, +- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); ++ &key->ks, ctx->iv, 1); + } else { + aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off, +- &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1); ++ &key->ks, ctx->iv, 1); + } + } else { + union { +@@ -509,8 +562,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64)); + + /* decrypt HMAC|padding at once */ +- aesni_cbc_encrypt(in, out, len, &key->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), 0); ++ aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + + if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ + size_t inp_len, mask, j, i; +@@ -552,7 +604,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + key->md = key->head; + SHA256_Update(&key->md, key->aux.tls_aad, plen); + +-# if 1 ++# if 1 + len -= SHA256_DIGEST_LENGTH; /* amend mac */ + if (len >= (256 + SHA256_CBLOCK)) { + j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK); +@@ -565,15 +617,15 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + + /* but pretend as if we hashed padded payload */ + bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ +-# ifdef BSWAP4 ++# ifdef BSWAP4 + bitlen = BSWAP4(bitlen); +-# else ++# else + mac.c[0] = 0; + mac.c[1] = (unsigned char)(bitlen >> 16); + mac.c[2] = (unsigned char)(bitlen >> 8); + mac.c[3] = (unsigned char)bitlen; + bitlen = mac.u[0]; +-# endif ++# endif + + pmac->u[0] = 0; + pmac->u[1] = 0; +@@ -642,7 +694,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + pmac->u[6] |= key->md.h[6] & mask; + pmac->u[7] |= key->md.h[7] & mask; + +-# ifdef BSWAP4 ++# ifdef BSWAP4 + pmac->u[0] = BSWAP4(pmac->u[0]); + pmac->u[1] = BSWAP4(pmac->u[1]); + pmac->u[2] = BSWAP4(pmac->u[2]); +@@ -651,7 +703,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + pmac->u[5] = BSWAP4(pmac->u[5]); + pmac->u[6] = BSWAP4(pmac->u[6]); + pmac->u[7] = BSWAP4(pmac->u[7]); +-# else ++# else + for (i = 0; i < 8; i++) { + res = pmac->u[i]; + pmac->c[4 * i + 0] = (unsigned char)(res >> 24); +@@ -659,9 +711,9 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + pmac->c[4 * i + 2] = (unsigned char)(res >> 8); + pmac->c[4 * i + 3] = (unsigned char)res; + } +-# endif ++# endif + len += SHA256_DIGEST_LENGTH; +-# else ++# else + SHA256_Update(&key->md, out, inp_len); + res = key->md.num; + SHA256_Final(pmac->c, &key->md); +@@ -680,7 +732,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + for (; inp_blocks < pad_blocks; inp_blocks++) + sha1_block_data_order(&key->md, data, 1); + } +-# endif ++# endif + key->md = key->tail; + SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH); + SHA256_Final(pmac->c, &key->md); +@@ -688,7 +740,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + /* verify HMAC */ + out += inp_len; + len -= inp_len; +-# if 1 ++# if 1 + { + unsigned char *p = + out + len - 1 - maxpad - SHA256_DIGEST_LENGTH; +@@ -711,7 +763,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); + ret &= (int)~res; + } +-# else ++# else + for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++) + res |= out[i] ^ pmac->c[i]; + res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); +@@ -725,7 +777,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx, + + res = (0 - res) >> (sizeof(res) * 8 - 1); + ret &= (int)~res; +-# endif ++# endif + return ret; + } else { + SHA256_Update(&key->md, out, len); +@@ -739,7 +791,6 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr) + { + EVP_AES_HMAC_SHA256 *key = data(ctx); +- unsigned int u_arg = (unsigned int)arg; + + switch (type) { + case EVP_CTRL_AEAD_SET_MAC_KEY: +@@ -749,10 +800,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + + memset(hmac_key, 0, sizeof(hmac_key)); + +- if (arg < 0) +- return -1; +- +- if (u_arg > sizeof(hmac_key)) { ++ if (arg > (int)sizeof(hmac_key)) { + SHA256_Init(&key->head); + SHA256_Update(&key->head, ptr, arg); + SHA256_Final(hmac_key, &key->head); +@@ -782,7 +830,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + if (arg != EVP_AEAD_TLS1_AAD_LEN) + return -1; + +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + key->payload_length = len; + if ((key->aux.tls_ver = + p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) { +@@ -803,7 +851,7 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + return SHA256_DIGEST_LENGTH; + } + } +-# if !defined(OPENSSL_NO_MULTIBLOCK) ++# if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK + case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE: + return (int)(5 + 16 + ((arg + 32 + 16) & -16)); + case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD: +@@ -813,15 +861,12 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + unsigned int n4x = 1, x4; + unsigned int frag, last, packlen, inp_len; + +- if (arg < 0) +- return -1; +- +- if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) ++ if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM)) + return -1; + + inp_len = param->inp[11] << 8 | param->inp[12]; + +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION) + return -1; + +@@ -869,19 +914,19 @@ static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + param->interleave / 4); + } + case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT: +-# endif ++# endif + default: + return -1; + } + } + + static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { +-# ifdef NID_aes_128_cbc_hmac_sha256 ++# ifdef NID_aes_128_cbc_hmac_sha256 + NID_aes_128_cbc_hmac_sha256, +-# else ++# else + NID_undef, +-# endif +- AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE, ++# endif ++ 16, 16, 16, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + aesni_cbc_hmac_sha256_init_key, +@@ -895,12 +940,12 @@ static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = { + }; + + static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = { +-# ifdef NID_aes_256_cbc_hmac_sha256 ++# ifdef NID_aes_256_cbc_hmac_sha256 + NID_aes_256_cbc_hmac_sha256, +-# else ++# else + NID_undef, +-# endif +- AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE, ++# endif ++ 16, 32, 16, + EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | + EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK, + aesni_cbc_hmac_sha256_init_key, +@@ -926,7 +971,7 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) + aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ? + &aesni_256_cbc_hmac_sha256_cipher : NULL); + } +-#else ++# else + const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void) + { + return NULL; +@@ -936,4 +981,5 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void) + { + return NULL; + } ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c +index dc38690..d6a0178 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_bf.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_bf.c +@@ -1,17 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_bf.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #ifndef OPENSSL_NO_BF + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include + # include + +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c +index b50fa0b..f273f9c 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_camellia.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_camellia.c +@@ -1,23 +1,66 @@ +-/* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_camellia.c */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#ifdef OPENSSL_NO_CAMELLIA +-NON_EMPTY_TRANSLATION_UNIT +-#else +- ++#ifndef OPENSSL_NO_CAMELLIA + # include + # include + # include + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include "modes_lcl.h" + + static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +@@ -76,11 +119,10 @@ static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + int ret, mode, bits; +- EVP_CAMELLIA_KEY *dat = +- (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + +- mode = EVP_CIPHER_CTX_mode(ctx); +- bits = EVP_CIPHER_CTX_key_length(ctx) * 8; ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; ++ bits = ctx->key_len * 8; + + cmll_t4_set_key(key, bits, &dat->ks); + +@@ -206,23 +248,24 @@ const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ +- BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ +- BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) +- ++ BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) ++# if 0 /* not yet, missing NID */ ++BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags) ++# endif + /* The subkey for Camellia is generated. */ + static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + int ret, mode; +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + +- ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks); ++ ret = Camellia_set_key(key, ctx->key_len * 8, &dat->ks); + if (ret < 0) { + EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED); + return 0; + } + +- mode = EVP_CIPHER_CTX_mode(ctx); ++ mode = ctx->cipher->flags & EVP_CIPH_MODE; + if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) + && !enc) { + dat->block = (block128_f) Camellia_decrypt; +@@ -240,18 +283,14 @@ static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + + if (dat->stream.cbc) +- (*dat->stream.cbc) (in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); +- else if (EVP_CIPHER_CTX_encrypting(ctx)) +- CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); ++ (*dat->stream.cbc) (in, out, len, &dat->ks, ctx->iv, ctx->encrypt); ++ else if (ctx->encrypt) ++ CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + else +- CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), dat->block); ++ CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, dat->block); + + return 1; + } +@@ -259,9 +298,9 @@ static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- size_t bl = EVP_CIPHER_CTX_block_size(ctx); ++ size_t bl = ctx->cipher->block_size; + size_t i; +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + + if (len < bl) + return 1; +@@ -275,90 +314,81 @@ static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, dat->block); + return 1; + } + + static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + return 1; + } + + static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + return 1; + } + + static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + +- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) { +- int num = EVP_CIPHER_CTX_num(ctx); ++ if (ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) { + CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + return 1; + } + + while (len >= MAXBITCHUNK) { +- int num = EVP_CIPHER_CTX_num(ctx); + CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + len -= MAXBITCHUNK; +- EVP_CIPHER_CTX_set_num(ctx, num); + } +- if (len) { +- int num = EVP_CIPHER_CTX_num(ctx); ++ if (len) + CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); +- } ++ ctx->iv, &ctx->num, ctx->encrypt, dat->block); + + return 1; + } + ++# if 0 /* not yet, missing NID */ + static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) + { +- unsigned int num = EVP_CIPHER_CTX_num(ctx); +- EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx); ++ unsigned int num = ctx->num; ++ EVP_CAMELLIA_KEY *dat = (EVP_CAMELLIA_KEY *) ctx->cipher_data; + + if (dat->stream.ctr) + CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_buf_noconst(ctx), &num, +- dat->stream.ctr); ++ ctx->iv, ctx->buf, &num, dat->stream.ctr); + else + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, +- EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_buf_noconst(ctx), &num, +- dat->block); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ ctx->iv, ctx->buf, &num, dat->block); ++ ctx->num = (size_t)num; + return 1; + } ++# endif + + BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0) + BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0) + BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0) ++#else ++ ++# ifdef PEDANTIC ++static void *dummy = &dummy; ++# endif ++ + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c +index 259d440..3f74548 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_cast.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_cast.c +@@ -1,19 +1,68 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_cast.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_CAST + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include + + static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c b/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c +deleted file mode 100644 +index 7fd4f8d..0000000 +--- a/Cryptlib/OpenSSL/crypto/evp/e_chacha20_poly1305.c ++++ /dev/null +@@ -1,454 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +- +-#ifndef OPENSSL_NO_CHACHA +- +-# include +-# include +-# include "evp_locl.h" +-# include "internal/evp_int.h" +-# include "internal/chacha.h" +- +-typedef struct { +- union { +- double align; /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */ +- unsigned int d[CHACHA_KEY_SIZE / 4]; +- } key; +- unsigned int counter[CHACHA_CTR_SIZE / 4]; +- unsigned char buf[CHACHA_BLK_SIZE]; +- unsigned int partial_len; +-} EVP_CHACHA_KEY; +- +-#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) +- +-static int chacha_init_key(EVP_CIPHER_CTX *ctx, +- const unsigned char user_key[CHACHA_KEY_SIZE], +- const unsigned char iv[CHACHA_CTR_SIZE], int enc) +-{ +- EVP_CHACHA_KEY *key = data(ctx); +- unsigned int i; +- +- if (user_key) +- for (i = 0; i < CHACHA_KEY_SIZE; i+=4) { +- key->key.d[i/4] = CHACHA_U8TOU32(user_key+i); +- } +- +- if (iv) +- for (i = 0; i < CHACHA_CTR_SIZE; i+=4) { +- key->counter[i/4] = CHACHA_U8TOU32(iv+i); +- } +- +- key->partial_len = 0; +- +- return 1; +-} +- +-static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out, +- const unsigned char *inp, size_t len) +-{ +- EVP_CHACHA_KEY *key = data(ctx); +- unsigned int n, rem, ctr32; +- +- if ((n = key->partial_len)) { +- while (len && n < CHACHA_BLK_SIZE) { +- *out++ = *inp++ ^ key->buf[n++]; +- len--; +- } +- key->partial_len = n; +- +- if (len == 0) +- return 1; +- +- if (n == CHACHA_BLK_SIZE) { +- key->partial_len = 0; +- key->counter[0]++; +- if (key->counter[0] == 0) +- key->counter[1]++; +- } +- } +- +- rem = (unsigned int)(len % CHACHA_BLK_SIZE); +- len -= rem; +- ctr32 = key->counter[0]; +- while (len >= CHACHA_BLK_SIZE) { +- size_t blocks = len / CHACHA_BLK_SIZE; +- /* +- * 1<<28 is just a not-so-small yet not-so-large number... +- * Below condition is practically never met, but it has to +- * be checked for code correctness. +- */ +- if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) +- blocks = (1U<<28); +- +- /* +- * As ChaCha20_ctr32 operates on 32-bit counter, caller +- * has to handle overflow. 'if' below detects the +- * overflow, which is then handled by limiting the +- * amount of blocks to the exact overflow point... +- */ +- ctr32 += (unsigned int)blocks; +- if (ctr32 < blocks) { +- blocks -= ctr32; +- ctr32 = 0; +- } +- blocks *= CHACHA_BLK_SIZE; +- ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter); +- len -= blocks; +- inp += blocks; +- out += blocks; +- +- key->counter[0] = ctr32; +- if (ctr32 == 0) key->counter[1]++; +- } +- +- if (rem) { +- memset(key->buf, 0, sizeof(key->buf)); +- ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE, +- key->key.d, key->counter); +- for (n = 0; n < rem; n++) +- out[n] = inp[n] ^ key->buf[n]; +- key->partial_len = rem; +- } +- +- return 1; +-} +- +-static const EVP_CIPHER chacha20 = { +- NID_chacha20, +- 1, /* block_size */ +- CHACHA_KEY_SIZE, /* key_len */ +- CHACHA_CTR_SIZE, /* iv_len, 128-bit counter in the context */ +- EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT, +- chacha_init_key, +- chacha_cipher, +- NULL, +- sizeof(EVP_CHACHA_KEY), +- NULL, +- NULL, +- NULL, +- NULL +-}; +- +-const EVP_CIPHER *EVP_chacha20(void) +-{ +- return (&chacha20); +-} +- +-# ifndef OPENSSL_NO_POLY1305 +-# include "internal/poly1305.h" +- +-typedef struct { +- EVP_CHACHA_KEY key; +- unsigned int nonce[12/4]; +- unsigned char tag[POLY1305_BLOCK_SIZE]; +- struct { uint64_t aad, text; } len; +- int aad, mac_inited, tag_len, nonce_len; +- size_t tls_payload_length; +-} EVP_CHACHA_AEAD_CTX; +- +-# define NO_TLS_PAYLOAD_LENGTH ((size_t)-1) +-# define aead_data(ctx) ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data) +-# define POLY1305_ctx(actx) ((POLY1305 *)(actx + 1)) +- +-static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, +- const unsigned char *inkey, +- const unsigned char *iv, int enc) +-{ +- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); +- +- if (!inkey && !iv) +- return 1; +- +- actx->len.aad = 0; +- actx->len.text = 0; +- actx->aad = 0; +- actx->mac_inited = 0; +- actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; +- +- if (iv != NULL) { +- unsigned char temp[CHACHA_CTR_SIZE] = { 0 }; +- +- /* pad on the left */ +- if (actx->nonce_len <= CHACHA_CTR_SIZE) +- memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv, actx->nonce_len); +- +- chacha_init_key(ctx, inkey, temp, enc); +- +- actx->nonce[0] = actx->key.counter[1]; +- actx->nonce[1] = actx->key.counter[2]; +- actx->nonce[2] = actx->key.counter[3]; +- } else { +- chacha_init_key(ctx, inkey, NULL, enc); +- } +- +- return 1; +-} +- +-static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t len) +-{ +- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); +- size_t rem, plen = actx->tls_payload_length; +- static const unsigned char zero[POLY1305_BLOCK_SIZE] = { 0 }; +- +- if (!actx->mac_inited) { +- actx->key.counter[0] = 0; +- memset(actx->key.buf, 0, sizeof(actx->key.buf)); +- ChaCha20_ctr32(actx->key.buf, actx->key.buf, CHACHA_BLK_SIZE, +- actx->key.key.d, actx->key.counter); +- Poly1305_Init(POLY1305_ctx(actx), actx->key.buf); +- actx->key.counter[0] = 1; +- actx->key.partial_len = 0; +- actx->len.aad = actx->len.text = 0; +- actx->mac_inited = 1; +- } +- +- if (in) { /* aad or text */ +- if (out == NULL) { /* aad */ +- Poly1305_Update(POLY1305_ctx(actx), in, len); +- actx->len.aad += len; +- actx->aad = 1; +- return len; +- } else { /* plain- or ciphertext */ +- if (actx->aad) { /* wrap up aad */ +- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) +- Poly1305_Update(POLY1305_ctx(actx), zero, +- POLY1305_BLOCK_SIZE - rem); +- actx->aad = 0; +- } +- +- actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; +- if (plen == NO_TLS_PAYLOAD_LENGTH) +- plen = len; +- else if (len != plen + POLY1305_BLOCK_SIZE) +- return -1; +- +- if (ctx->encrypt) { /* plaintext */ +- chacha_cipher(ctx, out, in, plen); +- Poly1305_Update(POLY1305_ctx(actx), out, plen); +- in += plen; +- out += plen; +- actx->len.text += plen; +- } else { /* ciphertext */ +- Poly1305_Update(POLY1305_ctx(actx), in, plen); +- chacha_cipher(ctx, out, in, plen); +- in += plen; +- out += plen; +- actx->len.text += plen; +- } +- } +- } +- if (in == NULL /* explicit final */ +- || plen != len) { /* or tls mode */ +- const union { +- long one; +- char little; +- } is_endian = { 1 }; +- unsigned char temp[POLY1305_BLOCK_SIZE]; +- +- if (actx->aad) { /* wrap up aad */ +- if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE)) +- Poly1305_Update(POLY1305_ctx(actx), zero, +- POLY1305_BLOCK_SIZE - rem); +- actx->aad = 0; +- } +- +- if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE)) +- Poly1305_Update(POLY1305_ctx(actx), zero, +- POLY1305_BLOCK_SIZE - rem); +- +- if (is_endian.little) { +- Poly1305_Update(POLY1305_ctx(actx), +- (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE); +- } else { +- temp[0] = (unsigned char)(actx->len.aad); +- temp[1] = (unsigned char)(actx->len.aad>>8); +- temp[2] = (unsigned char)(actx->len.aad>>16); +- temp[3] = (unsigned char)(actx->len.aad>>24); +- temp[4] = (unsigned char)(actx->len.aad>>32); +- temp[5] = (unsigned char)(actx->len.aad>>40); +- temp[6] = (unsigned char)(actx->len.aad>>48); +- temp[7] = (unsigned char)(actx->len.aad>>56); +- +- temp[8] = (unsigned char)(actx->len.text); +- temp[9] = (unsigned char)(actx->len.text>>8); +- temp[10] = (unsigned char)(actx->len.text>>16); +- temp[11] = (unsigned char)(actx->len.text>>24); +- temp[12] = (unsigned char)(actx->len.text>>32); +- temp[13] = (unsigned char)(actx->len.text>>40); +- temp[14] = (unsigned char)(actx->len.text>>48); +- temp[15] = (unsigned char)(actx->len.text>>56); +- +- Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE); +- } +- Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag +- : temp); +- actx->mac_inited = 0; +- +- if (in != NULL && len != plen) { /* tls mode */ +- if (ctx->encrypt) { +- memcpy(out, actx->tag, POLY1305_BLOCK_SIZE); +- } else { +- if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) { +- memset(out - plen, 0, plen); +- return -1; +- } +- } +- } +- else if (!ctx->encrypt) { +- if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len)) +- return -1; +- } +- } +- return len; +-} +- +-static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx) +-{ +- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); +- if (actx) +- OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size()); +- return 1; +-} +- +-static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, +- void *ptr) +-{ +- EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); +- +- switch(type) { +- case EVP_CTRL_INIT: +- if (actx == NULL) +- actx = ctx->cipher_data +- = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size()); +- if (actx == NULL) { +- EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } +- actx->len.aad = 0; +- actx->len.text = 0; +- actx->aad = 0; +- actx->mac_inited = 0; +- actx->tag_len = 0; +- actx->nonce_len = 12; +- actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; +- return 1; +- +- case EVP_CTRL_COPY: +- if (actx) { +- EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr; +- +- dst->cipher_data = +- OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size()); +- if (dst->cipher_data == NULL) { +- EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR); +- return 0; +- } +- } +- return 1; +- +- case EVP_CTRL_AEAD_SET_IVLEN: +- if (arg <= 0 || arg > CHACHA_CTR_SIZE) +- return 0; +- actx->nonce_len = arg; +- return 1; +- +- case EVP_CTRL_AEAD_SET_IV_FIXED: +- if (arg != 12) +- return 0; +- actx->nonce[0] = actx->key.counter[1] +- = CHACHA_U8TOU32((unsigned char *)ptr); +- actx->nonce[1] = actx->key.counter[2] +- = CHACHA_U8TOU32((unsigned char *)ptr+4); +- actx->nonce[2] = actx->key.counter[3] +- = CHACHA_U8TOU32((unsigned char *)ptr+8); +- return 1; +- +- case EVP_CTRL_AEAD_SET_TAG: +- if (arg <= 0 || arg > POLY1305_BLOCK_SIZE) +- return 0; +- if (ptr != NULL) { +- memcpy(actx->tag, ptr, arg); +- actx->tag_len = arg; +- } +- return 1; +- +- case EVP_CTRL_AEAD_GET_TAG: +- if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt) +- return 0; +- memcpy(ptr, actx->tag, arg); +- return 1; +- +- case EVP_CTRL_AEAD_TLS1_AAD: +- if (arg != EVP_AEAD_TLS1_AAD_LEN) +- return 0; +- { +- unsigned int len; +- unsigned char *aad = ptr, temp[POLY1305_BLOCK_SIZE]; +- +- len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 | +- aad[EVP_AEAD_TLS1_AAD_LEN - 1]; +- if (!ctx->encrypt) { +- if (len < POLY1305_BLOCK_SIZE) +- return 0; +- len -= POLY1305_BLOCK_SIZE; /* discount attached tag */ +- memcpy(temp, aad, EVP_AEAD_TLS1_AAD_LEN - 2); +- aad = temp; +- temp[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8); +- temp[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len; +- } +- actx->tls_payload_length = len; +- +- /* +- * merge record sequence number as per RFC7905 +- */ +- actx->key.counter[1] = actx->nonce[0]; +- actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad); +- actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4); +- actx->mac_inited = 0; +- chacha20_poly1305_cipher(ctx, NULL, aad, EVP_AEAD_TLS1_AAD_LEN); +- return POLY1305_BLOCK_SIZE; /* tag length */ +- } +- +- case EVP_CTRL_AEAD_SET_MAC_KEY: +- /* no-op */ +- return 1; +- +- default: +- return -1; +- } +-} +- +-static EVP_CIPHER chacha20_poly1305 = { +- NID_chacha20_poly1305, +- 1, /* block_size */ +- CHACHA_KEY_SIZE, /* key_len */ +- 12, /* iv_len, 96-bit nonce in the context */ +- EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV | +- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | +- EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER, +- chacha20_poly1305_init_key, +- chacha20_poly1305_cipher, +- chacha20_poly1305_cleanup, +- 0, /* 0 moves context-specific structure allocation to ctrl */ +- NULL, /* set_asn1_parameters */ +- NULL, /* get_asn1_parameters */ +- chacha20_poly1305_ctrl, +- NULL /* app_data */ +-}; +- +-const EVP_CIPHER *EVP_chacha20_poly1305(void) +-{ +- return(&chacha20_poly1305); +-} +-# endif +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c +index 9b2facf..8ca65cd 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_des.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c +@@ -1,18 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_des.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #ifndef OPENSSL_NO_DES + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include + # include + +@@ -57,8 +106,7 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + { + BLOCK_CIPHER_ecb_loop() + DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ ctx->cipher_data, ctx->encrypt); + return 1; + } + +@@ -66,49 +114,37 @@ static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + while (inl >= EVP_MAXCHUNK) { +- int num = EVP_CIPHER_CTX_num(ctx); +- DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } +- if (inl) { +- int num = EVP_CIPHER_CTX_num(ctx); +- DES_ofb64_encrypt(in, out, (long)inl, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num); +- EVP_CIPHER_CTX_set_num(ctx, num); +- } ++ if (inl) ++ DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num); + return 1; + } + + static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { +- EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); ++ EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; + + if (dat->stream.cbc != NULL) { +- (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, +- EVP_CIPHER_CTX_iv_noconst(ctx)); ++ (*dat->stream.cbc) (in, out, inl, &dat->ks.ks, ctx->iv); + return 1; + } + while (inl >= EVP_MAXCHUNK) { +- DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) +- DES_ncbc_encrypt(in, out, (long)inl, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; + } + +@@ -116,24 +152,15 @@ static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + while (inl >= EVP_MAXCHUNK) { +- int num = EVP_CIPHER_CTX_num(ctx); +- DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num, +- EVP_CIPHER_CTX_encrypting(ctx)); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } +- if (inl) { +- int num = EVP_CIPHER_CTX_num(ctx); +- DES_cfb64_encrypt(in, out, (long)inl, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num, +- EVP_CIPHER_CTX_encrypting(ctx)); +- EVP_CIPHER_CTX_set_num(ctx, num); +- } ++ if (inl) ++ DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + return 1; + } + +@@ -153,9 +180,8 @@ static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + while (inl && inl >= chunk) { + for (n = 0; n < chunk * 8; ++n) { + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; +- DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + out[n / 8] = + (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | + ((d[0] & 0x80) >> (unsigned int)(n % 8)); +@@ -174,19 +200,15 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + while (inl >= EVP_MAXCHUNK) { +- DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) +- DES_cfb_encrypt(in, out, 8, (long)inl, +- EVP_CIPHER_CTX_get_cipher_data(ctx), +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; + } + +@@ -206,12 +228,12 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { + DES_cblock *deskey = (DES_cblock *)key; +- EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx); ++ EVP_DES_KEY *dat = (EVP_DES_KEY *) ctx->cipher_data; + + dat->stream.cbc = NULL; + # if defined(SPARC_DES_CAPABLE) + if (SPARC_DES_CAPABLE) { +- int mode = EVP_CIPHER_CTX_mode(ctx); ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; + + if (mode == EVP_CIPH_CBC_MODE) { + des_t4_key_expand(key, &dat->ks.ks); +@@ -220,7 +242,12 @@ static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + } + # endif +- DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx)); ++# ifdef EVP_CHECK_DES_KEY ++ if (DES_set_key_checked(deskey, dat->ks.ks) != 0) ++ return 0; ++# else ++ DES_set_key_unchecked(deskey, ctx->cipher_data); ++# endif + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +index da77936..0e910d6 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c +@@ -1,21 +1,73 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_des3.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #ifndef OPENSSL_NO_DES + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include + # include +-# include "evp_locl.h" ++ ++/* Block use of implementations in FIPS mode */ ++# undef EVP_CIPH_FLAG_FIPS ++# define EVP_CIPH_FLAG_FIPS 0 + + typedef struct { + union { +@@ -55,7 +107,7 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + + static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); + +-# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx) ++# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) + + /* + * Because of various casts and different args can't use +@@ -69,7 +121,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + DES_ecb3_encrypt((const_DES_cblock *)(in + i), + (DES_cblock *)(out + i), + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx)); ++ &data(ctx)->ks3, ctx->encrypt); + return 1; + } + +@@ -77,26 +129,20 @@ static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + while (inl >= EVP_MAXCHUNK) { +- int num = EVP_CIPHER_CTX_num(ctx); + DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- &num); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } +- if (inl) { +- int num = EVP_CIPHER_CTX_num(ctx); ++ if (inl) + DES_ede3_ofb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- &num); +- EVP_CIPHER_CTX_set_num(ctx, num); +- } ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num); ++ + return 1; + } + +@@ -105,17 +151,26 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + { + DES_EDE_KEY *dat = data(ctx); + +- if (dat->stream.cbc != NULL) { +- (*dat->stream.cbc) (in, out, inl, dat->ks.ks, +- EVP_CIPHER_CTX_iv_noconst(ctx)); ++# ifdef KSSL_DEBUG ++ { ++ int i; ++ fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, ++ ctx->buf_len); ++ fprintf(stderr, "\t iv= "); ++ for (i = 0; i < 8; i++) ++ fprintf(stderr, "%02X", ctx->iv[i]); ++ fprintf(stderr, "\n"); ++ } ++# endif /* KSSL_DEBUG */ ++ if (dat->stream.cbc) { ++ (*dat->stream.cbc) (in, out, inl, dat->ks.ks, ctx->iv); + return 1; + } + + while (inl >= EVP_MAXCHUNK) { + DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, + &dat->ks1, &dat->ks2, &dat->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; +@@ -123,8 +178,7 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + if (inl) + DES_ede3_cbc_encrypt(in, out, (long)inl, + &dat->ks1, &dat->ks2, &dat->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; + } + +@@ -132,26 +186,19 @@ static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + while (inl >= EVP_MAXCHUNK) { +- int num = EVP_CIPHER_CTX_num(ctx); + DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- &num, EVP_CIPHER_CTX_encrypting(ctx)); +- EVP_CIPHER_CTX_set_num(ctx, num); ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } +- if (inl) { +- int num = EVP_CIPHER_CTX_num(ctx); ++ if (inl) + DES_ede3_cfb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- &num, EVP_CIPHER_CTX_encrypting(ctx)); +- EVP_CIPHER_CTX_set_num(ctx, num); +- } ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ &ctx->num, ctx->encrypt); + return 1; + } + +@@ -165,15 +212,12 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + size_t n; + unsigned char c[1], d[1]; + +- if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) +- inl *= 8; + for (n = 0; n < inl; ++n) { + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c, d, 1, 1, + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ ctx->encrypt); + out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) + | ((d[0] & 0x80) >> (unsigned int)(n % 8)); + } +@@ -187,9 +231,8 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + while (inl >= EVP_MAXCHUNK) { + DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; +@@ -197,9 +240,8 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + if (inl) + DES_ede3_cfb_encrypt(in, out, 8, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, +- &data(ctx)->ks3, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- EVP_CIPHER_CTX_encrypting(ctx)); ++ &data(ctx)->ks3, (DES_cblock *)ctx->iv, ++ ctx->encrypt); + return 1; + } + +@@ -211,16 +253,19 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, + # define des_ede3_cbc_cipher des_ede_cbc_cipher + # define des_ede3_ecb_cipher des_ede_ecb_cipher + BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL, ++ des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + + BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, +- EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1, +- des_ede3_init_key, NULL, NULL, NULL, des3_ctrl) ++ EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS | ++ EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, ++ NULL, des3_ctrl) + + static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +@@ -231,7 +276,7 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + dat->stream.cbc = NULL; + # if defined(SPARC_DES_CAPABLE) + if (SPARC_DES_CAPABLE) { +- int mode = EVP_CIPHER_CTX_mode(ctx); ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; + + if (mode == EVP_CIPH_CBC_MODE) { + des_t4_key_expand(&deskey[0], &dat->ks1); +@@ -243,8 +288,14 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + } + # endif ++# ifdef EVP_CHECK_DES_KEY ++ if (DES_set_key_checked(&deskey[0], &dat->ks1) ++ || DES_set_key_checked(&deskey[1], &dat->ks2)) ++ return 0; ++# else + DES_set_key_unchecked(&deskey[0], &dat->ks1); + DES_set_key_unchecked(&deskey[1], &dat->ks2); ++# endif + memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1)); + return 1; + } +@@ -255,10 +306,27 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + DES_cblock *deskey = (DES_cblock *)key; + DES_EDE_KEY *dat = data(ctx); + ++# ifdef KSSL_DEBUG ++ { ++ int i; ++ fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx); ++ fprintf(stderr, "\tKEY= "); ++ for (i = 0; i < 24; i++) ++ fprintf(stderr, "%02X", key[i]); ++ fprintf(stderr, "\n"); ++ if (iv) { ++ fprintf(stderr, "\t IV= "); ++ for (i = 0; i < 8; i++) ++ fprintf(stderr, "%02X", iv[i]); ++ fprintf(stderr, "\n"); ++ } ++ } ++# endif /* KSSL_DEBUG */ ++ + dat->stream.cbc = NULL; + # if defined(SPARC_DES_CAPABLE) + if (SPARC_DES_CAPABLE) { +- int mode = EVP_CIPHER_CTX_mode(ctx); ++ int mode = ctx->cipher->flags & EVP_CIPH_MODE; + + if (mode == EVP_CIPH_CBC_MODE) { + des_t4_key_expand(&deskey[0], &dat->ks1); +@@ -270,25 +338,32 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + } + } + # endif ++# ifdef EVP_CHECK_DES_KEY ++ if (DES_set_key_checked(&deskey[0], &dat->ks1) ++ || DES_set_key_checked(&deskey[1], &dat->ks2) ++ || DES_set_key_checked(&deskey[2], &dat->ks3)) ++ return 0; ++# else + DES_set_key_unchecked(&deskey[0], &dat->ks1); + DES_set_key_unchecked(&deskey[1], &dat->ks2); + DES_set_key_unchecked(&deskey[2], &dat->ks3); ++# endif + return 1; + } + +-static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) ++static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + { + + DES_cblock *deskey = ptr; + + switch (type) { + case EVP_CTRL_RAND_KEY: +- if (RAND_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0) ++ if (RAND_bytes(ptr, c->key_len) <= 0) + return 0; + DES_set_odd_parity(deskey); +- if (EVP_CIPHER_CTX_key_length(ctx) >= 16) ++ if (c->key_len >= 16) + DES_set_odd_parity(deskey + 1); +- if (EVP_CIPHER_CTX_key_length(ctx) >= 24) ++ if (c->key_len >= 24) + DES_set_odd_parity(deskey + 2); + return 1; + +@@ -307,8 +382,9 @@ const EVP_CIPHER *EVP_des_ede3(void) + return &des_ede3_ecb; + } + ++# ifndef OPENSSL_NO_SHA + +-# include ++# include + + static const unsigned char wrap_iv[8] = + { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; +@@ -322,7 +398,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, + return -1; + if (out == NULL) + return inl - 16; +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); ++ memcpy(ctx->iv, wrap_iv, 8); + /* Decrypt first block which will end up as icv */ + des_ede_cbc_cipher(ctx, icv, in, 8); + /* Decrypt central blocks */ +@@ -340,7 +416,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, + /* Reverse order of everything */ + BUF_reverse(icv, NULL, 8); + BUF_reverse(out, NULL, inl - 16); +- BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8); ++ BUF_reverse(ctx->iv, iv, 8); + /* Decrypt again using new IV */ + des_ede_cbc_cipher(ctx, out, out, inl - 16); + des_ede_cbc_cipher(ctx, icv, icv, 8); +@@ -352,7 +428,7 @@ static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out, + OPENSSL_cleanse(icv, 8); + OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); + OPENSSL_cleanse(iv, 8); +- OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8); ++ OPENSSL_cleanse(ctx->iv, 8); + if (rv == -1) + OPENSSL_cleanse(out, inl - 16); + +@@ -372,13 +448,13 @@ static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out, + memcpy(out + inl + 8, sha1tmp, 8); + OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH); + /* Generate random IV */ +- if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0) ++ if (RAND_bytes(ctx->iv, 8) <= 0) + return -1; +- memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8); ++ memcpy(out, ctx->iv, 8); + /* Encrypt everything after IV in place */ + des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8); + BUF_reverse(out, NULL, inl + 16); +- memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8); ++ memcpy(ctx->iv, wrap_iv, 8); + des_ede_cbc_cipher(ctx, out, out, inl + 16); + return inl + 16; + } +@@ -393,13 +469,7 @@ static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + */ + if (inl >= EVP_MAXCHUNK || inl % 8) + return -1; +- +- if (is_partially_overlapping(out, in, inl)) { +- EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING); +- return 0; +- } +- +- if (EVP_CIPHER_CTX_encrypting(ctx)) ++ if (ctx->encrypt) + return des_ede3_wrap(ctx, out, in, inl); + else + return des_ede3_unwrap(ctx, out, in, inl); +@@ -421,4 +491,5 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void) + return &des3_wrap; + } + ++# endif + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +index 93f6a41..cac72b3 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_idea.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_idea.c +@@ -1,32 +1,75 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_idea.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_IDEA + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include + +-/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */ +- +-typedef struct { +- IDEA_KEY_SCHEDULE ks; +-} EVP_IDEA_KEY; +- + static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + + /* +- * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a ++ * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a + * special case + */ + +@@ -34,15 +77,21 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + BLOCK_CIPHER_ecb_loop() +- IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); ++ idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); + return 1; + } + +-BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks) +-BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks) +-BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks) ++/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ ++ ++typedef struct { ++ IDEA_KEY_SCHEDULE ks; ++} EVP_IDEA_KEY; ++ ++BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) ++ BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) ++ BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) + +-BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, ++ BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, + 0, idea_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) + +@@ -56,12 +105,12 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + enc = 1; + } + if (enc) +- IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); ++ idea_set_encrypt_key(key, ctx->cipher_data); + else { + IDEA_KEY_SCHEDULE tmp; + +- IDEA_set_encrypt_key(key, &tmp); +- IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks); ++ idea_set_encrypt_key(key, &tmp); ++ idea_set_decrypt_key(&tmp, ctx->cipher_data); + OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE)); + } + return 1; +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c +index 0dfc48a..599fcb8 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_null.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_null.c +@@ -1,17 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_null.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/evp_int.h" + + static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +@@ -19,7 +67,8 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); + static const EVP_CIPHER n_cipher = { + NID_undef, +- 1, 0, 0, 0, ++ 1, 0, 0, ++ 0, + null_init_key, + null_cipher, + NULL, +@@ -38,6 +87,7 @@ const EVP_CIPHER *EVP_enc_null(void) + static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { ++ /* memset(&(ctx->c),0,sizeof(ctx->c)); */ + return 1; + } + +@@ -45,6 +95,6 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) + { + if (in != out) +- memcpy(out, in, inl); ++ memcpy((char *)out, (const char *)in, inl); + return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c +index 927908f..a23d143 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_old.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c +@@ -1,15 +1,64 @@ ++/* crypto/evp/e_old.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include +-#if OPENSSL_API_COMPAT >= 0x00908000L +-NON_EMPTY_TRANSLATION_UNIT ++#ifdef OPENSSL_NO_DEPRECATED ++static void *dummy = &dummy; + #else + + # include +@@ -89,25 +138,27 @@ const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) + } + # endif + +-# undef EVP_aes_128_cfb ++# ifndef OPENSSL_NO_AES ++# undef EVP_aes_128_cfb + const EVP_CIPHER *EVP_aes_128_cfb(void); + const EVP_CIPHER *EVP_aes_128_cfb(void) + { + return EVP_aes_128_cfb128(); + } + +-# undef EVP_aes_192_cfb ++# undef EVP_aes_192_cfb + const EVP_CIPHER *EVP_aes_192_cfb(void); + const EVP_CIPHER *EVP_aes_192_cfb(void) + { + return EVP_aes_192_cfb128(); + } + +-# undef EVP_aes_256_cfb ++# undef EVP_aes_256_cfb + const EVP_CIPHER *EVP_aes_256_cfb(void); + const EVP_CIPHER *EVP_aes_256_cfb(void) + { + return EVP_aes_256_cfb128(); + } ++# endif + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +index ed10bb3..718cc86 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c +@@ -1,20 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_rc2.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_RC2 + + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include + + static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +@@ -30,7 +79,7 @@ typedef struct { + RC2_KEY ks; /* key schedule */ + } EVP_RC2_KEY; + +-# define data(ctx) EVP_C_DATA(EVP_RC2_KEY,ctx) ++# define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) + + IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, + 8, +@@ -130,17 +179,16 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + OPENSSL_assert(l <= sizeof(iv)); + i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); + if (i != (int)l) +- return -1; ++ return (-1); + key_bits = rc2_magic_to_meth((int)num); + if (!key_bits) +- return -1; ++ return (-1); + if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) + return -1; + EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); +- if (EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0) +- return -1; ++ EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); + } +- return i; ++ return (i); + } + + static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +@@ -151,9 +199,7 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + if (type != NULL) { + num = rc2_meth_to_magic(c); + j = EVP_CIPHER_CTX_iv_length(c); +- i = ASN1_TYPE_set_int_octetstring(type, num, +- (unsigned char *)EVP_CIPHER_CTX_original_iv(c), +- j); ++ i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); + } + return (i); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +index ea95dea..08e48f3 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c +@@ -1,28 +1,79 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_rc4.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_RC4 + + # include ++# include "evp_locl.h" + # include + # include + +-# include "internal/evp_int.h" ++/* FIXME: surely this is available elsewhere? */ ++# define EVP_RC4_KEY_SIZE 16 + + typedef struct { + RC4_KEY ks; /* working key */ + } EVP_RC4_KEY; + +-# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx)) ++# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) + + static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c +index 8ab18c1..93cfe3f 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4_hmac_md5.c +@@ -1,10 +1,50 @@ +-/* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include +@@ -19,7 +59,15 @@ + # include + # include + # include +-# include "internal/evp_int.h" ++ ++# ifndef EVP_CIPH_FLAG_AEAD_CIPHER ++# define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 ++# define EVP_CTRL_AEAD_TLS1_AAD 0x16 ++# define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 ++# endif ++ ++/* FIXME: surely this is available elsewhere? */ ++# define EVP_RC4_KEY_SIZE 16 + + typedef struct { + RC4_KEY ks; +@@ -32,7 +80,7 @@ typedef struct { + void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out, + MD5_CTX *ctx, const void *inp, size_t blocks); + +-# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx)) ++# define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) + + static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, + const unsigned char *inkey, +@@ -53,7 +101,9 @@ static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, + + # if defined(RC4_ASM) && defined(MD5_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ +- defined(_M_AMD64) || defined(_M_X64) ) ++ defined(_M_AMD64) || defined(_M_X64) || \ ++ defined(__INTEL__) ) && \ ++ !(defined(__APPLE__) && defined(__MACH__)) + # define STITCHED_CALL + # endif + +@@ -78,7 +128,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) + return 0; + +- if (EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (ctx->encrypt) { + if (plen == NO_PAYLOAD_LENGTH) + plen = len; + # if defined(STITCHED_CALL) +@@ -218,7 +268,7 @@ static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + + len = p[arg - 2] << 8 | p[arg - 1]; + +- if (!EVP_CIPHER_CTX_encrypting(ctx)) { ++ if (!ctx->encrypt) { + if (len < MD5_DIGEST_LENGTH) + return -1; + len -= MD5_DIGEST_LENGTH; +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c +index f69ba5b..f17e99d 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c +@@ -1,19 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_rc5.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_RC5 + + # include +-# include + # include + # include "evp_locl.h" + # include +@@ -54,7 +102,7 @@ static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) + return 1; + + default: +- EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS); ++ EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); + return 0; + } + +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_seed.c b/Cryptlib/OpenSSL/crypto/evp/e_seed.c +index 40aec5f..3d01eac 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_seed.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_seed.c +@@ -1,22 +1,66 @@ +-/* +- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_seed.c */ ++/* ==================================================================== ++ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#ifdef OPENSSL_NO_SEED +-NON_EMPTY_TRANSLATION_UNIT +-#else ++#ifndef OPENSSL_NO_SEED + # include + # include + # include + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + + static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +@@ -32,7 +76,7 @@ IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed, + static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) + { +- SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks); ++ SEED_set_key(key, ctx->cipher_data); + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +index effaf5c..3430df9 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c ++++ b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c +@@ -1,20 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/e_xcbc_d.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_DES + + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + # include + + static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, +@@ -28,7 +77,7 @@ typedef struct { + DES_cblock outw; + } DESX_CBC_KEY; + +-# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx) ++# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) + + static const EVP_CIPHER d_xcbc_cipher = { + NID_desx_cbc, +@@ -66,18 +115,16 @@ static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + { + while (inl >= EVP_MAXCHUNK) { + DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- &data(ctx)->inw, &data(ctx)->outw, +- EVP_CIPHER_CTX_encrypting(ctx)); ++ (DES_cblock *)&(ctx->iv[0]), ++ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, +- (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), +- &data(ctx)->inw, &data(ctx)->outw, +- EVP_CIPHER_CTX_encrypting(ctx)); ++ (DES_cblock *)&(ctx->iv[0]), ++ &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt); + return 1; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c +index abb1044..c6c775e 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/encode.c ++++ b/Cryptlib/OpenSSL/crypto/evp/encode.c +@@ -1,17 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/encode.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "evp_locl.h" + + static unsigned char conv_ascii2bin(unsigned char a); + #ifndef CHARSET_EBCDIC +@@ -55,7 +103,7 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; + #define B64_WS 0xE0 + #define B64_ERROR 0xFF + #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) +-#define B64_BASE64(a) (!B64_NOT_BASE64(a)) ++#define B64_BASE64(a) !B64_NOT_BASE64(a) + + static const unsigned char data_ascii2bin[128] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +@@ -93,28 +141,6 @@ static unsigned char conv_ascii2bin(unsigned char a) + } + #endif + +-EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void) +-{ +- return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX)); +-} +- +-void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) +-{ +- OPENSSL_free(ctx); +-} +- +-int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx) +-{ +- memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX)); +- +- return 1; +-} +- +-int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx) +-{ +- return ctx->num; +-} +- + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) + { + ctx->length = 48; +@@ -122,7 +148,7 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) + ctx->line_num = 0; + } + +-int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, ++void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { + int i, j; +@@ -130,12 +156,12 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + + *outl = 0; + if (inl <= 0) +- return 0; ++ return; + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); + if (ctx->length - ctx->num > inl) { + memcpy(&(ctx->enc_data[ctx->num]), in, inl); + ctx->num += inl; +- return 1; ++ return; + } + if (ctx->num != 0) { + i = ctx->length - ctx->num; +@@ -161,14 +187,12 @@ int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + if (total > INT_MAX) { + /* Too much output data! */ + *outl = 0; +- return 0; ++ return; + } + if (inl != 0) + memcpy(&(ctx->enc_data[0]), in, inl); + ctx->num = inl; + *outl = total; +- +- return 1; + } + + void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) +@@ -402,3 +426,35 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) + } else + return (1); + } ++ ++#ifdef undef ++int EVP_DecodeValid(unsigned char *buf, int len) ++{ ++ int i, num = 0, bad = 0; ++ ++ if (len == 0) ++ return (-1); ++ while (conv_ascii2bin(*buf) == B64_WS) { ++ buf++; ++ len--; ++ if (len == 0) ++ return (-1); ++ } ++ ++ for (i = len; i >= 4; i -= 4) { ++ if ((conv_ascii2bin(buf[0]) >= 0x40) || ++ (conv_ascii2bin(buf[1]) >= 0x40) || ++ (conv_ascii2bin(buf[2]) >= 0x40) || ++ (conv_ascii2bin(buf[3]) >= 0x40)) ++ return (-1); ++ buf += 4; ++ num += 1 + (buf[2] != '=') + (buf[3] != '='); ++ } ++ if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) ++ return (num); ++ if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && ++ (conv_ascii2bin(buf[0]) == B64_EOLN)) ++ return (num); ++ return (1); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c +new file mode 100644 +index 0000000..9703116 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c +@@ -0,0 +1,73 @@ ++/* evp_acnf.c */ ++/* ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include "cryptlib.h" ++#include ++#include ++ ++/* ++ * Load all algorithms and configure OpenSSL. This function is called ++ * automatically when OPENSSL_LOAD_CONF is set. ++ */ ++ ++void OPENSSL_add_all_algorithms_conf(void) ++{ ++ OPENSSL_add_all_algorithms_noconf(); ++ OPENSSL_config(NULL); ++} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c +index 71d13b8..6fd3a6d 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c +@@ -1,19 +1,73 @@ ++/* evp_cnf.c */ + /* +- * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project ++ * 2007. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include ++#include + #include + #include ++#ifdef OPENSSL_FIPS ++# include ++#endif + + /* Algorithm configuration module. */ + +@@ -23,15 +77,14 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) + const char *oid_section; + STACK_OF(CONF_VALUE) *sktmp; + CONF_VALUE *oval; +- + oid_section = CONF_imodule_get_value(md); +- if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { ++ if (!(sktmp = NCONF_get_section(cnf, oid_section))) { + EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); + return 0; + } + for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { + oval = sk_CONF_VALUE_value(sktmp, i); +- if (strcmp(oval->name, "fips_mode") == 0) { ++ if (!strcmp(oval->name, "fips_mode")) { + int m; + if (!X509V3_get_value_bool(oval, &m)) { + EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +index f829e8d..0e40f09 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c +@@ -1,56 +1,101 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/evp_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include +-#include "internal/evp_int.h" ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#ifdef OPENSSL_FIPS ++# include ++#endif + #include "evp_locl.h" + +-int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c) +-{ +- if (c == NULL) +- return 1; +- if (c->cipher != NULL) { +- if (c->cipher->cleanup && !c->cipher->cleanup(c)) +- return 0; +- /* Cleanse cipher context data */ +- if (c->cipher_data && c->cipher->ctx_size) +- OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); +- } +- OPENSSL_free(c->cipher_data); +-#ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(c->engine); ++#ifdef OPENSSL_FIPS ++# define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl) ++#else ++# define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) + #endif +- memset(c, 0, sizeof(*c)); +- return 1; +-} + +-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) ++const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; ++ ++void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) + { +- return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); ++ memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); ++ /* ctx->cipher=NULL; */ + } + +-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) ++EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) + { +- EVP_CIPHER_CTX_reset(ctx); +- OPENSSL_free(ctx); ++ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); ++ if (ctx) ++ EVP_CIPHER_CTX_init(ctx); ++ return ctx; + } + + int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc) + { +- EVP_CIPHER_CTX_reset(ctx); ++ if (cipher) ++ EVP_CIPHER_CTX_init(ctx); + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); + } + +@@ -70,10 +115,12 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so + * this context may already have an ENGINE! Try to avoid releasing the + * previous handle, re-querying for an ENGINE, and having a +- * reinitialisation, when it may all be unnecessary. ++ * reinitialisation, when it may all be unecessary. + */ +- if (ctx->engine && ctx->cipher +- && (cipher == NULL || cipher->nid == ctx->cipher->nid)) ++ if (ctx->engine && ctx->cipher && (!cipher || ++ (cipher ++ && (cipher->nid == ++ ctx->cipher->nid)))) + goto skip_to_init; + #endif + if (cipher) { +@@ -84,7 +131,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + */ + if (ctx->cipher) { + unsigned long flags = ctx->flags; +- EVP_CIPHER_CTX_reset(ctx); ++ EVP_CIPHER_CTX_cleanup(ctx); + /* Restore encrypt and flags */ + ctx->encrypt = enc; + ctx->flags = flags; +@@ -105,7 +152,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + /* + * One positive side-effect of US's export control history, + * is that we should at least be able to avoid using US +- * misspellings of "initialisation"? ++ * mispellings of "initialisation"? + */ + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; +@@ -121,11 +168,20 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ctx->engine = NULL; + #endif + ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) { ++ const EVP_CIPHER *fcipher = NULL; ++ if (cipher) ++ fcipher = evp_get_fips_cipher(cipher); ++ if (fcipher) ++ cipher = fcipher; ++ return FIPS_cipherinit(ctx, cipher, key, iv, enc); ++ } ++#endif + ctx->cipher = cipher; + if (ctx->cipher->ctx_size) { +- ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size); +- if (ctx->cipher_data == NULL) { +- ctx->cipher = NULL; ++ ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size); ++ if (!ctx->cipher_data) { + EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -137,7 +193,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; + if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { +- ctx->cipher = NULL; + EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR); + return 0; + } +@@ -148,6 +203,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + } + #ifndef OPENSSL_NO_ENGINE + skip_to_init: ++#endif ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_cipherinit(ctx, cipher, key, iv, enc); + #endif + /* we assume block size is a power of 2 in *cryptUpdate */ + OPENSSL_assert(ctx->cipher->block_size == 1 +@@ -160,7 +219,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + return 0; + } + +- if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) { ++ if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + switch (EVP_CIPHER_CTX_mode(ctx)) { + + case EVP_CIPH_STREAM_CIPHER: +@@ -191,6 +250,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + + default: + return 0; ++ break; + } + } + +@@ -255,61 +315,13 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); + } + +-/* +- * According to the letter of standard difference between pointers +- * is specified to be valid only within same object. This makes +- * it formally challenging to determine if input and output buffers +- * are not partially overlapping with standard pointer arithmetic. +- */ +-#ifdef PTRDIFF_T +-# undef PTRDIFF_T +-#endif +-#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64 +-/* +- * Then we have VMS that distinguishes itself by adhering to +- * sizeof(size_t)==4 even in 64-bit builds, which means that +- * difference between two pointers might be truncated to 32 bits. +- * In the context one can even wonder how comparison for +- * equality is implemented. To be on the safe side we adhere to +- * PTRDIFF_T even for comparison for equality. +- */ +-# define PTRDIFF_T uint64_t +-#else +-# define PTRDIFF_T size_t +-#endif +- +-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len) +-{ +- PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; +- /* +- * Check for partially overlapping buffers. [Binary logical +- * operations are used instead of boolean to minimize number +- * of conditional branches.] +- */ +- int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) | +- (diff > (0 - (PTRDIFF_T)len))); +- +- return overlapped; +-} +- + int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { +- int i, j, bl, cmpl = inl; +- +- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) +- cmpl = (cmpl + 7) / 8; +- +- bl = ctx->cipher->block_size; ++ int i, j, bl; + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { +- /* If block size > 1 then the cipher will have to do this check */ +- if (bl == 1 && is_partially_overlapping(out, in, cmpl)) { +- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); +- return 0; +- } +- +- i = ctx->cipher->do_cipher(ctx, out, in, inl); ++ i = M_do_cipher(ctx, out, in, inl); + if (i < 0) + return 0; + else +@@ -321,13 +333,9 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + *outl = 0; + return inl == 0; + } +- if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) { +- EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); +- return 0; +- } + + if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) { +- if (ctx->cipher->do_cipher(ctx, out, in, inl)) { ++ if (M_do_cipher(ctx, out, in, inl)) { + *outl = inl; + return 1; + } else { +@@ -336,6 +344,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + } + } + i = ctx->buf_len; ++ bl = ctx->cipher->block_size; + OPENSSL_assert(bl <= (int)sizeof(ctx->buf)); + if (i != 0) { + if (bl - i > inl) { +@@ -346,10 +355,10 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + } else { + j = bl - i; + memcpy(&(ctx->buf[i]), in, j); ++ if (!M_do_cipher(ctx, out, ctx->buf, bl)) ++ return 0; + inl -= j; + in += j; +- if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl)) +- return 0; + out += bl; + *outl = bl; + } +@@ -358,7 +367,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + i = inl & (bl - 1); + inl -= i; + if (inl > 0) { +- if (!ctx->cipher->do_cipher(ctx, out, in, inl)) ++ if (!M_do_cipher(ctx, out, in, inl)) + return 0; + *outl += inl; + } +@@ -382,7 +391,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + unsigned int i, b, bl; + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { +- ret = ctx->cipher->do_cipher(ctx, out, NULL, 0); ++ ret = M_do_cipher(ctx, out, NULL, 0); + if (ret < 0) + return 0; + else +@@ -410,7 +419,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + n = b - bl; + for (i = bl; i < b; i++) + ctx->buf[i] = n; +- ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b); ++ ret = M_do_cipher(ctx, out, ctx->buf, b); + + if (ret) + *outl = b; +@@ -421,21 +430,11 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { +- int fix_len, cmpl = inl; ++ int fix_len; + unsigned int b; + +- b = ctx->cipher->block_size; +- +- if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) +- cmpl = (cmpl + 7) / 8; +- + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { +- if (b == 1 && is_partially_overlapping(out, in, cmpl)) { +- EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); +- return 0; +- } +- +- fix_len = ctx->cipher->do_cipher(ctx, out, in, inl); ++ fix_len = M_do_cipher(ctx, out, in, inl); + if (fix_len < 0) { + *outl = 0; + return 0; +@@ -452,15 +451,10 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + if (ctx->flags & EVP_CIPH_NO_PADDING) + return EVP_EncryptUpdate(ctx, out, outl, in, inl); + ++ b = ctx->cipher->block_size; + OPENSSL_assert(b <= sizeof ctx->final); + + if (ctx->final_used) { +- /* see comment about PTRDIFF_T comparison above */ +- if (((PTRDIFF_T)out == (PTRDIFF_T)in) +- || is_partially_overlapping(out, in, b)) { +- EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); +- return 0; +- } + memcpy(out, ctx->final, b); + out += b; + fix_len = 1; +@@ -501,7 +495,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + *outl = 0; + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { +- i = ctx->cipher->do_cipher(ctx, out, NULL, 0); ++ i = M_do_cipher(ctx, out, NULL, 0); + if (i < 0) + return 0; + else +@@ -550,6 +544,42 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + return (1); + } + ++void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) ++{ ++ if (ctx) { ++ EVP_CIPHER_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } ++} ++ ++int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) ++{ ++#ifndef OPENSSL_FIPS ++ if (c->cipher != NULL) { ++ if (c->cipher->cleanup && !c->cipher->cleanup(c)) ++ return 0; ++ /* Cleanse cipher context data */ ++ if (c->cipher_data) ++ OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); ++ } ++ if (c->cipher_data) ++ OPENSSL_free(c->cipher_data); ++#endif ++#ifndef OPENSSL_NO_ENGINE ++ if (c->engine) ++ /* ++ * The EVP_CIPHER we used belongs to an ENGINE, release the ++ * functional reference we held for this reason. ++ */ ++ ENGINE_finish(c->engine); ++#endif ++#ifdef OPENSSL_FIPS ++ FIPS_cipher_ctx_cleanup(c); ++#endif ++ memset(c, 0, sizeof(EVP_CIPHER_CTX)); ++ return 1; ++} ++ + int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) + { + if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) +@@ -618,13 +648,12 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) + } + #endif + +- EVP_CIPHER_CTX_reset(out); +- memcpy(out, in, sizeof(*out)); ++ EVP_CIPHER_CTX_cleanup(out); ++ memcpy(out, in, sizeof *out); + + if (in->cipher_data && in->cipher->ctx_size) { + out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); +- if (out->cipher_data == NULL) { +- out->cipher = NULL; ++ if (!out->cipher_data) { + EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -632,10 +661,6 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) + } + + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) +- if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) { +- out->cipher = NULL; +- EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR); +- return 0; +- } ++ return in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out); + return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +index e32a1c0..bcd841e 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/evp_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,36 +70,39 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) + + static ERR_STRING_DATA EVP_str_functs[] = { +- {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "aesni_init_key"}, +- {ERR_FUNC(EVP_F_AES_INIT_KEY), "aes_init_key"}, +- {ERR_FUNC(EVP_F_AES_OCB_CIPHER), "aes_ocb_cipher"}, +- {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "aes_t4_init_key"}, +- {ERR_FUNC(EVP_F_AES_WRAP_CIPHER), "aes_wrap_cipher"}, +- {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "alg_module_init"}, +- {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "camellia_init_key"}, +- {ERR_FUNC(EVP_F_CHACHA20_POLY1305_CTRL), "chacha20_poly1305_ctrl"}, +- {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "cmll_t4_init_key"}, +- {ERR_FUNC(EVP_F_DES_EDE3_WRAP_CIPHER), "des_ede3_wrap_cipher"}, +- {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "do_sigver_init"}, ++ {ERR_FUNC(EVP_F_AESNI_INIT_KEY), "AESNI_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_AESNI_XTS_CIPHER), "AESNI_XTS_CIPHER"}, ++ {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_AES_T4_INIT_KEY), "AES_T4_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_AES_XTS), "AES_XTS"}, ++ {ERR_FUNC(EVP_F_AES_XTS_CIPHER), "AES_XTS_CIPHER"}, ++ {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"}, ++ {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_CMAC_INIT), "CMAC_INIT"}, ++ {ERR_FUNC(EVP_F_CMLL_T4_INIT_KEY), "CMLL_T4_INIT_KEY"}, ++ {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"}, ++ {ERR_FUNC(EVP_F_DO_SIGVER_INIT), "DO_SIGVER_INIT"}, ++ {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"}, + {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"}, + {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_COPY), "EVP_CIPHER_CTX_copy"}, + {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"}, + {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), + "EVP_CIPHER_CTX_set_key_length"}, + {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, +- {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, + {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, +- {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, + {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, + {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"}, + {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, + {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, + {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, + {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, +- {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"}, + {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, +- {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8), "EVP_PKEY2PKCS8"}, ++ {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, + {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"}, + {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL), "EVP_PKEY_CTX_ctrl"}, + {ERR_FUNC(EVP_F_EVP_PKEY_CTX_CTRL_STR), "EVP_PKEY_CTX_ctrl_str"}, +@@ -62,11 +116,11 @@ static ERR_STRING_DATA EVP_str_functs[] = { + {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"}, + {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_INIT), "EVP_PKEY_encrypt_init"}, + {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT_OLD), "EVP_PKEY_encrypt_old"}, +- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DH), "EVP_PKEY_get0_DH"}, +- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_DSA), "EVP_PKEY_get0_DSA"}, +- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_EC_KEY), "EVP_PKEY_get0_EC_KEY"}, +- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_HMAC), "EVP_PKEY_get0_hmac"}, +- {ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"}, ++ {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"}, + {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"}, + {ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"}, + {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"}, +@@ -79,28 +133,42 @@ static ERR_STRING_DATA EVP_str_functs[] = { + {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER), "EVP_PKEY_verify_recover"}, + {ERR_FUNC(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT), + "EVP_PKEY_verify_recover_init"}, ++ {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"}, + {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"}, + {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"}, +- {ERR_FUNC(EVP_F_INT_CTX_NEW), "int_ctx_new"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHERINIT), "FIPS_CIPHERINIT"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"}, ++ {ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH), ++ "FIPS_CIPHER_CTX_SET_KEY_LENGTH"}, ++ {ERR_FUNC(EVP_F_FIPS_DIGESTINIT), "FIPS_DIGESTINIT"}, ++ {ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY), "FIPS_MD_CTX_COPY"}, ++ {ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"}, ++ {ERR_FUNC(EVP_F_INT_CTX_NEW), "INT_CTX_NEW"}, + {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, + {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, +- {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_v2_PBKDF2_keyivgen"}, +- {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"}, +- {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "pkey_set_type"}, +- {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "rc2_magic_to_meth"}, +- {ERR_FUNC(EVP_F_RC5_CTRL), "rc5_ctrl"}, ++ {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"}, ++ {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, ++ {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, ++ {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, ++ {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"}, + {0, NULL} + }; + + static ERR_STRING_DATA EVP_str_reasons[] = { ++ {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED), "aes iv setup failed"}, + {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"}, ++ {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"}, ++ {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"}, + {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"}, ++ {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"}, ++ {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, ++ {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, + {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), + "camellia key setup failed"}, + {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, + {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, +- {ERR_REASON(EVP_R_COPY_ERROR), "copy error"}, + {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, + {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), + "ctrl operation not implemented"}, +@@ -109,16 +177,17 @@ static ERR_STRING_DATA EVP_str_reasons[] = { + {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"}, + {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS), "different parameters"}, ++ {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"}, ++ {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"}, + {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"}, + {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, +- {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, ++ {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"}, + {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"}, + {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"}, + {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"}, ++ {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, + {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, + {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, +- {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), +- "illegal scrypt parameters"}, + {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, + {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, + {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, +@@ -126,48 +195,55 @@ static ERR_STRING_DATA EVP_str_reasons[] = { + {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, + {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, + {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, ++ {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, + {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, +- {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"}, + {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, + {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"}, + {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"}, + {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"}, ++ {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"}, + {ERR_REASON(EVP_R_NO_KEY_SET), "no key set"}, + {ERR_REASON(EVP_R_NO_OPERATION_SET), "no operation set"}, ++ {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), ++ "no sign function configured"}, ++ {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), ++ "no verify function configured"}, + {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, +- {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), +- "partially overlapping buffers"}, ++ {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), ++ "pkcs8 unknown broken type"}, + {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, + {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, + {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, ++ {ERR_REASON(EVP_R_TOO_LARGE), "too large"}, + {ERR_REASON(EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, + {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, + {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, ++ {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), ++ "unsuported number of rounds"}, + {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, + {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), + "unsupported key derivation function"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, +- {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), +- "unsupported number of rounds"}, + {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, + {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), + "unsupported private key algorithm"}, + {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"}, + {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"}, + {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, ++ {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, + {0, NULL} + }; + + #endif + +-int ERR_load_EVP_strings(void) ++void ERR_load_EVP_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -176,5 +252,4 @@ int ERR_load_EVP_strings(void) + ERR_load_strings(0, EVP_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +index 8a4297c..63c8866 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/evp_key.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -76,42 +125,40 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + int datal, int count, unsigned char *key, + unsigned char *iv) + { +- EVP_MD_CTX *c; ++ EVP_MD_CTX c; + unsigned char md_buf[EVP_MAX_MD_SIZE]; + int niv, nkey, addmd = 0; + unsigned int mds = 0, i; + int rv = 0; +- nkey = EVP_CIPHER_key_length(type); +- niv = EVP_CIPHER_iv_length(type); ++ nkey = type->key_len; ++ niv = type->iv_len; + OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH); + OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH); + + if (data == NULL) + return (nkey); + +- c = EVP_MD_CTX_new(); +- if (c == NULL) +- goto err; ++ EVP_MD_CTX_init(&c); + for (;;) { +- if (!EVP_DigestInit_ex(c, md, NULL)) ++ if (!EVP_DigestInit_ex(&c, md, NULL)) + goto err; + if (addmd++) +- if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) ++ if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + goto err; +- if (!EVP_DigestUpdate(c, data, datal)) ++ if (!EVP_DigestUpdate(&c, data, datal)) + goto err; + if (salt != NULL) +- if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN)) ++ if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) + goto err; +- if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) ++ if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + goto err; + + for (i = 1; i < (unsigned int)count; i++) { +- if (!EVP_DigestInit_ex(c, md, NULL)) ++ if (!EVP_DigestInit_ex(&c, md, NULL)) + goto err; +- if (!EVP_DigestUpdate(c, &(md_buf[0]), mds)) ++ if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + goto err; +- if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds)) ++ if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + goto err; + } + i = 0; +@@ -142,9 +189,9 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + if ((nkey == 0) && (niv == 0)) + break; + } +- rv = EVP_CIPHER_key_length(type); ++ rv = type->key_len; + err: +- EVP_MD_CTX_free(c); ++ EVP_MD_CTX_cleanup(&c); + OPENSSL_cleanse(md_buf, sizeof(md_buf)); + return rv; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +index 0c76db5..7e0bab9 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c +@@ -1,18 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/evp_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/evp_int.h" +-#include "evp_locl.h" ++#ifdef OPENSSL_FIPS ++# include ++# include "evp_locl.h" ++#endif + + int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + { +@@ -31,7 +82,6 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: +- case EVP_CIPH_OCB_MODE: + ret = -1; + break; + +@@ -59,7 +109,6 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) + case EVP_CIPH_GCM_MODE: + case EVP_CIPH_CCM_MODE: + case EVP_CIPH_XTS_MODE: +- case EVP_CIPH_OCB_MODE: + ret = -1; + break; + +@@ -155,7 +204,7 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx) + default: + /* Check it has an OID and it is valid */ + otmp = OBJ_nid2obj(nid); +- if (OBJ_get0_data(otmp) == NULL) ++ if (!otmp || !otmp->data) + nid = NID_undef; + ASN1_OBJECT_free(otmp); + return nid; +@@ -172,11 +221,6 @@ int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) + return ctx->cipher->block_size; + } + +-int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e) +-{ +- return e->ctx_size; +-} +- + int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, unsigned int inl) + { +@@ -188,14 +232,24 @@ const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) + return ctx->cipher; + } + +-int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) ++unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) + { +- return ctx->encrypt; ++#ifdef OPENSSL_FIPS ++ const EVP_CIPHER *fcipher; ++ fcipher = evp_get_fips_cipher(cipher); ++ if (fcipher && fcipher->flags & EVP_CIPH_FLAG_FIPS) ++ return cipher->flags | EVP_CIPH_FLAG_FIPS; ++#endif ++ return cipher->flags; + } + +-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher) ++unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) + { +- return cipher->flags; ++#ifdef OPENSSL_FIPS ++ return EVP_CIPHER_flags(ctx->cipher); ++#else ++ return ctx->cipher->flags; ++#endif + } + + void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) +@@ -208,21 +262,6 @@ void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) + ctx->app_data = data; + } + +-void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx) +-{ +- return ctx->cipher_data; +-} +- +-void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data) +-{ +- void *old_cipher_data; +- +- old_cipher_data = ctx->cipher_data; +- ctx->cipher_data = cipher_data; +- +- return old_cipher_data; +-} +- + int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) + { + return cipher->iv_len; +@@ -233,36 +272,6 @@ int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) + return ctx->cipher->iv_len; + } + +-const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx) +-{ +- return ctx->oiv; +-} +- +-const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) +-{ +- return ctx->iv; +-} +- +-unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) +-{ +- return ctx->iv; +-} +- +-unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) +-{ +- return ctx->buf; +-} +- +-int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) +-{ +- return ctx->num; +-} +- +-void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) +-{ +- ctx->num = num; +-} +- + int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) + { + return cipher->key_len; +@@ -307,134 +316,42 @@ int EVP_MD_size(const EVP_MD *md) + return md->md_size; + } + +-unsigned long EVP_MD_flags(const EVP_MD *md) +-{ +- return md->flags; +-} ++#ifdef OPENSSL_FIPS + +-EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type) ++const EVP_MD *evp_get_fips_md(const EVP_MD *md) + { +- EVP_MD *md = OPENSSL_zalloc(sizeof(*md)); +- +- if (md != NULL) { +- md->type = md_type; +- md->pkey_type = pkey_type; +- } +- return md; ++ int nid = EVP_MD_type(md); ++ if (nid == NID_dsa) ++ return FIPS_evp_dss1(); ++ else if (nid == NID_dsaWithSHA) ++ return FIPS_evp_dss(); ++ else if (nid == NID_ecdsa_with_SHA1) ++ return FIPS_evp_ecdsa(); ++ else ++ return FIPS_get_digestbynid(nid); + } +-EVP_MD *EVP_MD_meth_dup(const EVP_MD *md) +-{ +- EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type); + +- if (to != NULL) +- memcpy(to, md, sizeof(*to)); +- return to; +-} +-void EVP_MD_meth_free(EVP_MD *md) +-{ +- OPENSSL_free(md); +-} +-int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize) +-{ +- md->block_size = blocksize; +- return 1; +-} +-int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize) ++const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher) + { +- md->md_size = resultsize; +- return 1; +-} +-int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize) +-{ +- md->ctx_size = datasize; +- return 1; +-} +-int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags) +-{ +- md->flags = flags; +- return 1; +-} +-int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx)) +-{ +- md->init = init; +- return 1; +-} +-int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx, +- const void *data, +- size_t count)) +-{ +- md->update = update; +- return 1; +-} +-int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx, +- unsigned char *md)) +-{ +- md->final = final; +- return 1; +-} +-int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to, +- const EVP_MD_CTX *from)) +-{ +- md->copy = copy; +- return 1; +-} +-int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx)) +-{ +- md->cleanup = cleanup; +- return 1; +-} +-int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd, +- int p1, void *p2)) +-{ +- md->md_ctrl = ctrl; +- return 1; ++ int nid = cipher->nid; ++ if (nid == NID_undef) ++ return FIPS_evp_enc_null(); ++ else ++ return FIPS_get_cipherbynid(nid); + } + +-int EVP_MD_meth_get_input_blocksize(const EVP_MD *md) +-{ +- return md->block_size; +-} +-int EVP_MD_meth_get_result_size(const EVP_MD *md) +-{ +- return md->md_size; +-} +-int EVP_MD_meth_get_app_datasize(const EVP_MD *md) +-{ +- return md->ctx_size; +-} +-unsigned long EVP_MD_meth_get_flags(const EVP_MD *md) ++#endif ++ ++unsigned long EVP_MD_flags(const EVP_MD *md) + { ++#ifdef OPENSSL_FIPS ++ const EVP_MD *fmd; ++ fmd = evp_get_fips_md(md); ++ if (fmd && fmd->flags & EVP_MD_FLAG_FIPS) ++ return md->flags | EVP_MD_FLAG_FIPS; ++#endif + return md->flags; + } +-int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx) +-{ +- return md->init; +-} +-int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx, +- const void *data, +- size_t count) +-{ +- return md->update; +-} +-int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx, +- unsigned char *md) +-{ +- return md->final; +-} +-int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to, +- const EVP_MD_CTX *from) +-{ +- return md->copy; +-} +-int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx) +-{ +- return md->cleanup; +-} +-int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd, +- int p1, void *p2) +-{ +- return md->md_ctrl; +-} + + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) + { +@@ -443,29 +360,6 @@ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx) + return ctx->digest; + } + +-EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) +-{ +- return ctx->pctx; +-} +- +-void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx) +-{ +- return ctx->md_data; +-} +- +-int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, +- const void *data, size_t count) +-{ +- return ctx->update; +-} +- +-void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx, +- int (*update) (EVP_MD_CTX *ctx, +- const void *data, size_t count)) +-{ +- ctx->update = update; +-} +- + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) + { + ctx->flags |= flags; +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h +index 209577b..2bb709a 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_locl.h ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_locl.h +@@ -1,68 +1,373 @@ ++/* evp_locl.h */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-/* EVP_MD_CTX related stuff */ +- +-struct evp_md_ctx_st { +- const EVP_MD *digest; +- ENGINE *engine; /* functional reference if 'digest' is +- * ENGINE-provided */ +- unsigned long flags; +- void *md_data; +- /* Public key context for sign/verify */ +- EVP_PKEY_CTX *pctx; +- /* Update function: usually copied from EVP_MD */ +- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); +-} /* EVP_MD_CTX */ ; +- +-struct evp_cipher_ctx_st { +- const EVP_CIPHER *cipher; +- ENGINE *engine; /* functional reference if 'cipher' is +- * ENGINE-provided */ +- int encrypt; /* encrypt or decrypt */ +- int buf_len; /* number we have left */ +- unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ +- unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ +- unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */ +- int num; /* used by cfb/ofb/ctr mode */ +- /* FIXME: Should this even exist? It appears unused */ +- void *app_data; /* application stuff */ +- int key_len; /* May change for variable length cipher */ +- unsigned long flags; /* Various flags */ +- void *cipher_data; /* per EVP data */ +- int final_used; +- int block_mask; +- unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */ +-} /* EVP_CIPHER_CTX */ ; ++/* Macros to code block cipher wrappers */ ++ ++/* Wrapper functions for each cipher mode */ ++ ++#define BLOCK_CIPHER_ecb_loop() \ ++ size_t i, bl; \ ++ bl = ctx->cipher->block_size;\ ++ if(inl < bl) return 1;\ ++ inl -= bl; \ ++ for(i=0; i <= inl; i+=bl) ++ ++#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ ++static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ ++{\ ++ BLOCK_CIPHER_ecb_loop() \ ++ cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ ++ return 1;\ ++} ++ ++#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) ++ ++#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ ++static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ ++{\ ++ while(inl>=EVP_MAXCHUNK)\ ++ {\ ++ cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ ++ inl-=EVP_MAXCHUNK;\ ++ in +=EVP_MAXCHUNK;\ ++ out+=EVP_MAXCHUNK;\ ++ }\ ++ if (inl)\ ++ cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ ++ return 1;\ ++} ++ ++#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ ++static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ ++{\ ++ while(inl>=EVP_MAXCHUNK) \ ++ {\ ++ cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ ++ inl-=EVP_MAXCHUNK;\ ++ in +=EVP_MAXCHUNK;\ ++ out+=EVP_MAXCHUNK;\ ++ }\ ++ if (inl)\ ++ cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ ++ return 1;\ ++} ++ ++#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ ++static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ ++{\ ++ size_t chunk=EVP_MAXCHUNK;\ ++ if (cbits==1) chunk>>=3;\ ++ if (inl=chunk)\ ++ {\ ++ cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ ++ inl-=chunk;\ ++ in +=chunk;\ ++ out+=chunk;\ ++ if(inlc))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl, \ ++ NULL \ ++};\ ++const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ ++static const EVP_CIPHER cname##_cfb = {\ ++ nid##_cfb64, 1, key_len, iv_len, \ ++ flags | EVP_CIPH_CFB_MODE,\ ++ init_key,\ ++ cname##_cfb_cipher,\ ++ cleanup,\ ++ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl,\ ++ NULL \ ++};\ ++const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ ++static const EVP_CIPHER cname##_ofb = {\ ++ nid##_ofb64, 1, key_len, iv_len, \ ++ flags | EVP_CIPH_OFB_MODE,\ ++ init_key,\ ++ cname##_ofb_cipher,\ ++ cleanup,\ ++ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl,\ ++ NULL \ ++};\ ++const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ ++static const EVP_CIPHER cname##_ecb = {\ ++ nid##_ecb, block_size, key_len, iv_len, \ ++ flags | EVP_CIPH_ECB_MODE,\ ++ init_key,\ ++ cname##_ecb_cipher,\ ++ cleanup,\ ++ sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ ++ sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ ++ set_asn1, get_asn1,\ ++ ctrl,\ ++ NULL \ ++};\ ++const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } ++*/ ++ ++#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ ++ block_size, key_len, iv_len, cbits, \ ++ flags, init_key, \ ++ cleanup, set_asn1, get_asn1, ctrl) \ ++ BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ ++ BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ ++ cbits, flags, init_key, cleanup, set_asn1, \ ++ get_asn1, ctrl) ++ ++#define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) ++ ++#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ ++ BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ ++ BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ ++ NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ ++ 0, cipher##_init_key, NULL, \ ++ EVP_CIPHER_set_asn1_iv, \ ++ EVP_CIPHER_get_asn1_iv, \ ++ NULL) ++ ++struct evp_pkey_ctx_st { ++ /* Method associated with this operation */ ++ const EVP_PKEY_METHOD *pmeth; ++ /* Engine that implements this method or NULL if builtin */ ++ ENGINE *engine; ++ /* Key: may be NULL */ ++ EVP_PKEY *pkey; ++ /* Peer key for key agreement, may be NULL */ ++ EVP_PKEY *peerkey; ++ /* Actual operation */ ++ int operation; ++ /* Algorithm specific data */ ++ void *data; ++ /* Application specific data */ ++ void *app_data; ++ /* Keygen callback */ ++ EVP_PKEY_gen_cb *pkey_gencb; ++ /* implementation specific keygen data */ ++ int *keygen_info; ++ int keygen_info_count; ++} /* EVP_PKEY_CTX */ ; ++ ++#define EVP_PKEY_FLAG_DYNAMIC 1 ++ ++struct evp_pkey_method_st { ++ int pkey_id; ++ int flags; ++ int (*init) (EVP_PKEY_CTX *ctx); ++ int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); ++ void (*cleanup) (EVP_PKEY_CTX *ctx); ++ int (*paramgen_init) (EVP_PKEY_CTX *ctx); ++ int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); ++ int (*keygen_init) (EVP_PKEY_CTX *ctx); ++ int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); ++ int (*sign_init) (EVP_PKEY_CTX *ctx); ++ int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ const unsigned char *tbs, size_t tbslen); ++ int (*verify_init) (EVP_PKEY_CTX *ctx); ++ int (*verify) (EVP_PKEY_CTX *ctx, ++ const unsigned char *sig, size_t siglen, ++ const unsigned char *tbs, size_t tbslen); ++ int (*verify_recover_init) (EVP_PKEY_CTX *ctx); ++ int (*verify_recover) (EVP_PKEY_CTX *ctx, ++ unsigned char *rout, size_t *routlen, ++ const unsigned char *sig, size_t siglen); ++ int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); ++ int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, ++ EVP_MD_CTX *mctx); ++ int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); ++ int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, ++ EVP_MD_CTX *mctx); ++ int (*encrypt_init) (EVP_PKEY_CTX *ctx); ++ int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen); ++ int (*decrypt_init) (EVP_PKEY_CTX *ctx); ++ int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, ++ const unsigned char *in, size_t inlen); ++ int (*derive_init) (EVP_PKEY_CTX *ctx); ++ int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); ++ int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); ++ int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); ++} /* EVP_PKEY_METHOD */ ; ++ ++void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); + + int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, + int en_de); + +-struct evp_Encode_Ctx_st { +- /* number saved in a partial encode/decode */ +- int num; +- /* +- * The length is either the output line length (in input bytes) or the +- * shortest input line length that is ok. Once decoding begins, the +- * length is adjusted up each time a longer line is decoded +- */ +- int length; +- /* data to encode */ +- unsigned char enc_data[80]; +- /* number read on current line */ +- int line_num; +- int expect_nl; +-}; +- +-typedef struct evp_pbe_st EVP_PBE_CTL; +-DEFINE_STACK_OF(EVP_PBE_CTL) +- +-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); ++const EVP_MD *evp_get_fips_md(const EVP_MD *md); ++const EVP_CIPHER *evp_get_fips_cipher(const EVP_CIPHER *cipher); ++ ++#ifdef OPENSSL_FIPS ++ ++# ifdef OPENSSL_DOING_MAKEDEPEND ++# undef SHA1_Init ++# undef SHA1_Update ++# undef SHA224_Init ++# undef SHA256_Init ++# undef SHA384_Init ++# undef SHA512_Init ++# undef DES_set_key_unchecked ++# endif ++ ++# define RIPEMD160_Init private_RIPEMD160_Init ++# define WHIRLPOOL_Init private_WHIRLPOOL_Init ++# define MD5_Init private_MD5_Init ++# define MD4_Init private_MD4_Init ++# define MD2_Init private_MD2_Init ++# define MDC2_Init private_MDC2_Init ++# define SHA_Init private_SHA_Init ++# define SHA1_Init private_SHA1_Init ++# define SHA224_Init private_SHA224_Init ++# define SHA256_Init private_SHA256_Init ++# define SHA384_Init private_SHA384_Init ++# define SHA512_Init private_SHA512_Init ++ ++# define BF_set_key private_BF_set_key ++# define CAST_set_key private_CAST_set_key ++# define idea_set_encrypt_key private_idea_set_encrypt_key ++# define SEED_set_key private_SEED_set_key ++# define RC2_set_key private_RC2_set_key ++# define RC4_set_key private_RC4_set_key ++# define DES_set_key_unchecked private_DES_set_key_unchecked ++# define Camellia_set_key private_Camellia_set_key ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +index ce7aa2c..7934c95 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c +@@ -1,14 +1,64 @@ ++/* evp_pbe.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -16,17 +66,18 @@ + + /* Password based encryption (PBE) functions */ + ++DECLARE_STACK_OF(EVP_PBE_CTL) ++static STACK_OF(EVP_PBE_CTL) *pbe_algs; ++ + /* Setup a cipher context from a PBE algorithm */ + +-struct evp_pbe_st { ++typedef struct { + int pbe_type; + int pbe_nid; + int cipher_nid; + int md_nid; + EVP_PBE_KEYGEN *keygen; +-}; +- +-static STACK_OF(EVP_PBE_CTL) *pbe_algs; ++} EVP_PBE_CTL; + + static const EVP_PBE_CTL builtin_pbe[] = { + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, +@@ -36,7 +87,9 @@ static const EVP_PBE_CTL builtin_pbe[] = { + {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, + NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, + ++#ifndef OPENSSL_NO_HMAC + {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, ++#endif + + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, + NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, +@@ -51,8 +104,9 @@ static const EVP_PBE_CTL builtin_pbe[] = { + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, + NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + ++#ifndef OPENSSL_NO_HMAC + {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, +- ++#endif + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, + NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, +@@ -67,16 +121,33 @@ static const EVP_PBE_CTL builtin_pbe[] = { + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, + {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, +- {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1, +- NID_id_GostR3411_2012_256, 0}, +- {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1, +- NID_id_GostR3411_2012_512, 0}, +- {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, +-#ifndef OPENSSL_NO_SCRYPT +- {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen} +-#endif + }; + ++#ifdef TEST ++int main(int argc, char **argv) ++{ ++ int i, nid_md, nid_cipher; ++ EVP_PBE_CTL *tpbe, *tpbe2; ++ /* ++ * OpenSSL_add_all_algorithms(); ++ */ ++ ++ for (i = 0; i < sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL); i++) { ++ tpbe = builtin_pbe + i; ++ fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid, ++ OBJ_nid2sn(tpbe->pbe_nid)); ++ if (EVP_PBE_find(tpbe->pbe_type, tpbe->pbe_nid, ++ &nid_cipher, &nid_md, 0)) ++ fprintf(stderr, "Found %s %s\n", ++ OBJ_nid2sn(nid_cipher), OBJ_nid2sn(nid_md)); ++ else ++ fprintf(stderr, "Find ERROR!!\n"); ++ } ++ ++ return 0; ++} ++#endif ++ + int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) + { +@@ -90,7 +161,7 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + char obj_tmp[80]; + EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM); + if (!pbe_obj) +- OPENSSL_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); ++ BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp); + else + i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); + ERR_add_error_data(2, "TYPE=", obj_tmp); +@@ -173,10 +244,7 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + pbe_tmp->md_nid = md_nid; + pbe_tmp->keygen = keygen; + +- if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) { +- OPENSSL_free(pbe_tmp); +- goto err; +- } ++ sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp); + return 1; + + err: +@@ -188,7 +256,6 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen) + { + int cipher_nid, md_nid; +- + if (cipher) + cipher_nid = EVP_CIPHER_nid(cipher); + else +@@ -219,7 +286,8 @@ int EVP_PBE_find(int type, int pbe_nid, + pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); + } + if (pbetmp == NULL) { +- pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe)); ++ pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, ++ sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL)); + } + if (pbetmp == NULL) + return 0; +@@ -234,7 +302,7 @@ int EVP_PBE_find(int type, int pbe_nid, + + static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe) + { +- OPENSSL_free(pbe); ++ OPENSSL_freeFunc(pbe); + } + + void EVP_PBE_cleanup(void) +@@ -242,18 +310,3 @@ void EVP_PBE_cleanup(void) + sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); + pbe_algs = NULL; + } +- +-int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num) +-{ +- const EVP_PBE_CTL *tpbe; +- +- if (num >= OSSL_NELEM(builtin_pbe)) +- return 0; +- +- tpbe = builtin_pbe + num; +- if (ptype) +- *ptype = tpbe->pbe_type; +- if (ppbe_nid) +- *ppbe_nid = tpbe->pbe_nid; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +index 81bffa6..6a45629 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c +@@ -1,33 +1,81 @@ ++/* evp_pkey.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" +-#include "internal/x509_int.h" ++#include "asn1_locl.h" + + /* Extract a private key from a PKCS8 structure */ + +-EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) ++EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) + { + EVP_PKEY *pkey = NULL; +- const ASN1_OBJECT *algoid; ++ ASN1_OBJECT *algoid; + char obj_tmp[80]; + + if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) + return NULL; + +- if ((pkey = EVP_PKEY_new()) == NULL) { ++ if (!(pkey = EVP_PKEY_new())) { + EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -56,37 +104,68 @@ EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) + return NULL; + } + ++PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) ++{ ++ return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); ++} ++ + /* Turn a private key into a PKCS8 structure */ + +-PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) ++PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) + { +- PKCS8_PRIV_KEY_INFO *p8 = PKCS8_PRIV_KEY_INFO_new(); +- if (p8 == NULL) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE); ++ PKCS8_PRIV_KEY_INFO *p8; ++ ++ if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); + return NULL; + } ++ p8->broken = broken; + + if (pkey->ameth) { + if (pkey->ameth->priv_encode) { + if (!pkey->ameth->priv_encode(p8, pkey)) { +- EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_PRIVATE_KEY_ENCODE_ERROR); ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ++ EVP_R_PRIVATE_KEY_ENCODE_ERROR); + goto error; + } + } else { +- EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_METHOD_NOT_SUPPORTED); ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_METHOD_NOT_SUPPORTED); + goto error; + } + } else { +- EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); ++ EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ++ EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + goto error; + } +- RAND_add(p8->pkey->data, p8->pkey->length, 0.0); ++ RAND_add(p8->pkey->value.octet_string->data, ++ p8->pkey->value.octet_string->length, 0.0); + return p8; + error: + PKCS8_PRIV_KEY_INFO_free(p8); + return NULL; + } + ++PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) ++{ ++ switch (broken) { ++ ++ case PKCS8_OK: ++ p8->broken = PKCS8_OK; ++ return p8; ++ break; ++ ++ case PKCS8_NO_OCTET: ++ p8->broken = PKCS8_NO_OCTET; ++ p8->pkey->type = V_ASN1_SEQUENCE; ++ return p8; ++ break; ++ ++ default: ++ EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); ++ return NULL; ++ } ++} ++ + /* EVP_PKEY attribute functions */ + + int EVP_PKEY_get_attr_count(const EVP_PKEY *key) +@@ -99,7 +178,7 @@ int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) + return X509at_get_attr_by_NID(key->attributes, nid, lastpos); + } + +-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, ++int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj, + int lastpos) + { + return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +new file mode 100644 +index 0000000..1478448 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/m_dss.c +@@ -0,0 +1,104 @@ ++/* crypto/evp/m_dss.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++ ++#ifndef OPENSSL_NO_SHA ++ ++static int init(EVP_MD_CTX *ctx) ++{ ++ return SHA1_Init(ctx->md_data); ++} ++ ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA1_Update(ctx->md_data, data, count); ++} ++ ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA1_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD dsa_md = { ++ NID_dsaWithSHA, ++ NID_dsaWithSHA, ++ SHA_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_DIGEST, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; ++ ++const EVP_MD *EVP_dss(void) ++{ ++ return (&dsa_md); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +new file mode 100644 +index 0000000..e36fabf +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c +@@ -0,0 +1,105 @@ ++/* crypto/evp/m_dss1.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++ ++#ifndef OPENSSL_NO_SHA ++ ++# include ++# include ++# include ++# ifndef OPENSSL_NO_DSA ++# include ++# endif ++ ++static int init(EVP_MD_CTX *ctx) ++{ ++ return SHA1_Init(ctx->md_data); ++} ++ ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA1_Update(ctx->md_data, data, count); ++} ++ ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA1_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD dss1_md = { ++ NID_dsa, ++ NID_dsaWithSHA1, ++ SHA_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_DIGEST, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_DSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; ++ ++const EVP_MD *EVP_dss1(void) ++{ ++ return (&dss1_md); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +new file mode 100644 +index 0000000..803d314 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c +@@ -0,0 +1,154 @@ ++/* crypto/evp/m_ecdsa.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++#ifndef OPENSSL_NO_SHA ++ ++static int init(EVP_MD_CTX *ctx) ++{ ++ return SHA1_Init(ctx->md_data); ++} ++ ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA1_Update(ctx->md_data, data, count); ++} ++ ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA1_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD ecdsa_md = { ++ NID_ecdsa_with_SHA1, ++ NID_ecdsa_with_SHA1, ++ SHA_DIGEST_LENGTH, ++ EVP_MD_FLAG_PKEY_DIGEST, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_ECDSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; ++ ++const EVP_MD *EVP_ecdsa(void) ++{ ++ return (&ecdsa_md); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +index c4e28ae..3c4cd7b 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md2.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/m_md2.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_MD2 + +@@ -16,23 +65,23 @@ + # include + # include + # include +-# include +- +-#include "internal/evp_int.h" ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + + static int init(EVP_MD_CTX *ctx) + { +- return MD2_Init(EVP_MD_CTX_md_data(ctx)); ++ return MD2_Init(ctx->md_data); + } + + static int update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return MD2_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return MD2_Update(ctx->md_data, data, count); + } + + static int final(EVP_MD_CTX *ctx, unsigned char *md) + { +- return MD2_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return MD2_Final(md, ctx->md_data); + } + + static const EVP_MD md2_md = { +@@ -45,12 +94,13 @@ static const EVP_MD md2_md = { + final, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + MD2_BLOCK, + sizeof(EVP_MD *) + sizeof(MD2_CTX), + }; + + const EVP_MD *EVP_md2(void) + { +- return &md2_md; ++ return (&md2_md); + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +index f3decaa..851de69 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md4.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md4.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/m_md4.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_MD4 + +@@ -16,22 +65,25 @@ + # include + # include + # include +-# include +-# include "internal/evp_int.h" ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++ ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +- return MD4_Init(EVP_MD_CTX_md_data(ctx)); ++ return MD4_Init(ctx->md_data); + } + + static int update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return MD4_Update(ctx->md_data, data, count); + } + + static int final(EVP_MD_CTX *ctx, unsigned char *md) + { +- return MD4_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return MD4_Final(md, ctx->md_data); + } + + static const EVP_MD md4_md = { +@@ -44,6 +96,7 @@ static const EVP_MD md4_md = { + final, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + MD4_CBLOCK, + sizeof(EVP_MD *) + sizeof(MD4_CTX), + }; +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +index f4dc0c4..e5d5f71 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md5.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_md5.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/m_md5.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_MD5 + +@@ -16,22 +65,24 @@ + # include + # include + # include +-# include +-# include "internal/evp_int.h" ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +- return MD5_Init(EVP_MD_CTX_md_data(ctx)); ++ return MD5_Init(ctx->md_data); + } + + static int update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return MD5_Update(ctx->md_data, data, count); + } + + static int final(EVP_MD_CTX *ctx, unsigned char *md) + { +- return MD5_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return MD5_Final(md, ctx->md_data); + } + + static const EVP_MD md5_md = { +@@ -44,6 +95,7 @@ static const EVP_MD md5_md = { + final, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + MD5_CBLOCK, + sizeof(EVP_MD *) + sizeof(MD5_CTX), + }; +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c +deleted file mode 100644 +index 2d98886..0000000 +--- a/Cryptlib/OpenSSL/crypto/evp/m_md5_sha1.c ++++ /dev/null +@@ -1,142 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#if !defined(OPENSSL_NO_MD5) +- +-# include +-# include +-# include +-# include +-# include +-# include "internal/cryptlib.h" +-# include "internal/evp_int.h" +-# include +- +-struct md5_sha1_ctx { +- MD5_CTX md5; +- SHA_CTX sha1; +-}; +- +-static int init(EVP_MD_CTX *ctx) +-{ +- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); +- if (!MD5_Init(&mctx->md5)) +- return 0; +- return SHA1_Init(&mctx->sha1); +-} +- +-static int update(EVP_MD_CTX *ctx, const void *data, size_t count) +-{ +- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); +- if (!MD5_Update(&mctx->md5, data, count)) +- return 0; +- return SHA1_Update(&mctx->sha1, data, count); +-} +- +-static int final(EVP_MD_CTX *ctx, unsigned char *md) +-{ +- struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx); +- if (!MD5_Final(md, &mctx->md5)) +- return 0; +- return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); +-} +- +-static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) +-{ +- unsigned char padtmp[48]; +- unsigned char md5tmp[MD5_DIGEST_LENGTH]; +- unsigned char sha1tmp[SHA_DIGEST_LENGTH]; +- struct md5_sha1_ctx *mctx; +- +- if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) +- return -2; +- +- if (ctx == NULL) +- return 0; +- +- mctx = EVP_MD_CTX_md_data(ctx); +- +- /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ +- if (mslen != 48) +- return 0; +- +- /* At this point hash contains all handshake messages, update +- * with master secret and pad_1. +- */ +- +- if (update(ctx, ms, mslen) <= 0) +- return 0; +- +- /* Set padtmp to pad_1 value */ +- memset(padtmp, 0x36, sizeof(padtmp)); +- +- if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) +- return 0; +- +- if (!MD5_Final(md5tmp, &mctx->md5)) +- return 0; +- +- if (!SHA1_Update(&mctx->sha1, padtmp, 40)) +- return 0; +- +- if (!SHA1_Final(sha1tmp, &mctx->sha1)) +- return 0; +- +- /* Reinitialise context */ +- +- if (!init(ctx)) +- return 0; +- +- if (update(ctx, ms, mslen) <= 0) +- return 0; +- +- /* Set padtmp to pad_2 value */ +- memset(padtmp, 0x5c, sizeof(padtmp)); +- +- if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp))) +- return 0; +- +- if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp))) +- return 0; +- +- if (!SHA1_Update(&mctx->sha1, padtmp, 40)) +- return 0; +- +- if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp))) +- return 0; +- +- /* Now when ctx is finalised it will return the SSL v3 hash value */ +- +- OPENSSL_cleanse(md5tmp, sizeof(md5tmp)); +- OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); +- +- return 1; +- +-} +- +-static const EVP_MD md5_sha1_md = { +- NID_md5_sha1, +- NID_md5_sha1, +- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, +- 0, +- init, +- update, +- final, +- NULL, +- NULL, +- MD5_CBLOCK, +- sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), +- ctrl +-}; +- +-const EVP_MD *EVP_md5_sha1(void) +-{ +- return &md5_sha1_md; +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c +index b7f0fd8..94e12a6 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_mdc2.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/m_mdc2.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_MDC2 + +@@ -16,22 +65,25 @@ + # include + # include + # include +-# include +-# include "internal/evp_int.h" ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++ ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +- return MDC2_Init(EVP_MD_CTX_md_data(ctx)); ++ return MDC2_Init(ctx->md_data); + } + + static int update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return MDC2_Update(ctx->md_data, data, count); + } + + static int final(EVP_MD_CTX *ctx, unsigned char *md) + { +- return MDC2_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return MDC2_Final(md, ctx->md_data); + } + + static const EVP_MD mdc2_md = { +@@ -44,6 +96,7 @@ static const EVP_MD mdc2_md = { + final, + NULL, + NULL, ++ EVP_PKEY_RSA_ASN1_OCTET_STRING_method, + MDC2_BLOCK, + sizeof(EVP_MD *) + sizeof(MDC2_CTX), + }; +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c +index 6c4daf5..017e1fe 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_null.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_null.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/m_null.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "internal/evp_int.h" + + static int init(EVP_MD_CTX *ctx) + { +@@ -39,6 +87,7 @@ static const EVP_MD null_md = { + final, + NULL, + NULL, ++ EVP_PKEY_NULL_method, + 0, + sizeof(EVP_MD *), + }; +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +index 07b46bd..81de0ef 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c +@@ -1,37 +1,88 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/m_ripemd.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + +-#ifndef OPENSSL_NO_RMD160 ++#ifndef OPENSSL_NO_RIPEMD + + # include + # include + # include + # include +-# include +-# include "internal/evp_int.h" ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +- return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx)); ++ return RIPEMD160_Init(ctx->md_data); + } + + static int update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return RIPEMD160_Update(ctx->md_data, data, count); + } + + static int final(EVP_MD_CTX *ctx, unsigned char *md) + { +- return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return RIPEMD160_Final(md, ctx->md_data); + } + + static const EVP_MD ripemd160_md = { +@@ -44,6 +95,7 @@ static const EVP_MD ripemd160_md = { + final, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + RIPEMD160_CBLOCK, + sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), + }; +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +new file mode 100644 +index 0000000..e1e22e0 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sha.c +@@ -0,0 +1,106 @@ ++/* crypto/evp/m_sha.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include "cryptlib.h" ++ ++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) ++ ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif ++# include "evp_locl.h" ++ ++static int init(EVP_MD_CTX *ctx) ++{ ++ return SHA_Init(ctx->md_data); ++} ++ ++static int update(EVP_MD_CTX *ctx, const void *data, size_t count) ++{ ++ return SHA_Update(ctx->md_data, data, count); ++} ++ ++static int final(EVP_MD_CTX *ctx, unsigned char *md) ++{ ++ return SHA_Final(md, ctx->md_data); ++} ++ ++static const EVP_MD sha_md = { ++ NID_sha, ++ NID_shaWithRSAEncryption, ++ SHA_DIGEST_LENGTH, ++ 0, ++ init, ++ update, ++ final, ++ NULL, ++ NULL, ++ EVP_PKEY_RSA_method, ++ SHA_CBLOCK, ++ sizeof(EVP_MD *) + sizeof(SHA_CTX), ++}; ++ ++const EVP_MD *EVP_sha(void) ++{ ++ return (&sha_md); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +index 8f30077..a74e6b7 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c +@@ -1,123 +1,118 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/m_sha1.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + +-#include +-#include +-#include +-#include +-#include "internal/evp_int.h" ++#ifndef OPENSSL_NO_SHA ++ ++# include ++# include ++# include ++# ifndef OPENSSL_NO_RSA ++# include ++# endif + + static int init(EVP_MD_CTX *ctx) + { +- return SHA1_Init(EVP_MD_CTX_md_data(ctx)); ++ return SHA1_Init(ctx->md_data); + } + + static int update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return SHA1_Update(ctx->md_data, data, count); + } + + static int final(EVP_MD_CTX *ctx, unsigned char *md) + { +- return SHA1_Final(md, EVP_MD_CTX_md_data(ctx)); +-} +- +-static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) +-{ +- unsigned char padtmp[40]; +- unsigned char sha1tmp[SHA_DIGEST_LENGTH]; +- +- SHA_CTX *sha1; +- +- if (cmd != EVP_CTRL_SSL3_MASTER_SECRET) +- return -2; +- +- if (ctx == NULL) +- return 0; +- +- sha1 = EVP_MD_CTX_md_data(ctx); +- +- /* SSLv3 client auth handling: see RFC-6101 5.6.8 */ +- if (mslen != 48) +- return 0; +- +- /* At this point hash contains all handshake messages, update +- * with master secret and pad_1. +- */ +- +- if (SHA1_Update(sha1, ms, mslen) <= 0) +- return 0; +- +- /* Set padtmp to pad_1 value */ +- memset(padtmp, 0x36, sizeof(padtmp)); +- +- if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) +- return 0; +- +- if (!SHA1_Final(sha1tmp, sha1)) +- return 0; +- +- /* Reinitialise context */ +- +- if (!SHA1_Init(sha1)) +- return 0; +- +- if (SHA1_Update(sha1, ms, mslen) <= 0) +- return 0; +- +- /* Set padtmp to pad_2 value */ +- memset(padtmp, 0x5c, sizeof(padtmp)); +- +- if (!SHA1_Update(sha1, padtmp, sizeof(padtmp))) +- return 0; +- +- if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp))) +- return 0; +- +- /* Now when ctx is finalised it will return the SSL v3 hash value */ +- OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp)); +- +- return 1; +- ++ return SHA1_Final(md, ctx->md_data); + } + + static const EVP_MD sha1_md = { + NID_sha1, + NID_sha1WithRSAEncryption, + SHA_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init, + update, + final, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + SHA_CBLOCK, + sizeof(EVP_MD *) + sizeof(SHA_CTX), +- ctrl + }; + + const EVP_MD *EVP_sha1(void) + { + return (&sha1_md); + } ++#endif + ++#ifndef OPENSSL_NO_SHA256 + static int init224(EVP_MD_CTX *ctx) + { +- return SHA224_Init(EVP_MD_CTX_md_data(ctx)); ++ return SHA224_Init(ctx->md_data); + } + + static int init256(EVP_MD_CTX *ctx) + { +- return SHA256_Init(EVP_MD_CTX_md_data(ctx)); ++ return SHA256_Init(ctx->md_data); + } + + /* +@@ -127,24 +122,25 @@ static int init256(EVP_MD_CTX *ctx) + */ + static int update256(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return SHA256_Update(ctx->md_data, data, count); + } + + static int final256(EVP_MD_CTX *ctx, unsigned char *md) + { +- return SHA256_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return SHA256_Final(md, ctx->md_data); + } + + static const EVP_MD sha224_md = { + NID_sha224, + NID_sha224WithRSAEncryption, + SHA224_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init224, + update256, + final256, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof(EVP_MD *) + sizeof(SHA256_CTX), + }; +@@ -158,12 +154,13 @@ static const EVP_MD sha256_md = { + NID_sha256, + NID_sha256WithRSAEncryption, + SHA256_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init256, + update256, + final256, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + SHA256_CBLOCK, + sizeof(EVP_MD *) + sizeof(SHA256_CTX), + }; +@@ -172,38 +169,41 @@ const EVP_MD *EVP_sha256(void) + { + return (&sha256_md); + } ++#endif /* ifndef OPENSSL_NO_SHA256 */ + ++#ifndef OPENSSL_NO_SHA512 + static int init384(EVP_MD_CTX *ctx) + { +- return SHA384_Init(EVP_MD_CTX_md_data(ctx)); ++ return SHA384_Init(ctx->md_data); + } + + static int init512(EVP_MD_CTX *ctx) + { +- return SHA512_Init(EVP_MD_CTX_md_data(ctx)); ++ return SHA512_Init(ctx->md_data); + } + + /* See comment in SHA224/256 section */ + static int update512(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return SHA512_Update(ctx->md_data, data, count); + } + + static int final512(EVP_MD_CTX *ctx, unsigned char *md) + { +- return SHA512_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return SHA512_Final(md, ctx->md_data); + } + + static const EVP_MD sha384_md = { + NID_sha384, + NID_sha384WithRSAEncryption, + SHA384_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init384, + update512, + final512, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + SHA512_CBLOCK, + sizeof(EVP_MD *) + sizeof(SHA512_CTX), + }; +@@ -217,12 +217,13 @@ static const EVP_MD sha512_md = { + NID_sha512, + NID_sha512WithRSAEncryption, + SHA512_DIGEST_LENGTH, +- EVP_MD_FLAG_DIGALGID_ABSENT, ++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_DIGALGID_ABSENT, + init512, + update512, + final512, + NULL, + NULL, ++ EVP_PKEY_RSA_method, + SHA512_CBLOCK, + sizeof(EVP_MD *) + sizeof(SHA512_CTX), + }; +@@ -231,3 +232,4 @@ const EVP_MD *EVP_sha512(void) + { + return (&sha512_md); + } ++#endif /* ifndef OPENSSL_NO_SHA512 */ +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sigver.c b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c +index 3b74f72..4492d20 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_sigver.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_sigver.c +@@ -1,18 +1,67 @@ ++/* m_sigver.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "internal/evp_int.h" + #include "evp_locl.h" + + static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, +@@ -79,20 +128,17 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + size_t *siglen) + { +- int sctx = 0, r = 0; ++ int sctx, r = 0; + EVP_PKEY_CTX *pctx = ctx->pctx; + if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { ++ EVP_PKEY_CTX *dctx; + if (!sigret) + return pctx->pmeth->signctx(pctx, sigret, siglen, ctx); +- if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) +- r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx); +- else { +- EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx); +- if (!dctx) +- return 0; +- r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); +- EVP_PKEY_CTX_free(dctx); +- } ++ dctx = EVP_PKEY_CTX_dup(ctx->pctx); ++ if (!dctx) ++ return 0; ++ r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx); ++ EVP_PKEY_CTX_free(dctx); + return r; + } + if (pctx->pmeth->signctx) +@@ -100,24 +146,18 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + else + sctx = 0; + if (sigret) { ++ EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; +- unsigned int mdlen = 0; +- if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { +- if (sctx) +- r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx); +- else +- r = EVP_DigestFinal_ex(ctx, md, &mdlen); +- } else { +- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); +- if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) +- return 0; +- if (sctx) +- r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx, +- sigret, siglen, tmp_ctx); +- else +- r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); +- EVP_MD_CTX_free(tmp_ctx); +- } ++ unsigned int mdlen; ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ return 0; ++ if (sctx) ++ r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, ++ sigret, siglen, &tmp_ctx); ++ else ++ r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); ++ EVP_MD_CTX_cleanup(&tmp_ctx); + if (sctx || !r) + return r; + if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) +@@ -138,31 +178,25 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen) + { ++ EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; +- int r = 0; +- unsigned int mdlen = 0; +- int vctx = 0; ++ int r; ++ unsigned int mdlen; ++ int vctx; + + if (ctx->pctx->pmeth->verifyctx) + vctx = 1; + else + vctx = 0; +- if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { +- if (vctx) { +- r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx); +- } else +- r = EVP_DigestFinal_ex(ctx, md, &mdlen); +- } else { +- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); +- if (tmp_ctx == NULL || !EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) +- return -1; +- if (vctx) { +- r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx, +- sig, siglen, tmp_ctx); +- } else +- r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen); +- EVP_MD_CTX_free(tmp_ctx); +- } ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ return -1; ++ if (vctx) { ++ r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, ++ sig, siglen, &tmp_ctx); ++ } else ++ r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); ++ EVP_MD_CTX_cleanup(&tmp_ctx); + if (vctx || !r) + return r; + return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); +diff --git a/Cryptlib/OpenSSL/crypto/evp/m_wp.c b/Cryptlib/OpenSSL/crypto/evp/m_wp.c +index 94fac22..a890939 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/m_wp.c ++++ b/Cryptlib/OpenSSL/crypto/evp/m_wp.c +@@ -1,14 +1,7 @@ +-/* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ ++/* crypto/evp/m_wp.c */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + + #ifndef OPENSSL_NO_WHIRLPOOL + +@@ -16,21 +9,21 @@ + # include + # include + # include +-# include "internal/evp_int.h" ++# include "evp_locl.h" + + static int init(EVP_MD_CTX *ctx) + { +- return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx)); ++ return WHIRLPOOL_Init(ctx->md_data); + } + + static int update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count); ++ return WHIRLPOOL_Update(ctx->md_data, data, count); + } + + static int final(EVP_MD_CTX *ctx, unsigned char *md) + { +- return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx)); ++ return WHIRLPOOL_Final(md, ctx->md_data); + } + + static const EVP_MD whirlpool_md = { +@@ -43,6 +36,7 @@ static const EVP_MD whirlpool_md = { + final, + NULL, + NULL, ++ EVP_PKEY_NULL_method, + WHIRLPOOL_BBLOCK / 8, + sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), + }; +diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c +index a92be1f..ff115a3 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/names.c ++++ b/Cryptlib/OpenSSL/crypto/evp/names.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/names.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include ++#include + #include +-#include "internal/evp_int.h" + + int EVP_add_cipher(const EVP_CIPHER *c) + { +@@ -21,10 +69,13 @@ int EVP_add_cipher(const EVP_CIPHER *c) + if (c == NULL) + return 0; + ++ OPENSSL_init(); ++ + r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, + (const char *)c); + if (r == 0) + return (0); ++ check_defer(c->nid); + r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, + (const char *)c); + return (r); +@@ -34,11 +85,13 @@ int EVP_add_digest(const EVP_MD *md) + { + int r; + const char *name; ++ OPENSSL_init(); + + name = OBJ_nid2sn(md->type); + r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); + if (r == 0) + return (0); ++ check_defer(md->type); + r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, + (const char *)md); + if (r == 0) +@@ -49,6 +102,7 @@ int EVP_add_digest(const EVP_MD *md) + OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); + if (r == 0) + return (0); ++ check_defer(md->pkey_type); + r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), + OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name); + } +@@ -59,9 +113,6 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name) + { + const EVP_CIPHER *cp; + +- if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)) +- return NULL; +- + cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); + return (cp); + } +@@ -70,14 +121,11 @@ const EVP_MD *EVP_get_digestbyname(const char *name) + { + const EVP_MD *cp; + +- if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)) +- return NULL; +- + cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); + return (cp); + } + +-void evp_cleanup_int(void) ++void EVP_cleanup(void) + { + OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); + OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); +@@ -89,6 +137,10 @@ void evp_cleanup_int(void) + OBJ_NAME_cleanup(-1); + + EVP_PBE_cleanup(); ++ if (obj_cleanup_defer == 2) { ++ obj_cleanup_defer = 0; ++ OBJ_cleanup(); ++ } + OBJ_sigid_free(); + } + +@@ -112,10 +164,6 @@ void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph, + void *arg) + { + struct doall_cipher dc; +- +- /* Ignore errors */ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); +- + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); +@@ -126,10 +174,6 @@ void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph, + void *x), void *arg) + { + struct doall_cipher dc; +- +- /* Ignore errors */ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL); +- + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); +@@ -155,10 +199,6 @@ void EVP_MD_do_all(void (*fn) (const EVP_MD *md, + void *arg) + { + struct doall_md dc; +- +- /* Ignore errors */ +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); +- + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); +@@ -169,9 +209,6 @@ void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md, + void *x), void *arg) + { + struct doall_md dc; +- +- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); +- + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +index 7e55d0b..d06ab90 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c +@@ -1,15 +1,65 @@ ++/* p5_crpt.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -25,15 +75,17 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, + const EVP_MD *md, int en_de) + { +- EVP_MD_CTX *ctx; ++ EVP_MD_CTX ctx; + unsigned char md_tmp[EVP_MAX_MD_SIZE]; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; + int i; + PBEPARAM *pbe; + int saltlen, iter; + unsigned char *salt; ++ const unsigned char *pbuf; + int mdsize; + int rv = 0; ++ EVP_MD_CTX_init(&ctx); + + /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || +@@ -42,8 +94,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + return 0; + } + +- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); +- if (pbe == NULL) { ++ pbuf = param->value.sequence->data; ++ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); + return 0; + } +@@ -60,30 +112,24 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + else if (passlen == -1) + passlen = strlen(pass); + +- ctx = EVP_MD_CTX_new(); +- if (ctx == NULL) { +- EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (!EVP_DigestInit_ex(ctx, md, NULL)) ++ if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; +- if (!EVP_DigestUpdate(ctx, pass, passlen)) ++ if (!EVP_DigestUpdate(&ctx, pass, passlen)) + goto err; +- if (!EVP_DigestUpdate(ctx, salt, saltlen)) ++ if (!EVP_DigestUpdate(&ctx, salt, saltlen)) + goto err; + PBEPARAM_free(pbe); +- if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) ++ if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + goto err; + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; + for (i = 1; i < iter; i++) { +- if (!EVP_DigestInit_ex(ctx, md, NULL)) ++ if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; +- if (!EVP_DigestUpdate(ctx, md_tmp, mdsize)) ++ if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) + goto err; +- if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL)) ++ if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + goto err; + } + OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)); +@@ -98,6 +144,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH); + rv = 1; + err: +- EVP_MD_CTX_free(ctx); ++ EVP_MD_CTX_cleanup(&ctx); + return rv; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +index 2e45aa3..f2ae1e5 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c +@@ -1,24 +1,74 @@ ++/* p5_crpt2.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) + # include + # include + # include + # include "evp_locl.h" + + /* set this to print out info about the keygen algorithm */ +-/* #define OPENSSL_DEBUG_PKCS5V2 */ ++/* #define DEBUG_PKCS5V2 */ + +-# ifdef OPENSSL_DEBUG_PKCS5V2 ++# ifdef DEBUG_PKCS5V2 + static void h__dump(const unsigned char *p, int len); + # endif + +@@ -36,28 +86,21 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; + int cplen, j, k, tkeylen, mdlen; + unsigned long i = 1; +- HMAC_CTX *hctx_tpl = NULL, *hctx = NULL; ++ HMAC_CTX hctx_tpl, hctx; + + mdlen = EVP_MD_size(digest); + if (mdlen < 0) + return 0; + +- hctx_tpl = HMAC_CTX_new(); +- if (hctx_tpl == NULL) +- return 0; ++ HMAC_CTX_init(&hctx_tpl); + p = out; + tkeylen = keylen; + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); +- if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) { +- HMAC_CTX_free(hctx_tpl); +- return 0; +- } +- hctx = HMAC_CTX_new(); +- if (hctx == NULL) { +- HMAC_CTX_free(hctx_tpl); ++ if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { ++ HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + while (tkeylen) { +@@ -73,33 +116,31 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + itmp[1] = (unsigned char)((i >> 16) & 0xff); + itmp[2] = (unsigned char)((i >> 8) & 0xff); + itmp[3] = (unsigned char)(i & 0xff); +- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); ++ if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { ++ HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } +- if (!HMAC_Update(hctx, salt, saltlen) +- || !HMAC_Update(hctx, itmp, 4) +- || !HMAC_Final(hctx, digtmp, NULL)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); ++ if (!HMAC_Update(&hctx, salt, saltlen) ++ || !HMAC_Update(&hctx, itmp, 4) ++ || !HMAC_Final(&hctx, digtmp, NULL)) { ++ HMAC_CTX_cleanup(&hctx_tpl); ++ HMAC_CTX_cleanup(&hctx); + return 0; + } +- HMAC_CTX_reset(hctx); ++ HMAC_CTX_cleanup(&hctx); + memcpy(p, digtmp, cplen); + for (j = 1; j < iter; j++) { +- if (!HMAC_CTX_copy(hctx, hctx_tpl)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); ++ if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { ++ HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } +- if (!HMAC_Update(hctx, digtmp, mdlen) +- || !HMAC_Final(hctx, digtmp, NULL)) { +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); ++ if (!HMAC_Update(&hctx, digtmp, mdlen) ++ || !HMAC_Final(&hctx, digtmp, NULL)) { ++ HMAC_CTX_cleanup(&hctx_tpl); ++ HMAC_CTX_cleanup(&hctx); + return 0; + } +- HMAC_CTX_reset(hctx); ++ HMAC_CTX_cleanup(&hctx); + for (k = 0; k < cplen; k++) + p[k] ^= digtmp[k]; + } +@@ -107,9 +148,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, + i++; + p += cplen; + } +- HMAC_CTX_free(hctx); +- HMAC_CTX_free(hctx_tpl); +-# ifdef OPENSSL_DEBUG_PKCS5V2 ++ HMAC_CTX_cleanup(&hctx_tpl); ++# ifdef DEBUG_PKCS5V2 + fprintf(stderr, "Password:\n"); + h__dump(pass, passlen); + fprintf(stderr, "Salt:\n"); +@@ -151,21 +191,29 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, + const EVP_MD *md, int en_de) + { ++ const unsigned char *pbuf; ++ int plen; + PBE2PARAM *pbe2 = NULL; + const EVP_CIPHER *cipher; +- EVP_PBE_KEYGEN *kdf; + + int rv = 0; + +- pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param); +- if (pbe2 == NULL) { ++ if (param == NULL || param->type != V_ASN1_SEQUENCE || ++ param->value.sequence == NULL) { ++ EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); ++ goto err; ++ } ++ ++ pbuf = param->value.sequence->data; ++ plen = param->value.sequence->length; ++ if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR); + goto err; + } + + /* See if we recognise the key derivation function */ +- if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm), +- NULL, NULL, &kdf)) { ++ ++ if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, + EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); + goto err; +@@ -189,7 +237,8 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR); + goto err; + } +- rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de); ++ rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, ++ pbe2->keyfunc->parameter, c, md, en_de); + err: + PBE2PARAM_free(pbe2); + return rv; +@@ -200,7 +249,8 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + const EVP_CIPHER *c, const EVP_MD *md, int en_de) + { + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; +- int saltlen, iter; ++ const unsigned char *pbuf; ++ int saltlen, iter, plen; + int rv = 0; + unsigned int keylen = 0; + int prf_nid, hmac_md_nid; +@@ -216,9 +266,15 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + + /* Decode parameter */ + +- kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param); ++ if (!param || (param->type != V_ASN1_SEQUENCE)) { ++ EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); ++ goto err; ++ } ++ ++ pbuf = param->value.sequence->data; ++ plen = param->value.sequence->length; + +- if (kdf == NULL) { ++ if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) { + EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR); + goto err; + } +@@ -267,7 +323,7 @@ int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + return rv; + } + +-# ifdef OPENSSL_DEBUG_PKCS5V2 ++# ifdef DEBUG_PKCS5V2 + static void h__dump(const unsigned char *p, int len) + { + for (; len--; p++) +@@ -275,3 +331,4 @@ static void h__dump(const unsigned char *p, int len) + fprintf(stderr, "\n"); + } + # endif ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +index 6bec406..225b8b4 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_dec.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_dec.c +@@ -1,15 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/p_dec.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" +-#include ++#include "cryptlib.h" ++#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif + #include + #include + #include +@@ -20,7 +72,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, + int ret = -1; + + #ifndef OPENSSL_NO_RSA +- if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { ++ if (priv->type != EVP_PKEY_RSA) { + #endif + EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); + #ifndef OPENSSL_NO_RSA +@@ -28,8 +80,7 @@ int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, + } + + ret = +- RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv), +- RSA_PKCS1_PADDING); ++ RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING); + err: + #endif + return (ret); +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +index 3277fbb..f565f33 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_enc.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_enc.c +@@ -1,15 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/p_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" +-#include ++#include "cryptlib.h" ++#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif + #include + #include + #include +@@ -20,14 +72,14 @@ int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, + int ret = 0; + + #ifndef OPENSSL_NO_RSA +- if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) { ++ if (pubk->type != EVP_PKEY_RSA) { + #endif + EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA); + #ifndef OPENSSL_NO_RSA + goto err; + } + ret = +- RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk), ++ RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, + RSA_PKCS1_PADDING); + err: + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +index 9828620..545d04f 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c +@@ -1,45 +1,94 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/p_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include ++#include + #include +-#include +-#include +-#include +-#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++#ifndef OPENSSL_NO_DH ++# include ++#endif + +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++ ++#include "asn1_locl.h" + + static void EVP_PKEY_free_it(EVP_PKEY *x); + +-int EVP_PKEY_bits(const EVP_PKEY *pkey) ++int EVP_PKEY_bits(EVP_PKEY *pkey) + { + if (pkey && pkey->ameth && pkey->ameth->pkey_bits) + return pkey->ameth->pkey_bits(pkey); + return 0; + } + +-int EVP_PKEY_security_bits(const EVP_PKEY *pkey) +-{ +- if (pkey == NULL) +- return 0; +- if (!pkey->ameth || !pkey->ameth->pkey_security_bits) +- return -2; +- return pkey->ameth->pkey_security_bits(pkey); +-} +- + int EVP_PKEY_size(EVP_PKEY *pkey) + { + if (pkey && pkey->ameth && pkey->ameth->pkey_size) +@@ -72,10 +121,7 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) + + int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { +- if (to->type == EVP_PKEY_NONE) { +- if (EVP_PKEY_set_type(to, from->type) == 0) +- return 0; +- } else if (to->type != from->type) { ++ if (to->type != from->type) { + EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES); + goto err; + } +@@ -137,35 +183,22 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + + EVP_PKEY *EVP_PKEY_new(void) + { +- EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret)); ++ EVP_PKEY *ret; + ++ ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); + if (ret == NULL) { + EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; ++ return (NULL); + } + ret->type = EVP_PKEY_NONE; + ret->save_type = EVP_PKEY_NONE; + ret->references = 1; ++ ret->ameth = NULL; ++ ret->engine = NULL; ++ ret->pkey.ptr = NULL; ++ ret->attributes = NULL; + ret->save_parameters = 1; +- ret->lock = CRYPTO_THREAD_lock_new(); +- if (ret->lock == NULL) { +- EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(ret); +- return NULL; +- } +- return ret; +-} +- +-int EVP_PKEY_up_ref(EVP_PKEY *pkey) +-{ +- int i; +- +- if (CRYPTO_atomic_add(&pkey->references, 1, &i, pkey->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("EVP_PKEY", pkey); +- REF_ASSERT_ISNT(i < 2); +- return ((i > 1) ? 1 : 0); ++ return (ret); + } + + /* +@@ -188,8 +221,10 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) + return 1; + #ifndef OPENSSL_NO_ENGINE + /* If we have an ENGINE release it */ +- ENGINE_finish(pkey->engine); +- pkey->engine = NULL; ++ if (pkey->engine) { ++ ENGINE_finish(pkey->engine); ++ pkey->engine = NULL; ++ } + #endif + } + if (str) +@@ -197,10 +232,10 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) + else + ameth = EVP_PKEY_asn1_find(&e, type); + #ifndef OPENSSL_NO_ENGINE +- if (pkey == NULL) ++ if (!pkey && e) + ENGINE_finish(e); + #endif +- if (ameth == NULL) { ++ if (!ameth) { + EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM); + return 0; + } +@@ -232,23 +267,11 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) + return (key != NULL); + } + +-void *EVP_PKEY_get0(const EVP_PKEY *pkey) ++void *EVP_PKEY_get0(EVP_PKEY *pkey) + { + return pkey->pkey.ptr; + } + +-const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) +-{ +- ASN1_OCTET_STRING *os = NULL; +- if (pkey->type != EVP_PKEY_HMAC) { +- EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY); +- return NULL; +- } +- os = EVP_PKEY_get0(pkey); +- *len = os->length; +- return os->data; +-} +- + #ifndef OPENSSL_NO_RSA + int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) + { +@@ -258,22 +281,15 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) + return ret; + } + +-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) ++RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) + { + if (pkey->type != EVP_PKEY_RSA) { +- EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); ++ EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); + return NULL; + } ++ RSA_up_ref(pkey->pkey.rsa); + return pkey->pkey.rsa; + } +- +-RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) +-{ +- RSA *ret = EVP_PKEY_get0_RSA(pkey); +- if (ret != NULL) +- RSA_up_ref(ret); +- return ret; +-} + #endif + + #ifndef OPENSSL_NO_DSA +@@ -285,22 +301,15 @@ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) + return ret; + } + +-DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) ++DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) + { + if (pkey->type != EVP_PKEY_DSA) { +- EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY); ++ EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); + return NULL; + } ++ DSA_up_ref(pkey->pkey.dsa); + return pkey->pkey.dsa; + } +- +-DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) +-{ +- DSA *ret = EVP_PKEY_get0_DSA(pkey); +- if (ret != NULL) +- DSA_up_ref(ret); +- return ret; +-} + #endif + + #ifndef OPENSSL_NO_EC +@@ -313,22 +322,15 @@ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) + return ret; + } + +-EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) ++EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) + { + if (pkey->type != EVP_PKEY_EC) { +- EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); ++ EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY); + return NULL; + } ++ EC_KEY_up_ref(pkey->pkey.ec); + return pkey->pkey.ec; + } +- +-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) +-{ +- EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey); +- if (ret != NULL) +- EC_KEY_up_ref(ret); +- return ret; +-} + #endif + + #ifndef OPENSSL_NO_DH +@@ -341,22 +343,15 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) + return ret; + } + +-DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey) ++DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) + { + if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) { +- EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY); ++ EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); + return NULL; + } ++ DH_up_ref(pkey->pkey.dh); + return pkey->pkey.dh; + } +- +-DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) +-{ +- DH *ret = EVP_PKEY_get0_DH(pkey); +- if (ret != NULL) +- DH_up_ref(ret); +- return ret; +-} + #endif + + int EVP_PKEY_type(int type) +@@ -370,7 +365,8 @@ int EVP_PKEY_type(int type) + else + ret = NID_undef; + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(e); ++ if (e) ++ ENGINE_finish(e); + #endif + return ret; + } +@@ -392,27 +388,35 @@ void EVP_PKEY_free(EVP_PKEY *x) + if (x == NULL) + return; + +- CRYPTO_atomic_add(&x->references, -1, &i, x->lock); +- REF_PRINT_COUNT("EVP_PKEY", x); ++ i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); ++#ifdef REF_PRINT ++ REF_PRINT("EVP_PKEY", x); ++#endif + if (i > 0) + return; +- REF_ASSERT_ISNT(i < 0); ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "EVP_PKEY_free, bad reference count\n"); ++ abort(); ++ } ++#endif + EVP_PKEY_free_it(x); +- CRYPTO_THREAD_lock_free(x->lock); +- sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); ++ if (x->attributes) ++ sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); + OPENSSL_free(x); + } + + static void EVP_PKEY_free_it(EVP_PKEY *x) + { +- /* internal function; x is never NULL */ + if (x->ameth && x->ameth->pkey_free) { + x->ameth->pkey_free(x); + x->pkey.ptr = NULL; + } + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(x->engine); +- x->engine = NULL; ++ if (x->engine) { ++ ENGINE_finish(x->engine); ++ x->engine = NULL; ++ } + #endif + } + +@@ -451,34 +455,10 @@ int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, + return unsup_alg(out, pkey, indent, "Parameters"); + } + +-static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2) +-{ +- if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) +- return -2; +- return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2); +-} +- + int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) + { +- return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid); +-} +- +-int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, +- const unsigned char *pt, size_t ptlen) +-{ +- if (ptlen > INT_MAX) +- return 0; +- if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen, +- (void *)pt) <= 0) +- return 0; +- return 1; +-} +- +-size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt) +-{ +- int rv; +- rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt); +- if (rv <= 0) +- return 0; +- return rv; ++ if (!pkey->ameth || !pkey->ameth->pkey_ctrl) ++ return -2; ++ return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, ++ 0, pnid); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c +index b65bc74..229eb64 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_open.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_open.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/p_open.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" +-#ifdef OPENSSL_NO_RSA +-NON_EMPTY_TRANSLATION_UNIT +-#else ++#include ++#include "cryptlib.h" ++ ++#ifndef OPENSSL_NO_RSA + +-# include + # include + # include + # include +@@ -26,7 +74,7 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + int i, size = 0, ret = 0; + + if (type) { +- EVP_CIPHER_CTX_reset(ctx); ++ EVP_CIPHER_CTX_init(ctx); + if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) + return 0; + } +@@ -34,13 +82,13 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + if (!priv) + return 1; + +- if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) { ++ if (priv->type != EVP_PKEY_RSA) { + EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA); + goto err; + } + +- size = EVP_PKEY_size(priv); +- key = OPENSSL_malloc(size + 2); ++ size = RSA_size(priv->pkey.rsa); ++ key = (unsigned char *)OPENSSL_malloc(size + 2); + if (key == NULL) { + /* ERROR */ + EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE); +@@ -57,7 +105,9 @@ int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + + ret = 1; + err: +- OPENSSL_clear_free(key, size); ++ if (key != NULL) ++ OPENSSL_cleanse(key, size); ++ OPENSSL_free(key); + return (ret); + } + +@@ -70,4 +120,10 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); + return (i); + } ++#else /* !OPENSSL_NO_RSA */ ++ ++# ifdef PEDANTIC ++static void *dummy = &dummy; ++# endif ++ + #endif +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +index faa2464..ba9dfff 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_seal.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_seal.c +@@ -1,16 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/p_seal.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif + #include + #include + #include +@@ -23,7 +74,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + int i; + + if (type) { +- EVP_CIPHER_CTX_reset(ctx); ++ EVP_CIPHER_CTX_init(ctx); + if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) + return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c +index 6cb442e..1b9ba06 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_sign.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_sign.c +@@ -1,61 +1,133 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/p_sign.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "internal/evp_int.h" ++ ++#ifdef undef ++void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) ++{ ++ EVP_DigestInit_ex(ctx, type); ++} ++ ++void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) ++{ ++ EVP_DigestUpdate(ctx, data, count); ++} ++#endif + + int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey) + { + unsigned char m[EVP_MAX_MD_SIZE]; +- unsigned int m_len = 0; +- int i = 0; +- size_t sltmp; ++ unsigned int m_len; ++ int i = 0, ok = 0, v; ++ EVP_MD_CTX tmp_ctx; + EVP_PKEY_CTX *pkctx = NULL; + + *siglen = 0; +- if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { +- if (!EVP_DigestFinal_ex(ctx, m, &m_len)) ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) ++ goto err; ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ ++ if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { ++ size_t sltmp = (size_t)EVP_PKEY_size(pkey); ++ i = 0; ++ pkctx = EVP_PKEY_CTX_new(pkey, NULL); ++ if (!pkctx) + goto err; +- } else { +- int rv = 0; +- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); +- if (tmp_ctx == NULL) { +- EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE); +- return 0; ++ if (EVP_PKEY_sign_init(pkctx) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) ++ goto err; ++ if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) ++ goto err; ++ *siglen = sltmp; ++ i = 1; ++ err: ++ EVP_PKEY_CTX_free(pkctx); ++ return i; ++ } ++ ++ for (i = 0; i < 4; i++) { ++ v = ctx->digest->required_pkey_type[i]; ++ if (v == 0) ++ break; ++ if (pkey->type == v) { ++ ok = 1; ++ break; + } +- rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); +- if (rv) +- rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); +- EVP_MD_CTX_free(tmp_ctx); +- if (!rv) +- return 0; ++ } ++ if (!ok) { ++ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); ++ return (0); + } + +- sltmp = (size_t)EVP_PKEY_size(pkey); +- i = 0; +- pkctx = EVP_PKEY_CTX_new(pkey, NULL); +- if (pkctx == NULL) +- goto err; +- if (EVP_PKEY_sign_init(pkctx) <= 0) +- goto err; +- if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) +- goto err; +- if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) +- goto err; +- *siglen = sltmp; +- i = 1; +- err: +- EVP_PKEY_CTX_free(pkctx); +- return i; ++ if (ctx->digest->sign == NULL) { ++ EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED); ++ return (0); ++ } ++ return (ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, ++ pkey->pkey.ptr)); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +index 6e8c565..65e1e21 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c ++++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c +@@ -1,55 +1,116 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/evp/p_verify.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "internal/evp_int.h" + + int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey) + { + unsigned char m[EVP_MAX_MD_SIZE]; +- unsigned int m_len = 0; +- int i = 0; ++ unsigned int m_len; ++ int i = 0, ok = 0, v; ++ EVP_MD_CTX tmp_ctx; + EVP_PKEY_CTX *pkctx = NULL; + +- if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) { +- if (!EVP_DigestFinal_ex(ctx, m, &m_len)) ++ EVP_MD_CTX_init(&tmp_ctx); ++ if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) ++ goto err; ++ if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) ++ goto err; ++ EVP_MD_CTX_cleanup(&tmp_ctx); ++ ++ if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { ++ i = -1; ++ pkctx = EVP_PKEY_CTX_new(pkey, NULL); ++ if (!pkctx) ++ goto err; ++ if (EVP_PKEY_verify_init(pkctx) <= 0) ++ goto err; ++ if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; +- } else { +- int rv = 0; +- EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new(); +- if (tmp_ctx == NULL) { +- EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE); +- return 0; ++ i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); ++ err: ++ EVP_PKEY_CTX_free(pkctx); ++ return i; ++ } ++ ++ for (i = 0; i < 4; i++) { ++ v = ctx->digest->required_pkey_type[i]; ++ if (v == 0) ++ break; ++ if (pkey->type == v) { ++ ok = 1; ++ break; + } +- rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx); +- if (rv) +- rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len); +- EVP_MD_CTX_free(tmp_ctx); +- if (!rv) +- return 0; ++ } ++ if (!ok) { ++ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE); ++ return (-1); ++ } ++ if (ctx->digest->verify == NULL) { ++ EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); ++ return (0); + } + +- i = -1; +- pkctx = EVP_PKEY_CTX_new(pkey, NULL); +- if (pkctx == NULL) +- goto err; +- if (EVP_PKEY_verify_init(pkctx) <= 0) +- goto err; +- if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0) +- goto err; +- i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); +- err: +- EVP_PKEY_CTX_free(pkctx); +- return i; ++ return (ctx->digest->verify(ctx->digest->type, m, m_len, ++ sigbuf, siglen, pkey->pkey.ptr)); + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c +index eb63801..727869e 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c ++++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_fn.c +@@ -1,18 +1,68 @@ ++/* pmeth_fn.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/evp_int.h" ++#include "evp_locl.h" + + #define M_check_autoarg(ctx, arg, arglen, err) \ + if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) { \ +@@ -267,7 +317,8 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) + return -1; + } + +- EVP_PKEY_free(ctx->peerkey); ++ if (ctx->peerkey) ++ EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); +@@ -277,7 +328,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) + return ret; + } + +- EVP_PKEY_up_ref(peer); ++ CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY); + return 1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c +index 6adc3a9..6a4d357 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c ++++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_gn.c +@@ -1,19 +1,69 @@ ++/* pmeth_gn.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/bn_int.h" +-#include "internal/evp_int.h" ++#include ++#include "evp_locl.h" + + int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) + { +@@ -96,7 +146,7 @@ int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) + return -1; + } + +- if (ppkey == NULL) ++ if (!ppkey) + return -1; + + if (*ppkey == NULL) +@@ -129,7 +179,7 @@ EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) + + static int trans_cb(int a, int b, BN_GENCB *gcb) + { +- EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb); ++ EVP_PKEY_CTX *ctx = gcb->arg; + ctx->keygen_info[0] = a; + ctx->keygen_info[1] = b; + return ctx->pkey_gencb(ctx); +@@ -137,7 +187,7 @@ static int trans_cb(int a, int b, BN_GENCB *gcb) + + void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) + { +- BN_GENCB_set(cb, trans_cb, ctx); ++ BN_GENCB_set(cb, trans_cb, ctx) + } + + int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) +@@ -159,11 +209,14 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, + return NULL; + if (EVP_PKEY_keygen_init(mac_ctx) <= 0) + goto merr; +- if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0) ++ if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, ++ EVP_PKEY_CTRL_SET_MAC_KEY, ++ keylen, (void *)key) <= 0) + goto merr; + if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) + goto merr; + merr: +- EVP_PKEY_CTX_free(mac_ctx); ++ if (mac_ctx) ++ EVP_PKEY_CTX_free(mac_ctx); + return mac_key; + } +diff --git a/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c +index b7f06be..d066862 100644 +--- a/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c ++++ b/Cryptlib/OpenSSL/crypto/evp/pmeth_lib.c +@@ -1,25 +1,81 @@ ++/* pmeth_lib.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" +-#include ++#include "cryptlib.h" ++#include + #include +-#include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" +-#include "internal/numbers.h" ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#include "asn1_locl.h" ++#include "evp_locl.h" + + typedef int sk_cmp_fn_type(const char *const *a, const char *const *b); + +-static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; ++DECLARE_STACK_OF(EVP_PKEY_METHOD) ++STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; ++ ++extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; ++extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; ++extern const EVP_PKEY_METHOD dhx_pkey_meth; + + static const EVP_PKEY_METHOD *standard_methods[] = { + #ifndef OPENSSL_NO_RSA +@@ -39,13 +95,8 @@ static const EVP_PKEY_METHOD *standard_methods[] = { + &cmac_pkey_meth, + #endif + #ifndef OPENSSL_NO_DH +- &dhx_pkey_meth, ++ &dhx_pkey_meth + #endif +- &tls1_prf_pkey_meth, +-#ifndef OPENSSL_NO_EC +- &ecx25519_pkey_meth, +-#endif +- &hkdf_pkey_meth + }; + + DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *, +@@ -101,7 +152,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) + e = ENGINE_get_pkey_meth_engine(id); + + /* +- * If an ENGINE handled this method look it up. Otherwise use internal ++ * If an ENGINE handled this method look it up. Othewise use internal + * tables. + */ + +@@ -116,10 +167,11 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) + return NULL; + } + +- ret = OPENSSL_zalloc(sizeof(*ret)); +- if (ret == NULL) { ++ ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); ++ if (!ret) { + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(e); ++ if (e) ++ ENGINE_finish(e); + #endif + EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; +@@ -128,12 +180,14 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) + ret->pmeth = pmeth; + ret->operation = EVP_PKEY_OP_UNDEFINED; + ret->pkey = pkey; ++ ret->peerkey = NULL; ++ ret->pkey_gencb = 0; + if (pkey) +- EVP_PKEY_up_ref(pkey); ++ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ ret->data = NULL; + + if (pmeth->init) { + if (pmeth->init(ret) <= 0) { +- ret->pmeth = NULL; + EVP_PKEY_CTX_free(ret); + return NULL; + } +@@ -146,10 +200,12 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) + { + EVP_PKEY_METHOD *pmeth; + +- pmeth = OPENSSL_zalloc(sizeof(*pmeth)); +- if (pmeth == NULL) ++ pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); ++ if (!pmeth) + return NULL; + ++ memset(pmeth, 0, sizeof(EVP_PKEY_METHOD)); ++ + pmeth->pkey_id = id; + pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; + return pmeth; +@@ -233,8 +289,8 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) + return 0; + } + #endif +- rctx = OPENSSL_malloc(sizeof(*rctx)); +- if (rctx == NULL) ++ rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); ++ if (!rctx) + return NULL; + + rctx->pmeth = pctx->pmeth; +@@ -243,12 +299,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) + #endif + + if (pctx->pkey) +- EVP_PKEY_up_ref(pctx->pkey); ++ CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + + rctx->pkey = pctx->pkey; + + if (pctx->peerkey) +- EVP_PKEY_up_ref(pctx->peerkey); ++ CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + + rctx->peerkey = pctx->peerkey; + +@@ -259,7 +315,6 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) + if (pctx->pmeth->copy(rctx, pctx) > 0) + return rctx; + +- rctx->pmeth = NULL; + EVP_PKEY_CTX_free(rctx); + return NULL; + +@@ -269,7 +324,7 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) + { + if (app_pkey_methods == NULL) { + app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); +- if (app_pkey_methods == NULL) ++ if (!app_pkey_methods) + return 0; + } + if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) +@@ -284,10 +339,17 @@ void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) + return; + if (ctx->pmeth && ctx->pmeth->cleanup) + ctx->pmeth->cleanup(ctx); +- EVP_PKEY_free(ctx->pkey); +- EVP_PKEY_free(ctx->peerkey); ++ if (ctx->pkey) ++ EVP_PKEY_free(ctx->pkey); ++ if (ctx->peerkey) ++ EVP_PKEY_free(ctx->peerkey); + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(ctx->engine); ++ if (ctx->engine) ++ /* ++ * The EVP_PKEY_CTX we used belongs to an ENGINE, release the ++ * functional reference we held for this reason. ++ */ ++ ENGINE_finish(ctx->engine); + #endif + OPENSSL_free(ctx); + } +@@ -329,9 +391,9 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } +- if (strcmp(name, "digest") == 0) { ++ if (!strcmp(name, "digest")) { + const EVP_MD *md; +- if (value == NULL || (md = EVP_get_digestbyname(value)) == NULL) { ++ if (!value || !(md = EVP_get_digestbyname(value))) { + EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST); + return 0; + } +@@ -340,33 +402,6 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, + return ctx->pmeth->ctrl_str(ctx, name, value); + } + +-/* Utility functions to send a string of hex string to a ctrl */ +- +-int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str) +-{ +- size_t len; +- +- len = strlen(str); +- if (len > INT_MAX) +- return -1; +- return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str); +-} +- +-int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex) +-{ +- unsigned char *bin; +- long binlen; +- int rv = -1; +- +- bin = OPENSSL_hexstr2buf(hex, &binlen); +- if (bin == NULL) +- return 0; +- if (binlen <= INT_MAX) +- rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin); +- OPENSSL_free(bin); +- return rv; +-} +- + int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) + { + return ctx->operation; +@@ -552,170 +587,3 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + pmeth->ctrl = ctrl; + pmeth->ctrl_str = ctrl_str; + } +- +-void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth, +- int (**pinit) (EVP_PKEY_CTX *ctx)) +-{ +- *pinit = pmeth->init; +-} +- +-void EVP_PKEY_meth_get_copy(EVP_PKEY_METHOD *pmeth, +- int (**pcopy) (EVP_PKEY_CTX *dst, +- EVP_PKEY_CTX *src)) +-{ +- *pcopy = pmeth->copy; +-} +- +-void EVP_PKEY_meth_get_cleanup(EVP_PKEY_METHOD *pmeth, +- void (**pcleanup) (EVP_PKEY_CTX *ctx)) +-{ +- *pcleanup = pmeth->cleanup; +-} +- +-void EVP_PKEY_meth_get_paramgen(EVP_PKEY_METHOD *pmeth, +- int (**pparamgen_init) (EVP_PKEY_CTX *ctx), +- int (**pparamgen) (EVP_PKEY_CTX *ctx, +- EVP_PKEY *pkey)) +-{ +- if (pparamgen_init) +- *pparamgen_init = pmeth->paramgen_init; +- if (pparamgen) +- *pparamgen = pmeth->paramgen; +-} +- +-void EVP_PKEY_meth_get_keygen(EVP_PKEY_METHOD *pmeth, +- int (**pkeygen_init) (EVP_PKEY_CTX *ctx), +- int (**pkeygen) (EVP_PKEY_CTX *ctx, +- EVP_PKEY *pkey)) +-{ +- if (pkeygen_init) +- *pkeygen_init = pmeth->keygen_init; +- if (pkeygen) +- *pkeygen = pmeth->keygen; +-} +- +-void EVP_PKEY_meth_get_sign(EVP_PKEY_METHOD *pmeth, +- int (**psign_init) (EVP_PKEY_CTX *ctx), +- int (**psign) (EVP_PKEY_CTX *ctx, +- unsigned char *sig, size_t *siglen, +- const unsigned char *tbs, +- size_t tbslen)) +-{ +- if (psign_init) +- *psign_init = pmeth->sign_init; +- if (psign) +- *psign = pmeth->sign; +-} +- +-void EVP_PKEY_meth_get_verify(EVP_PKEY_METHOD *pmeth, +- int (**pverify_init) (EVP_PKEY_CTX *ctx), +- int (**pverify) (EVP_PKEY_CTX *ctx, +- const unsigned char *sig, +- size_t siglen, +- const unsigned char *tbs, +- size_t tbslen)) +-{ +- if (pverify_init) +- *pverify_init = pmeth->verify_init; +- if (pverify) +- *pverify = pmeth->verify; +-} +- +-void EVP_PKEY_meth_get_verify_recover(EVP_PKEY_METHOD *pmeth, +- int (**pverify_recover_init) (EVP_PKEY_CTX +- *ctx), +- int (**pverify_recover) (EVP_PKEY_CTX +- *ctx, +- unsigned char +- *sig, +- size_t *siglen, +- const unsigned +- char *tbs, +- size_t tbslen)) +-{ +- if (pverify_recover_init) +- *pverify_recover_init = pmeth->verify_recover_init; +- if (pverify_recover) +- *pverify_recover = pmeth->verify_recover; +-} +- +-void EVP_PKEY_meth_get_signctx(EVP_PKEY_METHOD *pmeth, +- int (**psignctx_init) (EVP_PKEY_CTX *ctx, +- EVP_MD_CTX *mctx), +- int (**psignctx) (EVP_PKEY_CTX *ctx, +- unsigned char *sig, +- size_t *siglen, +- EVP_MD_CTX *mctx)) +-{ +- if (psignctx_init) +- *psignctx_init = pmeth->signctx_init; +- if (psignctx) +- *psignctx = pmeth->signctx; +-} +- +-void EVP_PKEY_meth_get_verifyctx(EVP_PKEY_METHOD *pmeth, +- int (**pverifyctx_init) (EVP_PKEY_CTX *ctx, +- EVP_MD_CTX *mctx), +- int (**pverifyctx) (EVP_PKEY_CTX *ctx, +- const unsigned char *sig, +- int siglen, +- EVP_MD_CTX *mctx)) +-{ +- if (pverifyctx_init) +- *pverifyctx_init = pmeth->verifyctx_init; +- if (pverifyctx) +- *pverifyctx = pmeth->verifyctx; +-} +- +-void EVP_PKEY_meth_get_encrypt(EVP_PKEY_METHOD *pmeth, +- int (**pencrypt_init) (EVP_PKEY_CTX *ctx), +- int (**pencryptfn) (EVP_PKEY_CTX *ctx, +- unsigned char *out, +- size_t *outlen, +- const unsigned char *in, +- size_t inlen)) +-{ +- if (pencrypt_init) +- *pencrypt_init = pmeth->encrypt_init; +- if (pencryptfn) +- *pencryptfn = pmeth->encrypt; +-} +- +-void EVP_PKEY_meth_get_decrypt(EVP_PKEY_METHOD *pmeth, +- int (**pdecrypt_init) (EVP_PKEY_CTX *ctx), +- int (**pdecrypt) (EVP_PKEY_CTX *ctx, +- unsigned char *out, +- size_t *outlen, +- const unsigned char *in, +- size_t inlen)) +-{ +- if (pdecrypt_init) +- *pdecrypt_init = pmeth->decrypt_init; +- if (pdecrypt) +- *pdecrypt = pmeth->decrypt; +-} +- +-void EVP_PKEY_meth_get_derive(EVP_PKEY_METHOD *pmeth, +- int (**pderive_init) (EVP_PKEY_CTX *ctx), +- int (**pderive) (EVP_PKEY_CTX *ctx, +- unsigned char *key, +- size_t *keylen)) +-{ +- if (pderive_init) +- *pderive_init = pmeth->derive_init; +- if (pderive) +- *pderive = pmeth->derive; +-} +- +-void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth, +- int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1, +- void *p2), +- int (**pctrl_str) (EVP_PKEY_CTX *ctx, +- const char *type, +- const char *value)) +-{ +- if (pctrl) +- *pctrl = pmeth->ctrl; +- if (pctrl_str) +- *pctrl_str = pmeth->ctrl_str; +-} +diff --git a/Cryptlib/OpenSSL/crypto/evp/scrypt.c b/Cryptlib/OpenSSL/crypto/evp/scrypt.c +deleted file mode 100644 +index 101bb1e..0000000 +--- a/Cryptlib/OpenSSL/crypto/evp/scrypt.c ++++ /dev/null +@@ -1,248 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_NO_SCRYPT +- +-#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) +-static void salsa208_word_specification(uint32_t inout[16]) +-{ +- int i; +- uint32_t x[16]; +- memcpy(x, inout, sizeof(x)); +- for (i = 8; i > 0; i -= 2) { +- x[4] ^= R(x[0] + x[12], 7); +- x[8] ^= R(x[4] + x[0], 9); +- x[12] ^= R(x[8] + x[4], 13); +- x[0] ^= R(x[12] + x[8], 18); +- x[9] ^= R(x[5] + x[1], 7); +- x[13] ^= R(x[9] + x[5], 9); +- x[1] ^= R(x[13] + x[9], 13); +- x[5] ^= R(x[1] + x[13], 18); +- x[14] ^= R(x[10] + x[6], 7); +- x[2] ^= R(x[14] + x[10], 9); +- x[6] ^= R(x[2] + x[14], 13); +- x[10] ^= R(x[6] + x[2], 18); +- x[3] ^= R(x[15] + x[11], 7); +- x[7] ^= R(x[3] + x[15], 9); +- x[11] ^= R(x[7] + x[3], 13); +- x[15] ^= R(x[11] + x[7], 18); +- x[1] ^= R(x[0] + x[3], 7); +- x[2] ^= R(x[1] + x[0], 9); +- x[3] ^= R(x[2] + x[1], 13); +- x[0] ^= R(x[3] + x[2], 18); +- x[6] ^= R(x[5] + x[4], 7); +- x[7] ^= R(x[6] + x[5], 9); +- x[4] ^= R(x[7] + x[6], 13); +- x[5] ^= R(x[4] + x[7], 18); +- x[11] ^= R(x[10] + x[9], 7); +- x[8] ^= R(x[11] + x[10], 9); +- x[9] ^= R(x[8] + x[11], 13); +- x[10] ^= R(x[9] + x[8], 18); +- x[12] ^= R(x[15] + x[14], 7); +- x[13] ^= R(x[12] + x[15], 9); +- x[14] ^= R(x[13] + x[12], 13); +- x[15] ^= R(x[14] + x[13], 18); +- } +- for (i = 0; i < 16; ++i) +- inout[i] += x[i]; +- OPENSSL_cleanse(x, sizeof(x)); +-} +- +-static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) +-{ +- uint64_t i, j; +- uint32_t X[16], *pB; +- +- memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); +- pB = B; +- for (i = 0; i < r * 2; i++) { +- for (j = 0; j < 16; j++) +- X[j] ^= *pB++; +- salsa208_word_specification(X); +- memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); +- } +- OPENSSL_cleanse(X, sizeof(X)); +-} +- +-static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, +- uint32_t *X, uint32_t *T, uint32_t *V) +-{ +- unsigned char *pB; +- uint32_t *pV; +- uint64_t i, k; +- +- /* Convert from little endian input */ +- for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { +- *pV = *pB++; +- *pV |= *pB++ << 8; +- *pV |= *pB++ << 16; +- *pV |= (uint32_t)*pB++ << 24; +- } +- +- for (i = 1; i < N; i++, pV += 32 * r) +- scryptBlockMix(pV, pV - 32 * r, r); +- +- scryptBlockMix(X, V + (N - 1) * 32 * r, r); +- +- for (i = 0; i < N; i++) { +- uint32_t j; +- j = X[16 * (2 * r - 1)] % N; +- pV = V + 32 * r * j; +- for (k = 0; k < 32 * r; k++) +- T[k] = X[k] ^ *pV++; +- scryptBlockMix(X, T, r); +- } +- /* Convert output to little endian */ +- for (i = 0, pB = B; i < 32 * r; i++) { +- uint32_t xtmp = X[i]; +- *pB++ = xtmp & 0xff; +- *pB++ = (xtmp >> 8) & 0xff; +- *pB++ = (xtmp >> 16) & 0xff; +- *pB++ = (xtmp >> 24) & 0xff; +- } +-} +- +-#ifndef SIZE_MAX +-# define SIZE_MAX ((size_t)-1) +-#endif +- +-/* +- * Maximum power of two that will fit in uint64_t: this should work on +- * most (all?) platforms. +- */ +- +-#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) +- +-/* +- * Maximum value of p * r: +- * p <= ((2^32-1) * hLen) / MFLen => +- * p <= ((2^32-1) * 32) / (128 * r) => +- * p * r <= (2^30-1) +- * +- */ +- +-#define SCRYPT_PR_MAX ((1 << 30) - 1) +- +-/* +- * Maximum permitted memory allow this to be overridden with Configuration +- * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. +- */ +- +-#ifdef SCRYPT_MAX_MEM +-# if SCRYPT_MAX_MEM == 0 +-# undef SCRYPT_MAX_MEM +-/* +- * Although we could theoretically allocate SIZE_MAX memory that would leave +- * no memory available for anything else so set limit as half that. +- */ +-# define SCRYPT_MAX_MEM (SIZE_MAX/2) +-# endif +-#else +-/* Default memory limit: 32 MB */ +-# define SCRYPT_MAX_MEM (1024 * 1024 * 32) +-#endif +- +-int EVP_PBE_scrypt(const char *pass, size_t passlen, +- const unsigned char *salt, size_t saltlen, +- uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, +- unsigned char *key, size_t keylen) +-{ +- int rv = 0; +- unsigned char *B; +- uint32_t *X, *V, *T; +- uint64_t i, Blen, Vlen; +- size_t allocsize; +- +- /* Sanity check parameters */ +- /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ +- if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) +- return 0; +- /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ +- if (p > SCRYPT_PR_MAX / r) +- return 0; +- +- /* +- * Need to check N: if 2^(128 * r / 8) overflows limit this is +- * automatically satisfied since N <= UINT64_MAX. +- */ +- +- if (16 * r <= LOG2_UINT64_MAX) { +- if (N >= (((uint64_t)1) << (16 * r))) +- return 0; +- } +- +- /* Memory checks: check total allocated buffer size fits in uint64_t */ +- +- /* +- * B size in section 5 step 1.S +- * Note: we know p * 128 * r < UINT64_MAX because we already checked +- * p * r < SCRYPT_PR_MAX +- */ +- Blen = p * 128 * r; +- +- /* +- * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in +- * uint64_t and also size_t (their sizes are unrelated). +- * This is combined size V, X and T (section 4) +- */ +- i = UINT64_MAX / (32 * sizeof(uint32_t)); +- if (N + 2 > i / r) +- return 0; +- Vlen = 32 * r * (N + 2) * sizeof(uint32_t); +- +- /* check total allocated size fits in uint64_t */ +- if (Blen > UINT64_MAX - Vlen) +- return 0; +- /* check total allocated size fits in size_t */ +- if (Blen > SIZE_MAX - Vlen) +- return 0; +- +- allocsize = (size_t)(Blen + Vlen); +- +- if (maxmem == 0) +- maxmem = SCRYPT_MAX_MEM; +- +- if (allocsize > maxmem) { +- EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); +- return 0; +- } +- +- /* If no key return to indicate parameters are OK */ +- if (key == NULL) +- return 1; +- +- B = OPENSSL_malloc(allocsize); +- if (B == NULL) +- return 0; +- X = (uint32_t *)(B + Blen); +- T = X + 32 * r; +- V = T + 32 * r; +- if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), +- Blen, B) == 0) +- goto err; +- +- for (i = 0; i < p; i++) +- scryptROMix(B + 128 * r * i, r, N, X, T, V); +- +- if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(), +- keylen, key) == 0) +- goto err; +- rv = 1; +- err: +- OPENSSL_clear_free(B, allocsize); +- return rv; +-} +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c +index 84b6555..f96a517 100644 +--- a/Cryptlib/OpenSSL/crypto/ex_data.c ++++ b/Cryptlib/OpenSSL/crypto/ex_data.c +@@ -1,237 +1,441 @@ ++/* crypto/ex_data.c */ ++ + /* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Overhaul notes; ++ * ++ * This code is now *mostly* thread-safe. It is now easier to understand in what ++ * ways it is safe and in what ways it is not, which is an improvement. Firstly, ++ * all per-class stacks and index-counters for ex_data are stored in the same ++ * global LHASH table (keyed by class). This hash table uses locking for all ++ * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be ++ * called when no other threads can possibly race against it (even if it was ++ * locked, the race would mean it's possible the hash table might have been ++ * recreated after the cleanup). As classes can only be added to the hash table, ++ * and within each class, the stack of methods can only be incremented, the ++ * locking mechanics are simpler than they would otherwise be. For example, the ++ * new/dup/free ex_data functions will lock the hash table, copy the method ++ * pointers it needs from the relevant class, then unlock the hash table before ++ * actually applying those method pointers to the task of the new/dup/free ++ * operations. As they can't be removed from the method-stack, only ++ * supplemented, there's no race conditions associated with using them outside ++ * the lock. The get/set_ex_data functions are not locked because they do not ++ * involve this global state at all - they operate directly with a previously ++ * obtained per-class method index and a particular "ex_data" variable. These ++ * variables are usually instantiated per-context (eg. each RSA structure has ++ * one) so locking on read/write access to that variable can be locked locally ++ * if required (eg. using the "RSA" lock to synchronise access to a ++ * per-RSA-structure ex_data variable if required). ++ * [Geoff] ++ */ ++ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib_int.h" +-#include "internal/thread_once.h" ++#include "cryptlib.h" + #include + ++/* What an "implementation of ex_data functionality" looks like */ ++struct st_CRYPTO_EX_DATA_IMPL { ++ /*********************/ ++ /* GLOBAL OPERATIONS */ ++ /* Return a new class index */ ++ int (*cb_new_class) (void); ++ /* Cleanup all state used by the implementation */ ++ void (*cb_cleanup) (void); ++ /************************/ ++ /* PER-CLASS OPERATIONS */ ++ /* Get a new method index within a class */ ++ int (*cb_get_new_index) (int class_index, long argl, void *argp, ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++ /* Initialise a new CRYPTO_EX_DATA of a given class */ ++ int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); ++ /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ ++ int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to, ++ CRYPTO_EX_DATA *from); ++ /* Cleanup a CRYPTO_EX_DATA of a given class */ ++ void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad); ++}; ++ ++/* The implementation we use at run-time */ ++static const CRYPTO_EX_DATA_IMPL *impl = NULL; ++ + /* +- * Each structure type (sometimes called a class), that supports +- * exdata has a stack of callbacks for each instance. ++ * To call "impl" functions, use this macro rather than referring to 'impl' ++ * directly, eg. EX_IMPL(get_new_index)(...); + */ +-struct ex_callback_st { +- long argl; /* Arbitrary long */ +- void *argp; /* Arbitrary void * */ +- CRYPTO_EX_new *new_func; +- CRYPTO_EX_free *free_func; +- CRYPTO_EX_dup *dup_func; ++#define EX_IMPL(a) impl->cb_##a ++ ++/* Predeclare the "default" ex_data implementation */ ++static int int_new_class(void); ++static void int_cleanup(void); ++static int int_get_new_index(int class_index, long argl, void *argp, ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func); ++static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); ++static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, ++ CRYPTO_EX_DATA *from); ++static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); ++static CRYPTO_EX_DATA_IMPL impl_default = { ++ int_new_class, ++ int_cleanup, ++ int_get_new_index, ++ int_new_ex_data, ++ int_dup_ex_data, ++ int_free_ex_data + }; + + /* +- * The state for each class. This could just be a typedef, but +- * a structure allows future changes. ++ * Internal function that checks whether "impl" is set and if not, sets it to ++ * the default. + */ +-typedef struct ex_callbacks_st { +- STACK_OF(EX_CALLBACK) *meth; +-} EX_CALLBACKS; ++static void impl_check(void) ++{ ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ if (!impl) ++ impl = &impl_default; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++} + +-static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT]; ++/* ++ * A macro wrapper for impl_check that first uses a non-locked test before ++ * invoking the function (which checks again inside a lock). ++ */ ++#define IMPL_CHECK if(!impl) impl_check(); + +-static CRYPTO_RWLOCK *ex_data_lock = NULL; +-static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT; ++/* API functions to get/set the "ex_data" implementation */ ++const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) ++{ ++ IMPL_CHECK return impl; ++} + +-DEFINE_RUN_ONCE_STATIC(do_ex_data_init) ++int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) + { +- OPENSSL_init_crypto(0, NULL); +- ex_data_lock = CRYPTO_THREAD_lock_new(); +- return ex_data_lock != NULL; ++ int toret = 0; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ if (!impl) { ++ impl = i; ++ toret = 1; ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ return toret; + } + ++/****************************************************************************/ + /* +- * Return the EX_CALLBACKS from the |ex_data| array that corresponds to +- * a given class. On success, *holds the lock.* ++ * Interal (default) implementation of "ex_data" support. API functions are ++ * further down. + */ +-static EX_CALLBACKS *get_and_lock(int class_index) +-{ +- EX_CALLBACKS *ip; + +- if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) { +- CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_PASSED_INVALID_ARGUMENT); +- return NULL; +- } ++/* ++ * The type that represents what each "class" used to implement locally. A ++ * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is ++ * the global value representing the class that is used to distinguish these ++ * items. ++ */ ++typedef struct st_ex_class_item { ++ int class_index; ++ STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; ++ int meth_num; ++} EX_CLASS_ITEM; + +- if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) { +- CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE); +- return NULL; +- } ++/* When assigning new class indexes, this is our counter */ ++static int ex_class = CRYPTO_EX_INDEX_USER; + +- if (ex_data_lock == NULL) { +- /* +- * This can happen in normal operation when using CRYPTO_mem_leaks(). +- * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans +- * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets +- * freed, which also attempts to free the ex_data. However +- * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e. +- * before OPENSSL_cleanup() is called), so if we get here we can safely +- * ignore this operation. We just treat it as an error. +- */ +- return NULL; +- } ++/* The global hash table of EX_CLASS_ITEM items */ ++DECLARE_LHASH_OF(EX_CLASS_ITEM); ++static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL; + +- ip = &ex_data[class_index]; +- CRYPTO_THREAD_write_lock(ex_data_lock); +- return ip; ++/* The callbacks required in the "ex_data" hash table */ ++static unsigned long ex_class_item_hash(const EX_CLASS_ITEM *a) ++{ ++ return a->class_index; + } + +-static void cleanup_cb(EX_CALLBACK *funcs) ++static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM) ++ ++static int ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b) + { +- OPENSSL_free(funcs); ++ return a->class_index - b->class_index; + } + ++static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM) ++ + /* +- * Release all "ex_data" state to prevent memory leaks. This can't be made +- * thread-safe without overhauling a lot of stuff, and shouldn't really be +- * called under potential race-conditions anyway (it's for program shutdown +- * after all). ++ * Internal functions used by the "impl_default" implementation to access the ++ * state + */ +-void crypto_cleanup_all_ex_data_int(void) ++static int ex_data_check(void) + { +- int i; +- +- for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) { +- EX_CALLBACKS *ip = &ex_data[i]; +- +- sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb); +- ip->meth = NULL; +- } +- +- CRYPTO_THREAD_lock_free(ex_data_lock); +- ex_data_lock = NULL; ++ int toret = 1; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ if (!ex_data && (ex_data = lh_EX_CLASS_ITEM_new()) == NULL) ++ toret = 0; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ return toret; + } + +- + /* +- * Unregister a new index by replacing the callbacks with no-ops. +- * Any in-use instances are leaked. ++ * This macros helps reduce the locking from repeated checks because the ++ * ex_data_check() function checks ex_data again inside a lock. + */ +-static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, +- long argl, void *argp) +-{ +-} ++#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail} + +-static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, +- long argl, void *argp) ++/* This "inner" callback is used by the callback function that follows it */ ++static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) + { ++ OPENSSL_free(funcs); + } + +-static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, +- void *from_d, int idx, +- long argl, void *argp) ++/* ++ * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from ++ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't ++ * do any locking. ++ */ ++static void def_cleanup_cb(void *a_void) + { +- return 0; ++ EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; ++ sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); ++ OPENSSL_free(item); + } + +-int CRYPTO_free_ex_index(int class_index, int idx) ++/* ++ * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to ++ * a given class. Handles locking. ++ */ ++static EX_CLASS_ITEM *def_get_class(int class_index) + { +- EX_CALLBACKS *ip = get_and_lock(class_index); +- EX_CALLBACK *a; +- int toret = 0; +- +- if (ip == NULL) +- return 0; +- if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth)) +- goto err; +- a = sk_EX_CALLBACK_value(ip->meth, idx); +- if (a == NULL) +- goto err; +- a->new_func = dummy_new; +- a->dup_func = dummy_dup; +- a->free_func = dummy_free; +- toret = 1; +-err: +- CRYPTO_THREAD_unlock(ex_data_lock); +- return toret; ++ EX_CLASS_ITEM d, *p, *gen; ++ EX_DATA_CHECK(return NULL;) ++ d.class_index = class_index; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); ++ if (!p) { ++ gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); ++ if (gen) { ++ gen->class_index = class_index; ++ gen->meth_num = 0; ++ gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); ++ if (!gen->meth) ++ OPENSSL_free(gen); ++ else { ++ /* ++ * Because we're inside the ex_data lock, the return value ++ * from the insert will be NULL ++ */ ++ (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); ++ p = gen; ++ } ++ } ++ } ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ if (!p) ++ CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE); ++ return p; + } + + /* +- * Register a new index. ++ * Add a new method to the given EX_CLASS_ITEM and return the corresponding ++ * index (or -1 for error). Handles locking. + */ +-int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, +- CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, +- CRYPTO_EX_free *free_func) ++static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) + { + int toret = -1; +- EX_CALLBACK *a; +- EX_CALLBACKS *ip = get_and_lock(class_index); +- +- if (ip == NULL) ++ CRYPTO_EX_DATA_FUNCS *a = ++ (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); ++ if (!a) { ++ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); + return -1; +- +- if (ip->meth == NULL) { +- ip->meth = sk_EX_CALLBACK_new_null(); +- /* We push an initial value on the stack because the SSL +- * "app_data" routines use ex_data index zero. See RT 3710. */ +- if (ip->meth == NULL +- || !sk_EX_CALLBACK_push(ip->meth, NULL)) { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- } +- +- a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a)); +- if (a == NULL) { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); +- goto err; + } + a->argl = argl; + a->argp = argp; + a->new_func = new_func; + a->dup_func = dup_func; + a->free_func = free_func; +- +- if (!sk_EX_CALLBACK_push(ip->meth, NULL)) { +- CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(a); +- goto err; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) { ++ if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) { ++ CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); ++ OPENSSL_free(a); ++ goto err; ++ } + } +- toret = sk_EX_CALLBACK_num(ip->meth) - 1; +- (void)sk_EX_CALLBACK_set(ip->meth, toret, a); +- ++ toret = item->meth_num++; ++ (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); + err: +- CRYPTO_THREAD_unlock(ex_data_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); ++ return toret; ++} ++ ++/**************************************************************/ ++/* The functions in the default CRYPTO_EX_DATA_IMPL structure */ ++ ++static int int_new_class(void) ++{ ++ int toret; ++ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); ++ toret = ex_class++; ++ CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); + return toret; + } + ++static void int_cleanup(void) ++{ ++ EX_DATA_CHECK(return;) ++ lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb); ++ lh_EX_CLASS_ITEM_free(ex_data); ++ ex_data = NULL; ++ impl = NULL; ++} ++ ++static int int_get_new_index(int class_index, long argl, void *argp, ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ EX_CLASS_ITEM *item = def_get_class(class_index); ++ if (!item) ++ return -1; ++ return def_add_index(item, argl, argp, new_func, dup_func, free_func); ++} ++ + /* +- * Initialise a new CRYPTO_EX_DATA for use in a particular class - including +- * calling new() callbacks for each index in the class used by this variable +- * Thread-safe by copying a class's array of "EX_CALLBACK" entries +- * in the lock, then using them outside the lock. Note this only applies +- * to the global "ex_data" state (ie. class definitions), not 'ad' itself. ++ * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries ++ * in the lock, then using them outside the lock. NB: Thread-safety only ++ * applies to the global "ex_data" state (ie. class definitions), not ++ * thread-safe on 'ad' itself. + */ +-int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) ++static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) + { + int mx, i; + void *ptr; +- EX_CALLBACK **storage = NULL; +- EX_CALLBACK *stack[10]; +- EX_CALLBACKS *ip = get_and_lock(class_index); +- +- if (ip == NULL) ++ CRYPTO_EX_DATA_FUNCS **storage = NULL; ++ EX_CLASS_ITEM *item = def_get_class(class_index); ++ if (!item) ++ /* error is already set */ + return 0; +- + ad->sk = NULL; +- +- mx = sk_EX_CALLBACK_num(ip->meth); ++ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); ++ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); + if (mx > 0) { +- if (mx < (int)OSSL_NELEM(stack)) +- storage = stack; +- else +- storage = OPENSSL_malloc(sizeof(*storage) * mx); +- if (storage != NULL) +- for (i = 0; i < mx; i++) +- storage[i] = sk_EX_CALLBACK_value(ip->meth, i); ++ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); ++ if (!storage) ++ goto skip; ++ for (i = 0; i < mx; i++) ++ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); + } +- CRYPTO_THREAD_unlock(ex_data_lock); +- +- if (mx > 0 && storage == NULL) { +- CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); ++ skip: ++ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); ++ if ((mx > 0) && !storage) { ++ CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE); + return 0; + } + for (i = 0; i < mx; i++) { +@@ -241,50 +445,42 @@ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) + storage[i]->argl, storage[i]->argp); + } + } +- if (storage != stack) ++ if (storage) + OPENSSL_free(storage); + return 1; + } + +-/* +- * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks +- * for each index in the class used by this variable +- */ +-int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, +- const CRYPTO_EX_DATA *from) ++/* Same thread-safety notes as for "int_new_ex_data" */ ++static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, ++ CRYPTO_EX_DATA *from) + { + int mx, j, i; + char *ptr; +- EX_CALLBACK *stack[10]; +- EX_CALLBACK **storage = NULL; +- EX_CALLBACKS *ip; +- +- if (from->sk == NULL) +- /* Nothing to copy over */ ++ CRYPTO_EX_DATA_FUNCS **storage = NULL; ++ EX_CLASS_ITEM *item; ++ if (!from->sk) ++ /* 'to' should be "blank" which *is* just like 'from' */ + return 1; +- if ((ip = get_and_lock(class_index)) == NULL) ++ if ((item = def_get_class(class_index)) == NULL) + return 0; +- +- mx = sk_EX_CALLBACK_num(ip->meth); ++ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); ++ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); + j = sk_void_num(from->sk); + if (j < mx) + mx = j; + if (mx > 0) { +- if (mx < (int)OSSL_NELEM(stack)) +- storage = stack; +- else +- storage = OPENSSL_malloc(sizeof(*storage) * mx); +- if (storage != NULL) +- for (i = 0; i < mx; i++) +- storage[i] = sk_EX_CALLBACK_value(ip->meth, i); ++ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); ++ if (!storage) ++ goto skip; ++ for (i = 0; i < mx; i++) ++ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); + } +- CRYPTO_THREAD_unlock(ex_data_lock); +- +- if (mx > 0 && storage == NULL) { +- CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); ++ skip: ++ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); ++ if ((mx > 0) && !storage) { ++ CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE); + return 0; + } +- + for (i = 0; i < mx; i++) { + ptr = CRYPTO_get_ex_data(from, i); + if (storage[i] && storage[i]->dup_func) +@@ -292,59 +488,118 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + storage[i]->argl, storage[i]->argp); + CRYPTO_set_ex_data(to, i, ptr); + } +- if (storage != stack) ++ if (storage) + OPENSSL_free(storage); + return 1; + } + +- +-/* +- * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for +- * each index in the class used by this variable +- */ +-void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) ++/* Same thread-safety notes as for "int_new_ex_data" */ ++static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) + { + int mx, i; +- EX_CALLBACKS *ip; ++ EX_CLASS_ITEM *item; + void *ptr; +- EX_CALLBACK *f; +- EX_CALLBACK *stack[10]; +- EX_CALLBACK **storage = NULL; +- +- if ((ip = get_and_lock(class_index)) == NULL) +- goto err; +- +- mx = sk_EX_CALLBACK_num(ip->meth); ++ CRYPTO_EX_DATA_FUNCS **storage = NULL; ++ if (ex_data == NULL) ++ return; ++ if ((item = def_get_class(class_index)) == NULL) ++ return; ++ CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); ++ mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); + if (mx > 0) { +- if (mx < (int)OSSL_NELEM(stack)) +- storage = stack; +- else +- storage = OPENSSL_malloc(sizeof(*storage) * mx); +- if (storage != NULL) +- for (i = 0; i < mx; i++) +- storage[i] = sk_EX_CALLBACK_value(ip->meth, i); ++ storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *)); ++ if (!storage) ++ goto skip; ++ for (i = 0; i < mx; i++) ++ storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i); ++ } ++ skip: ++ CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); ++ if ((mx > 0) && !storage) { ++ CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE); ++ return; + } +- CRYPTO_THREAD_unlock(ex_data_lock); +- + for (i = 0; i < mx; i++) { +- if (storage != NULL) +- f = storage[i]; +- else { +- CRYPTO_THREAD_write_lock(ex_data_lock); +- f = sk_EX_CALLBACK_value(ip->meth, i); +- CRYPTO_THREAD_unlock(ex_data_lock); +- } +- if (f != NULL && f->free_func != NULL) { ++ if (storage[i] && storage[i]->free_func) { + ptr = CRYPTO_get_ex_data(ad, i); +- f->free_func(obj, ptr, ad, i, f->argl, f->argp); ++ storage[i]->free_func(obj, ptr, ad, i, ++ storage[i]->argl, storage[i]->argp); + } + } +- +- if (storage != stack) ++ if (storage) + OPENSSL_free(storage); +- err: +- sk_void_free(ad->sk); +- ad->sk = NULL; ++ if (ad->sk) { ++ sk_void_free(ad->sk); ++ ad->sk = NULL; ++ } ++} ++ ++/********************************************************************/ ++/* ++ * API functions that defer all "state" operations to the "ex_data" ++ * implementation we have set. ++ */ ++ ++/* ++ * Obtain an index for a new class (not the same as getting a new index ++ * within an existing class - this is actually getting a new *class*) ++ */ ++int CRYPTO_ex_data_new_class(void) ++{ ++ IMPL_CHECK return EX_IMPL(new_class) (); ++} ++ ++/* ++ * Release all "ex_data" state to prevent memory leaks. This can't be made ++ * thread-safe without overhauling a lot of stuff, and shouldn't really be ++ * called under potential race-conditions anyway (it's for program shutdown ++ * after all). ++ */ ++void CRYPTO_cleanup_all_ex_data(void) ++{ ++ IMPL_CHECK EX_IMPL(cleanup) (); ++} ++ ++/* Inside an existing class, get/register a new index. */ ++int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, ++ CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ int ret = -1; ++ ++ IMPL_CHECK ++ ret = EX_IMPL(get_new_index) (class_index, ++ argl, argp, new_func, dup_func, ++ free_func); ++ return ret; ++} ++ ++/* ++ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including ++ * calling new() callbacks for each index in the class used by this variable ++ */ ++int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) ++{ ++ IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad); ++} ++ ++/* ++ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks ++ * for each index in the class used by this variable ++ */ ++int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, ++ CRYPTO_EX_DATA *from) ++{ ++ IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from); ++} ++ ++/* ++ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for ++ * each index in the class used by this variable ++ */ ++void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) ++{ ++ IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad); + } + + /* +@@ -358,18 +613,20 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) + if (ad->sk == NULL) { + if ((ad->sk = sk_void_new_null()) == NULL) { + CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); +- return 0; ++ return (0); + } + } ++ i = sk_void_num(ad->sk); + +- for (i = sk_void_num(ad->sk); i <= idx; ++i) { ++ while (i <= idx) { + if (!sk_void_push(ad->sk, NULL)) { + CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE); +- return 0; ++ return (0); + } ++ i++; + } + sk_void_set(ad->sk, idx, val); +- return 1; ++ return (1); + } + + /* +@@ -378,7 +635,12 @@ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) + */ + void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) + { +- if (ad->sk == NULL || idx >= sk_void_num(ad->sk)) +- return NULL; +- return sk_void_value(ad->sk, idx); ++ if (ad->sk == NULL) ++ return (0); ++ else if (idx >= sk_void_num(ad->sk)) ++ return (0); ++ else ++ return (sk_void_value(ad->sk, idx)); + } ++ ++IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) +diff --git a/Cryptlib/OpenSSL/crypto/fips_ers.c b/Cryptlib/OpenSSL/crypto/fips_ers.c +new file mode 100644 +index 0000000..1788ed2 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/fips_ers.c +@@ -0,0 +1,7 @@ ++#include ++ ++#ifdef OPENSSL_FIPS ++# include "fips_err.h" ++#else ++static void *dummy = &dummy; ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c b/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c +index 78ae0ea..944c6c8 100644 +--- a/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c ++++ b/Cryptlib/OpenSSL/crypto/hmac/hm_ameth.c +@@ -1,16 +1,65 @@ + /* +- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2007. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "internal/asn1_int.h" ++#include "asn1_locl.h" + + #define HMAC_TEST_PRIVATE_KEY_FORMAT + +@@ -26,7 +75,7 @@ static int hmac_size(const EVP_PKEY *pkey) + + static void hmac_key_free(EVP_PKEY *pkey) + { +- ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey); ++ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (os) { + if (os->data) + OPENSSL_cleanse(os->data, os->length); +@@ -46,11 +95,6 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + } + } + +-static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +-{ +- return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)); +-} +- + #ifdef HMAC_TEST_PRIVATE_KEY_FORMAT + /* + * A bogus private key format for test purposes. This is simply the HMAC key +@@ -63,7 +107,7 @@ static int old_hmac_decode(EVP_PKEY *pkey, + { + ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); +- if (os == NULL || !ASN1_OCTET_STRING_set(os, *pder, derlen)) ++ if (!os || !ASN1_OCTET_STRING_set(os, *pder, derlen)) + goto err; + if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os)) + goto err; +@@ -77,12 +121,10 @@ static int old_hmac_decode(EVP_PKEY *pkey, + static int old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + int inc; +- ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey); ++ ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + if (pder) { + if (!*pder) { + *pder = OPENSSL_malloc(os->length); +- if (*pder == NULL) +- return -1; + inc = 0; + } else + inc = 1; +@@ -106,12 +148,12 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { + "HMAC", + "OpenSSL HMAC method", + +- 0, 0, hmac_pkey_public_cmp, 0, ++ 0, 0, 0, 0, + + 0, 0, 0, + + hmac_size, +- 0, 0, ++ 0, + 0, 0, 0, 0, 0, 0, 0, + + hmac_key_free, +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c b/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c +index 5b98477..0ffff79 100644 +--- a/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c ++++ b/Cryptlib/OpenSSL/crypto/hmac/hm_pmeth.c +@@ -1,41 +1,89 @@ + /* +- * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2007. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/evp_int.h" ++#include "evp_locl.h" + + /* HMAC pkey context structure */ + + typedef struct { + const EVP_MD *md; /* MD for HMAC use */ + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ +- HMAC_CTX *ctx; ++ HMAC_CTX ctx; + } HMAC_PKEY_CTX; + + static int pkey_hmac_init(EVP_PKEY_CTX *ctx) + { + HMAC_PKEY_CTX *hctx; +- +- hctx = OPENSSL_zalloc(sizeof(*hctx)); +- if (hctx == NULL) ++ hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); ++ if (!hctx) + return 0; ++ hctx->md = NULL; ++ hctx->ktmp.data = NULL; ++ hctx->ktmp.length = 0; ++ hctx->ktmp.flags = 0; + hctx->ktmp.type = V_ASN1_OCTET_STRING; +- hctx->ctx = HMAC_CTX_new(); +- if (hctx->ctx == NULL) { +- OPENSSL_free(hctx); +- return 0; +- } ++ HMAC_CTX_init(&hctx->ctx); + + ctx->data = hctx; + ctx->keygen_info_count = 0; +@@ -43,42 +91,36 @@ static int pkey_hmac_init(EVP_PKEY_CTX *ctx) + return 1; + } + +-static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx); +- + static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + { + HMAC_PKEY_CTX *sctx, *dctx; +- +- /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */ + if (!pkey_hmac_init(dst)) + return 0; +- sctx = EVP_PKEY_CTX_get_data(src); +- dctx = EVP_PKEY_CTX_get_data(dst); ++ sctx = src->data; ++ dctx = dst->data; + dctx->md = sctx->md; +- if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx)) +- goto err; ++ HMAC_CTX_init(&dctx->ctx); ++ if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) ++ return 0; + if (sctx->ktmp.data) { + if (!ASN1_OCTET_STRING_set(&dctx->ktmp, + sctx->ktmp.data, sctx->ktmp.length)) +- goto err; ++ return 0; + } + return 1; +-err: +- /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */ +- pkey_hmac_cleanup (dst); +- return 0; + } + + static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) + { +- HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx); +- +- if (hctx != NULL) { +- HMAC_CTX_free(hctx->ctx); +- OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length); +- OPENSSL_free(hctx); +- EVP_PKEY_CTX_set_data(ctx, NULL); ++ HMAC_PKEY_CTX *hctx = ctx->data; ++ HMAC_CTX_cleanup(&hctx->ctx); ++ if (hctx->ktmp.data) { ++ if (hctx->ktmp.length) ++ OPENSSL_cleanse(hctx->ktmp.data, hctx->ktmp.length); ++ OPENSSL_free(hctx->ktmp.data); ++ hctx->ktmp.data = NULL; + } ++ OPENSSL_free(hctx); + } + + static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +@@ -97,8 +139,8 @@ static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + + static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) + { +- HMAC_PKEY_CTX *hctx = EVP_MD_CTX_pkey_ctx(ctx)->data; +- if (!HMAC_Update(hctx->ctx, data, count)) ++ HMAC_PKEY_CTX *hctx = ctx->pctx->data; ++ if (!HMAC_Update(&hctx->ctx, data, count)) + return 0; + return 1; + } +@@ -106,10 +148,9 @@ static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count) + static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) + { + HMAC_PKEY_CTX *hctx = ctx->data; +- HMAC_CTX_set_flags(hctx->ctx, +- EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT)); ++ HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); +- EVP_MD_CTX_set_update_fn(mctx, int_update); ++ mctx->update = int_update; + return 1; + } + +@@ -126,7 +167,7 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + if (!sig) + return 1; + +- if (!HMAC_Final(hctx->ctx, sig, &hlen)) ++ if (!HMAC_Final(&hctx->ctx, sig, &hlen)) + return 0; + *siglen = (size_t)hlen; + return 1; +@@ -151,7 +192,7 @@ static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + + case EVP_PKEY_CTRL_DIGESTINIT: + key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; +- if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, ++ if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, + ctx->engine)) + return 0; + break; +@@ -169,10 +210,21 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, + if (!value) { + return 0; + } +- if (strcmp(type, "key") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); +- if (strcmp(type, "hexkey") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value); ++ if (!strcmp(type, "key")) { ++ void *p = (void *)value; ++ return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); ++ } ++ if (!strcmp(type, "hexkey")) { ++ unsigned char *key; ++ int r; ++ long keylen; ++ key = string_to_hex(value, &keylen); ++ if (!key) ++ return 0; ++ r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); ++ OPENSSL_free(key); ++ return r; ++ } + return -2; + } + +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +index 3374105..213504e 100644 +--- a/Cryptlib/OpenSSL/crypto/hmac/hmac.c ++++ b/Cryptlib/OpenSSL/crypto/hmac/hmac.c +@@ -1,19 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/hmac/hmac.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ +- + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include +-#include "hmac_lcl.h" ++ ++#ifdef OPENSSL_FIPS ++# include ++#endif + + int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md, ENGINE *impl) +@@ -21,6 +71,32 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + int i, j, reset = 0; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; + ++#ifdef OPENSSL_FIPS ++ /* If FIPS mode switch to approved implementation if possible */ ++ if (FIPS_mode()) { ++ const EVP_MD *fipsmd; ++ if (md) { ++ fipsmd = FIPS_get_digestbynid(EVP_MD_type(md)); ++ if (fipsmd) ++ md = fipsmd; ++ } ++ } ++ ++ if (FIPS_mode()) { ++ /* If we have an ENGINE need to allow non FIPS */ ++ if ((impl || ctx->i_ctx.engine) ++ && !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) { ++ EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS); ++ return 0; ++ } ++ /* ++ * Other algorithm blocking will be done in FIPS_cmac_init, via ++ * FIPS_hmac_init_ex(). ++ */ ++ if (!impl && !ctx->i_ctx.engine) ++ return FIPS_hmac_init_ex(ctx, key, len, md, NULL); ++ } ++#endif + /* If we are changing MD then we must have a key */ + if (md != NULL && md != ctx->md && (key == NULL || len < 0)) + return 0; +@@ -39,11 +115,11 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + j = EVP_MD_block_size(md); + OPENSSL_assert(j <= (int)sizeof(ctx->key)); + if (j < len) { +- if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)) ++ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) + goto err; +- if (!EVP_DigestUpdate(ctx->md_ctx, key, len)) ++ if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) + goto err; +- if (!EVP_DigestFinal_ex(ctx->md_ctx, ctx->key, ++ if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, + &ctx->key_length)) + goto err; + } else { +@@ -60,181 +136,133 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, + if (reset) { + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x36 ^ ctx->key[i]; +- if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)) ++ if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) + goto err; +- if (!EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md))) ++ if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) + goto err; + + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x5c ^ ctx->key[i]; +- if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)) ++ if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) + goto err; +- if (!EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md))) ++ if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) + goto err; + } +- if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx)) ++ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) + goto err; + return 1; + err: + return 0; + } + +-#if OPENSSL_API_COMPAT < 0x10100000L + int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) + { + if (key && md) +- HMAC_CTX_reset(ctx); ++ HMAC_CTX_init(ctx); + return HMAC_Init_ex(ctx, key, len, md, NULL); + } +-#endif + + int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->i_ctx.engine) ++ return FIPS_hmac_update(ctx, data, len); ++#endif + if (!ctx->md) + return 0; +- return EVP_DigestUpdate(ctx->md_ctx, data, len); ++ ++ return EVP_DigestUpdate(&ctx->md_ctx, data, len); + } + + int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) + { + unsigned int i; + unsigned char buf[EVP_MAX_MD_SIZE]; ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->i_ctx.engine) ++ return FIPS_hmac_final(ctx, md, len); ++#endif + + if (!ctx->md) + goto err; + +- if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i)) ++ if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) + goto err; +- if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx)) ++ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) + goto err; +- if (!EVP_DigestUpdate(ctx->md_ctx, buf, i)) ++ if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) + goto err; +- if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len)) ++ if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) + goto err; + return 1; + err: + return 0; + } + +-size_t HMAC_size(const HMAC_CTX *ctx) +-{ +- return EVP_MD_size((ctx)->md); +-} +- +-HMAC_CTX *HMAC_CTX_new(void) +-{ +- HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); +- +- if (ctx != NULL) { +- if (!HMAC_CTX_reset(ctx)) { +- HMAC_CTX_free(ctx); +- return NULL; +- } +- } +- return ctx; +-} +- +-static void hmac_ctx_cleanup(HMAC_CTX *ctx) ++void HMAC_CTX_init(HMAC_CTX *ctx) + { +- EVP_MD_CTX_reset(ctx->i_ctx); +- EVP_MD_CTX_reset(ctx->o_ctx); +- EVP_MD_CTX_reset(ctx->md_ctx); ++ EVP_MD_CTX_init(&ctx->i_ctx); ++ EVP_MD_CTX_init(&ctx->o_ctx); ++ EVP_MD_CTX_init(&ctx->md_ctx); + ctx->md = NULL; +- ctx->key_length = 0; +- OPENSSL_cleanse(ctx->key, sizeof(ctx->key)); +-} +- +-void HMAC_CTX_free(HMAC_CTX *ctx) +-{ +- if (ctx != NULL) { +- hmac_ctx_cleanup(ctx); +- EVP_MD_CTX_free(ctx->i_ctx); +- EVP_MD_CTX_free(ctx->o_ctx); +- EVP_MD_CTX_free(ctx->md_ctx); +- OPENSSL_free(ctx); +- } +-} +- +-int HMAC_CTX_reset(HMAC_CTX *ctx) +-{ +- hmac_ctx_cleanup(ctx); +- if (ctx->i_ctx == NULL) +- ctx->i_ctx = EVP_MD_CTX_new(); +- if (ctx->i_ctx == NULL) +- goto err; +- if (ctx->o_ctx == NULL) +- ctx->o_ctx = EVP_MD_CTX_new(); +- if (ctx->o_ctx == NULL) +- goto err; +- if (ctx->md_ctx == NULL) +- ctx->md_ctx = EVP_MD_CTX_new(); +- if (ctx->md_ctx == NULL) +- goto err; +- ctx->md = NULL; +- return 1; +- err: +- hmac_ctx_cleanup(ctx); +- return 0; + } + + int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) + { +- if (!HMAC_CTX_reset(dctx)) ++ if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) + goto err; +- if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx)) ++ if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) + goto err; +- if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx)) +- goto err; +- if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx)) ++ if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) + goto err; + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + dctx->key_length = sctx->key_length; + dctx->md = sctx->md; + return 1; + err: +- hmac_ctx_cleanup(dctx); + return 0; + } + ++void HMAC_CTX_cleanup(HMAC_CTX *ctx) ++{ ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !ctx->i_ctx.engine) { ++ FIPS_hmac_ctx_cleanup(ctx); ++ return; ++ } ++#endif ++ EVP_MD_CTX_cleanup(&ctx->i_ctx); ++ EVP_MD_CTX_cleanup(&ctx->o_ctx); ++ EVP_MD_CTX_cleanup(&ctx->md_ctx); ++ OPENSSL_cleanse(ctx, sizeof *ctx); ++} ++ + unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, + unsigned int *md_len) + { +- HMAC_CTX *c = NULL; ++ HMAC_CTX c; + static unsigned char m[EVP_MAX_MD_SIZE]; +- static const unsigned char dummy_key[1] = {'\0'}; + + if (md == NULL) + md = m; +- if ((c = HMAC_CTX_new()) == NULL) ++ HMAC_CTX_init(&c); ++ if (!HMAC_Init(&c, key, key_len, evp_md)) + goto err; +- +- /* For HMAC_Init_ex, NULL key signals reuse. */ +- if (key == NULL && key_len == 0) { +- key = dummy_key; +- } +- +- if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL)) +- goto err; +- if (!HMAC_Update(c, d, n)) ++ if (!HMAC_Update(&c, d, n)) + goto err; +- if (!HMAC_Final(c, md, md_len)) ++ if (!HMAC_Final(&c, md, md_len)) + goto err; +- HMAC_CTX_free(c); ++ HMAC_CTX_cleanup(&c); + return md; + err: +- HMAC_CTX_free(c); ++ HMAC_CTX_cleanup(&c); + return NULL; + } + + void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) + { +- EVP_MD_CTX_set_flags(ctx->i_ctx, flags); +- EVP_MD_CTX_set_flags(ctx->o_ctx, flags); +- EVP_MD_CTX_set_flags(ctx->md_ctx, flags); +-} +- +-const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx) +-{ +- return ctx->md; ++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); ++ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); + } +diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h b/Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h +deleted file mode 100644 +index 4c156dc..0000000 +--- a/Cryptlib/OpenSSL/crypto/hmac/hmac_lcl.h ++++ /dev/null +@@ -1,33 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_HMAC_LCL_H +-# define HEADER_HMAC_LCL_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +-#if 0 /* emacs indentation fix */ +-} +-#endif +- +-struct hmac_ctx_st { +- const EVP_MD *md; +- EVP_MD_CTX *md_ctx; +- EVP_MD_CTX *i_ctx; +- EVP_MD_CTX *o_ctx; +- unsigned int key_length; +- unsigned char key[HMAC_MAX_MD_CBLOCK]; +-}; +- +-#ifdef __cplusplus +-} /* extern "C" */ +-#endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h b/Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h +deleted file mode 100644 +index f70e3b4..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/asn1_int.h ++++ /dev/null +@@ -1,94 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* Internal ASN1 structures and functions: not for application use */ +- +-/* ASN1 public key method structure */ +- +-struct evp_pkey_asn1_method_st { +- int pkey_id; +- int pkey_base_id; +- unsigned long pkey_flags; +- char *pem_str; +- char *info; +- int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub); +- int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk); +- int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +- int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent, +- ASN1_PCTX *pctx); +- int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); +- int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); +- int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent, +- ASN1_PCTX *pctx); +- int (*pkey_size) (const EVP_PKEY *pk); +- int (*pkey_bits) (const EVP_PKEY *pk); +- int (*pkey_security_bits) (const EVP_PKEY *pk); +- int (*param_decode) (EVP_PKEY *pkey, +- const unsigned char **pder, int derlen); +- int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder); +- int (*param_missing) (const EVP_PKEY *pk); +- int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from); +- int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b); +- int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent, +- ASN1_PCTX *pctx); +- int (*sig_print) (BIO *out, +- const X509_ALGOR *sigalg, const ASN1_STRING *sig, +- int indent, ASN1_PCTX *pctx); +- void (*pkey_free) (EVP_PKEY *pkey); +- int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2); +- /* Legacy functions for old PEM */ +- int (*old_priv_decode) (EVP_PKEY *pkey, +- const unsigned char **pder, int derlen); +- int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder); +- /* Custom ASN1 signature verification */ +- int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +- X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); +- int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, +- X509_ALGOR *alg1, X509_ALGOR *alg2, +- ASN1_BIT_STRING *sig); +-} /* EVP_PKEY_ASN1_METHOD */ ; +- +-DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD) +- +-extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; +-extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; +-extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth; +-extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5]; +-extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; +-extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth; +-extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; +-extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2]; +- +-/* +- * These are used internally in the ASN1_OBJECT to keep track of whether the +- * names and data need to be free()ed +- */ +-# define ASN1_OBJECT_FLAG_DYNAMIC 0x01/* internal use */ +-# define ASN1_OBJECT_FLAG_CRITICAL 0x02/* critical x509v3 object id */ +-# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */ +-# define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08/* internal use */ +-struct asn1_object_st { +- const char *sn, *ln; +- int nid; +- int length; +- const unsigned char *data; /* data remains const after init */ +- int flags; /* Should we free this one */ +-}; +- +-/* ASN1 print context structure */ +- +-struct asn1_pctx_st { +- unsigned long flags; +- unsigned long nm_flags; +- unsigned long cert_flags; +- unsigned long oid_flags; +- unsigned long str_flags; +-} /* ASN1_PCTX */ ; +- +-int asn1_valid_host(const ASN1_STRING *host); +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/async.h b/Cryptlib/OpenSSL/crypto/include/internal/async.h +deleted file mode 100644 +index db56258..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/async.h ++++ /dev/null +@@ -1,14 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-int async_init(void); +-void async_deinit(void); +- +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h b/Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h +deleted file mode 100644 +index b4bca40..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/bn_dh.h ++++ /dev/null +@@ -1,17 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#define declare_dh_bn(x) \ +- const extern BIGNUM _bignum_dh##x##_p; \ +- const extern BIGNUM _bignum_dh##x##_g; \ +- const extern BIGNUM _bignum_dh##x##_q; +- +-declare_dh_bn(1024_160) +-declare_dh_bn(2048_224) +-declare_dh_bn(2048_256) +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/bn_int.h b/Cryptlib/OpenSSL/crypto/include/internal/bn_int.h +deleted file mode 100644 +index 9c984ba..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/bn_int.h ++++ /dev/null +@@ -1,82 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_BN_INT_H +-# define HEADER_BN_INT_H +- +-# include +-# include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-BIGNUM *bn_wexpand(BIGNUM *a, int words); +-BIGNUM *bn_expand2(BIGNUM *a, int words); +- +-void bn_correct_top(BIGNUM *a); +- +-/* +- * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. +- * This is an array r[] of values that are either zero or odd with an +- * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at +- * most one of any w+1 consecutive digits is non-zero with the exception that +- * the most significant digit may be only w-1 zeros away from that next +- * non-zero digit. +- */ +-signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len); +- +-int bn_get_top(const BIGNUM *a); +- +-void bn_set_top(BIGNUM *a, int top); +- +-int bn_get_dmax(const BIGNUM *a); +- +-/* Set all words to zero */ +-void bn_set_all_zero(BIGNUM *a); +- +-/* +- * Copy the internal BIGNUM words into out which holds size elements (and size +- * must be bigger than top) +- */ +-int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size); +- +-BN_ULONG *bn_get_words(const BIGNUM *a); +- +-/* +- * Set the internal data words in a to point to words which contains size +- * elements. The BN_FLG_STATIC_DATA flag is set +- */ +-void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); +- +-/* +- * Copy words into the BIGNUM |a|, reallocating space as necessary. +- * The negative flag of |a| is not modified. +- * Returns 1 on success and 0 on failure. +- */ +-/* +- * |num_words| is int because bn_expand2 takes an int. This is an internal +- * function so we simply trust callers not to pass negative values. +- */ +-int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); +- +-size_t bn_sizeof_BIGNUM(void); +- +-/* +- * Return element el from an array of BIGNUMs starting at base (required +- * because callers do not know the size of BIGNUM at compilation time) +- */ +-BIGNUM *bn_array_el(BIGNUM *base, int el); +- +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h b/Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h +deleted file mode 100644 +index d4b282a..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/bn_srp.h ++++ /dev/null +@@ -1,32 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef OPENSSL_NO_SRP +- +-extern const BIGNUM bn_group_1024; +- +-extern const BIGNUM bn_group_1536; +- +-extern const BIGNUM bn_group_2048; +- +-extern const BIGNUM bn_group_3072; +- +-extern const BIGNUM bn_group_4096; +- +-extern const BIGNUM bn_group_6144; +- +-extern const BIGNUM bn_group_8192; +- +-extern const BIGNUM bn_generator_19; +- +-extern const BIGNUM bn_generator_5; +- +-extern const BIGNUM bn_generator_2; +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/chacha.h b/Cryptlib/OpenSSL/crypto/include/internal/chacha.h +deleted file mode 100644 +index 7d4366e..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/chacha.h ++++ /dev/null +@@ -1,49 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_CHACHA_H +-#define HEADER_CHACHA_H +- +-#include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-/* +- * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and +- * nonce and writes the result to |out|, which may be equal to |inp|. +- * The |key| is not 32 bytes of verbatim key material though, but the +- * said material collected into 8 32-bit elements array in host byte +- * order. Same approach applies to nonce: the |counter| argument is +- * pointer to concatenated nonce and counter values collected into 4 +- * 32-bit elements. This, passing crypto material collected into 32-bit +- * elements as opposite to passing verbatim byte vectors, is chosen for +- * efficiency in multi-call scenarios. +- */ +-void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp, +- size_t len, const unsigned int key[8], +- const unsigned int counter[4]); +-/* +- * You can notice that there is no key setup procedure. Because it's +- * as trivial as collecting bytes into 32-bit elements, it's reckoned +- * that below macro is sufficient. +- */ +-#define CHACHA_U8TOU32(p) ( \ +- ((unsigned int)(p)[0]) | ((unsigned int)(p)[1]<<8) | \ +- ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24) ) +- +-#define CHACHA_KEY_SIZE 32 +-#define CHACHA_CTR_SIZE 16 +-#define CHACHA_BLK_SIZE 64 +- +-#ifdef __cplusplus +-} +-#endif +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h b/Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h +deleted file mode 100644 +index f3ec9b6..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib.h ++++ /dev/null +@@ -1,81 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef HEADER_CRYPTLIB_H +-# define HEADER_CRYPTLIB_H +- +-# include +-# include +- +-# include "e_os.h" +- +-# ifdef OPENSSL_USE_APPLINK +-# undef BIO_FLAGS_UPLINK +-# define BIO_FLAGS_UPLINK 0x8000 +-# include "ms/uplink.h" +-# endif +- +-# include +-# include +-# include +-# include +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-typedef struct ex_callback_st EX_CALLBACK; +- +-DEFINE_STACK_OF(EX_CALLBACK) +- +-typedef struct app_mem_info_st APP_INFO; +- +-typedef struct mem_st MEM; +-DEFINE_LHASH_OF(MEM); +- +-# ifndef OPENSSL_SYS_VMS +-# define X509_CERT_AREA OPENSSLDIR +-# define X509_CERT_DIR OPENSSLDIR "/certs" +-# define X509_CERT_FILE OPENSSLDIR "/cert.pem" +-# define X509_PRIVATE_DIR OPENSSLDIR "/private" +-# define CTLOG_FILE OPENSSLDIR "/ct_log_list.cnf" +-# else +-# define X509_CERT_AREA "OSSL$DATAROOT:[000000]" +-# define X509_CERT_DIR "OSSL$DATAROOT:[CERTS]" +-# define X509_CERT_FILE "OSSL$DATAROOT:[000000]cert.pem" +-# define X509_PRIVATE_DIR "OSSL$DATAROOT:[PRIVATE]" +-# define CTLOG_FILE "OSSL$DATAROOT:[000000]ct_log_list.cnf" +-# endif +- +-# define X509_CERT_DIR_EVP "SSL_CERT_DIR" +-# define X509_CERT_FILE_EVP "SSL_CERT_FILE" +-# define CTLOG_FILE_EVP "CTLOG_FILE" +- +-/* size of string representations */ +-# define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +-# define HEX_SIZE(type) (sizeof(type)*2) +- +-void OPENSSL_cpuid_setup(void); +-extern unsigned int OPENSSL_ia32cap_P[]; +-void OPENSSL_showfatal(const char *fmta, ...); +-extern int OPENSSL_NONPIC_relocated; +-void crypto_cleanup_all_ex_data_int(void); +- +-int openssl_strerror_r(int errnum, char *buf, size_t buflen); +-# if !defined(OPENSSL_NO_STDIO) +-FILE *openssl_fopen(const char *filename, const char *mode); +-# else +-void *openssl_fopen(const char *filename, const char *mode); +-# endif +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h b/Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h +deleted file mode 100644 +index 8e2a719..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/cryptlib_int.h ++++ /dev/null +@@ -1,31 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */ +- +-struct thread_local_inits_st { +- int async; +- int err_state; +-}; +- +-int ossl_init_thread_start(uint64_t opts); +- +-/* +- * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below +- * are those omitted from crypto.h because they are "reserved for internal +- * use". +- */ +-# define OPENSSL_INIT_ZLIB 0x00010000L +- +-/* OPENSSL_INIT_THREAD flags */ +-# define OPENSSL_INIT_THREAD_ASYNC 0x01 +-# define OPENSSL_INIT_THREAD_ERR_STATE 0x02 +- +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/engine.h b/Cryptlib/OpenSSL/crypto/include/internal/engine.h +deleted file mode 100644 +index 977cf06..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/engine.h ++++ /dev/null +@@ -1,20 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-void engine_load_openssl_int(void); +-void engine_load_cryptodev_int(void); +-void engine_load_rdrand_int(void); +-void engine_load_dynamic_int(void); +-void engine_load_padlock_int(void); +-void engine_load_capi_int(void); +-void engine_load_dasync_int(void); +-void engine_load_afalg_int(void); +-void engine_cleanup_int(void); +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/err_int.h b/Cryptlib/OpenSSL/crypto/include/internal/err_int.h +deleted file mode 100644 +index 7fec3ed..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/err_int.h ++++ /dev/null +@@ -1,17 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#ifndef INTERNAL_ERR_INT_H +-# define INTERNAL_ERR_INT_H +- +-int err_load_crypto_strings_int(void); +-void err_cleanup(void); +-void err_delete_thread_state(void); +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/evp_int.h b/Cryptlib/OpenSSL/crypto/include/internal/evp_int.h +deleted file mode 100644 +index c9ef582..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/evp_int.h ++++ /dev/null +@@ -1,389 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-struct evp_pkey_ctx_st { +- /* Method associated with this operation */ +- const EVP_PKEY_METHOD *pmeth; +- /* Engine that implements this method or NULL if builtin */ +- ENGINE *engine; +- /* Key: may be NULL */ +- EVP_PKEY *pkey; +- /* Peer key for key agreement, may be NULL */ +- EVP_PKEY *peerkey; +- /* Actual operation */ +- int operation; +- /* Algorithm specific data */ +- void *data; +- /* Application specific data */ +- void *app_data; +- /* Keygen callback */ +- EVP_PKEY_gen_cb *pkey_gencb; +- /* implementation specific keygen data */ +- int *keygen_info; +- int keygen_info_count; +-} /* EVP_PKEY_CTX */ ; +- +-#define EVP_PKEY_FLAG_DYNAMIC 1 +- +-struct evp_pkey_method_st { +- int pkey_id; +- int flags; +- int (*init) (EVP_PKEY_CTX *ctx); +- int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); +- void (*cleanup) (EVP_PKEY_CTX *ctx); +- int (*paramgen_init) (EVP_PKEY_CTX *ctx); +- int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +- int (*keygen_init) (EVP_PKEY_CTX *ctx); +- int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); +- int (*sign_init) (EVP_PKEY_CTX *ctx); +- int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +- const unsigned char *tbs, size_t tbslen); +- int (*verify_init) (EVP_PKEY_CTX *ctx); +- int (*verify) (EVP_PKEY_CTX *ctx, +- const unsigned char *sig, size_t siglen, +- const unsigned char *tbs, size_t tbslen); +- int (*verify_recover_init) (EVP_PKEY_CTX *ctx); +- int (*verify_recover) (EVP_PKEY_CTX *ctx, +- unsigned char *rout, size_t *routlen, +- const unsigned char *sig, size_t siglen); +- int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +- int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, +- EVP_MD_CTX *mctx); +- int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); +- int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, +- EVP_MD_CTX *mctx); +- int (*encrypt_init) (EVP_PKEY_CTX *ctx); +- int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +- const unsigned char *in, size_t inlen); +- int (*decrypt_init) (EVP_PKEY_CTX *ctx); +- int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, +- const unsigned char *in, size_t inlen); +- int (*derive_init) (EVP_PKEY_CTX *ctx); +- int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); +- int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); +- int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); +-} /* EVP_PKEY_METHOD */ ; +- +-DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) +- +-void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); +- +-extern const EVP_PKEY_METHOD cmac_pkey_meth; +-extern const EVP_PKEY_METHOD dh_pkey_meth; +-extern const EVP_PKEY_METHOD dhx_pkey_meth; +-extern const EVP_PKEY_METHOD dsa_pkey_meth; +-extern const EVP_PKEY_METHOD ec_pkey_meth; +-extern const EVP_PKEY_METHOD ecx25519_pkey_meth; +-extern const EVP_PKEY_METHOD hmac_pkey_meth; +-extern const EVP_PKEY_METHOD rsa_pkey_meth; +-extern const EVP_PKEY_METHOD tls1_prf_pkey_meth; +-extern const EVP_PKEY_METHOD hkdf_pkey_meth; +- +-struct evp_md_st { +- int type; +- int pkey_type; +- int md_size; +- unsigned long flags; +- int (*init) (EVP_MD_CTX *ctx); +- int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); +- int (*final) (EVP_MD_CTX *ctx, unsigned char *md); +- int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); +- int (*cleanup) (EVP_MD_CTX *ctx); +- int block_size; +- int ctx_size; /* how big does the ctx->md_data need to be */ +- /* control function */ +- int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +-} /* EVP_MD */ ; +- +-struct evp_cipher_st { +- int nid; +- int block_size; +- /* Default value for variable length ciphers */ +- int key_len; +- int iv_len; +- /* Various flags */ +- unsigned long flags; +- /* init key */ +- int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, +- const unsigned char *iv, int enc); +- /* encrypt/decrypt data */ +- int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, +- const unsigned char *in, size_t inl); +- /* cleanup ctx */ +- int (*cleanup) (EVP_CIPHER_CTX *); +- /* how big ctx->cipher_data needs to be */ +- int ctx_size; +- /* Populate a ASN1_TYPE with parameters */ +- int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); +- /* Get parameters from a ASN1_TYPE */ +- int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); +- /* Miscellaneous operations */ +- int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); +- /* Application data */ +- void *app_data; +-} /* EVP_CIPHER */ ; +- +-/* Macros to code block cipher wrappers */ +- +-/* Wrapper functions for each cipher mode */ +- +-#define EVP_C_DATA(kstruct, ctx) \ +- ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) +- +-#define BLOCK_CIPHER_ecb_loop() \ +- size_t i, bl; \ +- bl = EVP_CIPHER_CTX_cipher(ctx)->block_size; \ +- if (inl < bl) return 1;\ +- inl -= bl; \ +- for (i=0; i <= inl; i+=bl) +- +-#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ +-static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +-{\ +- BLOCK_CIPHER_ecb_loop() \ +- cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \ +- return 1;\ +-} +- +-#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) +- +-#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ +- static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +-{\ +- while(inl>=EVP_MAXCHUNK) {\ +- int num = EVP_CIPHER_CTX_num(ctx);\ +- cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ +- EVP_CIPHER_CTX_set_num(ctx, num);\ +- inl-=EVP_MAXCHUNK;\ +- in +=EVP_MAXCHUNK;\ +- out+=EVP_MAXCHUNK;\ +- }\ +- if (inl) {\ +- int num = EVP_CIPHER_CTX_num(ctx);\ +- cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \ +- EVP_CIPHER_CTX_set_num(ctx, num);\ +- }\ +- return 1;\ +-} +- +-#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ +-static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +-{\ +- while(inl>=EVP_MAXCHUNK) \ +- {\ +- cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ +- inl-=EVP_MAXCHUNK;\ +- in +=EVP_MAXCHUNK;\ +- out+=EVP_MAXCHUNK;\ +- }\ +- if (inl)\ +- cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\ +- return 1;\ +-} +- +-#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ +-static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ +-{\ +- size_t chunk = EVP_MAXCHUNK;\ +- if (cbits == 1) chunk >>= 3;\ +- if (inl < chunk) chunk = inl;\ +- while (inl && inl >= chunk)\ +- {\ +- int num = EVP_CIPHER_CTX_num(ctx);\ +- cprefix##_cfb##cbits##_encrypt(in, out, (long) \ +- ((cbits == 1) \ +- && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ +- ? inl*8 : inl), \ +- &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\ +- &num, EVP_CIPHER_CTX_encrypting(ctx));\ +- EVP_CIPHER_CTX_set_num(ctx, num);\ +- inl -= chunk;\ +- in += chunk;\ +- out += chunk;\ +- if (inl < chunk) chunk = inl;\ +- }\ +- return 1;\ +-} +- +-#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ +- BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ +- BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ +- BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ +- BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) +- +-#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ +- key_len, iv_len, flags, init_key, cleanup, \ +- set_asn1, get_asn1, ctrl) \ +-static const EVP_CIPHER cname##_##mode = { \ +- nid##_##nmode, block_size, key_len, iv_len, \ +- flags | EVP_CIPH_##MODE##_MODE, \ +- init_key, \ +- cname##_##mode##_cipher, \ +- cleanup, \ +- sizeof(kstruct), \ +- set_asn1, get_asn1,\ +- ctrl, \ +- NULL \ +-}; \ +-const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } +- +-#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ +- iv_len, flags, init_key, cleanup, set_asn1, \ +- get_asn1, ctrl) \ +-BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ +- iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) +- +-#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ +- iv_len, cbits, flags, init_key, cleanup, \ +- set_asn1, get_asn1, ctrl) \ +-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ +- key_len, iv_len, flags, init_key, cleanup, set_asn1, \ +- get_asn1, ctrl) +- +-#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ +- iv_len, cbits, flags, init_key, cleanup, \ +- set_asn1, get_asn1, ctrl) \ +-BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ +- key_len, iv_len, flags, init_key, cleanup, set_asn1, \ +- get_asn1, ctrl) +- +-#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ +- flags, init_key, cleanup, set_asn1, \ +- get_asn1, ctrl) \ +-BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ +- 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) +- +-#define BLOCK_CIPHER_defs(cname, kstruct, \ +- nid, block_size, key_len, iv_len, cbits, flags, \ +- init_key, cleanup, set_asn1, get_asn1, ctrl) \ +-BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ +- init_key, cleanup, set_asn1, get_asn1, ctrl) \ +-BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ +- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +-BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ +- flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ +-BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ +- init_key, cleanup, set_asn1, get_asn1, ctrl) +- +-/*- +-#define BLOCK_CIPHER_defs(cname, kstruct, \ +- nid, block_size, key_len, iv_len, flags,\ +- init_key, cleanup, set_asn1, get_asn1, ctrl)\ +-static const EVP_CIPHER cname##_cbc = {\ +- nid##_cbc, block_size, key_len, iv_len, \ +- flags | EVP_CIPH_CBC_MODE,\ +- init_key,\ +- cname##_cbc_cipher,\ +- cleanup,\ +- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl, \ +- NULL \ +-};\ +-const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ +-static const EVP_CIPHER cname##_cfb = {\ +- nid##_cfb64, 1, key_len, iv_len, \ +- flags | EVP_CIPH_CFB_MODE,\ +- init_key,\ +- cname##_cfb_cipher,\ +- cleanup,\ +- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl,\ +- NULL \ +-};\ +-const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ +-static const EVP_CIPHER cname##_ofb = {\ +- nid##_ofb64, 1, key_len, iv_len, \ +- flags | EVP_CIPH_OFB_MODE,\ +- init_key,\ +- cname##_ofb_cipher,\ +- cleanup,\ +- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl,\ +- NULL \ +-};\ +-const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ +-static const EVP_CIPHER cname##_ecb = {\ +- nid##_ecb, block_size, key_len, iv_len, \ +- flags | EVP_CIPH_ECB_MODE,\ +- init_key,\ +- cname##_ecb_cipher,\ +- cleanup,\ +- sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ +- sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ +- set_asn1, get_asn1,\ +- ctrl,\ +- NULL \ +-};\ +-const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } +-*/ +- +-#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ +- block_size, key_len, iv_len, cbits, \ +- flags, init_key, \ +- cleanup, set_asn1, get_asn1, ctrl) \ +- BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ +- BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ +- cbits, flags, init_key, cleanup, set_asn1, \ +- get_asn1, ctrl) +- +-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ +- BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ +- BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ +- NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ +- (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ +- cipher##_init_key, NULL, NULL, NULL, NULL) +- +- +-/* +- * Type needs to be a bit field Sub-type needs to be for variations on the +- * method, as in, can it do arbitrary encryption.... +- */ +-struct evp_pkey_st { +- int type; +- int save_type; +- int references; +- const EVP_PKEY_ASN1_METHOD *ameth; +- ENGINE *engine; +- union { +- void *ptr; +-# ifndef OPENSSL_NO_RSA +- struct rsa_st *rsa; /* RSA */ +-# endif +-# ifndef OPENSSL_NO_DSA +- struct dsa_st *dsa; /* DSA */ +-# endif +-# ifndef OPENSSL_NO_DH +- struct dh_st *dh; /* DH */ +-# endif +-# ifndef OPENSSL_NO_EC +- struct ec_key_st *ec; /* ECC */ +-# endif +- } pkey; +- int save_parameters; +- STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ +- CRYPTO_RWLOCK *lock; +-} /* EVP_PKEY */ ; +- +- +-void openssl_add_all_ciphers_int(void); +-void openssl_add_all_digests_int(void); +-void evp_cleanup_int(void); +- +-/* Pulling defines out of C soure files */ +- +-#define EVP_RC4_KEY_SIZE 16 +-#ifndef TLS1_1_VERSION +-# define TLS1_1_VERSION 0x0302 +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/md32_common.h b/Cryptlib/OpenSSL/crypto/include/internal/md32_common.h +deleted file mode 100644 +index 6e4ce14..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/md32_common.h ++++ /dev/null +@@ -1,383 +0,0 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/*- +- * This is a generic 32 bit "collector" for message digest algorithms. +- * Whenever needed it collects input character stream into chunks of +- * 32 bit values and invokes a block function that performs actual hash +- * calculations. +- * +- * Porting guide. +- * +- * Obligatory macros: +- * +- * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN +- * this macro defines byte order of input stream. +- * HASH_CBLOCK +- * size of a unit chunk HASH_BLOCK operates on. +- * HASH_LONG +- * has to be at lest 32 bit wide. +- * HASH_CTX +- * context structure that at least contains following +- * members: +- * typedef struct { +- * ... +- * HASH_LONG Nl,Nh; +- * either { +- * HASH_LONG data[HASH_LBLOCK]; +- * unsigned char data[HASH_CBLOCK]; +- * }; +- * unsigned int num; +- * ... +- * } HASH_CTX; +- * data[] vector is expected to be zeroed upon first call to +- * HASH_UPDATE. +- * HASH_UPDATE +- * name of "Update" function, implemented here. +- * HASH_TRANSFORM +- * name of "Transform" function, implemented here. +- * HASH_FINAL +- * name of "Final" function, implemented here. +- * HASH_BLOCK_DATA_ORDER +- * name of "block" function capable of treating *unaligned* input +- * message in original (data) byte order, implemented externally. +- * HASH_MAKE_STRING +- * macro convering context variables to an ASCII hash string. +- * +- * MD5 example: +- * +- * #define DATA_ORDER_IS_LITTLE_ENDIAN +- * +- * #define HASH_LONG MD5_LONG +- * #define HASH_CTX MD5_CTX +- * #define HASH_CBLOCK MD5_CBLOCK +- * #define HASH_UPDATE MD5_Update +- * #define HASH_TRANSFORM MD5_Transform +- * #define HASH_FINAL MD5_Final +- * #define HASH_BLOCK_DATA_ORDER md5_block_data_order +- * +- * +- */ +- +-#include +- +-#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) +-# error "DATA_ORDER must be defined!" +-#endif +- +-#ifndef HASH_CBLOCK +-# error "HASH_CBLOCK must be defined!" +-#endif +-#ifndef HASH_LONG +-# error "HASH_LONG must be defined!" +-#endif +-#ifndef HASH_CTX +-# error "HASH_CTX must be defined!" +-#endif +- +-#ifndef HASH_UPDATE +-# error "HASH_UPDATE must be defined!" +-#endif +-#ifndef HASH_TRANSFORM +-# error "HASH_TRANSFORM must be defined!" +-#endif +-#ifndef HASH_FINAL +-# error "HASH_FINAL must be defined!" +-#endif +- +-#ifndef HASH_BLOCK_DATA_ORDER +-# error "HASH_BLOCK_DATA_ORDER must be defined!" +-#endif +- +-/* +- * Engage compiler specific rotate intrinsic function if available. +- */ +-#undef ROTATE +-#ifndef PEDANTIC +-# if defined(_MSC_VER) +-# define ROTATE(a,n) _lrotl(a,n) +-# elif defined(__ICC) +-# define ROTATE(a,n) _rotl(a,n) +-# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +- /* +- * Some GNU C inline assembler templates. Note that these are +- * rotates by *constant* number of bits! But that's exactly +- * what we need here... +- * +- */ +-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +-# define ROTATE(a,n) ({ register unsigned int ret; \ +- asm ( \ +- "roll %1,%0" \ +- : "=r"(ret) \ +- : "I"(n), "0"((unsigned int)(a)) \ +- : "cc"); \ +- ret; \ +- }) +-# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ +- defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +-# define ROTATE(a,n) ({ register unsigned int ret; \ +- asm ( \ +- "rlwinm %0,%1,%2,0,31" \ +- : "=r"(ret) \ +- : "r"(a), "I"(n)); \ +- ret; \ +- }) +-# elif defined(__s390x__) +-# define ROTATE(a,n) ({ register unsigned int ret; \ +- asm ("rll %0,%1,%2" \ +- : "=r"(ret) \ +- : "r"(a), "I"(n)); \ +- ret; \ +- }) +-# endif +-# endif +-#endif /* PEDANTIC */ +- +-#ifndef ROTATE +-# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +-#endif +- +-#if defined(DATA_ORDER_IS_BIG_ENDIAN) +- +-# ifndef PEDANTIC +-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ +- (defined(__x86_64) || defined(__x86_64__)) +-# if !defined(B_ENDIAN) +- /* +- * This gives ~30-40% performance improvement in SHA-256 compiled +- * with gcc [on P4]. Well, first macro to be frank. We can pull +- * this trick on x86* platforms only, because these CPUs can fetch +- * unaligned data without raising an exception. +- */ +-# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ +- asm ("bswapl %0":"=r"(r):"0"(r)); \ +- (c)+=4; (l)=r; }) +-# define HOST_l2c(l,c) ({ unsigned int r=(l); \ +- asm ("bswapl %0":"=r"(r):"0"(r)); \ +- *((unsigned int *)(c))=r; (c)+=4; r; }) +-# endif +-# elif defined(__aarch64__) +-# if defined(__BYTE_ORDER__) +-# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ +-# define HOST_c2l(c,l) ({ unsigned int r; \ +- asm ("rev %w0,%w1" \ +- :"=r"(r) \ +- :"r"(*((const unsigned int *)(c))));\ +- (c)+=4; (l)=r; }) +-# define HOST_l2c(l,c) ({ unsigned int r; \ +- asm ("rev %w0,%w1" \ +- :"=r"(r) \ +- :"r"((unsigned int)(l)));\ +- *((unsigned int *)(c))=r; (c)+=4; r; }) +-# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ +-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) +-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) +-# endif +-# endif +-# endif +-# endif +-# if defined(__s390__) || defined(__s390x__) +-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) +-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) +-# endif +-# endif +- +-# ifndef HOST_c2l +-# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ +- l|=(((unsigned long)(*((c)++)))<<16), \ +- l|=(((unsigned long)(*((c)++)))<< 8), \ +- l|=(((unsigned long)(*((c)++))) ) ) +-# endif +-# ifndef HOST_l2c +-# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16)&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ +- *((c)++)=(unsigned char)(((l) )&0xff), \ +- l) +-# endif +- +-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +- +-# ifndef PEDANTIC +-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if defined(__s390x__) +-# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ +- :"=d"(l) :"m"(*(const unsigned int *)(c)));\ +- (c)+=4; (l); }) +-# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ +- :"=m"(*(unsigned int *)(c)) :"d"(l));\ +- (c)+=4; (l); }) +-# endif +-# endif +-# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +-# ifndef B_ENDIAN +- /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ +-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) +-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) +-# endif +-# endif +-# endif +- +-# ifndef HOST_c2l +-# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ +- l|=(((unsigned long)(*((c)++)))<< 8), \ +- l|=(((unsigned long)(*((c)++)))<<16), \ +- l|=(((unsigned long)(*((c)++)))<<24) ) +-# endif +-# ifndef HOST_l2c +-# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ +- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>16)&0xff), \ +- *((c)++)=(unsigned char)(((l)>>24)&0xff), \ +- l) +-# endif +- +-#endif +- +-/* +- * Time for some action:-) +- */ +- +-int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) +-{ +- const unsigned char *data = data_; +- unsigned char *p; +- HASH_LONG l; +- size_t n; +- +- if (len == 0) +- return 1; +- +- l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; +- /* +- * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai +- * for pointing it out. +- */ +- if (l < c->Nl) /* overflow */ +- c->Nh++; +- c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on +- * 16-bit */ +- c->Nl = l; +- +- n = c->num; +- if (n != 0) { +- p = (unsigned char *)c->data; +- +- if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { +- memcpy(p + n, data, HASH_CBLOCK - n); +- HASH_BLOCK_DATA_ORDER(c, p, 1); +- n = HASH_CBLOCK - n; +- data += n; +- len -= n; +- c->num = 0; +- /* +- * We use memset rather than OPENSSL_cleanse() here deliberately. +- * Using OPENSSL_cleanse() here could be a performance issue. It +- * will get properly cleansed on finalisation so this isn't a +- * security problem. +- */ +- memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ +- } else { +- memcpy(p + n, data, len); +- c->num += (unsigned int)len; +- return 1; +- } +- } +- +- n = len / HASH_CBLOCK; +- if (n > 0) { +- HASH_BLOCK_DATA_ORDER(c, data, n); +- n *= HASH_CBLOCK; +- data += n; +- len -= n; +- } +- +- if (len != 0) { +- p = (unsigned char *)c->data; +- c->num = (unsigned int)len; +- memcpy(p, data, len); +- } +- return 1; +-} +- +-void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) +-{ +- HASH_BLOCK_DATA_ORDER(c, data, 1); +-} +- +-int HASH_FINAL(unsigned char *md, HASH_CTX *c) +-{ +- unsigned char *p = (unsigned char *)c->data; +- size_t n = c->num; +- +- p[n] = 0x80; /* there is always room for one */ +- n++; +- +- if (n > (HASH_CBLOCK - 8)) { +- memset(p + n, 0, HASH_CBLOCK - n); +- n = 0; +- HASH_BLOCK_DATA_ORDER(c, p, 1); +- } +- memset(p + n, 0, HASH_CBLOCK - 8 - n); +- +- p += HASH_CBLOCK - 8; +-#if defined(DATA_ORDER_IS_BIG_ENDIAN) +- (void)HOST_l2c(c->Nh, p); +- (void)HOST_l2c(c->Nl, p); +-#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) +- (void)HOST_l2c(c->Nl, p); +- (void)HOST_l2c(c->Nh, p); +-#endif +- p -= HASH_CBLOCK; +- HASH_BLOCK_DATA_ORDER(c, p, 1); +- c->num = 0; +- OPENSSL_cleanse(p, HASH_CBLOCK); +- +-#ifndef HASH_MAKE_STRING +-# error "HASH_MAKE_STRING must be defined!" +-#else +- HASH_MAKE_STRING(c, md); +-#endif +- +- return 1; +-} +- +-#ifndef MD32_REG_T +-# if defined(__alpha) || defined(__sparcv9) || defined(__mips) +-# define MD32_REG_T long +-/* +- * This comment was originally written for MD5, which is why it +- * discusses A-D. But it basically applies to all 32-bit digests, +- * which is why it was moved to common header file. +- * +- * In case you wonder why A-D are declared as long and not +- * as MD5_LONG. Doing so results in slight performance +- * boost on LP64 architectures. The catch is we don't +- * really care if 32 MSBs of a 64-bit register get polluted +- * with eventual overflows as we *save* only 32 LSBs in +- * *either* case. Now declaring 'em long excuses the compiler +- * from keeping 32 MSBs zeroed resulting in 13% performance +- * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. +- * Well, to be honest it should say that this *prevents* +- * performance degradation. +- * +- */ +-# else +-/* +- * Above is not absolute and there are LP64 compilers that +- * generate better code if MD32_REG_T is defined int. The above +- * pre-processor condition reflects the circumstances under which +- * the conclusion was made and is subject to further extension. +- * +- */ +-# define MD32_REG_T int +-# endif +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/objects.h b/Cryptlib/OpenSSL/crypto/include/internal/objects.h +deleted file mode 100644 +index 76e1b4d..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/objects.h ++++ /dev/null +@@ -1,12 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-void obj_cleanup_int(void); +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/poly1305.h b/Cryptlib/OpenSSL/crypto/include/internal/poly1305.h +deleted file mode 100644 +index 1bc8716..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/poly1305.h ++++ /dev/null +@@ -1,19 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#define POLY1305_BLOCK_SIZE 16 +- +-typedef struct poly1305_context POLY1305; +- +-size_t Poly1305_ctx_size(void); +-void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]); +-void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len); +-void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]); +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/rand.h b/Cryptlib/OpenSSL/crypto/include/internal/rand.h +deleted file mode 100644 +index 30887c4..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/rand.h ++++ /dev/null +@@ -1,20 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * Licensed under the OpenSSL licenses, (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * https://www.openssl.org/source/license.html +- * or in the file LICENSE in the source distribution. +- */ +- +-#include +- +-void rand_cleanup_int(void); +diff --git a/Cryptlib/OpenSSL/crypto/include/internal/x509_int.h b/Cryptlib/OpenSSL/crypto/include/internal/x509_int.h +deleted file mode 100644 +index 2845026..0000000 +--- a/Cryptlib/OpenSSL/crypto/include/internal/x509_int.h ++++ /dev/null +@@ -1,267 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* Internal X509 structures and functions: not for application use */ +- +-/* Note: unless otherwise stated a field pointer is mandatory and should +- * never be set to NULL: the ASN.1 code and accessors rely on mandatory +- * fields never being NULL. +- */ +- +-/* +- * name entry structure, equivalent to AttributeTypeAndValue defined +- * in RFC5280 et al. +- */ +-struct X509_name_entry_st { +- ASN1_OBJECT *object; /* AttributeType */ +- ASN1_STRING *value; /* AttributeValue */ +- int set; /* index of RDNSequence for this entry */ +- int size; /* temp variable */ +-}; +- +-/* Name from RFC 5280. */ +-struct X509_name_st { +- STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */ +- int modified; /* true if 'bytes' needs to be built */ +- BUF_MEM *bytes; /* cached encoding: cannot be NULL */ +- /* canonical encoding used for rapid Name comparison */ +- unsigned char *canon_enc; +- int canon_enclen; +-} /* X509_NAME */ ; +- +-/* PKCS#10 certificate request */ +- +-struct X509_req_info_st { +- ASN1_ENCODING enc; /* cached encoding of signed part */ +- ASN1_INTEGER *version; /* version, defaults to v1(0) so can be NULL */ +- X509_NAME *subject; /* certificate request DN */ +- X509_PUBKEY *pubkey; /* public key of request */ +- /* +- * Zero or more attributes. +- * NB: although attributes is a mandatory field some broken +- * encodings omit it so this may be NULL in that case. +- */ +- STACK_OF(X509_ATTRIBUTE) *attributes; +-}; +- +-struct X509_req_st { +- X509_REQ_INFO req_info; /* signed certificate request data */ +- X509_ALGOR sig_alg; /* signature algorithm */ +- ASN1_BIT_STRING *signature; /* signature */ +- int references; +- CRYPTO_RWLOCK *lock; +-}; +- +-struct X509_crl_info_st { +- ASN1_INTEGER *version; /* version: defaults to v1(0) so may be NULL */ +- X509_ALGOR sig_alg; /* signature algorithm */ +- X509_NAME *issuer; /* CRL issuer name */ +- ASN1_TIME *lastUpdate; /* lastUpdate field */ +- ASN1_TIME *nextUpdate; /* nextUpdate field: optional */ +- STACK_OF(X509_REVOKED) *revoked; /* revoked entries: optional */ +- STACK_OF(X509_EXTENSION) *extensions; /* extensions: optional */ +- ASN1_ENCODING enc; /* encoding of signed portion of CRL */ +-}; +- +-struct X509_crl_st { +- X509_CRL_INFO crl; /* signed CRL data */ +- X509_ALGOR sig_alg; /* CRL signature algorithm */ +- ASN1_BIT_STRING signature; /* CRL signature */ +- int references; +- int flags; +- /* +- * Cached copies of decoded extension values, since extensions +- * are optional any of these can be NULL. +- */ +- AUTHORITY_KEYID *akid; +- ISSUING_DIST_POINT *idp; +- /* Convenient breakdown of IDP */ +- int idp_flags; +- int idp_reasons; +- /* CRL and base CRL numbers for delta processing */ +- ASN1_INTEGER *crl_number; +- ASN1_INTEGER *base_crl_number; +- STACK_OF(GENERAL_NAMES) *issuers; +- /* hash of CRL */ +- unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +- /* alternative method to handle this CRL */ +- const X509_CRL_METHOD *meth; +- void *meth_data; +- CRYPTO_RWLOCK *lock; +-}; +- +-struct x509_revoked_st { +- ASN1_INTEGER serialNumber; /* revoked entry serial number */ +- ASN1_TIME *revocationDate; /* revocation date */ +- STACK_OF(X509_EXTENSION) *extensions; /* CRL entry extensions: optional */ +- /* decoded value of CRLissuer extension: set if indirect CRL */ +- STACK_OF(GENERAL_NAME) *issuer; +- /* revocation reason: set to CRL_REASON_NONE if reason extension absent */ +- int reason; +- /* +- * CRL entries are reordered for faster lookup of serial numbers. This +- * field contains the original load sequence for this entry. +- */ +- int sequence; +-}; +- +-/* +- * This stuff is certificate "auxiliary info": it contains details which are +- * useful in certificate stores and databases. When used this is tagged onto +- * the end of the certificate itself. OpenSSL specific structure not defined +- * in any RFC. +- */ +- +-struct x509_cert_aux_st { +- STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ +- STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ +- ASN1_UTF8STRING *alias; /* "friendly name" */ +- ASN1_OCTET_STRING *keyid; /* key id of private key */ +- STACK_OF(X509_ALGOR) *other; /* other unspecified info */ +-}; +- +-struct x509_cinf_st { +- ASN1_INTEGER *version; /* [ 0 ] default of v1 */ +- ASN1_INTEGER serialNumber; +- X509_ALGOR signature; +- X509_NAME *issuer; +- X509_VAL validity; +- X509_NAME *subject; +- X509_PUBKEY *key; +- ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ +- ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ +- STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ +- ASN1_ENCODING enc; +-}; +- +-struct x509_st { +- X509_CINF cert_info; +- X509_ALGOR sig_alg; +- ASN1_BIT_STRING signature; +- int references; +- CRYPTO_EX_DATA ex_data; +- /* These contain copies of various extension values */ +- long ex_pathlen; +- long ex_pcpathlen; +- uint32_t ex_flags; +- uint32_t ex_kusage; +- uint32_t ex_xkusage; +- uint32_t ex_nscert; +- ASN1_OCTET_STRING *skid; +- AUTHORITY_KEYID *akid; +- X509_POLICY_CACHE *policy_cache; +- STACK_OF(DIST_POINT) *crldp; +- STACK_OF(GENERAL_NAME) *altname; +- NAME_CONSTRAINTS *nc; +-#ifndef OPENSSL_NO_RFC3779 +- STACK_OF(IPAddressFamily) *rfc3779_addr; +- struct ASIdentifiers_st *rfc3779_asid; +-# endif +- unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +- X509_CERT_AUX *aux; +- CRYPTO_RWLOCK *lock; +-} /* X509 */ ; +- +-/* +- * This is a used when verifying cert chains. Since the gathering of the +- * cert chain can take some time (and have to be 'retried', this needs to be +- * kept and passed around. +- */ +-struct x509_store_ctx_st { /* X509_STORE_CTX */ +- X509_STORE *ctx; +- /* The following are set by the caller */ +- /* The cert to check */ +- X509 *cert; +- /* chain of X509s - untrusted - passed in */ +- STACK_OF(X509) *untrusted; +- /* set of CRLs passed in */ +- STACK_OF(X509_CRL) *crls; +- X509_VERIFY_PARAM *param; +- /* Other info for use with get_issuer() */ +- void *other_ctx; +- /* Callbacks for various operations */ +- /* called to verify a certificate */ +- int (*verify) (X509_STORE_CTX *ctx); +- /* error callback */ +- int (*verify_cb) (int ok, X509_STORE_CTX *ctx); +- /* get issuers cert from ctx */ +- int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); +- /* check issued */ +- int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); +- /* Check revocation status of chain */ +- int (*check_revocation) (X509_STORE_CTX *ctx); +- /* retrieve CRL */ +- int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); +- /* Check CRL validity */ +- int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); +- /* Check certificate against CRL */ +- int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); +- /* Check policy status of the chain */ +- int (*check_policy) (X509_STORE_CTX *ctx); +- STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); +- STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); +- int (*cleanup) (X509_STORE_CTX *ctx); +- /* The following is built up */ +- /* if 0, rebuild chain */ +- int valid; +- /* number of untrusted certs */ +- int num_untrusted; +- /* chain of X509s - built up and trusted */ +- STACK_OF(X509) *chain; +- /* Valid policy tree */ +- X509_POLICY_TREE *tree; +- /* Require explicit policy value */ +- int explicit_policy; +- /* When something goes wrong, this is why */ +- int error_depth; +- int error; +- X509 *current_cert; +- /* cert currently being tested as valid issuer */ +- X509 *current_issuer; +- /* current CRL */ +- X509_CRL *current_crl; +- /* score of current CRL */ +- int current_crl_score; +- /* Reason mask */ +- unsigned int current_reasons; +- /* For CRL path validation: parent context */ +- X509_STORE_CTX *parent; +- CRYPTO_EX_DATA ex_data; +- SSL_DANE *dane; +- /* signed via bare TA public key, rather than CA certificate */ +- int bare_ta_signed; +-}; +- +-/* PKCS#8 private key info structure */ +- +-struct pkcs8_priv_key_info_st { +- ASN1_INTEGER *version; +- X509_ALGOR *pkeyalg; +- ASN1_OCTET_STRING *pkey; +- STACK_OF(X509_ATTRIBUTE) *attributes; +-}; +- +-struct X509_sig_st { +- X509_ALGOR *algor; +- ASN1_OCTET_STRING *digest; +-}; +- +-struct x509_object_st { +- /* one of the above types */ +- X509_LOOKUP_TYPE type; +- union { +- char *ptr; +- X509 *x509; +- X509_CRL *crl; +- EVP_PKEY *pkey; +- } data; +-}; +- +-int a2i_ipadd(unsigned char *ipout, const char *ipasc); +-int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); +diff --git a/Cryptlib/OpenSSL/crypto/init.c b/Cryptlib/OpenSSL/crypto/init.c +deleted file mode 100644 +index c730e38..0000000 +--- a/Cryptlib/OpenSSL/crypto/init.c ++++ /dev/null +@@ -1,664 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-static int stopped = 0; +- +-static void ossl_init_thread_stop(struct thread_local_inits_st *locals); +- +-static CRYPTO_THREAD_LOCAL threadstopkey; +- +-static void ossl_init_thread_stop_wrap(void *local) +-{ +- ossl_init_thread_stop((struct thread_local_inits_st *)local); +-} +- +-static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) +-{ +- struct thread_local_inits_st *local = +- CRYPTO_THREAD_get_local(&threadstopkey); +- +- if (local == NULL && alloc) { +- local = OPENSSL_zalloc(sizeof *local); +- CRYPTO_THREAD_set_local(&threadstopkey, local); +- } +- if (!alloc) { +- CRYPTO_THREAD_set_local(&threadstopkey, NULL); +- } +- +- return local; +-} +- +-typedef struct ossl_init_stop_st OPENSSL_INIT_STOP; +-struct ossl_init_stop_st { +- void (*handler)(void); +- OPENSSL_INIT_STOP *next; +-}; +- +-static OPENSSL_INIT_STOP *stop_handlers = NULL; +-static CRYPTO_RWLOCK *init_lock = NULL; +- +-static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; +-static int base_inited = 0; +-DEFINE_RUN_ONCE_STATIC(ossl_init_base) +-{ +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); +-#endif +- /* +- * We use a dummy thread local key here. We use the destructor to detect +- * when the thread is going to stop (where that feature is available) +- */ +- CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap); +-#ifndef OPENSSL_SYS_UEFI +- atexit(OPENSSL_cleanup); +-#endif +- if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) +- return 0; +- OPENSSL_cpuid_setup(); +- +- /* +- * BIG FAT WARNING! +- * Everything needed to be initialized in this function before threads +- * come along MUST happen before base_inited is set to 1, or we will +- * see race conditions. +- */ +- base_inited = 1; +- +-#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) +-# ifdef DSO_WIN32 +- { +- HMODULE handle = NULL; +- BOOL ret; +- +- /* We don't use the DSO route for WIN32 because there is a better way */ +- ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS +- | GET_MODULE_HANDLE_EX_FLAG_PIN, +- (void *)&base_inited, &handle); +- +- return (ret == TRUE) ? 1 : 0; +- } +-# else +- /* +- * Deliberately leak a reference to ourselves. This will force the library +- * to remain loaded until the atexit() handler is run a process exit. +- */ +- { +- DSO *dso = NULL; +- +- dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE); +- DSO_free(dso); +- } +-# endif +-#endif +- +- return 1; +-} +- +-static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; +-static int load_crypto_strings_inited = 0; +-DEFINE_RUN_ONCE_STATIC(ossl_init_no_load_crypto_strings) +-{ +- /* Do nothing in this case */ +- return 1; +-} +- +-DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) +-{ +- int ret = 1; +- /* +- * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time +- * pulling in all the error strings during static linking +- */ +-#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT) +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: " +- "err_load_crypto_strings_int()\n"); +-# endif +- ret = err_load_crypto_strings_int(); +- load_crypto_strings_inited = 1; +-#endif +- return ret; +-} +- +-static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers) +-{ +- /* +- * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time +- * pulling in all the ciphers during static linking +- */ +-#ifndef OPENSSL_NO_AUTOALGINIT +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: " +- "openssl_add_all_ciphers_int()\n"); +-# endif +- openssl_add_all_ciphers_int(); +-#endif +- return 1; +-} +- +-static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests) +-{ +- /* +- * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time +- * pulling in all the ciphers during static linking +- */ +-#ifndef OPENSSL_NO_AUTOALGINIT +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: " +- "openssl_add_all_digests()\n"); +-# endif +- openssl_add_all_digests_int(); +-#endif +- return 1; +-} +- +-DEFINE_RUN_ONCE_STATIC(ossl_init_no_add_algs) +-{ +- /* Do nothing */ +- return 1; +-} +- +-static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT; +-static int config_inited = 0; +-static const char *appname; +-DEFINE_RUN_ONCE_STATIC(ossl_init_config) +-{ +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, +- "OPENSSL_INIT: ossl_init_config: openssl_config(%s)\n", +- appname == NULL ? "NULL" : appname); +-#endif +- openssl_config_int(appname); +- config_inited = 1; +- return 1; +-} +-DEFINE_RUN_ONCE_STATIC(ossl_init_no_config) +-{ +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, +- "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n"); +-#endif +- openssl_no_config_int(); +- config_inited = 1; +- return 1; +-} +- +-static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT; +-static int async_inited = 0; +-DEFINE_RUN_ONCE_STATIC(ossl_init_async) +-{ +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n"); +-#endif +- if (!async_init()) +- return 0; +- async_inited = 1; +- return 1; +-} +- +-#ifndef OPENSSL_NO_ENGINE +-static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl) +-{ +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: " +- "engine_load_openssl_int()\n"); +-# endif +- engine_load_openssl_int(); +- return 1; +-} +-# if !defined(OPENSSL_NO_HW) && \ +- (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) +-static CRYPTO_ONCE engine_cryptodev = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_cryptodev) +-{ +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_cryptodev: " +- "engine_load_cryptodev_int()\n"); +-# endif +- engine_load_cryptodev_int(); +- return 1; +-} +-# endif +- +-# ifndef OPENSSL_NO_RDRAND +-static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand) +-{ +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: " +- "engine_load_rdrand_int()\n"); +-# endif +- engine_load_rdrand_int(); +- return 1; +-} +-# endif +-static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic) +-{ +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: " +- "engine_load_dynamic_int()\n"); +-# endif +- engine_load_dynamic_int(); +- return 1; +-} +-# ifndef OPENSSL_NO_STATIC_ENGINE +-# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) +-static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock) +-{ +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: " +- "engine_load_padlock_int()\n"); +-# endif +- engine_load_padlock_int(); +- return 1; +-} +-# endif +-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +-static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi) +-{ +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: " +- "engine_load_capi_int()\n"); +-# endif +- engine_load_capi_int(); +- return 1; +-} +-# endif +-# if !defined(OPENSSL_NO_AFALGENG) +-static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT; +-DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg) +-{ +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: " +- "engine_load_afalg_int()\n"); +-# endif +- engine_load_afalg_int(); +- return 1; +-} +-# endif +-# endif +-#endif +- +-#ifndef OPENSSL_NO_COMP +-static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT; +- +-static int zlib_inited = 0; +-DEFINE_RUN_ONCE_STATIC(ossl_init_zlib) +-{ +- /* Do nothing - we need to know about this for the later cleanup */ +- zlib_inited = 1; +- return 1; +-} +-#endif +- +-static void ossl_init_thread_stop(struct thread_local_inits_st *locals) +-{ +- /* Can't do much about this */ +- if (locals == NULL) +- return; +- +- if (locals->async) { +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " +- "ASYNC_cleanup_thread()\n"); +-#endif +- ASYNC_cleanup_thread(); +- } +- +- if (locals->err_state) { +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: " +- "err_delete_thread_state()\n"); +-#endif +- err_delete_thread_state(); +- } +- +- OPENSSL_free(locals); +-} +- +-void OPENSSL_thread_stop(void) +-{ +- ossl_init_thread_stop( +- (struct thread_local_inits_st *)ossl_init_get_thread_local(0)); +-} +- +-int ossl_init_thread_start(uint64_t opts) +-{ +- struct thread_local_inits_st *locals = ossl_init_get_thread_local(1); +- +- if (locals == NULL) +- return 0; +- +- if (opts & OPENSSL_INIT_THREAD_ASYNC) { +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " +- "marking thread for async\n"); +-#endif +- locals->async = 1; +- } +- +- if (opts & OPENSSL_INIT_THREAD_ERR_STATE) { +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: " +- "marking thread for err_state\n"); +-#endif +- locals->err_state = 1; +- } +- +- return 1; +-} +- +-void OPENSSL_cleanup(void) +-{ +- OPENSSL_INIT_STOP *currhandler, *lasthandler; +- +- /* If we've not been inited then no need to deinit */ +- if (!base_inited) +- return; +- +- /* Might be explicitly called and also by atexit */ +- if (stopped) +- return; +- stopped = 1; +- +- /* +- * Thread stop may not get automatically called by the thread library for +- * the very last thread in some situations, so call it directly. +- */ +- ossl_init_thread_stop(ossl_init_get_thread_local(0)); +- +- currhandler = stop_handlers; +- while (currhandler != NULL) { +- currhandler->handler(); +- lasthandler = currhandler; +- currhandler = currhandler->next; +- OPENSSL_free(lasthandler); +- } +- stop_handlers = NULL; +- +- CRYPTO_THREAD_lock_free(init_lock); +- +- /* +- * We assume we are single-threaded for this function, i.e. no race +- * conditions for the various "*_inited" vars below. +- */ +- +-#ifndef OPENSSL_NO_COMP +- if (zlib_inited) { +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "comp_zlib_cleanup_int()\n"); +-#endif +- comp_zlib_cleanup_int(); +- } +-#endif +- +- if (async_inited) { +-# ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "async_deinit()\n"); +-# endif +- async_deinit(); +- } +- +- if (load_crypto_strings_inited) { +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "err_free_strings_int()\n"); +-#endif +- err_free_strings_int(); +- } +- +- CRYPTO_THREAD_cleanup_local(&threadstopkey); +- +-#ifdef OPENSSL_INIT_DEBUG +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "rand_cleanup_int()\n"); +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "conf_modules_free_int()\n"); +-#ifndef OPENSSL_NO_ENGINE +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "engine_cleanup_int()\n"); +-#endif +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "crypto_cleanup_all_ex_data_int()\n"); +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "bio_sock_cleanup_int()\n"); +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "bio_cleanup()\n"); +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "evp_cleanup_int()\n"); +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "obj_cleanup_int()\n"); +- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " +- "err_cleanup()\n"); +-#endif +- /* +- * Note that cleanup order is important: +- * - rand_cleanup_int could call an ENGINE's RAND cleanup function so +- * must be called before engine_cleanup_int() +- * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up +- * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data(). +- * - conf_modules_free_int() can end up in ENGINE code so must be called +- * before engine_cleanup_int() +- * - ENGINEs and additional EVP algorithms might use added OIDs names so +- * obj_cleanup_int() must be called last +- */ +- rand_cleanup_int(); +- conf_modules_free_int(); +-#ifndef OPENSSL_NO_ENGINE +- engine_cleanup_int(); +-#endif +- crypto_cleanup_all_ex_data_int(); +- bio_cleanup(); +- evp_cleanup_int(); +- obj_cleanup_int(); +- err_cleanup(); +- +- base_inited = 0; +-} +- +-/* +- * If this function is called with a non NULL settings value then it must be +- * called prior to any threads making calls to any OpenSSL functions, +- * i.e. passing a non-null settings value is assumed to be single-threaded. +- */ +-int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) +-{ +- static int stoperrset = 0; +- +- if (stopped) { +- if (!stoperrset) { +- /* +- * We only ever set this once to avoid getting into an infinite +- * loop where the error system keeps trying to init and fails so +- * sets an error etc +- */ +- stoperrset = 1; +- CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL); +- } +- return 0; +- } +- +- if (!base_inited && !RUN_ONCE(&base, ossl_init_base)) +- return 0; +- +- if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS) +- && !RUN_ONCE(&load_crypto_strings, +- ossl_init_no_load_crypto_strings)) +- return 0; +- +- if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS) +- && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings)) +- return 0; +- +- if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS) +- && !RUN_ONCE(&add_all_ciphers, ossl_init_no_add_algs)) +- return 0; +- +- if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS) +- && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers)) +- return 0; +- +- if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS) +- && !RUN_ONCE(&add_all_digests, ossl_init_no_add_algs)) +- return 0; +- +- if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS) +- && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests)) +- return 0; +- +- if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) +- && !RUN_ONCE(&config, ossl_init_no_config)) +- return 0; +- +- if (opts & OPENSSL_INIT_LOAD_CONFIG) { +- int ret; +- CRYPTO_THREAD_write_lock(init_lock); +- appname = (settings == NULL) ? NULL : settings->appname; +- ret = RUN_ONCE(&config, ossl_init_config); +- CRYPTO_THREAD_unlock(init_lock); +- if (!ret) +- return 0; +- } +- +- if ((opts & OPENSSL_INIT_ASYNC) +- && !RUN_ONCE(&async, ossl_init_async)) +- return 0; +- +-#ifndef OPENSSL_NO_ENGINE +- if ((opts & OPENSSL_INIT_ENGINE_OPENSSL) +- && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl)) +- return 0; +-# if !defined(OPENSSL_NO_HW) && \ +- (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) +- if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV) +- && !RUN_ONCE(&engine_cryptodev, ossl_init_engine_cryptodev)) +- return 0; +-# endif +-# ifndef OPENSSL_NO_RDRAND +- if ((opts & OPENSSL_INIT_ENGINE_RDRAND) +- && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand)) +- return 0; +-# endif +- if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC) +- && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic)) +- return 0; +-# ifndef OPENSSL_NO_STATIC_ENGINE +-# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK) +- if ((opts & OPENSSL_INIT_ENGINE_PADLOCK) +- && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock)) +- return 0; +-# endif +-# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG) +- if ((opts & OPENSSL_INIT_ENGINE_CAPI) +- && !RUN_ONCE(&engine_capi, ossl_init_engine_capi)) +- return 0; +-# endif +-# if !defined(OPENSSL_NO_AFALGENG) +- if ((opts & OPENSSL_INIT_ENGINE_AFALG) +- && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg)) +- return 0; +-# endif +-# endif +- if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN +- | OPENSSL_INIT_ENGINE_OPENSSL +- | OPENSSL_INIT_ENGINE_AFALG)) { +- ENGINE_register_all_complete(); +- } +-#endif +- +-#ifndef OPENSSL_NO_COMP +- if ((opts & OPENSSL_INIT_ZLIB) +- && !RUN_ONCE(&zlib, ossl_init_zlib)) +- return 0; +-#endif +- +- return 1; +-} +- +-int OPENSSL_atexit(void (*handler)(void)) +-{ +- OPENSSL_INIT_STOP *newhand; +- +-#if !defined(OPENSSL_NO_DSO) && !defined(OPENSSL_USE_NODELETE) +- { +- union { +- void *sym; +- void (*func)(void); +- } handlersym; +- +- handlersym.func = handler; +-# ifdef DSO_WIN32 +- { +- HMODULE handle = NULL; +- BOOL ret; +- +- /* +- * We don't use the DSO route for WIN32 because there is a better +- * way +- */ +- ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS +- | GET_MODULE_HANDLE_EX_FLAG_PIN, +- handlersym.sym, &handle); +- +- if (!ret) +- return 0; +- } +-# else +- /* +- * Deliberately leak a reference to the handler. This will force the +- * library/code containing the handler to remain loaded until we run the +- * atexit handler. If -znodelete has been used then this is +- * unneccessary. +- */ +- { +- DSO *dso = NULL; +- +- dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); +- DSO_free(dso); +- } +-# endif +- } +-#endif +- +- newhand = OPENSSL_malloc(sizeof(*newhand)); +- if (newhand == NULL) +- return 0; +- +- newhand->handler = handler; +- newhand->next = stop_handlers; +- stop_handlers = newhand; +- +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/kdf/hkdf.c b/Cryptlib/OpenSSL/crypto/kdf/hkdf.c +deleted file mode 100644 +index 00b95b5..0000000 +--- a/Cryptlib/OpenSSL/crypto/kdf/hkdf.c ++++ /dev/null +@@ -1,293 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include "internal/cryptlib.h" +-#include "internal/evp_int.h" +- +-#define HKDF_MAXBUF 1024 +- +-static unsigned char *HKDF(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len); +- +-static unsigned char *HKDF_Extract(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- unsigned char *prk, size_t *prk_len); +- +-static unsigned char *HKDF_Expand(const EVP_MD *evp_md, +- const unsigned char *prk, size_t prk_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len); +- +-typedef struct { +- const EVP_MD *md; +- unsigned char *salt; +- size_t salt_len; +- unsigned char *key; +- size_t key_len; +- unsigned char info[HKDF_MAXBUF]; +- size_t info_len; +-} HKDF_PKEY_CTX; +- +-static int pkey_hkdf_init(EVP_PKEY_CTX *ctx) +-{ +- HKDF_PKEY_CTX *kctx; +- +- kctx = OPENSSL_zalloc(sizeof(*kctx)); +- if (kctx == NULL) +- return 0; +- +- ctx->data = kctx; +- +- return 1; +-} +- +-static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx) +-{ +- HKDF_PKEY_CTX *kctx = ctx->data; +- OPENSSL_clear_free(kctx->salt, kctx->salt_len); +- OPENSSL_clear_free(kctx->key, kctx->key_len); +- OPENSSL_cleanse(kctx->info, kctx->info_len); +- OPENSSL_free(kctx); +-} +- +-static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +-{ +- HKDF_PKEY_CTX *kctx = ctx->data; +- +- switch (type) { +- case EVP_PKEY_CTRL_HKDF_MD: +- if (p2 == NULL) +- return 0; +- +- kctx->md = p2; +- return 1; +- +- case EVP_PKEY_CTRL_HKDF_SALT: +- if (p1 == 0 || p2 == NULL) +- return 1; +- +- if (p1 < 0) +- return 0; +- +- if (kctx->salt != NULL) +- OPENSSL_clear_free(kctx->salt, kctx->salt_len); +- +- kctx->salt = OPENSSL_memdup(p2, p1); +- if (kctx->salt == NULL) +- return 0; +- +- kctx->salt_len = p1; +- return 1; +- +- case EVP_PKEY_CTRL_HKDF_KEY: +- if (p1 < 0) +- return 0; +- +- if (kctx->key != NULL) +- OPENSSL_clear_free(kctx->key, kctx->key_len); +- +- kctx->key = OPENSSL_memdup(p2, p1); +- if (kctx->key == NULL) +- return 0; +- +- kctx->key_len = p1; +- return 1; +- +- case EVP_PKEY_CTRL_HKDF_INFO: +- if (p1 == 0 || p2 == NULL) +- return 1; +- +- if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len)) +- return 0; +- +- memcpy(kctx->info + kctx->info_len, p2, p1); +- kctx->info_len += p1; +- return 1; +- +- default: +- return -2; +- +- } +-} +- +-static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, +- const char *value) +-{ +- if (strcmp(type, "md") == 0) +- return EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_get_digestbyname(value)); +- +- if (strcmp(type, "salt") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); +- +- if (strcmp(type, "hexsalt") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value); +- +- if (strcmp(type, "key") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); +- +- if (strcmp(type, "hexkey") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value); +- +- if (strcmp(type, "info") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); +- +- if (strcmp(type, "hexinfo") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value); +- +- return -2; +-} +- +-static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, +- size_t *keylen) +-{ +- HKDF_PKEY_CTX *kctx = ctx->data; +- +- if (kctx->md == NULL || kctx->key == NULL) +- return 0; +- +- if (HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key, kctx->key_len, +- kctx->info, kctx->info_len, key, *keylen) == NULL) +- { +- return 0; +- } +- +- return 1; +-} +- +-const EVP_PKEY_METHOD hkdf_pkey_meth = { +- EVP_PKEY_HKDF, +- 0, +- pkey_hkdf_init, +- 0, +- pkey_hkdf_cleanup, +- +- 0, 0, +- 0, 0, +- +- 0, +- 0, +- +- 0, +- 0, +- +- 0, 0, +- +- 0, 0, 0, 0, +- +- 0, 0, +- +- 0, 0, +- +- 0, +- pkey_hkdf_derive, +- pkey_hkdf_ctrl, +- pkey_hkdf_ctrl_str +-}; +- +-static unsigned char *HKDF(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len) +-{ +- unsigned char prk[EVP_MAX_MD_SIZE]; +- size_t prk_len; +- +- if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len)) +- return NULL; +- +- return HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len); +-} +- +-static unsigned char *HKDF_Extract(const EVP_MD *evp_md, +- const unsigned char *salt, size_t salt_len, +- const unsigned char *key, size_t key_len, +- unsigned char *prk, size_t *prk_len) +-{ +- unsigned int tmp_len; +- +- if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len)) +- return NULL; +- +- *prk_len = tmp_len; +- return prk; +-} +- +-static unsigned char *HKDF_Expand(const EVP_MD *evp_md, +- const unsigned char *prk, size_t prk_len, +- const unsigned char *info, size_t info_len, +- unsigned char *okm, size_t okm_len) +-{ +- HMAC_CTX *hmac; +- +- unsigned int i; +- +- unsigned char prev[EVP_MAX_MD_SIZE]; +- +- size_t done_len = 0, dig_len = EVP_MD_size(evp_md); +- +- size_t n = okm_len / dig_len; +- if (okm_len % dig_len) +- n++; +- +- if (n > 255) +- return NULL; +- +- if ((hmac = HMAC_CTX_new()) == NULL) +- return NULL; +- +- if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL)) +- goto err; +- +- for (i = 1; i <= n; i++) { +- size_t copy_len; +- const unsigned char ctr = i; +- +- if (i > 1) { +- if (!HMAC_Init_ex(hmac, NULL, 0, NULL, NULL)) +- goto err; +- +- if (!HMAC_Update(hmac, prev, dig_len)) +- goto err; +- } +- +- if (!HMAC_Update(hmac, info, info_len)) +- goto err; +- +- if (!HMAC_Update(hmac, &ctr, 1)) +- goto err; +- +- if (!HMAC_Final(hmac, prev, NULL)) +- goto err; +- +- copy_len = (done_len + dig_len > okm_len) ? +- okm_len - done_len : +- dig_len; +- +- memcpy(okm + done_len, prev, copy_len); +- +- done_len += copy_len; +- } +- +- HMAC_CTX_free(hmac); +- return okm; +- +- err: +- HMAC_CTX_free(hmac); +- return NULL; +-} +diff --git a/Cryptlib/OpenSSL/crypto/kdf/kdf_err.c b/Cryptlib/OpenSSL/crypto/kdf/kdf_err.c +deleted file mode 100644 +index d7d71b3..0000000 +--- a/Cryptlib/OpenSSL/crypto/kdf/kdf_err.c ++++ /dev/null +@@ -1,46 +0,0 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +- +-/* BEGIN ERROR CODES */ +-#ifndef OPENSSL_NO_ERR +- +-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_KDF,func,0) +-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_KDF,0,reason) +- +-static ERR_STRING_DATA KDF_str_functs[] = { +- {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_CTRL_STR), "pkey_tls1_prf_ctrl_str"}, +- {ERR_FUNC(KDF_F_PKEY_TLS1_PRF_DERIVE), "pkey_tls1_prf_derive"}, +- {0, NULL} +-}; +- +-static ERR_STRING_DATA KDF_str_reasons[] = { +- {ERR_REASON(KDF_R_INVALID_DIGEST), "invalid digest"}, +- {ERR_REASON(KDF_R_MISSING_PARAMETER), "missing parameter"}, +- {ERR_REASON(KDF_R_VALUE_MISSING), "value missing"}, +- {0, NULL} +-}; +- +-#endif +- +-int ERR_load_KDF_strings(void) +-{ +-#ifndef OPENSSL_NO_ERR +- +- if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) { +- ERR_load_strings(0, KDF_str_functs); +- ERR_load_strings(0, KDF_str_reasons); +- } +-#endif +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c b/Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c +deleted file mode 100644 +index fa13732..0000000 +--- a/Cryptlib/OpenSSL/crypto/kdf/tls1_prf.c ++++ /dev/null +@@ -1,265 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include "internal/evp_int.h" +- +-static int tls1_prf_alg(const EVP_MD *md, +- const unsigned char *sec, size_t slen, +- const unsigned char *seed, size_t seed_len, +- unsigned char *out, size_t olen); +- +-#define TLS1_PRF_MAXBUF 1024 +- +-/* TLS KDF pkey context structure */ +- +-typedef struct { +- /* Digest to use for PRF */ +- const EVP_MD *md; +- /* Secret value to use for PRF */ +- unsigned char *sec; +- size_t seclen; +- /* Buffer of concatenated seed data */ +- unsigned char seed[TLS1_PRF_MAXBUF]; +- size_t seedlen; +-} TLS1_PRF_PKEY_CTX; +- +-static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx) +-{ +- TLS1_PRF_PKEY_CTX *kctx; +- +- kctx = OPENSSL_zalloc(sizeof(*kctx)); +- if (kctx == NULL) +- return 0; +- ctx->data = kctx; +- +- return 1; +-} +- +-static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx) +-{ +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; +- OPENSSL_clear_free(kctx->sec, kctx->seclen); +- OPENSSL_cleanse(kctx->seed, kctx->seedlen); +- OPENSSL_free(kctx); +-} +- +-static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +-{ +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; +- switch (type) { +- case EVP_PKEY_CTRL_TLS_MD: +- kctx->md = p2; +- return 1; +- +- case EVP_PKEY_CTRL_TLS_SECRET: +- if (p1 < 0) +- return 0; +- if (kctx->sec != NULL) +- OPENSSL_clear_free(kctx->sec, kctx->seclen); +- OPENSSL_cleanse(kctx->seed, kctx->seedlen); +- kctx->seedlen = 0; +- kctx->sec = OPENSSL_memdup(p2, p1); +- if (kctx->sec == NULL) +- return 0; +- kctx->seclen = p1; +- return 1; +- +- case EVP_PKEY_CTRL_TLS_SEED: +- if (p1 == 0 || p2 == NULL) +- return 1; +- if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen)) +- return 0; +- memcpy(kctx->seed + kctx->seedlen, p2, p1); +- kctx->seedlen += p1; +- return 1; +- +- default: +- return -2; +- +- } +-} +- +-static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, +- const char *type, const char *value) +-{ +- if (value == NULL) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING); +- return 0; +- } +- if (strcmp(type, "md") == 0) { +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; +- +- const EVP_MD *md = EVP_get_digestbyname(value); +- if (md == NULL) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST); +- return 0; +- } +- kctx->md = md; +- return 1; +- } +- if (strcmp(type, "secret") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); +- if (strcmp(type, "hexsecret") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value); +- if (strcmp(type, "seed") == 0) +- return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); +- if (strcmp(type, "hexseed") == 0) +- return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); +- return -2; +-} +- +-static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, +- size_t *keylen) +-{ +- TLS1_PRF_PKEY_CTX *kctx = ctx->data; +- if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) { +- KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER); +- return 0; +- } +- return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen, +- kctx->seed, kctx->seedlen, +- key, *keylen); +-} +- +-const EVP_PKEY_METHOD tls1_prf_pkey_meth = { +- EVP_PKEY_TLS1_PRF, +- 0, +- pkey_tls1_prf_init, +- 0, +- pkey_tls1_prf_cleanup, +- +- 0, 0, +- 0, 0, +- +- 0, +- 0, +- +- 0, +- 0, +- +- 0, 0, +- +- 0, 0, 0, 0, +- +- 0, 0, +- +- 0, 0, +- +- 0, +- pkey_tls1_prf_derive, +- pkey_tls1_prf_ctrl, +- pkey_tls1_prf_ctrl_str +-}; +- +-static int tls1_prf_P_hash(const EVP_MD *md, +- const unsigned char *sec, size_t sec_len, +- const unsigned char *seed, size_t seed_len, +- unsigned char *out, size_t olen) +-{ +- int chunk; +- EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL; +- EVP_PKEY *mac_key = NULL; +- unsigned char A1[EVP_MAX_MD_SIZE]; +- size_t A1_len; +- int ret = 0; +- +- chunk = EVP_MD_size(md); +- OPENSSL_assert(chunk >= 0); +- +- ctx = EVP_MD_CTX_new(); +- ctx_tmp = EVP_MD_CTX_new(); +- ctx_init = EVP_MD_CTX_new(); +- if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) +- goto err; +- EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +- mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); +- if (mac_key == NULL) +- goto err; +- if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key)) +- goto err; +- if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) +- goto err; +- if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len)) +- goto err; +- if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) +- goto err; +- +- for (;;) { +- /* Reinit mac contexts */ +- if (!EVP_MD_CTX_copy_ex(ctx, ctx_init)) +- goto err; +- if (!EVP_DigestSignUpdate(ctx, A1, A1_len)) +- goto err; +- if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx)) +- goto err; +- if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len)) +- goto err; +- +- if (olen > (size_t)chunk) { +- size_t mac_len; +- if (!EVP_DigestSignFinal(ctx, out, &mac_len)) +- goto err; +- out += mac_len; +- olen -= mac_len; +- /* calc the next A1 value */ +- if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len)) +- goto err; +- } else { /* last one */ +- +- if (!EVP_DigestSignFinal(ctx, A1, &A1_len)) +- goto err; +- memcpy(out, A1, olen); +- break; +- } +- } +- ret = 1; +- err: +- EVP_PKEY_free(mac_key); +- EVP_MD_CTX_free(ctx); +- EVP_MD_CTX_free(ctx_tmp); +- EVP_MD_CTX_free(ctx_init); +- OPENSSL_cleanse(A1, sizeof(A1)); +- return ret; +-} +- +-static int tls1_prf_alg(const EVP_MD *md, +- const unsigned char *sec, size_t slen, +- const unsigned char *seed, size_t seed_len, +- unsigned char *out, size_t olen) +-{ +- +- if (EVP_MD_type(md) == NID_md5_sha1) { +- size_t i; +- unsigned char *tmp; +- if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1), +- seed, seed_len, out, olen)) +- return 0; +- +- tmp = OPENSSL_malloc(olen); +- if (tmp == NULL) +- return 0; +- if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1), +- seed, seed_len, tmp, olen)) { +- OPENSSL_clear_free(tmp, olen); +- return 0; +- } +- for (i = 0; i < olen; i++) +- out[i] ^= tmp[i]; +- OPENSSL_clear_free(tmp, olen); +- return 1; +- } +- if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen)) +- return 0; +- +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c +new file mode 100644 +index 0000000..d9851e9 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c +@@ -0,0 +1,162 @@ ++/* krb5_asn.c */ ++/* ++ * Written by Vern Staats for the OpenSSL project, ** ++ * using ocsp/{*.h,*asn*.c} as a starting point ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++#include ++#include ++#include ++ ++ ++ASN1_SEQUENCE(KRB5_ENCDATA) = { ++ ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), ++ ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), ++ ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) ++} ASN1_SEQUENCE_END(KRB5_ENCDATA) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA) ++ ++ ++ASN1_SEQUENCE(KRB5_PRINCNAME) = { ++ ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), ++ ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) ++} ASN1_SEQUENCE_END(KRB5_PRINCNAME) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME) ++ ++/* [APPLICATION 1] = 0x61 */ ++ASN1_SEQUENCE(KRB5_TKTBODY) = { ++ ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), ++ ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), ++ ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) ++} ASN1_SEQUENCE_END(KRB5_TKTBODY) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY) ++ ++ ++ASN1_ITEM_TEMPLATE(KRB5_TICKET) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, ++ KRB5_TICKET, KRB5_TKTBODY) ++ASN1_ITEM_TEMPLATE_END(KRB5_TICKET) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET) ++ ++/* [APPLICATION 14] = 0x6e */ ++ASN1_SEQUENCE(KRB5_APREQBODY) = { ++ ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), ++ ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), ++ ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), ++ ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), ++} ASN1_SEQUENCE_END(KRB5_APREQBODY) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY) ++ ++ASN1_ITEM_TEMPLATE(KRB5_APREQ) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, ++ KRB5_APREQ, KRB5_APREQBODY) ++ASN1_ITEM_TEMPLATE_END(KRB5_APREQ) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ) ++ ++/* Authenticator stuff */ ++ ++ASN1_SEQUENCE(KRB5_CHECKSUM) = { ++ ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) ++} ASN1_SEQUENCE_END(KRB5_CHECKSUM) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM) ++ ++ ++ASN1_SEQUENCE(KRB5_ENCKEY) = { ++ ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) ++} ASN1_SEQUENCE_END(KRB5_ENCKEY) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY) ++ ++/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */ ++ASN1_SEQUENCE(KRB5_AUTHDATA) = { ++ ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) ++} ASN1_SEQUENCE_END(KRB5_AUTHDATA) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA) ++ ++/* [APPLICATION 2] = 0x62 */ ++ASN1_SEQUENCE(KRB5_AUTHENTBODY) = { ++ ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), ++ ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), ++ ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), ++ ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), ++ ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), ++ ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), ++ ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), ++ ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), ++ ASN1_EXP_SEQUENCE_OF_OPT ++ (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), ++} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) ++ ++ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = ++ ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, ++ KRB5_AUTHENT, KRB5_AUTHENTBODY) ++ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT) ++ ++IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT) +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +index 7337832..0bfec23 100644 +--- a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c ++++ b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c +@@ -1,65 +1,185 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/lhash/lh_stats.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include + /* +- * If you wish to build this outside of OpenSSL, remove the following lines ++ * If you wish to build this outside of SSLeay, remove the following lines + * and things should work as expected + */ +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + +-#include ++#ifndef OPENSSL_NO_BIO ++# include ++#endif + #include +-#include "lhash_lcl.h" + +-# ifndef OPENSSL_NO_STDIO +-void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp) ++#ifdef OPENSSL_NO_BIO ++ ++void lh_stats(LHASH *lh, FILE *out) ++{ ++ fprintf(out, "num_items = %lu\n", lh->num_items); ++ fprintf(out, "num_nodes = %u\n", lh->num_nodes); ++ fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); ++ fprintf(out, "num_expands = %lu\n", lh->num_expands); ++ fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); ++ fprintf(out, "num_contracts = %lu\n", lh->num_contracts); ++ fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); ++ fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); ++ fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); ++ fprintf(out, "num_insert = %lu\n", lh->num_insert); ++ fprintf(out, "num_replace = %lu\n", lh->num_replace); ++ fprintf(out, "num_delete = %lu\n", lh->num_delete); ++ fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete); ++ fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve); ++ fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); ++ fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); ++# if 0 ++ fprintf(out, "p = %u\n", lh->p); ++ fprintf(out, "pmax = %u\n", lh->pmax); ++ fprintf(out, "up_load = %lu\n", lh->up_load); ++ fprintf(out, "down_load = %lu\n", lh->down_load); ++# endif ++} ++ ++void lh_node_stats(LHASH *lh, FILE *out) ++{ ++ LHASH_NODE *n; ++ unsigned int i, num; ++ ++ for (i = 0; i < lh->num_nodes; i++) { ++ for (n = lh->b[i], num = 0; n != NULL; n = n->next) ++ num++; ++ fprintf(out, "node %6u -> %3u\n", i, num); ++ } ++} ++ ++void lh_node_usage_stats(LHASH *lh, FILE *out) ++{ ++ LHASH_NODE *n; ++ unsigned long num; ++ unsigned int i; ++ unsigned long total = 0, n_used = 0; ++ ++ for (i = 0; i < lh->num_nodes; i++) { ++ for (n = lh->b[i], num = 0; n != NULL; n = n->next) ++ num++; ++ if (num != 0) { ++ n_used++; ++ total += num; ++ } ++ } ++ fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); ++ fprintf(out, "%lu items\n", total); ++ if (n_used == 0) ++ return; ++ fprintf(out, "load %d.%02d actual load %d.%02d\n", ++ (int)(total / lh->num_nodes), ++ (int)((total % lh->num_nodes) * 100 / lh->num_nodes), ++ (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); ++} ++ ++#else ++ ++# ifndef OPENSSL_NO_FP_API ++void lh_stats(const _LHASH *lh, FILE *fp) + { + BIO *bp; + + bp = BIO_new(BIO_s_file()); + if (bp == NULL) +- return; ++ goto end; + BIO_set_fp(bp, fp, BIO_NOCLOSE); +- OPENSSL_LH_stats_bio(lh, bp); ++ lh_stats_bio(lh, bp); + BIO_free(bp); ++ end:; + } + +-void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp) ++void lh_node_stats(const _LHASH *lh, FILE *fp) + { + BIO *bp; + + bp = BIO_new(BIO_s_file()); + if (bp == NULL) +- return; ++ goto end; + BIO_set_fp(bp, fp, BIO_NOCLOSE); +- OPENSSL_LH_node_stats_bio(lh, bp); ++ lh_node_stats_bio(lh, bp); + BIO_free(bp); ++ end:; + } + +-void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp) ++void lh_node_usage_stats(const _LHASH *lh, FILE *fp) + { + BIO *bp; + + bp = BIO_new(BIO_s_file()); + if (bp == NULL) +- return; ++ goto end; + BIO_set_fp(bp, fp, BIO_NOCLOSE); +- OPENSSL_LH_node_usage_stats_bio(lh, bp); ++ lh_node_usage_stats_bio(lh, bp); + BIO_free(bp); ++ end:; + } + + # endif + +-void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) ++void lh_stats_bio(const _LHASH *lh, BIO *out) + { + BIO_printf(out, "num_items = %lu\n", lh->num_items); + BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); +@@ -78,11 +198,17 @@ void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out) + BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); + BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); + BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); ++# if 0 ++ BIO_printf(out, "p = %u\n", lh->p); ++ BIO_printf(out, "pmax = %u\n", lh->pmax); ++ BIO_printf(out, "up_load = %lu\n", lh->up_load); ++ BIO_printf(out, "down_load = %lu\n", lh->down_load); ++# endif + } + +-void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) ++void lh_node_stats_bio(const _LHASH *lh, BIO *out) + { +- OPENSSL_LH_NODE *n; ++ LHASH_NODE *n; + unsigned int i, num; + + for (i = 0; i < lh->num_nodes; i++) { +@@ -92,9 +218,9 @@ void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out) + } + } + +-void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out) ++void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out) + { +- OPENSSL_LH_NODE *n; ++ LHASH_NODE *n; + unsigned long num; + unsigned int i; + unsigned long total = 0, n_used = 0; +@@ -116,3 +242,5 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out) + (int)((total % lh->num_nodes) * 100 / lh->num_nodes), + (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); + } ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +index adde832..f20353a 100644 +--- a/Cryptlib/OpenSSL/crypto/lhash/lhash.c ++++ b/Cryptlib/OpenSSL/crypto/lhash/lhash.c +@@ -1,56 +1,164 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/lhash/lhash.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + ++/*- ++ * Code for dynamic hash table routines ++ * Author - Eric Young v 2.0 ++ * ++ * 2.2 eay - added #include "crypto.h" so the memory leak checking code is ++ * present. eay 18-Jun-98 ++ * ++ * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98 ++ * ++ * 2.0 eay - Fixed a bug that occurred when using lh_delete ++ * from inside lh_doall(). As entries were deleted, ++ * the 'table' was 'contract()ed', making some entries ++ * jump from the end of the table to the start, there by ++ * skipping the lh_doall() processing. eay - 4/12/95 ++ * ++ * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs ++ * were not being free()ed. 21/11/95 ++ * ++ * 1.8 eay - Put the stats routines into a separate file, lh_stats.c ++ * 19/09/95 ++ * ++ * 1.7 eay - Removed the fputs() for realloc failures - the code ++ * should silently tolerate them. I have also fixed things ++ * lint complained about 04/05/95 ++ * ++ * 1.6 eay - Fixed an invalid pointers in contract/expand 27/07/92 ++ * ++ * 1.5 eay - Fixed a misuse of realloc in expand 02/03/1992 ++ * ++ * 1.4 eay - Fixed lh_doall so the function can call lh_delete 28/05/91 ++ * ++ * 1.3 eay - Fixed a few lint problems 19/3/1991 ++ * ++ * 1.2 eay - Fixed lh_doall problem 13/3/1991 ++ * ++ * 1.1 eay - Added lh_doall ++ * ++ * 1.0 eay - First version ++ */ + #include + #include + #include + #include + #include +-#include "lhash_lcl.h" + ++const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT; + + #undef MIN_NODES + #define MIN_NODES 16 + #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ + #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ + +-static int expand(OPENSSL_LHASH *lh); +-static void contract(OPENSSL_LHASH *lh); +-static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash); ++static void expand(_LHASH *lh); ++static void contract(_LHASH *lh); ++static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); + +-OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c) ++_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) + { +- OPENSSL_LHASH *ret; ++ _LHASH *ret; ++ int i; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) ++ if ((ret = OPENSSL_malloc(sizeof(_LHASH))) == NULL) + goto err0; +- if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL) ++ if ((ret->b = OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL) + goto err1; +- ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c); +- ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h); ++ for (i = 0; i < MIN_NODES; i++) ++ ret->b[i] = NULL; ++ ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c); ++ ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h); + ret->num_nodes = MIN_NODES / 2; + ret->num_alloc_nodes = MIN_NODES; ++ ret->p = 0; + ret->pmax = MIN_NODES / 2; + ret->up_load = UP_LOAD; + ret->down_load = DOWN_LOAD; ++ ret->num_items = 0; ++ ++ ret->num_expands = 0; ++ ret->num_expand_reallocs = 0; ++ ret->num_contracts = 0; ++ ret->num_contract_reallocs = 0; ++ ret->num_hash_calls = 0; ++ ret->num_comp_calls = 0; ++ ret->num_insert = 0; ++ ret->num_replace = 0; ++ ret->num_delete = 0; ++ ret->num_no_delete = 0; ++ ret->num_retrieve = 0; ++ ret->num_retrieve_miss = 0; ++ ret->num_hash_comps = 0; ++ ++ ret->error = 0; + return (ret); +- + err1: + OPENSSL_free(ret); + err0: + return (NULL); + } + +-void OPENSSL_LH_free(OPENSSL_LHASH *lh) ++void lh_free(_LHASH *lh) + { + unsigned int i; +- OPENSSL_LH_NODE *n, *nn; ++ LHASH_NODE *n, *nn; + + if (lh == NULL) + return; +@@ -67,26 +175,28 @@ void OPENSSL_LH_free(OPENSSL_LHASH *lh) + OPENSSL_free(lh); + } + +-void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) ++void *lh_insert(_LHASH *lh, void *data) + { + unsigned long hash; +- OPENSSL_LH_NODE *nn, **rn; ++ LHASH_NODE *nn, **rn; + void *ret; + + lh->error = 0; +- if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh)) +- return NULL; /* 'lh->error++' already done in 'expand' */ ++ if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) ++ expand(lh); + + rn = getrn(lh, data, &hash); + + if (*rn == NULL) { +- if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) { ++ if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) { + lh->error++; + return (NULL); + } + nn->data = data; + nn->next = NULL; ++#ifndef OPENSSL_NO_HASH_COMP + nn->hash = hash; ++#endif + *rn = nn; + ret = NULL; + lh->num_insert++; +@@ -100,10 +210,10 @@ void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data) + return (ret); + } + +-void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) ++void *lh_delete(_LHASH *lh, const void *data) + { + unsigned long hash; +- OPENSSL_LH_NODE *nn, **rn; ++ LHASH_NODE *nn, **rn; + void *ret; + + lh->error = 0; +@@ -128,10 +238,10 @@ void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data) + return (ret); + } + +-void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) ++void *lh_retrieve(_LHASH *lh, const void *data) + { + unsigned long hash; +- OPENSSL_LH_NODE **rn; ++ LHASH_NODE **rn; + void *ret; + + lh->error = 0; +@@ -147,12 +257,11 @@ void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data) + return (ret); + } + +-static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, +- OPENSSL_LH_DOALL_FUNC func, +- OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg) ++static void doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, ++ LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) + { + int i; +- OPENSSL_LH_NODE *a, *n; ++ LHASH_NODE *a, *n; + + if (lh == NULL) + return; +@@ -164,6 +273,13 @@ static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, + for (i = lh->num_nodes - 1; i >= 0; i--) { + a = lh->b[i]; + while (a != NULL) { ++ /* ++ * 28/05/91 - eay - n added so items can be deleted via lh_doall ++ */ ++ /* ++ * 22/05/08 - ben - eh? since a is not passed, this should not be ++ * needed ++ */ + n = a->next; + if (use_arg) + func_arg(a->data, arg); +@@ -174,19 +290,19 @@ static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg, + } + } + +-void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func) ++void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) + { +- doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL); ++ doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); + } + +-void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg) ++void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) + { +- doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg); ++ doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); + } + +-static int expand(OPENSSL_LHASH *lh) ++static void expand(_LHASH *lh) + { +- OPENSSL_LH_NODE **n, **n1, **n2, *np; ++ LHASH_NODE **n, **n1, **n2, *np; + unsigned int p, i, j; + unsigned long hash, nni; + +@@ -195,11 +311,16 @@ static int expand(OPENSSL_LHASH *lh) + p = (int)lh->p++; + n1 = &(lh->b[p]); + n2 = &(lh->b[p + (int)lh->pmax]); +- *n2 = NULL; ++ *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ + nni = lh->num_alloc_nodes; + + for (np = *n1; np != NULL;) { ++#ifndef OPENSSL_NO_HASH_COMP + hash = np->hash; ++#else ++ hash = lh->hash(np->data); ++ lh->num_hash_calls++; ++#endif + if ((hash % nni) != p) { /* move it */ + *n1 = (*n1)->next; + np->next = *n2; +@@ -211,13 +332,15 @@ static int expand(OPENSSL_LHASH *lh) + + if ((lh->p) >= lh->pmax) { + j = (int)lh->num_alloc_nodes * 2; +- n = OPENSSL_realloc(lh->b, (int)(sizeof(OPENSSL_LH_NODE *) * j)); ++ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, ++ (int)(sizeof(LHASH_NODE *) * j)); + if (n == NULL) { + lh->error++; + lh->num_nodes--; + lh->p = 0; +- return 0; ++ return; + } ++ /* else */ + for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */ + n[i] = NULL; /* 02/03/92 eay */ + lh->pmax = lh->num_alloc_nodes; +@@ -226,20 +349,20 @@ static int expand(OPENSSL_LHASH *lh) + lh->p = 0; + lh->b = n; + } +- return 1; + } + +-static void contract(OPENSSL_LHASH *lh) ++static void contract(_LHASH *lh) + { +- OPENSSL_LH_NODE **n, *n1, *np; ++ LHASH_NODE **n, *n1, *np; + + np = lh->b[lh->p + lh->pmax - 1]; + lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */ + if (lh->p == 0) { +- n = OPENSSL_realloc(lh->b, +- (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax)); ++ n = (LHASH_NODE **)OPENSSL_realloc(lh->b, ++ (unsigned int)(sizeof(LHASH_NODE *) ++ * lh->pmax)); + if (n == NULL) { +- /* fputs("realloc error in lhash",stderr); */ ++/* fputs("realloc error in lhash",stderr); */ + lh->error++; + return; + } +@@ -264,12 +387,11 @@ static void contract(OPENSSL_LHASH *lh) + } + } + +-static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, +- const void *data, unsigned long *rhash) ++static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash) + { +- OPENSSL_LH_NODE **ret, *n1; ++ LHASH_NODE **ret, *n1; + unsigned long hash, nn; +- OPENSSL_LH_COMPFUNC cf; ++ LHASH_COMP_FN_TYPE cf; + + hash = (*(lh->hash)) (data); + lh->num_hash_calls++; +@@ -282,11 +404,13 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, + cf = lh->comp; + ret = &(lh->b[(int)nn]); + for (n1 = *ret; n1 != NULL; n1 = n1->next) { ++#ifndef OPENSSL_NO_HASH_COMP + lh->num_hash_comps++; + if (n1->hash != hash) { + ret = &(n1->next); + continue; + } ++#endif + lh->num_comp_calls++; + if (cf(n1->data, data) == 0) + break; +@@ -300,7 +424,7 @@ static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, + * collisions on /usr/dict/words and it distributes on %2^n quite well, not + * as good as MD5, but still good. + */ +-unsigned long OPENSSL_LH_strhash(const char *c) ++unsigned long lh_strhash(const char *c) + { + unsigned long ret = 0; + long n; +@@ -328,22 +452,7 @@ unsigned long OPENSSL_LH_strhash(const char *c) + return ((ret >> 16) ^ ret); + } + +-unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh) ++unsigned long lh_num_items(const _LHASH *lh) + { + return lh ? lh->num_items : 0; + } +- +-unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh) +-{ +- return lh->down_load; +-} +- +-void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load) +-{ +- lh->down_load = down_load; +-} +- +-int OPENSSL_LH_error(OPENSSL_LHASH *lh) +-{ +- return lh->error; +-} +diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h b/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h +deleted file mode 100644 +index eb4a1a3..0000000 +--- a/Cryptlib/OpenSSL/crypto/lhash/lhash_lcl.h ++++ /dev/null +@@ -1,42 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +- +-struct lhash_node_st { +- void *data; +- struct lhash_node_st *next; +- unsigned long hash; +-}; +- +-struct lhash_st { +- OPENSSL_LH_NODE **b; +- OPENSSL_LH_COMPFUNC comp; +- OPENSSL_LH_HASHFUNC hash; +- unsigned int num_nodes; +- unsigned int num_alloc_nodes; +- unsigned int p; +- unsigned int pmax; +- unsigned long up_load; /* load times 256 */ +- unsigned long down_load; /* load times 256 */ +- unsigned long num_items; +- unsigned long num_expands; +- unsigned long num_expand_reallocs; +- unsigned long num_contracts; +- unsigned long num_contract_reallocs; +- unsigned long num_hash_calls; +- unsigned long num_comp_calls; +- unsigned long num_insert; +- unsigned long num_replace; +- unsigned long num_delete; +- unsigned long num_no_delete; +- unsigned long num_retrieve; +- unsigned long num_retrieve_miss; +- unsigned long num_hash_comps; +- int error; +-}; +diff --git a/Cryptlib/OpenSSL/crypto/md32_common.h b/Cryptlib/OpenSSL/crypto/md32_common.h +new file mode 100644 +index 0000000..b5a04bf +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/md32_common.h +@@ -0,0 +1,436 @@ ++/* crypto/md32_common.h */ ++/* ==================================================================== ++ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++/*- ++ * This is a generic 32 bit "collector" for message digest algorithms. ++ * Whenever needed it collects input character stream into chunks of ++ * 32 bit values and invokes a block function that performs actual hash ++ * calculations. ++ * ++ * Porting guide. ++ * ++ * Obligatory macros: ++ * ++ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN ++ * this macro defines byte order of input stream. ++ * HASH_CBLOCK ++ * size of a unit chunk HASH_BLOCK operates on. ++ * HASH_LONG ++ * has to be at lest 32 bit wide, if it's wider, then ++ * HASH_LONG_LOG2 *has to* be defined along ++ * HASH_CTX ++ * context structure that at least contains following ++ * members: ++ * typedef struct { ++ * ... ++ * HASH_LONG Nl,Nh; ++ * either { ++ * HASH_LONG data[HASH_LBLOCK]; ++ * unsigned char data[HASH_CBLOCK]; ++ * }; ++ * unsigned int num; ++ * ... ++ * } HASH_CTX; ++ * data[] vector is expected to be zeroed upon first call to ++ * HASH_UPDATE. ++ * HASH_UPDATE ++ * name of "Update" function, implemented here. ++ * HASH_TRANSFORM ++ * name of "Transform" function, implemented here. ++ * HASH_FINAL ++ * name of "Final" function, implemented here. ++ * HASH_BLOCK_DATA_ORDER ++ * name of "block" function capable of treating *unaligned* input ++ * message in original (data) byte order, implemented externally. ++ * HASH_MAKE_STRING ++ * macro convering context variables to an ASCII hash string. ++ * ++ * MD5 example: ++ * ++ * #define DATA_ORDER_IS_LITTLE_ENDIAN ++ * ++ * #define HASH_LONG MD5_LONG ++ * #define HASH_LONG_LOG2 MD5_LONG_LOG2 ++ * #define HASH_CTX MD5_CTX ++ * #define HASH_CBLOCK MD5_CBLOCK ++ * #define HASH_UPDATE MD5_Update ++ * #define HASH_TRANSFORM MD5_Transform ++ * #define HASH_FINAL MD5_Final ++ * #define HASH_BLOCK_DATA_ORDER md5_block_data_order ++ * ++ * ++ */ ++ ++#include ++ ++#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) ++# error "DATA_ORDER must be defined!" ++#endif ++ ++#ifndef HASH_CBLOCK ++# error "HASH_CBLOCK must be defined!" ++#endif ++#ifndef HASH_LONG ++# error "HASH_LONG must be defined!" ++#endif ++#ifndef HASH_CTX ++# error "HASH_CTX must be defined!" ++#endif ++ ++#ifndef HASH_UPDATE ++# error "HASH_UPDATE must be defined!" ++#endif ++#ifndef HASH_TRANSFORM ++# error "HASH_TRANSFORM must be defined!" ++#endif ++#ifndef HASH_FINAL ++# error "HASH_FINAL must be defined!" ++#endif ++ ++#ifndef HASH_BLOCK_DATA_ORDER ++# error "HASH_BLOCK_DATA_ORDER must be defined!" ++#endif ++ ++/* ++ * Engage compiler specific rotate intrinsic function if available. ++ */ ++#undef ROTATE ++#ifndef PEDANTIC ++# if defined(_MSC_VER) ++# define ROTATE(a,n) _lrotl(a,n) ++# elif defined(__ICC) ++# define ROTATE(a,n) _rotl(a,n) ++# elif defined(__MWERKS__) ++# if defined(__POWERPC__) ++# define ROTATE(a,n) __rlwinm(a,n,0,31) ++# elif defined(__MC68K__) ++ /* Motorola specific tweak. */ ++# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) ++# else ++# define ROTATE(a,n) __rol(a,n) ++# endif ++# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++ /* ++ * Some GNU C inline assembler templates. Note that these are ++ * rotates by *constant* number of bits! But that's exactly ++ * what we need here... ++ * ++ */ ++# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ( \ ++ "roll %1,%0" \ ++ : "=r"(ret) \ ++ : "I"(n), "0"((unsigned int)(a)) \ ++ : "cc"); \ ++ ret; \ ++ }) ++# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ ++ defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ( \ ++ "rlwinm %0,%1,%2,0,31" \ ++ : "=r"(ret) \ ++ : "r"(a), "I"(n)); \ ++ ret; \ ++ }) ++# elif defined(__s390x__) ++# define ROTATE(a,n) ({ register unsigned int ret; \ ++ asm ("rll %0,%1,%2" \ ++ : "=r"(ret) \ ++ : "r"(a), "I"(n)); \ ++ ret; \ ++ }) ++# endif ++# endif ++#endif /* PEDANTIC */ ++ ++#ifndef ROTATE ++# define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) ++#endif ++ ++#if defined(DATA_ORDER_IS_BIG_ENDIAN) ++ ++# ifndef PEDANTIC ++# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \ ++ (defined(__x86_64) || defined(__x86_64__)) ++# if !defined(B_ENDIAN) ++ /* ++ * This gives ~30-40% performance improvement in SHA-256 compiled ++ * with gcc [on P4]. Well, first macro to be frank. We can pull ++ * this trick on x86* platforms only, because these CPUs can fetch ++ * unaligned data without raising an exception. ++ */ ++# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ ++ asm ("bswapl %0":"=r"(r):"0"(r)); \ ++ (c)+=4; (l)=r; }) ++# define HOST_l2c(l,c) ({ unsigned int r=(l); \ ++ asm ("bswapl %0":"=r"(r):"0"(r)); \ ++ *((unsigned int *)(c))=r; (c)+=4; r; }) ++# endif ++# elif defined(__aarch64__) ++# if defined(__BYTE_ORDER__) ++# if defined(__ORDER_LITTLE_ENDIAN__) && __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ ++# define HOST_c2l(c,l) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"(*((const unsigned int *)(c))));\ ++ (c)+=4; (l)=r; }) ++# define HOST_l2c(l,c) ({ unsigned int r; \ ++ asm ("rev %w0,%w1" \ ++ :"=r"(r) \ ++ :"r"((unsigned int)(l)));\ ++ *((unsigned int *)(c))=r; (c)+=4; r; }) ++# elif defined(__ORDER_BIG_ENDIAN__) && __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) ++# endif ++# endif ++# endif ++# endif ++# if defined(__s390__) || defined(__s390x__) ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l)) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l)) ++# endif ++# endif ++ ++# ifndef HOST_c2l ++# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ ++ l|=(((unsigned long)(*((c)++)))<<16), \ ++ l|=(((unsigned long)(*((c)++)))<< 8), \ ++ l|=(((unsigned long)(*((c)++))) ) ) ++# endif ++# ifndef HOST_l2c ++# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ ++ *((c)++)=(unsigned char)(((l) )&0xff), \ ++ l) ++# endif ++ ++#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) ++ ++# ifndef PEDANTIC ++# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if defined(__s390x__) ++# define HOST_c2l(c,l) ({ asm ("lrv %0,%1" \ ++ :"=d"(l) :"m"(*(const unsigned int *)(c)));\ ++ (c)+=4; (l); }) ++# define HOST_l2c(l,c) ({ asm ("strv %1,%0" \ ++ :"=m"(*(unsigned int *)(c)) :"d"(l));\ ++ (c)+=4; (l); }) ++# endif ++# endif ++# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) ++# ifndef B_ENDIAN ++ /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ ++# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) ++# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) ++# endif ++# endif ++# endif ++ ++# ifndef HOST_c2l ++# define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ ++ l|=(((unsigned long)(*((c)++)))<< 8), \ ++ l|=(((unsigned long)(*((c)++)))<<16), \ ++ l|=(((unsigned long)(*((c)++)))<<24) ) ++# endif ++# ifndef HOST_l2c ++# define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ ++ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ ++ *((c)++)=(unsigned char)(((l)>>24)&0xff), \ ++ l) ++# endif ++ ++#endif ++ ++/* ++ * Time for some action:-) ++ */ ++ ++int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) ++{ ++ const unsigned char *data = data_; ++ unsigned char *p; ++ HASH_LONG l; ++ size_t n; ++ ++ if (len == 0) ++ return 1; ++ ++ l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL; ++ /* ++ * 95-05-24 eay Fixed a bug with the overflow handling, thanks to Wei Dai ++ * for pointing it out. ++ */ ++ if (l < c->Nl) /* overflow */ ++ c->Nh++; ++ c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on ++ * 16-bit */ ++ c->Nl = l; ++ ++ n = c->num; ++ if (n != 0) { ++ p = (unsigned char *)c->data; ++ ++ if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { ++ memcpy(p + n, data, HASH_CBLOCK - n); ++ HASH_BLOCK_DATA_ORDER(c, p, 1); ++ n = HASH_CBLOCK - n; ++ data += n; ++ len -= n; ++ c->num = 0; ++ /* ++ * We use memset rather than OPENSSL_cleanse() here deliberately. ++ * Using OPENSSL_cleanse() here could be a performance issue. It ++ * will get properly cleansed on finalisation so this isn't a ++ * security problem. ++ */ ++ memset(p, 0, HASH_CBLOCK); /* keep it zeroed */ ++ } else { ++ memcpy(p + n, data, len); ++ c->num += (unsigned int)len; ++ return 1; ++ } ++ } ++ ++ n = len / HASH_CBLOCK; ++ if (n > 0) { ++ HASH_BLOCK_DATA_ORDER(c, data, n); ++ n *= HASH_CBLOCK; ++ data += n; ++ len -= n; ++ } ++ ++ if (len != 0) { ++ p = (unsigned char *)c->data; ++ c->num = (unsigned int)len; ++ memcpy(p, data, len); ++ } ++ return 1; ++} ++ ++void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data) ++{ ++ HASH_BLOCK_DATA_ORDER(c, data, 1); ++} ++ ++int HASH_FINAL(unsigned char *md, HASH_CTX *c) ++{ ++ unsigned char *p = (unsigned char *)c->data; ++ size_t n = c->num; ++ ++ p[n] = 0x80; /* there is always room for one */ ++ n++; ++ ++ if (n > (HASH_CBLOCK - 8)) { ++ memset(p + n, 0, HASH_CBLOCK - n); ++ n = 0; ++ HASH_BLOCK_DATA_ORDER(c, p, 1); ++ } ++ memset(p + n, 0, HASH_CBLOCK - 8 - n); ++ ++ p += HASH_CBLOCK - 8; ++#if defined(DATA_ORDER_IS_BIG_ENDIAN) ++ (void)HOST_l2c(c->Nh, p); ++ (void)HOST_l2c(c->Nl, p); ++#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) ++ (void)HOST_l2c(c->Nl, p); ++ (void)HOST_l2c(c->Nh, p); ++#endif ++ p -= HASH_CBLOCK; ++ HASH_BLOCK_DATA_ORDER(c, p, 1); ++ c->num = 0; ++ OPENSSL_cleanse(p, HASH_CBLOCK); ++ ++#ifndef HASH_MAKE_STRING ++# error "HASH_MAKE_STRING must be defined!" ++#else ++ HASH_MAKE_STRING(c, md); ++#endif ++ ++ return 1; ++} ++ ++#ifndef MD32_REG_T ++# if defined(__alpha) || defined(__sparcv9) || defined(__mips) ++# define MD32_REG_T long ++/* ++ * This comment was originaly written for MD5, which is why it ++ * discusses A-D. But it basically applies to all 32-bit digests, ++ * which is why it was moved to common header file. ++ * ++ * In case you wonder why A-D are declared as long and not ++ * as MD5_LONG. Doing so results in slight performance ++ * boost on LP64 architectures. The catch is we don't ++ * really care if 32 MSBs of a 64-bit register get polluted ++ * with eventual overflows as we *save* only 32 LSBs in ++ * *either* case. Now declaring 'em long excuses the compiler ++ * from keeping 32 MSBs zeroed resulting in 13% performance ++ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. ++ * Well, to be honest it should say that this *prevents* ++ * performance degradation. ++ * ++ */ ++# else ++/* ++ * Above is not absolute and there are LP64 compilers that ++ * generate better code if MD32_REG_T is defined int. The above ++ * pre-processor condition reflects the circumstances under which ++ * the conclusion was made and is subject to further extension. ++ * ++ */ ++# define MD32_REG_T int ++# endif ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +new file mode 100644 +index 0000000..614fca0 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c +@@ -0,0 +1,199 @@ ++/* crypto/md4/md4_dgst.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include ++#include "md4_locl.h" ++ ++const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT; ++ ++/* ++ * Implemented from RFC1186 The MD4 Message-Digest Algorithm ++ */ ++ ++#define INIT_DATA_A (unsigned long)0x67452301L ++#define INIT_DATA_B (unsigned long)0xefcdab89L ++#define INIT_DATA_C (unsigned long)0x98badcfeL ++#define INIT_DATA_D (unsigned long)0x10325476L ++ ++fips_md_init(MD4) ++{ ++ memset(c, 0, sizeof(*c)); ++ c->A = INIT_DATA_A; ++ c->B = INIT_DATA_B; ++ c->C = INIT_DATA_C; ++ c->D = INIT_DATA_D; ++ return 1; ++} ++ ++#ifndef md4_block_data_order ++# ifdef X ++# undef X ++# endif ++void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num) ++{ ++ const unsigned char *data = data_; ++ register unsigned MD32_REG_T A, B, C, D, l; ++# ifndef MD32_XARRAY ++ /* See comment in crypto/sha/sha_locl.h for details. */ ++ unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, ++ XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15; ++# define X(i) XX##i ++# else ++ MD4_LONG XX[MD4_LBLOCK]; ++# define X(i) XX[i] ++# endif ++ ++ A = c->A; ++ B = c->B; ++ C = c->C; ++ D = c->D; ++ ++ for (; num--;) { ++ (void)HOST_c2l(data, l); ++ X(0) = l; ++ (void)HOST_c2l(data, l); ++ X(1) = l; ++ /* Round 0 */ ++ R0(A, B, C, D, X(0), 3, 0); ++ (void)HOST_c2l(data, l); ++ X(2) = l; ++ R0(D, A, B, C, X(1), 7, 0); ++ (void)HOST_c2l(data, l); ++ X(3) = l; ++ R0(C, D, A, B, X(2), 11, 0); ++ (void)HOST_c2l(data, l); ++ X(4) = l; ++ R0(B, C, D, A, X(3), 19, 0); ++ (void)HOST_c2l(data, l); ++ X(5) = l; ++ R0(A, B, C, D, X(4), 3, 0); ++ (void)HOST_c2l(data, l); ++ X(6) = l; ++ R0(D, A, B, C, X(5), 7, 0); ++ (void)HOST_c2l(data, l); ++ X(7) = l; ++ R0(C, D, A, B, X(6), 11, 0); ++ (void)HOST_c2l(data, l); ++ X(8) = l; ++ R0(B, C, D, A, X(7), 19, 0); ++ (void)HOST_c2l(data, l); ++ X(9) = l; ++ R0(A, B, C, D, X(8), 3, 0); ++ (void)HOST_c2l(data, l); ++ X(10) = l; ++ R0(D, A, B, C, X(9), 7, 0); ++ (void)HOST_c2l(data, l); ++ X(11) = l; ++ R0(C, D, A, B, X(10), 11, 0); ++ (void)HOST_c2l(data, l); ++ X(12) = l; ++ R0(B, C, D, A, X(11), 19, 0); ++ (void)HOST_c2l(data, l); ++ X(13) = l; ++ R0(A, B, C, D, X(12), 3, 0); ++ (void)HOST_c2l(data, l); ++ X(14) = l; ++ R0(D, A, B, C, X(13), 7, 0); ++ (void)HOST_c2l(data, l); ++ X(15) = l; ++ R0(C, D, A, B, X(14), 11, 0); ++ R0(B, C, D, A, X(15), 19, 0); ++ /* Round 1 */ ++ R1(A, B, C, D, X(0), 3, 0x5A827999L); ++ R1(D, A, B, C, X(4), 5, 0x5A827999L); ++ R1(C, D, A, B, X(8), 9, 0x5A827999L); ++ R1(B, C, D, A, X(12), 13, 0x5A827999L); ++ R1(A, B, C, D, X(1), 3, 0x5A827999L); ++ R1(D, A, B, C, X(5), 5, 0x5A827999L); ++ R1(C, D, A, B, X(9), 9, 0x5A827999L); ++ R1(B, C, D, A, X(13), 13, 0x5A827999L); ++ R1(A, B, C, D, X(2), 3, 0x5A827999L); ++ R1(D, A, B, C, X(6), 5, 0x5A827999L); ++ R1(C, D, A, B, X(10), 9, 0x5A827999L); ++ R1(B, C, D, A, X(14), 13, 0x5A827999L); ++ R1(A, B, C, D, X(3), 3, 0x5A827999L); ++ R1(D, A, B, C, X(7), 5, 0x5A827999L); ++ R1(C, D, A, B, X(11), 9, 0x5A827999L); ++ R1(B, C, D, A, X(15), 13, 0x5A827999L); ++ /* Round 2 */ ++ R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L); ++ R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L); ++ R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L); ++ R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L); ++ R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L); ++ R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L); ++ R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L); ++ ++ A = c->A += A; ++ B = c->B += B; ++ C = c->C += C; ++ D = c->D += D; ++ } ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_locl.h b/Cryptlib/OpenSSL/crypto/md4/md4_locl.h +new file mode 100644 +index 0000000..dc86a86 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/md4/md4_locl.h +@@ -0,0 +1,113 @@ ++/* crypto/md4/md4_locl.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef MD4_LONG_LOG2 ++# define MD4_LONG_LOG2 2 /* default to 32 bits */ ++#endif ++ ++void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); ++ ++#define DATA_ORDER_IS_LITTLE_ENDIAN ++ ++#define HASH_LONG MD4_LONG ++#define HASH_CTX MD4_CTX ++#define HASH_CBLOCK MD4_CBLOCK ++#define HASH_UPDATE MD4_Update ++#define HASH_TRANSFORM MD4_Transform ++#define HASH_FINAL MD4_Final ++#define HASH_MAKE_STRING(c,s) do { \ ++ unsigned long ll; \ ++ ll=(c)->A; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->B; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->C; (void)HOST_l2c(ll,(s)); \ ++ ll=(c)->D; (void)HOST_l2c(ll,(s)); \ ++ } while (0) ++#define HASH_BLOCK_DATA_ORDER md4_block_data_order ++ ++#include "md32_common.h" ++ ++/*- ++#define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) ++#define G(x,y,z) (((x) & (y)) | ((x) & ((z))) | ((y) & ((z)))) ++*/ ++ ++/* ++ * As pointed out by Wei Dai , the above can be simplified ++ * to the code below. Wei attributes these optimizations to Peter Gutmann's ++ * SHS code, and he attributes it to Rich Schroeppel. ++ */ ++#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) ++#define G(b,c,d) (((b) & (c)) | ((b) & (d)) | ((c) & (d))) ++#define H(b,c,d) ((b) ^ (c) ^ (d)) ++ ++#define R0(a,b,c,d,k,s,t) { \ ++ a+=((k)+(t)+F((b),(c),(d))); \ ++ a=ROTATE(a,s); }; ++ ++#define R1(a,b,c,d,k,s,t) { \ ++ a+=((k)+(t)+G((b),(c),(d))); \ ++ a=ROTATE(a,s); };\ ++ ++#define R2(a,b,c,d,k,s,t) { \ ++ a+=((k)+(t)+H((b),(c),(d))); \ ++ a=ROTATE(a,s); }; +diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c +new file mode 100644 +index 0000000..32ebd5f +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/md4/md4_one.c +@@ -0,0 +1,96 @@ ++/* crypto/md4/md4_one.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifdef CHARSET_EBCDIC ++# include ++#endif ++ ++unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) ++{ ++ MD4_CTX c; ++ static unsigned char m[MD4_DIGEST_LENGTH]; ++ ++ if (md == NULL) ++ md = m; ++ if (!MD4_Init(&c)) ++ return NULL; ++#ifndef CHARSET_EBCDIC ++ MD4_Update(&c, d, n); ++#else ++ { ++ char temp[1024]; ++ unsigned long chunk; ++ ++ while (n > 0) { ++ chunk = (n > sizeof(temp)) ? sizeof(temp) : n; ++ ebcdic2ascii(temp, d, chunk); ++ MD4_Update(&c, temp, chunk); ++ n -= chunk; ++ d += chunk; ++ } ++ } ++#endif ++ MD4_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */ ++ return (md); ++} +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +index fbede67..2b51946 100644 +--- a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c ++++ b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c +@@ -1,15 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/md5/md5_dgst.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include "md5_locl.h" + #include ++#include ++ ++const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT; + + /* + * Implemented from RFC1321 The MD5 Message-Digest Algorithm +@@ -20,7 +72,7 @@ + #define INIT_DATA_C (unsigned long)0x98badcfeL + #define INIT_DATA_D (unsigned long)0x10325476L + +-int MD5_Init(MD5_CTX *c) ++fips_md_init(MD5) + { + memset(c, 0, sizeof(*c)); + c->A = INIT_DATA_A; +@@ -54,52 +106,52 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num) + D = c->D; + + for (; num--;) { +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(0) = l; +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(1) = l; + /* Round 0 */ + R0(A, B, C, D, X(0), 7, 0xd76aa478L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(2) = l; + R0(D, A, B, C, X(1), 12, 0xe8c7b756L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(3) = l; + R0(C, D, A, B, X(2), 17, 0x242070dbL); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(4) = l; + R0(B, C, D, A, X(3), 22, 0xc1bdceeeL); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(5) = l; + R0(A, B, C, D, X(4), 7, 0xf57c0fafL); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(6) = l; + R0(D, A, B, C, X(5), 12, 0x4787c62aL); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(7) = l; + R0(C, D, A, B, X(6), 17, 0xa8304613L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(8) = l; + R0(B, C, D, A, X(7), 22, 0xfd469501L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(9) = l; + R0(A, B, C, D, X(8), 7, 0x698098d8L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(10) = l; + R0(D, A, B, C, X(9), 12, 0x8b44f7afL); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(11) = l; + R0(C, D, A, B, X(10), 17, 0xffff5bb1L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(12) = l; + R0(B, C, D, A, X(11), 22, 0x895cd7beL); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(13) = l; + R0(A, B, C, D, X(12), 7, 0x6b901122L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(14) = l; + R0(D, A, B, C, X(13), 12, 0xfd987193L); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X(15) = l; + R0(C, D, A, B, X(14), 17, 0xa679438eL); + R0(B, C, D, A, X(15), 22, 0x49b40821L); +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_locl.h b/Cryptlib/OpenSSL/crypto/md5/md5_locl.h +index 9c7aade..82e6921 100644 +--- a/Cryptlib/OpenSSL/crypto/md5/md5_locl.h ++++ b/Cryptlib/OpenSSL/crypto/md5/md5_locl.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/md5/md5_locl.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +@@ -12,8 +61,12 @@ + #include + #include + ++#ifndef MD5_LONG_LOG2 ++# define MD5_LONG_LOG2 2 /* default to 32 bits */ ++#endif ++ + #ifdef MD5_ASM +-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) + # define md5_block_data_order md5_block_asm_data_order + # elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) +@@ -42,7 +95,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); + } while (0) + #define HASH_BLOCK_DATA_ORDER md5_block_data_order + +-#include "internal/md32_common.h" ++#include "md32_common.h" + + /*- + #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) +diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c +index becd87e..4ac882e 100644 +--- a/Cryptlib/OpenSSL/crypto/md5/md5_one.c ++++ b/Cryptlib/OpenSSL/crypto/md5/md5_one.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/md5/md5_one.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c +index 02aa43a..06c3960 100644 +--- a/Cryptlib/OpenSSL/crypto/mem.c ++++ b/Cryptlib/OpenSSL/crypto/mem.c +@@ -1,190 +1,458 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/mem.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++ ++static int allow_customize = 1; /* we provide flexible functions for */ ++static int allow_customize_debug = 1; /* exchanging memory-related functions ++ * at run-time, but this must be done ++ * before any blocks are actually ++ * allocated; or we'll run into huge ++ * problems when malloc/free pairs ++ * don't match etc. */ + + /* + * the following pointers may be changed as long as 'allow_customize' is set + */ +-static int allow_customize = 1; + +-static void *(*malloc_impl)(size_t, const char *, int) +- = CRYPTO_malloc; +-static void *(*realloc_impl)(void *, size_t, const char *, int) +- = CRYPTO_realloc; +-static void (*free_impl)(void *, const char *, int) +- = CRYPTO_free; ++static void *(*malloc_func) (size_t) = malloc; ++static void *default_malloc_ex(size_t num, const char *file, int line) ++{ ++ return malloc_func(num); ++} ++ ++static void *(*malloc_ex_func) (size_t, const char *file, int line) ++ = default_malloc_ex; ++ ++#ifdef OPENSSL_SYS_VMS ++# if __INITIAL_POINTER_SIZE == 64 ++# define realloc _realloc64 ++# elif __INITIAL_POINTER_SIZE == 32 ++# define realloc _realloc32 ++# endif ++#endif ++ ++static void *(*realloc_func) (void *, size_t) = realloc; ++static void *default_realloc_ex(void *str, size_t num, ++ const char *file, int line) ++{ ++ return realloc_func(str, num); ++} ++ ++static void *(*realloc_ex_func) (void *, size_t, const char *file, int line) ++ = default_realloc_ex; ++ ++#ifdef OPENSSL_SYS_VMS ++ static void (*free_func) (__void_ptr64) = free; ++#else ++ static void (*free_func) (void *) = free; ++#endif ++ ++static void *(*malloc_locked_func) (size_t) = malloc; ++static void *default_malloc_locked_ex(size_t num, const char *file, int line) ++{ ++ return malloc_locked_func(num); ++} ++ ++static void *(*malloc_locked_ex_func) (size_t, const char *file, int line) ++ = default_malloc_locked_ex; + +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +-static int call_malloc_debug = 1; ++#ifdef OPENSSL_SYS_VMS ++ static void (*free_locked_func) (__void_ptr64) = free; + #else +-static int call_malloc_debug = 0; ++ static void (*free_locked_func) (void *) = free; ++#endif ++ ++/* may be changed as long as 'allow_customize_debug' is set */ ++/* XXX use correct function pointer types */ ++#ifdef CRYPTO_MDEBUG ++/* use default functions from mem_dbg.c */ ++static void (*malloc_debug_func) (void *, int, const char *, int, int) ++ = CRYPTO_dbg_malloc; ++static void (*realloc_debug_func) (void *, void *, int, const char *, int, ++ int) ++ = CRYPTO_dbg_realloc; ++static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free; ++static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options; ++static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options; ++#else ++/* ++ * applications can use CRYPTO_malloc_debug_init() to select above case at ++ * run-time ++ */ ++static void (*malloc_debug_func) (void *, int, const char *, int, int) = NULL; ++static void (*realloc_debug_func) (void *, void *, int, const char *, int, ++ int) ++ = NULL; ++static void (*free_debug_func) (void *, int) = NULL; ++static void (*set_debug_options_func) (long) = NULL; ++static long (*get_debug_options_func) (void) = NULL; + #endif + +-int CRYPTO_set_mem_functions( +- void *(*m)(size_t, const char *, int), +- void *(*r)(void *, size_t, const char *, int), +- void (*f)(void *, const char *, int)) ++int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t), ++ void (*f) (void *)) + { ++ /* Dummy call just to ensure OPENSSL_init() gets linked in */ ++ OPENSSL_init(); + if (!allow_customize) + return 0; +- if (m) +- malloc_impl = m; +- if (r) +- realloc_impl = r; +- if (f) +- free_impl = f; ++ if ((m == 0) || (r == 0) || (f == 0)) ++ return 0; ++ malloc_func = m; ++ malloc_ex_func = default_malloc_ex; ++ realloc_func = r; ++ realloc_ex_func = default_realloc_ex; ++ free_func = f; ++ malloc_locked_func = m; ++ malloc_locked_ex_func = default_malloc_locked_ex; ++ free_locked_func = f; ++ return 1; ++} ++ ++int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void *(*r) (void *, size_t, const char *, ++ int), void (*f) (void *)) ++{ ++ if (!allow_customize) ++ return 0; ++ if ((m == 0) || (r == 0) || (f == 0)) ++ return 0; ++ malloc_func = 0; ++ malloc_ex_func = m; ++ realloc_func = 0; ++ realloc_ex_func = r; ++ free_func = f; ++ malloc_locked_func = 0; ++ malloc_locked_ex_func = m; ++ free_locked_func = f; ++ return 1; ++} ++ ++int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), void (*f) (void *)) ++{ ++ if (!allow_customize) ++ return 0; ++ if ((m == NULL) || (f == NULL)) ++ return 0; ++ malloc_locked_func = m; ++ malloc_locked_ex_func = default_malloc_locked_ex; ++ free_locked_func = f; + return 1; + } + +-int CRYPTO_set_mem_debug(int flag) ++int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int), ++ void (*f) (void *)) + { + if (!allow_customize) + return 0; +- call_malloc_debug = flag; ++ if ((m == NULL) || (f == NULL)) ++ return 0; ++ malloc_locked_func = 0; ++ malloc_locked_ex_func = m; ++ free_func = f; ++ return 1; ++} ++ ++int CRYPTO_set_mem_debug_functions(void (*m) ++ (void *, int, const char *, int, int), ++ void (*r) (void *, void *, int, ++ const char *, int, int), ++ void (*f) (void *, int), void (*so) (long), ++ long (*go) (void)) ++{ ++ if (!allow_customize_debug) ++ return 0; ++ OPENSSL_init(); ++ malloc_debug_func = m; ++ realloc_debug_func = r; ++ free_debug_func = f; ++ set_debug_options_func = so; ++ get_debug_options_func = go; + return 1; + } + +-void CRYPTO_get_mem_functions( +- void *(**m)(size_t, const char *, int), +- void *(**r)(void *, size_t, const char *, int), +- void (**f)(void *, const char *, int)) ++void CRYPTO_get_mem_functions(void *(**m) (size_t), ++ void *(**r) (void *, size_t), ++ void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_ex_func == default_malloc_ex) ? malloc_func : 0; ++ if (r != NULL) ++ *r = (realloc_ex_func == default_realloc_ex) ? realloc_func : 0; ++ if (f != NULL) ++ *f = free_func; ++} ++ ++void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int), ++ void *(**r) (void *, size_t, const char *, ++ int), void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_ex_func != default_malloc_ex) ? malloc_ex_func : 0; ++ if (r != NULL) ++ *r = (realloc_ex_func != default_realloc_ex) ? realloc_ex_func : 0; ++ if (f != NULL) ++ *f = free_func; ++} ++ ++void CRYPTO_get_locked_mem_functions(void *(**m) (size_t), ++ void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? ++ malloc_locked_func : 0; ++ if (f != NULL) ++ *f = free_locked_func; ++} ++ ++void CRYPTO_get_locked_mem_ex_functions(void ++ *(**m) (size_t, const char *, int), ++ void (**f) (void *)) ++{ ++ if (m != NULL) ++ *m = (malloc_locked_ex_func != default_malloc_locked_ex) ? ++ malloc_locked_ex_func : 0; ++ if (f != NULL) ++ *f = free_locked_func; ++} ++ ++void CRYPTO_get_mem_debug_functions(void (**m) ++ (void *, int, const char *, int, int), ++ void (**r) (void *, void *, int, ++ const char *, int, int), ++ void (**f) (void *, int), ++ void (**so) (long), long (**go) (void)) + { + if (m != NULL) +- *m = malloc_impl; ++ *m = malloc_debug_func; + if (r != NULL) +- *r = realloc_impl; ++ *r = realloc_debug_func; + if (f != NULL) +- *f = free_impl; ++ *f = free_debug_func; ++ if (so != NULL) ++ *so = set_debug_options_func; ++ if (go != NULL) ++ *go = get_debug_options_func; + } + +-void *CRYPTO_malloc(size_t num, const char *file, int line) ++void *CRYPTO_malloc_locked(int num, const char *file, int line) + { + void *ret = NULL; + +- if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc) +- return malloc_impl(num, file, line); ++ if (num <= 0) ++ return NULL; ++ ++ if (allow_customize) ++ allow_customize = 0; ++ if (malloc_debug_func != NULL) { ++ if (allow_customize_debug) ++ allow_customize_debug = 0; ++ malloc_debug_func(NULL, num, file, line, 0); ++ } ++ ret = malloc_locked_ex_func(num, file, line); ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); ++#endif ++ if (malloc_debug_func != NULL) ++ malloc_debug_func(ret, num, file, line, 1); ++ ++ return ret; ++} ++ ++void CRYPTO_free_locked(void *str) ++{ ++ if (free_debug_func != NULL) ++ free_debug_func(str, 0); ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); ++#endif ++ free_locked_func(str); ++ if (free_debug_func != NULL) ++ free_debug_func(NULL, 1); ++} ++ ++void *CRYPTO_malloc(int num, const char *file, int line) ++{ ++ void *ret = NULL; + + if (num <= 0) + return NULL; + +- allow_customize = 0; +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- if (call_malloc_debug) { +- CRYPTO_mem_debug_malloc(NULL, num, 0, file, line); +- ret = malloc(num); +- CRYPTO_mem_debug_malloc(ret, num, 1, file, line); +- } else { +- ret = malloc(num); ++ if (allow_customize) ++ allow_customize = 0; ++ if (malloc_debug_func != NULL) { ++ if (allow_customize_debug) ++ allow_customize_debug = 0; ++ malloc_debug_func(NULL, num, file, line, 0); + } +-#else +- osslargused(file); osslargused(line); +- ret = malloc(num); ++ ret = malloc_ex_func(num, file, line); ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); + #endif ++ if (malloc_debug_func != NULL) ++ malloc_debug_func(ret, num, file, line, 1); + + return ret; + } + +-void *CRYPTO_zalloc(size_t num, const char *file, int line) ++char *CRYPTO_strdup(const char *str, const char *file, int line) + { +- void *ret = CRYPTO_malloc(num, file, line); ++ char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); + +- if (ret != NULL) +- memset(ret, 0, num); ++ if (ret == NULL) ++ return NULL; ++ ++ strcpy(ret, str); + return ret; + } + +-void *CRYPTO_realloc(void *str, size_t num, const char *file, int line) ++void *CRYPTO_realloc(void *str, int num, const char *file, int line) + { +- if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc) +- return realloc_impl(str, num, file, line); ++ void *ret = NULL; + + if (str == NULL) + return CRYPTO_malloc(num, file, line); + +- if (num == 0) { +- CRYPTO_free(str, file, line); ++ if (num <= 0) + return NULL; +- } + +- allow_customize = 0; +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- if (call_malloc_debug) { +- void *ret; +- CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line); +- ret = realloc(str, num); +- CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line); +- return ret; +- } +-#else +- osslargused(file); osslargused(line); ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, NULL, num, file, line, 0); ++ ret = realloc_ex_func(str, num, file, line); ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ++ ret, num); + #endif +- return realloc(str, num); ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, ret, num, file, line, 1); + ++ return ret; + } + +-void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num, +- const char *file, int line) ++void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file, ++ int line) + { + void *ret = NULL; + + if (str == NULL) + return CRYPTO_malloc(num, file, line); + +- if (num == 0) { +- CRYPTO_clear_free(str, old_len, file, line); ++ if (num <= 0) + return NULL; +- } + +- /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */ +- if (num < old_len) { +- OPENSSL_cleanse((char*)str + num, old_len - num); +- return str; +- } ++ /* ++ * We don't support shrinking the buffer. Note the memcpy that copies ++ * |old_len| bytes to the new buffer, below. ++ */ ++ if (num < old_len) ++ return NULL; + +- ret = CRYPTO_malloc(num, file, line); +- if (ret != NULL) { ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, NULL, num, file, line, 0); ++ ret = malloc_ex_func(num, file, line); ++ if (ret) { + memcpy(ret, str, old_len); +- CRYPTO_clear_free(str, old_len, file, line); ++ OPENSSL_cleanse(str, old_len); ++ free_func(str); + } ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, ++ "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", ++ str, ret, num); ++#endif ++ if (realloc_debug_func != NULL) ++ realloc_debug_func(str, ret, num, file, line, 1); ++ + return ret; + } + +-void CRYPTO_free(void *str, const char *file, int line) ++void CRYPTO_free(void *str) + { +- if (free_impl != NULL && free_impl != &CRYPTO_free) { +- free_impl(str, file, line); +- return; +- } +- +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- if (call_malloc_debug) { +- CRYPTO_mem_debug_free(str, 0, file, line); +- free(str); +- CRYPTO_mem_debug_free(str, 1, file, line); +- } else { +- free(str); +- } +-#else +- free(str); ++ if (free_debug_func != NULL) ++ free_debug_func(str, 0); ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); + #endif ++ free_func(str); ++ if (free_debug_func != NULL) ++ free_debug_func(NULL, 1); + } + +-void CRYPTO_clear_free(void *str, size_t num, const char *file, int line) ++void *CRYPTO_remalloc(void *a, int num, const char *file, int line) + { +- if (str == NULL) +- return; +- if (num) +- OPENSSL_cleanse(str, num); +- CRYPTO_free(str, file, line); ++ if (a != NULL) ++ OPENSSL_free(a); ++ a = (char *)OPENSSL_malloc(num); ++ return (a); ++} ++ ++void CRYPTO_set_mem_debug_options(long bits) ++{ ++ if (set_debug_options_func != NULL) ++ set_debug_options_func(bits); ++} ++ ++long CRYPTO_get_mem_debug_options(void) ++{ ++ if (get_debug_options_func != NULL) ++ return get_debug_options_func(); ++ return 0; + } +diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c +index 35bfb74..579e9d1 100644 +--- a/Cryptlib/OpenSSL/crypto/mem_clr.c ++++ b/Cryptlib/OpenSSL/crypto/mem_clr.c +@@ -1,10 +1,60 @@ ++/* crypto/mem_clr.c */ + /* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project ++ * 2002. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -15,7 +65,7 @@ + * the pointer and can't assume that it points to any function in + * particular (such as memset, which it then might further "optimize") + */ +-typedef void *(*memset_t)(void *, int, size_t); ++typedef void *(*memset_t)(void *,int,size_t); + + static volatile memset_t memset_func = memset; + +diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c +index dc3f8ff..8525ded 100644 +--- a/Cryptlib/OpenSSL/crypto/mem_dbg.c ++++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c +@@ -1,26 +1,124 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/mem_dbg.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include +-#include "internal/cryptlib.h" +-#include "internal/thread_once.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/bio.h" ++#include + #include + +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +-# include +-#endif +- ++static int mh_mode = CRYPTO_MEM_CHECK_OFF; + /* + * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when + * the application asks for it (usually after library initialisation for +@@ -32,183 +130,178 @@ + * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes + * no sense whatsoever. + */ +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +-static int mh_mode = CRYPTO_MEM_CHECK_OFF; +-#endif + +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG + static unsigned long order = 0; /* number of memory requests */ + ++DECLARE_LHASH_OF(MEM); ++static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as ++ * key); access requires MALLOC2 lock */ ++ ++typedef struct app_mem_info_st + /*- + * For application-defined information (static C-string `info') + * to be displayed in memory leak list. + * Each thread has its own stack. For applications, there is +- * OPENSSL_mem_debug_push("...") to push an entry, +- * OPENSSL_mem_debug_pop() to pop an entry, ++ * CRYPTO_push_info("...") to push an entry, ++ * CRYPTO_pop_info() to pop an entry, ++ * CRYPTO_remove_all_info() to pop all entries. + */ +-struct app_mem_info_st { +- CRYPTO_THREAD_ID threadid; ++{ ++ CRYPTO_THREADID threadid; + const char *file; + int line; + const char *info; + struct app_mem_info_st *next; /* tail of thread's stack */ + int references; +-}; ++} APP_INFO; + +-static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT; +-static CRYPTO_RWLOCK *malloc_lock = NULL; +-static CRYPTO_RWLOCK *long_malloc_lock = NULL; +-static CRYPTO_THREAD_LOCAL appinfokey; ++static void app_info_free(APP_INFO *); + ++DECLARE_LHASH_OF(APP_INFO); ++static LHASH_OF(APP_INFO) *amih = NULL; /* hash-table with those ++ * app_mem_info_st's that are at the ++ * top of their thread's stack (with ++ * `thread' as key); access requires ++ * MALLOC2 lock */ ++ ++typedef struct mem_st + /* memory-block description */ +-struct mem_st { ++{ + void *addr; + int num; + const char *file; + int line; +- CRYPTO_THREAD_ID threadid; ++ CRYPTO_THREADID threadid; + unsigned long order; + time_t time; + APP_INFO *app_info; +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +- void *array[30]; +- size_t array_siz; +-#endif +-}; ++} MEM; + +-static LHASH_OF(MEM) *mh = NULL; /* hash-table of memory requests (address as +- * key); access requires MALLOC2 lock */ ++static long options = /* extra information to be recorded */ ++#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL) ++ V_CRYPTO_MDEBUG_TIME | ++#endif ++#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL) ++ V_CRYPTO_MDEBUG_THREAD | ++#endif ++ 0; + +-/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ +-static unsigned int num_disable = 0; ++static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode == ++ * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */ + + /* +- * Valid iff num_disable > 0. long_malloc_lock is locked exactly in this ++ * Valid iff num_disable > 0. CRYPTO_LOCK_MALLOC2 is locked exactly in this + * case (by the thread named in disabling_thread). + */ +-static CRYPTO_THREAD_ID disabling_threadid; +- +-DEFINE_RUN_ONCE_STATIC(do_memdbg_init) +-{ +- malloc_lock = CRYPTO_THREAD_lock_new(); +- long_malloc_lock = CRYPTO_THREAD_lock_new(); +- if (malloc_lock == NULL || long_malloc_lock == NULL +- || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) { +- CRYPTO_THREAD_lock_free(malloc_lock); +- malloc_lock = NULL; +- CRYPTO_THREAD_lock_free(long_malloc_lock); +- long_malloc_lock = NULL; +- return 0; +- } +- return 1; +-} ++static CRYPTO_THREADID disabling_threadid; + + static void app_info_free(APP_INFO *inf) + { +- if (!inf) +- return; + if (--(inf->references) <= 0) { +- app_info_free(inf->next); ++ if (inf->next != NULL) { ++ app_info_free(inf->next); ++ } + OPENSSL_free(inf); + } + } +-#endif + + int CRYPTO_mem_ctrl(int mode) + { +-#ifdef OPENSSL_NO_CRYPTO_MDEBUG +- return mode - mode; +-#else + int ret = mh_mode; + +- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) +- return -1; +- +- CRYPTO_THREAD_write_lock(malloc_lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + switch (mode) { +- default: +- break; +- +- case CRYPTO_MEM_CHECK_ON: ++ /* ++ * for applications (not to be called while multiple threads use the ++ * library): ++ */ ++ case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ + mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE; + num_disable = 0; + break; +- +- case CRYPTO_MEM_CHECK_OFF: ++ case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ + mh_mode = 0; +- num_disable = 0; ++ num_disable = 0; /* should be true *before* MemCheck_stop is ++ * used, or there'll be a lot of confusion */ + break; + +- /* switch off temporarily (for library-internal use): */ +- case CRYPTO_MEM_CHECK_DISABLE: ++ /* switch off temporarily (for library-internal use): */ ++ case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ + if (mh_mode & CRYPTO_MEM_CHECK_ON) { +- CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); +- /* see if we don't have long_malloc_lock already */ ++ CRYPTO_THREADID cur; ++ CRYPTO_THREADID_current(&cur); ++ /* see if we don't have the MALLOC2 lock already */ + if (!num_disable +- || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) { ++ || CRYPTO_THREADID_cmp(&disabling_threadid, &cur)) { + /* +- * Long-time lock long_malloc_lock must not be claimed +- * while we're holding malloc_lock, or we'll deadlock +- * if somebody else holds long_malloc_lock (and cannot ++ * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed ++ * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock ++ * if somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot + * release it because we block entry to this function). Give + * them a chance, first, and then claim the locks in + * appropriate order (long-time lock first). + */ +- CRYPTO_THREAD_unlock(malloc_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + /* +- * Note that after we have waited for long_malloc_lock and +- * malloc_lock, we'll still be in the right "case" and ++ * Note that after we have waited for CRYPTO_LOCK_MALLOC2 and ++ * CRYPTO_LOCK_MALLOC, we'll still be in the right "case" and + * "if" branch because MemCheck_start and MemCheck_stop may + * never be used while there are multiple OpenSSL threads. + */ +- CRYPTO_THREAD_write_lock(long_malloc_lock); +- CRYPTO_THREAD_write_lock(malloc_lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; +- disabling_threadid = cur; ++ CRYPTO_THREADID_cpy(&disabling_threadid, &cur); + } + num_disable++; + } + break; +- +- case CRYPTO_MEM_CHECK_ENABLE: ++ case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ + if (mh_mode & CRYPTO_MEM_CHECK_ON) { + if (num_disable) { /* always true, or something is going wrong */ + num_disable--; + if (num_disable == 0) { + mh_mode |= CRYPTO_MEM_CHECK_ENABLE; +- CRYPTO_THREAD_unlock(long_malloc_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); + } + } + } + break; ++ ++ default: ++ break; + } +- CRYPTO_THREAD_unlock(malloc_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + return (ret); +-#endif + } + +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG +- +-static int mem_check_on(void) ++int CRYPTO_is_mem_check_on(void) + { + int ret = 0; +- CRYPTO_THREAD_ID cur; + + if (mh_mode & CRYPTO_MEM_CHECK_ON) { +- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) +- return 0; +- +- cur = CRYPTO_THREAD_get_current_id(); +- CRYPTO_THREAD_read_lock(malloc_lock); ++ CRYPTO_THREADID cur; ++ CRYPTO_THREADID_current(&cur); ++ CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); + + ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) +- || !CRYPTO_THREAD_compare_id(disabling_threadid, cur); ++ || CRYPTO_THREADID_cmp(&disabling_threadid, &cur); + +- CRYPTO_THREAD_unlock(malloc_lock); ++ CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); + } + return (ret); + } + ++void CRYPTO_dbg_set_options(long bits) ++{ ++ options = bits; ++} ++ ++long CRYPTO_dbg_get_options(void) ++{ ++ return options; ++} ++ + static int mem_cmp(const MEM *a, const MEM *b) + { + #ifdef _WIN64 +@@ -224,96 +317,157 @@ static int mem_cmp(const MEM *a, const MEM *b) + #endif + } + ++static IMPLEMENT_LHASH_COMP_FN(mem, MEM) ++ + static unsigned long mem_hash(const MEM *a) + { +- size_t ret; ++ unsigned long ret; + +- ret = (size_t)a->addr; ++ ret = (unsigned long)a->addr; + + ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; + return (ret); + } + +-/* returns 1 if there was an info to pop, 0 if the stack was empty. */ +-static int pop_info(void) ++static IMPLEMENT_LHASH_HASH_FN(mem, MEM) ++ ++/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ ++static int app_info_cmp(const void *a_void, const void *b_void) + { +- APP_INFO *current = NULL; ++ return CRYPTO_THREADID_cmp(&((const APP_INFO *)a_void)->threadid, ++ &((const APP_INFO *)b_void)->threadid); ++} + +- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) +- return 0; ++static IMPLEMENT_LHASH_COMP_FN(app_info, APP_INFO) + +- current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); +- if (current != NULL) { +- APP_INFO *next = current->next; ++static unsigned long app_info_hash(const APP_INFO *a) ++{ ++ unsigned long ret; + +- if (next != NULL) { +- next->references++; +- CRYPTO_THREAD_set_local(&appinfokey, next); +- } else { +- CRYPTO_THREAD_set_local(&appinfokey, NULL); +- } +- if (--(current->references) <= 0) { +- current->next = NULL; +- if (next != NULL) +- next->references--; +- OPENSSL_free(current); ++ ret = CRYPTO_THREADID_hash(&a->threadid); ++ /* This is left in as a "who am I to question legacy?" measure */ ++ ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251; ++ return (ret); ++} ++ ++static IMPLEMENT_LHASH_HASH_FN(app_info, APP_INFO) ++ ++static APP_INFO *pop_info(void) ++{ ++ APP_INFO tmp; ++ APP_INFO *ret = NULL; ++ ++ if (amih != NULL) { ++ CRYPTO_THREADID_current(&tmp.threadid); ++ if ((ret = lh_APP_INFO_delete(amih, &tmp)) != NULL) { ++ APP_INFO *next = ret->next; ++ ++ if (next != NULL) { ++ next->references++; ++ (void)lh_APP_INFO_insert(amih, next); ++ } ++#ifdef LEVITTE_DEBUG_MEM ++ if (CRYPTO_THREADID_cmp(&ret->threadid, &tmp.threadid)) { ++ fprintf(stderr, ++ "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", ++ CRYPTO_THREADID_hash(&ret->threadid), ++ CRYPTO_THREADID_hash(&tmp.threadid)); ++ abort(); ++ } ++#endif ++ if (--(ret->references) <= 0) { ++ ret->next = NULL; ++ if (next != NULL) ++ next->references--; ++ OPENSSL_free(ret); ++ } + } +- return 1; + } +- return 0; ++ return (ret); + } + +-int CRYPTO_mem_debug_push(const char *info, const char *file, int line) ++int CRYPTO_push_info_(const char *info, const char *file, int line) + { + APP_INFO *ami, *amim; + int ret = 0; + +- if (mem_check_on()) { +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); ++ if (is_MemCheck_on()) { ++ MemCheck_off(); /* obtain MALLOC2 lock */ + +- if (!RUN_ONCE(&memdbg_init, do_memdbg_init) +- || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL) ++ if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) { ++ ret = 0; + goto err; ++ } ++ if (amih == NULL) { ++ if ((amih = lh_APP_INFO_new()) == NULL) { ++ OPENSSL_free(ami); ++ ret = 0; ++ goto err; ++ } ++ } + +- ami->threadid = CRYPTO_THREAD_get_current_id(); ++ CRYPTO_THREADID_current(&ami->threadid); + ami->file = file; + ami->line = line; + ami->info = info; + ami->references = 1; + ami->next = NULL; + +- amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); +- CRYPTO_THREAD_set_local(&appinfokey, ami); +- +- if (amim != NULL) ++ if ((amim = lh_APP_INFO_insert(amih, ami)) != NULL) { ++#ifdef LEVITTE_DEBUG_MEM ++ if (CRYPTO_THREADID_cmp(&ami->threadid, &amim->threadid)) { ++ fprintf(stderr, ++ "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", ++ CRYPTO_THREADID_hash(&amim->threadid), ++ CRYPTO_THREADID_hash(&ami->threadid)); ++ abort(); ++ } ++#endif + ami->next = amim; +- ret = 1; ++ } + err: +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ MemCheck_on(); /* release MALLOC2 lock */ + } + + return (ret); + } + +-int CRYPTO_mem_debug_pop(void) ++int CRYPTO_pop_info(void) + { + int ret = 0; + +- if (mem_check_on()) { +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); +- ret = pop_info(); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ if (is_MemCheck_on()) { /* _must_ be true, or something went severely ++ * wrong */ ++ MemCheck_off(); /* obtain MALLOC2 lock */ ++ ++ ret = (pop_info() != NULL); ++ ++ MemCheck_on(); /* release MALLOC2 lock */ + } + return (ret); + } + +-static unsigned long break_order_num = 0; ++int CRYPTO_remove_all_info(void) ++{ ++ int ret = 0; ++ ++ if (is_MemCheck_on()) { /* _must_ be true */ ++ MemCheck_off(); /* obtain MALLOC2 lock */ ++ ++ while (pop_info() != NULL) ++ ret++; ++ ++ MemCheck_on(); /* release MALLOC2 lock */ ++ } ++ return (ret); ++} + +-void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, +- const char *file, int line) ++static unsigned long break_order_num = 0; ++void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, ++ int before_p) + { + MEM *m, *mm; +- APP_INFO *amim; ++ APP_INFO tmp, *amim; + + switch (before_p & 127) { + case 0: +@@ -322,17 +476,16 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, + if (addr == NULL) + break; + +- if (mem_check_on()) { +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); +- +- if (!RUN_ONCE(&memdbg_init, do_memdbg_init) +- || (m = OPENSSL_malloc(sizeof(*m))) == NULL) { ++ if (is_MemCheck_on()) { ++ MemCheck_off(); /* make sure we hold MALLOC2 lock */ ++ if ((m = (MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) { + OPENSSL_free(addr); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ + return; + } + if (mh == NULL) { +- if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) { ++ if ((mh = lh_MEM_new()) == NULL) { + OPENSSL_free(addr); + OPENSSL_free(m); + addr = NULL; +@@ -344,22 +497,32 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, + m->file = file; + m->line = line; + m->num = num; +- m->threadid = CRYPTO_THREAD_get_current_id(); ++ if (options & V_CRYPTO_MDEBUG_THREAD) ++ CRYPTO_THREADID_current(&m->threadid); ++ else ++ memset(&m->threadid, 0, sizeof(m->threadid)); + + if (order == break_order_num) { + /* BREAK HERE */ + m->order = order; + } + m->order = order++; +-# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +- m->array_siz = backtrace(m->array, OSSL_NELEM(m->array)); +-# endif +- m->time = time(NULL); +- +- amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey); +- m->app_info = amim; +- if (amim != NULL) ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] %c 0x%p (%d)\n", ++ m->order, (before_p & 128) ? '*' : '+', m->addr, m->num); ++#endif ++ if (options & V_CRYPTO_MDEBUG_TIME) ++ m->time = time(NULL); ++ else ++ m->time = 0; ++ ++ CRYPTO_THREADID_current(&tmp.threadid); ++ m->app_info = NULL; ++ if (amih != NULL ++ && (amim = lh_APP_INFO_retrieve(amih, &tmp)) != NULL) { ++ m->app_info = amim; + amim->references++; ++ } + + if ((mm = lh_MEM_insert(mh, m)) != NULL) { + /* Not good, but don't sweat it */ +@@ -369,15 +532,15 @@ void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p, + OPENSSL_free(mm); + } + err: +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ + } + break; + } + return; + } + +-void CRYPTO_mem_debug_free(void *addr, int before_p, +- const char *file, int line) ++void CRYPTO_dbg_free(void *addr, int before_p) + { + MEM m, *mp; + +@@ -386,17 +549,23 @@ void CRYPTO_mem_debug_free(void *addr, int before_p, + if (addr == NULL) + break; + +- if (mem_check_on() && (mh != NULL)) { +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); ++ if (is_MemCheck_on() && (mh != NULL)) { ++ MemCheck_off(); /* make sure we hold MALLOC2 lock */ + + m.addr = addr; + mp = lh_MEM_delete(mh, &m); + if (mp != NULL) { +- app_info_free(mp->app_info); ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n", ++ mp->order, mp->addr, mp->num); ++#endif ++ if (mp->app_info != NULL) ++ app_info_free(mp->app_info); + OPENSSL_free(mp); + } + +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ + } + break; + case 1: +@@ -404,11 +573,17 @@ void CRYPTO_mem_debug_free(void *addr, int before_p, + } + } + +-void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, +- int before_p, const char *file, int line) ++void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, ++ const char *file, int line, int before_p) + { + MEM m, *mp; + ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, ++ "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", ++ addr1, addr2, num, file, line, before_p); ++#endif ++ + switch (before_p) { + case 0: + break; +@@ -417,25 +592,28 @@ void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, + break; + + if (addr1 == NULL) { +- CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line); ++ CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); + break; + } + +- if (mem_check_on()) { +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); ++ if (is_MemCheck_on()) { ++ MemCheck_off(); /* make sure we hold MALLOC2 lock */ + + m.addr = addr1; + mp = lh_MEM_delete(mh, &m); + if (mp != NULL) { ++#ifdef LEVITTE_DEBUG_MEM ++ fprintf(stderr, ++ "LEVITTE_DEBUG_MEM: [%5ld] * 0x%p (%d) -> 0x%p (%d)\n", ++ mp->order, mp->addr, mp->num, addr2, num); ++#endif + mp->addr = addr2; + mp->num = num; +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +- mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array)); +-#endif + (void)lh_MEM_insert(mh, mp); + } + +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ MemCheck_on(); /* release MALLOC2 lock if num_disabled drops ++ * to 0 */ + } + break; + } +@@ -448,42 +626,40 @@ typedef struct mem_leak_st { + long bytes; + } MEM_LEAK; + +-static void print_leak(const MEM *m, MEM_LEAK *l) ++static void print_leak_doall_arg(const MEM *m, MEM_LEAK *l) + { + char buf[1024]; + char *bufp = buf; + APP_INFO *amip; + int ami_cnt; + struct tm *lcl = NULL; +- /* +- * Convert between CRYPTO_THREAD_ID (which could be anything at all) and +- * a long. This may not be meaningful depending on what CRYPTO_THREAD_ID is +- * but hopefully should give something sensible on most platforms +- */ +- union { +- CRYPTO_THREAD_ID tid; +- unsigned long ltid; +- } tid; +- CRYPTO_THREAD_ID ti; ++ CRYPTO_THREADID ti; + + #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) + +- lcl = localtime(&m->time); +- BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", +- lcl->tm_hour, lcl->tm_min, lcl->tm_sec); +- bufp += strlen(bufp); ++ if (m->addr == (char *)l->bio) ++ return; ++ ++ if (options & V_CRYPTO_MDEBUG_TIME) { ++ lcl = localtime(&m->time); ++ ++ BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", ++ lcl->tm_hour, lcl->tm_min, lcl->tm_sec); ++ bufp += strlen(bufp); ++ } + + BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", + m->order, m->file, m->line); + bufp += strlen(bufp); + +- tid.ltid = 0; +- tid.tid = m->threadid; +- BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", tid.ltid); +- bufp += strlen(bufp); ++ if (options & V_CRYPTO_MDEBUG_THREAD) { ++ BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", ++ CRYPTO_THREADID_hash(&m->threadid)); ++ bufp += strlen(bufp); ++ } + +- BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%p\n", +- m->num, m->addr); ++ BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", ++ m->num, (unsigned long)m->addr); + bufp += strlen(bufp); + + BIO_puts(l->bio, buf); +@@ -493,137 +669,162 @@ static void print_leak(const MEM *m, MEM_LEAK *l) + + amip = m->app_info; + ami_cnt = 0; +- +- if (amip) { +- ti = amip->threadid; +- +- do { +- int buf_len; +- int info_len; +- +- ami_cnt++; +- memset(buf, '>', ami_cnt); +- tid.ltid = 0; +- tid.tid = amip->threadid; +- BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, +- " thread=%lu, file=%s, line=%d, info=\"", +- tid.ltid, amip->file, +- amip->line); ++ if (!amip) ++ return; ++ CRYPTO_THREADID_cpy(&ti, &amip->threadid); ++ ++ do { ++ int buf_len; ++ int info_len; ++ ++ ami_cnt++; ++ memset(buf, '>', ami_cnt); ++ BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt, ++ " thread=%lu, file=%s, line=%d, info=\"", ++ CRYPTO_THREADID_hash(&amip->threadid), amip->file, ++ amip->line); ++ buf_len = strlen(buf); ++ info_len = strlen(amip->info); ++ if (128 - buf_len - 3 < info_len) { ++ memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); ++ buf_len = 128 - 3; ++ } else { ++ BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); + buf_len = strlen(buf); +- info_len = strlen(amip->info); +- if (128 - buf_len - 3 < info_len) { +- memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); +- buf_len = 128 - 3; +- } else { +- OPENSSL_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len); +- buf_len = strlen(buf); +- } +- BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); ++ } ++ BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n"); + +- BIO_puts(l->bio, buf); ++ BIO_puts(l->bio, buf); + +- amip = amip->next; +- } +- while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti)); ++ amip = amip->next; + } ++ while (amip && !CRYPTO_THREADID_cmp(&amip->threadid, &ti)); + +-#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE +- { +- size_t i; +- char **strings = backtrace_symbols(m->array, m->array_siz); +- +- for (i = 0; i < m->array_siz; i++) +- fprintf(stderr, "##> %s\n", strings[i]); +- free(strings); ++#ifdef LEVITTE_DEBUG_MEM ++ if (amip) { ++ fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); ++ abort(); + } + #endif + } + +-IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK); ++static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM, MEM_LEAK) + +-int CRYPTO_mem_leaks(BIO *b) ++void CRYPTO_mem_leaks(BIO *b) + { + MEM_LEAK ml; + +- /* +- * OPENSSL_cleanup() will free the ex_data locks so we can't have any +- * ex_data hanging around +- */ +- bio_free_ex_data(b); +- +- /* Ensure all resources are released */ +- OPENSSL_cleanup(); +- +- if (!RUN_ONCE(&memdbg_init, do_memdbg_init)) +- return -1; ++ if (mh == NULL && amih == NULL) ++ return; + +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); ++ MemCheck_off(); /* obtain MALLOC2 lock */ + + ml.bio = b; + ml.bytes = 0; + ml.chunks = 0; + if (mh != NULL) +- lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml); +- ++ lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), MEM_LEAK, &ml); + if (ml.chunks != 0) { + BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks); ++#ifdef CRYPTO_MDEBUG_ABORT ++ abort(); ++#endif + } else { + /* + * Make sure that, if we found no leaks, memory-leak debugging itself + * does not introduce memory leaks (which might irritate external + * debugging tools). (When someone enables leak checking, but does not +- * call this function, we declare it to be their fault.) ++ * call this function, we declare it to be their fault.) XXX This ++ * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be ++ * implemented by using CRYPTO_mem_leaks_cb. (Also there should be a ++ * variant of lh_doall_arg that takes a function pointer instead of a ++ * void *; this would obviate the ugly and illegal void_fn_to_char ++ * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come ++ * and get us.) + */ + int old_mh_mode; + +- CRYPTO_THREAD_write_lock(malloc_lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); + + /* +- * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses +- * mem_check_on ++ * avoid deadlock when lh_free() uses CRYPTO_dbg_free(), which uses ++ * CRYPTO_is_mem_check_on + */ + old_mh_mode = mh_mode; + mh_mode = CRYPTO_MEM_CHECK_OFF; + +- lh_MEM_free(mh); +- mh = NULL; ++ if (mh != NULL) { ++ lh_MEM_free(mh); ++ mh = NULL; ++ } ++ if (amih != NULL) { ++ if (lh_APP_INFO_num_items(amih) == 0) { ++ lh_APP_INFO_free(amih); ++ amih = NULL; ++ } ++ } + + mh_mode = old_mh_mode; +- CRYPTO_THREAD_unlock(malloc_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); + } +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF); +- +- /* Clean up locks etc */ +- CRYPTO_THREAD_cleanup_local(&appinfokey); +- CRYPTO_THREAD_lock_free(malloc_lock); +- CRYPTO_THREAD_lock_free(long_malloc_lock); +- malloc_lock = NULL; +- long_malloc_lock = NULL; +- +- return ml.chunks == 0 ? 1 : 0; ++ MemCheck_on(); /* release MALLOC2 lock */ + } + +-# ifndef OPENSSL_NO_STDIO +-int CRYPTO_mem_leaks_fp(FILE *fp) ++#ifndef OPENSSL_NO_FP_API ++void CRYPTO_mem_leaks_fp(FILE *fp) + { + BIO *b; +- int ret; + ++ if (mh == NULL) ++ return; + /* + * Need to turn off memory checking when allocated BIOs ... especially as + * we're creating them at a time when we're trying to check we've not + * left anything un-free()'d!! + */ +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); ++ MemCheck_off(); + b = BIO_new(BIO_s_file()); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); +- if (b == NULL) +- return -1; ++ MemCheck_on(); ++ if (!b) ++ return; + BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = CRYPTO_mem_leaks(b); ++ CRYPTO_mem_leaks(b); + BIO_free(b); +- return ret; + } +-# endif +- + #endif ++ ++/* ++ * FIXME: We really don't allow much to the callback. For example, it has no ++ * chance of reaching the info stack for the item it processes. Should it ++ * really be this way? -- Richard Levitte ++ */ ++/* ++ * NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside ++ * crypto.h If this code is restructured, remove the callback type if it is ++ * no longer needed. -- Geoff Thorpe ++ */ ++ ++/* ++ * Can't pass CRYPTO_MEM_LEAK_CB directly to lh_MEM_doall_arg because it is a ++ * function pointer and conversion to void * is prohibited. Instead pass its ++ * address ++ */ ++ ++typedef CRYPTO_MEM_LEAK_CB *PCRYPTO_MEM_LEAK_CB; ++ ++static void cb_leak_doall_arg(const MEM *m, PCRYPTO_MEM_LEAK_CB *cb) ++{ ++ (*cb) (m->order, m->file, m->line, m->num, m->addr); ++} ++ ++static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM, PCRYPTO_MEM_LEAK_CB) ++ ++void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) ++{ ++ if (mh == NULL) ++ return; ++ CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); ++ lh_MEM_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), PCRYPTO_MEM_LEAK_CB, ++ &cb); ++ CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); ++} +diff --git a/Cryptlib/OpenSSL/crypto/mem_sec.c b/Cryptlib/OpenSSL/crypto/mem_sec.c +deleted file mode 100644 +index 0c79b43..0000000 +--- a/Cryptlib/OpenSSL/crypto/mem_sec.c ++++ /dev/null +@@ -1,585 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. +- * This file is distributed under the terms of the OpenSSL license. +- */ +- +-/* +- * This file is in two halves. The first half implements the public API +- * to be used by external consumers, and to be used by OpenSSL to store +- * data in a "secure arena." The second half implements the secure arena. +- * For details on that implementation, see below (look for uppercase +- * "SECURE HEAP IMPLEMENTATION"). +- */ +-#include +-#include +- +-#include +- +-#if defined(OPENSSL_SYS_LINUX) || defined(OPENSSL_SYS_UNIX) +-# define IMPLEMENTED +-# include +-# include +-# include +-# include +-# include +-# include +-# include +-# include +-#endif +- +-#define CLEAR(p, s) OPENSSL_cleanse(p, s) +-#ifndef PAGE_SIZE +-# define PAGE_SIZE 4096 +-#endif +- +-#ifdef IMPLEMENTED +-static size_t secure_mem_used; +- +-static int secure_mem_initialized; +- +-static CRYPTO_RWLOCK *sec_malloc_lock = NULL; +- +-/* +- * These are the functions that must be implemented by a secure heap (sh). +- */ +-static int sh_init(size_t size, int minsize); +-static char *sh_malloc(size_t size); +-static void sh_free(char *ptr); +-static void sh_done(void); +-static size_t sh_actual_size(char *ptr); +-static int sh_allocated(const char *ptr); +-#endif +- +-int CRYPTO_secure_malloc_init(size_t size, int minsize) +-{ +-#ifdef IMPLEMENTED +- int ret = 0; +- +- if (!secure_mem_initialized) { +- sec_malloc_lock = CRYPTO_THREAD_lock_new(); +- if (sec_malloc_lock == NULL) +- return 0; +- ret = sh_init(size, minsize); +- secure_mem_initialized = 1; +- } +- +- return ret; +-#else +- return 0; +-#endif /* IMPLEMENTED */ +-} +- +-int CRYPTO_secure_malloc_done() +-{ +-#ifdef IMPLEMENTED +- if (secure_mem_used == 0) { +- sh_done(); +- secure_mem_initialized = 0; +- CRYPTO_THREAD_lock_free(sec_malloc_lock); +- return 1; +- } +-#endif /* IMPLEMENTED */ +- return 0; +-} +- +-int CRYPTO_secure_malloc_initialized() +-{ +-#ifdef IMPLEMENTED +- return secure_mem_initialized; +-#else +- return 0; +-#endif /* IMPLEMENTED */ +-} +- +-void *CRYPTO_secure_malloc(size_t num, const char *file, int line) +-{ +-#ifdef IMPLEMENTED +- void *ret; +- size_t actual_size; +- +- if (!secure_mem_initialized) { +- return CRYPTO_malloc(num, file, line); +- } +- CRYPTO_THREAD_write_lock(sec_malloc_lock); +- ret = sh_malloc(num); +- actual_size = ret ? sh_actual_size(ret) : 0; +- secure_mem_used += actual_size; +- CRYPTO_THREAD_unlock(sec_malloc_lock); +- return ret; +-#else +- return CRYPTO_malloc(num, file, line); +-#endif /* IMPLEMENTED */ +-} +- +-void *CRYPTO_secure_zalloc(size_t num, const char *file, int line) +-{ +- void *ret = CRYPTO_secure_malloc(num, file, line); +- +- if (ret != NULL) +- memset(ret, 0, num); +- return ret; +-} +- +-void CRYPTO_secure_free(void *ptr, const char *file, int line) +-{ +-#ifdef IMPLEMENTED +- size_t actual_size; +- +- if (ptr == NULL) +- return; +- if (!CRYPTO_secure_allocated(ptr)) { +- CRYPTO_free(ptr, file, line); +- return; +- } +- CRYPTO_THREAD_write_lock(sec_malloc_lock); +- actual_size = sh_actual_size(ptr); +- CLEAR(ptr, actual_size); +- secure_mem_used -= actual_size; +- sh_free(ptr); +- CRYPTO_THREAD_unlock(sec_malloc_lock); +-#else +- CRYPTO_free(ptr, file, line); +-#endif /* IMPLEMENTED */ +-} +- +-int CRYPTO_secure_allocated(const void *ptr) +-{ +-#ifdef IMPLEMENTED +- int ret; +- +- if (!secure_mem_initialized) +- return 0; +- CRYPTO_THREAD_write_lock(sec_malloc_lock); +- ret = sh_allocated(ptr); +- CRYPTO_THREAD_unlock(sec_malloc_lock); +- return ret; +-#else +- return 0; +-#endif /* IMPLEMENTED */ +-} +- +-size_t CRYPTO_secure_used() +-{ +-#ifdef IMPLEMENTED +- return secure_mem_used; +-#else +- return 0; +-#endif /* IMPLEMENTED */ +-} +- +-size_t CRYPTO_secure_actual_size(void *ptr) +-{ +-#ifdef IMPLEMENTED +- size_t actual_size; +- +- CRYPTO_THREAD_write_lock(sec_malloc_lock); +- actual_size = sh_actual_size(ptr); +- CRYPTO_THREAD_unlock(sec_malloc_lock); +- return actual_size; +-#else +- return 0; +-#endif +-} +-/* END OF PAGE ... +- +- ... START OF PAGE */ +- +-/* +- * SECURE HEAP IMPLEMENTATION +- */ +-#ifdef IMPLEMENTED +- +- +-/* +- * The implementation provided here uses a fixed-sized mmap() heap, +- * which is locked into memory, not written to core files, and protected +- * on either side by an unmapped page, which will catch pointer overruns +- * (or underruns) and an attempt to read data out of the secure heap. +- * Free'd memory is zero'd or otherwise cleansed. +- * +- * This is a pretty standard buddy allocator. We keep areas in a multiple +- * of "sh.minsize" units. The freelist and bitmaps are kept separately, +- * so all (and only) data is kept in the mmap'd heap. +- * +- * This code assumes eight-bit bytes. The numbers 3 and 7 are all over the +- * place. +- */ +- +-#define ONE ((size_t)1) +- +-# define TESTBIT(t, b) (t[(b) >> 3] & (ONE << ((b) & 7))) +-# define SETBIT(t, b) (t[(b) >> 3] |= (ONE << ((b) & 7))) +-# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7)))) +- +-#define WITHIN_ARENA(p) \ +- ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size]) +-#define WITHIN_FREELIST(p) \ +- ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size]) +- +- +-typedef struct sh_list_st +-{ +- struct sh_list_st *next; +- struct sh_list_st **p_next; +-} SH_LIST; +- +-typedef struct sh_st +-{ +- char* map_result; +- size_t map_size; +- char *arena; +- size_t arena_size; +- char **freelist; +- ossl_ssize_t freelist_size; +- size_t minsize; +- unsigned char *bittable; +- unsigned char *bitmalloc; +- size_t bittable_size; /* size in bits */ +-} SH; +- +-static SH sh; +- +-static size_t sh_getlist(char *ptr) +-{ +- ossl_ssize_t list = sh.freelist_size - 1; +- size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize; +- +- for (; bit; bit >>= 1, list--) { +- if (TESTBIT(sh.bittable, bit)) +- break; +- OPENSSL_assert((bit & 1) == 0); +- } +- +- return list; +-} +- +- +-static int sh_testbit(char *ptr, int list, unsigned char *table) +-{ +- size_t bit; +- +- OPENSSL_assert(list >= 0 && list < sh.freelist_size); +- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); +- bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); +- OPENSSL_assert(bit > 0 && bit < sh.bittable_size); +- return TESTBIT(table, bit); +-} +- +-static void sh_clearbit(char *ptr, int list, unsigned char *table) +-{ +- size_t bit; +- +- OPENSSL_assert(list >= 0 && list < sh.freelist_size); +- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); +- bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); +- OPENSSL_assert(bit > 0 && bit < sh.bittable_size); +- OPENSSL_assert(TESTBIT(table, bit)); +- CLEARBIT(table, bit); +-} +- +-static void sh_setbit(char *ptr, int list, unsigned char *table) +-{ +- size_t bit; +- +- OPENSSL_assert(list >= 0 && list < sh.freelist_size); +- OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0); +- bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list)); +- OPENSSL_assert(bit > 0 && bit < sh.bittable_size); +- OPENSSL_assert(!TESTBIT(table, bit)); +- SETBIT(table, bit); +-} +- +-static void sh_add_to_list(char **list, char *ptr) +-{ +- SH_LIST *temp; +- +- OPENSSL_assert(WITHIN_FREELIST(list)); +- OPENSSL_assert(WITHIN_ARENA(ptr)); +- +- temp = (SH_LIST *)ptr; +- temp->next = *(SH_LIST **)list; +- OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next)); +- temp->p_next = (SH_LIST **)list; +- +- if (temp->next != NULL) { +- OPENSSL_assert((char **)temp->next->p_next == list); +- temp->next->p_next = &(temp->next); +- } +- +- *list = ptr; +-} +- +-static void sh_remove_from_list(char *ptr) +-{ +- SH_LIST *temp, *temp2; +- +- temp = (SH_LIST *)ptr; +- if (temp->next != NULL) +- temp->next->p_next = temp->p_next; +- *temp->p_next = temp->next; +- if (temp->next == NULL) +- return; +- +- temp2 = temp->next; +- OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)); +-} +- +- +-static int sh_init(size_t size, int minsize) +-{ +- int i, ret; +- size_t pgsize; +- size_t aligned; +- +- memset(&sh, 0, sizeof sh); +- +- /* make sure size and minsize are powers of 2 */ +- OPENSSL_assert(size > 0); +- OPENSSL_assert((size & (size - 1)) == 0); +- OPENSSL_assert(minsize > 0); +- OPENSSL_assert((minsize & (minsize - 1)) == 0); +- if (size <= 0 || (size & (size - 1)) != 0) +- goto err; +- if (minsize <= 0 || (minsize & (minsize - 1)) != 0) +- goto err; +- +- sh.arena_size = size; +- sh.minsize = minsize; +- sh.bittable_size = (sh.arena_size / sh.minsize) * 2; +- +- /* Prevent allocations of size 0 later on */ +- if (sh.bittable_size >> 3 == 0) +- goto err; +- +- sh.freelist_size = -1; +- for (i = sh.bittable_size; i; i >>= 1) +- sh.freelist_size++; +- +- sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof (char *)); +- OPENSSL_assert(sh.freelist != NULL); +- if (sh.freelist == NULL) +- goto err; +- +- sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3); +- OPENSSL_assert(sh.bittable != NULL); +- if (sh.bittable == NULL) +- goto err; +- +- sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3); +- OPENSSL_assert(sh.bitmalloc != NULL); +- if (sh.bitmalloc == NULL) +- goto err; +- +- /* Allocate space for heap, and two extra pages as guards */ +-#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE) +- { +-# if defined(_SC_PAGE_SIZE) +- long tmppgsize = sysconf(_SC_PAGE_SIZE); +-# else +- long tmppgsize = sysconf(_SC_PAGESIZE); +-# endif +- if (tmppgsize < 1) +- pgsize = PAGE_SIZE; +- else +- pgsize = (size_t)tmppgsize; +- } +-#else +- pgsize = PAGE_SIZE; +-#endif +- sh.map_size = pgsize + sh.arena_size + pgsize; +- if (1) { +-#ifdef MAP_ANON +- sh.map_result = mmap(NULL, sh.map_size, +- PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); +- } else { +-#endif +- int fd; +- +- sh.map_result = MAP_FAILED; +- if ((fd = open("/dev/zero", O_RDWR)) >= 0) { +- sh.map_result = mmap(NULL, sh.map_size, +- PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0); +- close(fd); +- } +- } +- OPENSSL_assert(sh.map_result != MAP_FAILED); +- if (sh.map_result == MAP_FAILED) +- goto err; +- sh.arena = (char *)(sh.map_result + pgsize); +- sh_setbit(sh.arena, 0, sh.bittable); +- sh_add_to_list(&sh.freelist[0], sh.arena); +- +- /* Now try to add guard pages and lock into memory. */ +- ret = 1; +- +- /* Starting guard is already aligned from mmap. */ +- if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0) +- ret = 2; +- +- /* Ending guard page - need to round up to page boundary */ +- aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1); +- if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0) +- ret = 2; +- +- if (mlock(sh.arena, sh.arena_size) < 0) +- ret = 2; +-#ifdef MADV_DONTDUMP +- if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0) +- ret = 2; +-#endif +- +- return ret; +- +- err: +- sh_done(); +- return 0; +-} +- +-static void sh_done() +-{ +- OPENSSL_free(sh.freelist); +- OPENSSL_free(sh.bittable); +- OPENSSL_free(sh.bitmalloc); +- if (sh.map_result != NULL && sh.map_size) +- munmap(sh.map_result, sh.map_size); +- memset(&sh, 0, sizeof sh); +-} +- +-static int sh_allocated(const char *ptr) +-{ +- return WITHIN_ARENA(ptr) ? 1 : 0; +-} +- +-static char *sh_find_my_buddy(char *ptr, int list) +-{ +- size_t bit; +- char *chunk = NULL; +- +- bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list); +- bit ^= 1; +- +- if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit)) +- chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list)); +- +- return chunk; +-} +- +-static char *sh_malloc(size_t size) +-{ +- ossl_ssize_t list, slist; +- size_t i; +- char *chunk; +- +- list = sh.freelist_size - 1; +- for (i = sh.minsize; i < size; i <<= 1) +- list--; +- if (list < 0) +- return NULL; +- +- /* try to find a larger entry to split */ +- for (slist = list; slist >= 0; slist--) +- if (sh.freelist[slist] != NULL) +- break; +- if (slist < 0) +- return NULL; +- +- /* split larger entry */ +- while (slist != list) { +- char *temp = sh.freelist[slist]; +- +- /* remove from bigger list */ +- OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); +- sh_clearbit(temp, slist, sh.bittable); +- sh_remove_from_list(temp); +- OPENSSL_assert(temp != sh.freelist[slist]); +- +- /* done with bigger list */ +- slist++; +- +- /* add to smaller list */ +- OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); +- sh_setbit(temp, slist, sh.bittable); +- sh_add_to_list(&sh.freelist[slist], temp); +- OPENSSL_assert(sh.freelist[slist] == temp); +- +- /* split in 2 */ +- temp += sh.arena_size >> slist; +- OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc)); +- sh_setbit(temp, slist, sh.bittable); +- sh_add_to_list(&sh.freelist[slist], temp); +- OPENSSL_assert(sh.freelist[slist] == temp); +- +- OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)); +- } +- +- /* peel off memory to hand back */ +- chunk = sh.freelist[list]; +- OPENSSL_assert(sh_testbit(chunk, list, sh.bittable)); +- sh_setbit(chunk, list, sh.bitmalloc); +- sh_remove_from_list(chunk); +- +- OPENSSL_assert(WITHIN_ARENA(chunk)); +- +- return chunk; +-} +- +-static void sh_free(char *ptr) +-{ +- size_t list; +- char *buddy; +- +- if (ptr == NULL) +- return; +- OPENSSL_assert(WITHIN_ARENA(ptr)); +- if (!WITHIN_ARENA(ptr)) +- return; +- +- list = sh_getlist(ptr); +- OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); +- sh_clearbit(ptr, list, sh.bitmalloc); +- sh_add_to_list(&sh.freelist[list], ptr); +- +- /* Try to coalesce two adjacent free areas. */ +- while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) { +- OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list)); +- OPENSSL_assert(ptr != NULL); +- OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); +- sh_clearbit(ptr, list, sh.bittable); +- sh_remove_from_list(ptr); +- OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); +- sh_clearbit(buddy, list, sh.bittable); +- sh_remove_from_list(buddy); +- +- list--; +- +- if (ptr > buddy) +- ptr = buddy; +- +- OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc)); +- sh_setbit(ptr, list, sh.bittable); +- sh_add_to_list(&sh.freelist[list], ptr); +- OPENSSL_assert(sh.freelist[list] == ptr); +- } +-} +- +-static size_t sh_actual_size(char *ptr) +-{ +- int list; +- +- OPENSSL_assert(WITHIN_ARENA(ptr)); +- if (!WITHIN_ARENA(ptr)) +- return 0; +- list = sh_getlist(ptr); +- OPENSSL_assert(sh_testbit(ptr, list, sh.bittable)); +- return sh.arena_size / (ONE << list); +-} +-#endif /* IMPLEMENTED */ +diff --git a/Cryptlib/OpenSSL/crypto/modes/cbc128.c b/Cryptlib/OpenSSL/crypto/modes/cbc128.c +index 4c9bc85..c13caea 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/cbc128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/cbc128.c +@@ -1,16 +1,64 @@ +-/* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC) + # define STRICT_ALIGNMENT 0 + #endif +@@ -22,6 +70,8 @@ void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t n; + const unsigned char *iv = ivec; + ++ assert(in && out && key && ivec); ++ + #if !defined(OPENSSL_SMALL_FOOTPRINT) + if (STRICT_ALIGNMENT && + ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) { +@@ -73,6 +123,8 @@ void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + unsigned char c[16]; + } tmp; + ++ assert(in && out && key && ivec); ++ + #if !defined(OPENSSL_SMALL_FOOTPRINT) + if (in != out) { + const unsigned char *iv = ivec; +diff --git a/Cryptlib/OpenSSL/crypto/modes/ccm128.c b/Cryptlib/OpenSSL/crypto/modes/ccm128.c +index 85ce84f..c1ded0f 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/ccm128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/ccm128.c +@@ -1,16 +1,63 @@ +-/* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + /* + * First you setup M and L parameters and pass the key schedule. This is + * called once per session setup... +diff --git a/Cryptlib/OpenSSL/crypto/modes/cfb128.c b/Cryptlib/OpenSSL/crypto/modes/cfb128.c +index e439567..d4ecbd0 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/cfb128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/cfb128.c +@@ -1,16 +1,64 @@ +-/* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + /* + * The input and output encrypted as though 128bit cfb mode is being used. + * The extra state information to record how much of the 128bit block we have +@@ -24,6 +72,8 @@ void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + unsigned int n; + size_t l = 0; + ++ assert(in && out && key && ivec && num); ++ + n = *num; + + if (enc) { +@@ -140,7 +190,7 @@ static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out, + block128_f block) + { + int n, rem, num; +- unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't ++ unsigned char ovec[16 * 2 + 1]; /* +1 because we dererefence (but don't + * use) one byte off the end */ + + if (nbits <= 0 || nbits > 128) +@@ -178,6 +228,9 @@ void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t n; + unsigned char c[1], d[1]; + ++ assert(in && out && key && ivec && num); ++ assert(*num == 0); ++ + for (n = 0; n < bits; ++n) { + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; + cfbr_encrypt_block(c, d, 1, key, ivec, enc, block); +@@ -193,6 +246,9 @@ void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + { + size_t n; + ++ assert(in && out && key && ivec && num); ++ assert(*num == 0); ++ + for (n = 0; n < length; ++n) + cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block); + } +diff --git a/Cryptlib/OpenSSL/crypto/modes/ctr128.c b/Cryptlib/OpenSSL/crypto/modes/ctr128.c +index 03920b4..d4b2272 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/ctr128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/ctr128.c +@@ -1,16 +1,64 @@ +-/* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + /* + * NOTE: the IV/counter CTR mode is big-endian. The code itself is + * endian-neutral. +@@ -65,7 +113,7 @@ static void ctr128_inc_aligned(unsigned char *counter) + * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes + * that the counter is in the x lower bits of the IV (ivec), and that the + * application has full control over overflow and the rest of the IV. This +- * implementation takes NO responsibility for checking that the counter ++ * implementation takes NO responsability for checking that the counter + * doesn't overflow into the rest of the IV when incremented. + */ + void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, +@@ -77,6 +125,9 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + unsigned int n; + size_t l = 0; + ++ assert(in && out && key && ecount_buf && num); ++ assert(*num < 16); ++ + n = *num; + + #if !defined(OPENSSL_SMALL_FOOTPRINT) +@@ -152,6 +203,9 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + { + unsigned int n, ctr32; + ++ assert(in && out && key && ecount_buf && num); ++ assert(*num < 16); ++ + n = *num; + + while (n && len) { +@@ -184,7 +238,7 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + (*func) (in, out, blocks, key, ivec); + /* (*ctr) does not update ivec, caller does: */ + PUTU32(ivec + 12, ctr32); +- /* ... overflow was detected, propagate carry. */ ++ /* ... overflow was detected, propogate carry. */ + if (ctr32 == 0) + ctr96_inc(ivec); + blocks *= 16; +diff --git a/Cryptlib/OpenSSL/crypto/modes/cts128.c b/Cryptlib/OpenSSL/crypto/modes/cts128.c +index 77ec994..137be59 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/cts128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/cts128.c +@@ -1,16 +1,21 @@ +-/* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Rights for redistribution and usage in source and binary ++ * forms are granted according to the OpenSSL license. + */ + + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + /* + * Trouble with Ciphertext Stealing, CTS, mode is that there is no + * common official specification, but couple of cipher/application +@@ -31,6 +36,8 @@ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, + { + size_t residue, n; + ++ assert(in && out && key && ivec); ++ + if (len <= 16) + return 0; + +@@ -61,6 +68,8 @@ size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, + { + size_t residue, n; + ++ assert(in && out && key && ivec); ++ + if (len < 16) + return 0; + +@@ -94,6 +103,8 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + unsigned char c[16]; + } tmp; + ++ assert(in && out && key && ivec); ++ + if (len <= 16) + return 0; + +@@ -130,6 +141,8 @@ size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + unsigned char c[16]; + } tmp; + ++ assert(in && out && key && ivec); ++ + if (len < 16) + return 0; + +@@ -166,6 +179,8 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, + unsigned char c[32]; + } tmp; + ++ assert(in && out && key && ivec); ++ + if (len <= 16) + return 0; + +@@ -209,6 +224,8 @@ size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, + unsigned char c[32]; + } tmp; + ++ assert(in && out && key && ivec); ++ + if (len < 16) + return 0; + +@@ -255,6 +272,8 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + unsigned char c[32]; + } tmp; + ++ assert(in && out && key && ivec); ++ + if (len <= 16) + return 0; + +@@ -295,6 +314,8 @@ size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + unsigned char c[32]; + } tmp; + ++ assert(in && out && key && ivec); ++ + if (len < 16) + return 0; + +diff --git a/Cryptlib/OpenSSL/crypto/modes/gcm128.c b/Cryptlib/OpenSSL/crypto/modes/gcm128.c +index df9f654..e299131 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/gcm128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/gcm128.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + ++#define OPENSSL_FIPSAPI ++ + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + #if defined(BSWAP4) && defined(STRICT_ALIGNMENT) + /* redefine, because alignment is ensured */ + # undef GETU32 +@@ -101,7 +150,9 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + static const size_t rem_8bit[256] = { + PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), + PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), +@@ -270,7 +321,9 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2]) + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + + if (is_endian.little) + for (j = 0; j < 16; ++j) { +@@ -303,7 +356,9 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + + nlo = ((const u8 *)Xi)[15]; + nhi = nlo >> 4; +@@ -382,7 +437,9 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + + # if 1 + do { +@@ -572,7 +629,9 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + + V.hi = H[0]; /* H is in host byte order, no byte swapping */ + V.lo = H[1]; +@@ -715,7 +774,9 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + + memset(ctx, 0, sizeof(*ctx)); + ctx->block = block; +@@ -740,11 +801,6 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) + #if TABLE_BITS==8 + gcm_init_8bit(ctx->Htable, ctx->H.u); + #elif TABLE_BITS==4 +-# if defined(GHASH) +-# define CTX__GHASH(f) (ctx->ghash = (f)) +-# else +-# define CTX__GHASH(f) (ctx->ghash = NULL) +-# endif + # if defined(GHASH_ASM_X86_OR_64) + # if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) + if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */ +@@ -752,11 +808,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) + if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ + gcm_init_avx(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_avx; +- CTX__GHASH(gcm_ghash_avx); ++ ctx->ghash = gcm_ghash_avx; + } else { + gcm_init_clmul(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_clmul; +- CTX__GHASH(gcm_ghash_clmul); ++ ctx->ghash = gcm_ghash_clmul; + } + return; + } +@@ -769,59 +825,66 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) + if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */ + # endif + ctx->gmult = gcm_gmult_4bit_mmx; +- CTX__GHASH(gcm_ghash_4bit_mmx); ++ ctx->ghash = gcm_ghash_4bit_mmx; + } else { + ctx->gmult = gcm_gmult_4bit_x86; +- CTX__GHASH(gcm_ghash_4bit_x86); ++ ctx->ghash = gcm_ghash_4bit_x86; + } + # else + ctx->gmult = gcm_gmult_4bit; +- CTX__GHASH(gcm_ghash_4bit); ++ ctx->ghash = gcm_ghash_4bit; + # endif + # elif defined(GHASH_ASM_ARM) + # ifdef PMULL_CAPABLE + if (PMULL_CAPABLE) { + gcm_init_v8(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_v8; +- CTX__GHASH(gcm_ghash_v8); ++ ctx->ghash = gcm_ghash_v8; + } else + # endif + # ifdef NEON_CAPABLE + if (NEON_CAPABLE) { + gcm_init_neon(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_neon; +- CTX__GHASH(gcm_ghash_neon); ++ ctx->ghash = gcm_ghash_neon; + } else + # endif + { + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit; +- CTX__GHASH(gcm_ghash_4bit); ++# if defined(GHASH) ++ ctx->ghash = gcm_ghash_4bit; ++# else ++ ctx->ghash = NULL; ++# endif + } + # elif defined(GHASH_ASM_SPARC) + if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { + gcm_init_vis3(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_vis3; +- CTX__GHASH(gcm_ghash_vis3); ++ ctx->ghash = gcm_ghash_vis3; + } else { + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit; +- CTX__GHASH(gcm_ghash_4bit); ++ ctx->ghash = gcm_ghash_4bit; + } + # elif defined(GHASH_ASM_PPC) + if (OPENSSL_ppccap_P & PPC_CRYPTO207) { + gcm_init_p8(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_p8; +- CTX__GHASH(gcm_ghash_p8); ++ ctx->ghash = gcm_ghash_p8; + } else { + gcm_init_4bit(ctx->Htable, ctx->H.u); + ctx->gmult = gcm_gmult_4bit; +- CTX__GHASH(gcm_ghash_4bit); ++# if defined(GHASH) ++ ctx->ghash = gcm_ghash_4bit; ++# else ++ ctx->ghash = NULL; ++# endif + } + # else + gcm_init_4bit(ctx->Htable, ctx->H.u); + # endif +-# undef CTX__GHASH + #endif + } + +@@ -831,7 +894,9 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + unsigned int ctr; + #ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +@@ -975,7 +1040,9 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; +@@ -983,12 +1050,15 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + void *key = ctx->key; + #ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +-# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) ++# ifdef GHASH + void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) = ctx->ghash; + # endif + #endif + ++#if 0 ++ n = (unsigned int)mlen % 16; /* alternative to ctx->mres */ ++#endif + mlen += len; + if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) + return -1; +@@ -1030,8 +1100,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) + break; + # endif +-# if defined(GHASH) +-# if defined(GHASH_CHUNK) ++# if defined(GHASH) && defined(GHASH_CHUNK) + while (len >= GHASH_CHUNK) { + size_t j = GHASH_CHUNK; + +@@ -1042,11 +1111,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + (*block) (ctx->Yi.c, ctx->EKi.c, key); + ++ctr; + if (is_endian.little) +-# ifdef BSWAP4 ++# ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++# else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++# endif + else + ctx->Yi.d[3] = ctr; + for (i = 0; i < 16 / sizeof(size_t); ++i) +@@ -1058,7 +1127,6 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK); + len -= GHASH_CHUNK; + } +-# endif + if ((i = (len & (size_t)-16))) { + size_t j = i; + +@@ -1159,7 +1227,9 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; +@@ -1167,7 +1237,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + void *key = ctx->key; + #ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +-# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) ++# ifdef GHASH + void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) = ctx->ghash; + # endif +@@ -1216,8 +1286,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) + break; + # endif +-# if defined(GHASH) +-# if defined(GHASH_CHUNK) ++# if defined(GHASH) && defined(GHASH_CHUNK) + while (len >= GHASH_CHUNK) { + size_t j = GHASH_CHUNK; + +@@ -1229,11 +1298,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + (*block) (ctx->Yi.c, ctx->EKi.c, key); + ++ctr; + if (is_endian.little) +-# ifdef BSWAP4 ++# ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++# else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++# endif + else + ctx->Yi.d[3] = ctr; + for (i = 0; i < 16 / sizeof(size_t); ++i) +@@ -1244,7 +1313,6 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + } + len -= GHASH_CHUNK; + } +-# endif + if ((i = (len & (size_t)-16))) { + GHASH(ctx, in, i); + while (len >= 16) { +@@ -1348,24 +1416,23 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream) + { +-#if defined(OPENSSL_SMALL_FOOTPRINT) +- return CRYPTO_gcm128_encrypt(ctx, in, out, len); +-#else + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; + void *key = ctx->key; +-# ifdef GCM_FUNCREF_4BIT ++#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +-# ifdef GHASH ++# ifdef GHASH + void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) = ctx->ghash; +-# endif + # endif ++#endif + + mlen += len; + if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) +@@ -1379,11 +1446,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + } + + if (is_endian.little) +-# ifdef BSWAP4 ++#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +-# else ++#else + ctr = GETU32(ctx->Yi.c + 12); +-# endif ++#endif + else + ctr = ctx->Yi.d[3]; + +@@ -1401,16 +1468,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + return 0; + } + } +-# if defined(GHASH) && defined(GHASH_CHUNK) ++#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + while (len >= GHASH_CHUNK) { + (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); + ctr += GHASH_CHUNK / 16; + if (is_endian.little) +-# ifdef BSWAP4 ++# ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++# else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++# endif + else + ctx->Yi.d[3] = ctr; + GHASH(ctx, out, GHASH_CHUNK); +@@ -1418,43 +1485,43 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + in += GHASH_CHUNK; + len -= GHASH_CHUNK; + } +-# endif ++#endif + if ((i = (len & (size_t)-16))) { + size_t j = i / 16; + + (*stream) (in, out, j, key, ctx->Yi.c); + ctr += (unsigned int)j; + if (is_endian.little) +-# ifdef BSWAP4 ++#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++#else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++#endif + else + ctx->Yi.d[3] = ctr; + in += i; + len -= i; +-# if defined(GHASH) ++#if defined(GHASH) + GHASH(ctx, out, i); + out += i; +-# else ++#else + while (j--) { + for (i = 0; i < 16; ++i) + ctx->Xi.c[i] ^= out[i]; + GCM_MUL(ctx, Xi); + out += 16; + } +-# endif ++#endif + } + if (len) { + (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); + ++ctr; + if (is_endian.little) +-# ifdef BSWAP4 ++#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++#else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++#endif + else + ctx->Yi.d[3] = ctr; + while (len--) { +@@ -1465,31 +1532,29 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + + ctx->mres = n; + return 0; +-#endif + } + + int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream) + { +-#if defined(OPENSSL_SMALL_FOOTPRINT) +- return CRYPTO_gcm128_decrypt(ctx, in, out, len); +-#else + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; + void *key = ctx->key; +-# ifdef GCM_FUNCREF_4BIT ++#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; +-# ifdef GHASH ++# ifdef GHASH + void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], + const u8 *inp, size_t len) = ctx->ghash; +-# endif + # endif ++#endif + + mlen += len; + if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) +@@ -1503,11 +1568,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + } + + if (is_endian.little) +-# ifdef BSWAP4 ++#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +-# else ++#else + ctr = GETU32(ctx->Yi.c + 12); +-# endif ++#endif + else + ctr = ctx->Yi.d[3]; + +@@ -1527,30 +1592,30 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + return 0; + } + } +-# if defined(GHASH) && defined(GHASH_CHUNK) ++#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + while (len >= GHASH_CHUNK) { + GHASH(ctx, in, GHASH_CHUNK); + (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); + ctr += GHASH_CHUNK / 16; + if (is_endian.little) +-# ifdef BSWAP4 ++# ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++# else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++# endif + else + ctx->Yi.d[3] = ctr; + out += GHASH_CHUNK; + in += GHASH_CHUNK; + len -= GHASH_CHUNK; + } +-# endif ++#endif + if ((i = (len & (size_t)-16))) { + size_t j = i / 16; + +-# if defined(GHASH) ++#if defined(GHASH) + GHASH(ctx, in, i); +-# else ++#else + while (j--) { + size_t k; + for (k = 0; k < 16; ++k) +@@ -1560,15 +1625,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + } + j = i / 16; + in -= i; +-# endif ++#endif + (*stream) (in, out, j, key, ctx->Yi.c); + ctr += (unsigned int)j; + if (is_endian.little) +-# ifdef BSWAP4 ++#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++#else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++#endif + else + ctx->Yi.d[3] = ctr; + out += i; +@@ -1579,11 +1644,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); + ++ctr; + if (is_endian.little) +-# ifdef BSWAP4 ++#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +-# else ++#else + PUTU32(ctx->Yi.c + 12, ctr); +-# endif ++#endif + else + ctx->Yi.d[3] = ctr; + while (len--) { +@@ -1596,7 +1661,6 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + + ctx->mres = n; + return 0; +-#endif + } + + int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, +@@ -1605,7 +1669,9 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + const union { + long one; + char little; +- } is_endian = { 1 }; ++ } is_endian = { ++ 1 ++ }; + u64 alen = ctx->len.u[0] << 3; + u64 clen = ctx->len.u[1] << 3; + #ifdef GCM_FUNCREF_4BIT +@@ -1654,7 +1720,7 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) + { + GCM128_CONTEXT *ret; + +- if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) ++ if ((ret = (GCM128_CONTEXT *)OPENSSL_malloc(sizeof(GCM128_CONTEXT)))) + CRYPTO_gcm128_init(ret, key, block); + + return ret; +@@ -1662,7 +1728,10 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) + + void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) + { +- OPENSSL_clear_free(ctx, sizeof(*ctx)); ++ if (ctx) { ++ OPENSSL_cleanse(ctx, sizeof(*ctx)); ++ OPENSSL_free(ctx); ++ } + } + + #if defined(SELFTEST) +diff --git a/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h b/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h +index 7a1603b..fe14ec7 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h ++++ b/Cryptlib/OpenSSL/crypto/modes/modes_lcl.h +@@ -1,10 +1,8 @@ +-/* +- * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use is governed by OpenSSL license. ++ * ==================================================================== + */ + + #include +@@ -143,43 +141,3 @@ struct ccm128_context { + block128_f block; + void *key; + }; +- +-#ifndef OPENSSL_NO_OCB +- +-typedef union { +- u64 a[2]; +- unsigned char c[16]; +-} OCB_BLOCK; +-# define ocb_block16_xor(in1,in2,out) \ +- ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \ +- (out)->a[1]=(in1)->a[1]^(in2)->a[1] ) +-# if STRICT_ALIGNMENT +-# define ocb_block16_xor_misaligned(in1,in2,out) \ +- ocb_block_xor((in1)->c,(in2)->c,16,(out)->c) +-# else +-# define ocb_block16_xor_misaligned ocb_block16_xor +-# endif +- +-struct ocb128_context { +- /* Need both encrypt and decrypt key schedules for decryption */ +- block128_f encrypt; +- block128_f decrypt; +- void *keyenc; +- void *keydec; +- ocb128_f stream; /* direction dependent */ +- /* Key dependent variables. Can be reused if key remains the same */ +- size_t l_index; +- size_t max_l_index; +- OCB_BLOCK l_star; +- OCB_BLOCK l_dollar; +- OCB_BLOCK *l; +- /* Must be reset for each session */ +- u64 blocks_hashed; +- u64 blocks_processed; +- OCB_BLOCK tag; +- OCB_BLOCK offset_aad; +- OCB_BLOCK sum; +- OCB_BLOCK offset; +- OCB_BLOCK checksum; +-}; +-#endif /* OPENSSL_NO_OCB */ +diff --git a/Cryptlib/OpenSSL/crypto/modes/ocb128.c b/Cryptlib/OpenSSL/crypto/modes/ocb128.c +deleted file mode 100644 +index c3bd13b..0000000 +--- a/Cryptlib/OpenSSL/crypto/modes/ocb128.c ++++ /dev/null +@@ -1,568 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include "modes_lcl.h" +- +-#ifndef OPENSSL_NO_OCB +- +-/* +- * Calculate the number of binary trailing zero's in any given number +- */ +-static u32 ocb_ntz(u64 n) +-{ +- u32 cnt = 0; +- +- /* +- * We do a right-to-left simple sequential search. This is surprisingly +- * efficient as the distribution of trailing zeros is not uniform, +- * e.g. the number of possible inputs with no trailing zeros is equal to +- * the number with 1 or more; the number with exactly 1 is equal to the +- * number with 2 or more, etc. Checking the last two bits covers 75% of +- * all numbers. Checking the last three covers 87.5% +- */ +- while (!(n & 1)) { +- n >>= 1; +- cnt++; +- } +- return cnt; +-} +- +-/* +- * Shift a block of 16 bytes left by shift bits +- */ +-static void ocb_block_lshift(const unsigned char *in, size_t shift, +- unsigned char *out) +-{ +- unsigned char shift_mask; +- int i; +- unsigned char mask[15]; +- +- shift_mask = 0xff; +- shift_mask <<= (8 - shift); +- for (i = 15; i >= 0; i--) { +- if (i > 0) { +- mask[i - 1] = in[i] & shift_mask; +- mask[i - 1] >>= 8 - shift; +- } +- out[i] = in[i] << shift; +- +- if (i != 15) { +- out[i] ^= mask[i]; +- } +- } +-} +- +-/* +- * Perform a "double" operation as per OCB spec +- */ +-static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) +-{ +- unsigned char mask; +- +- /* +- * Calculate the mask based on the most significant bit. There are more +- * efficient ways to do this - but this way is constant time +- */ +- mask = in->c[0] & 0x80; +- mask >>= 7; +- mask *= 135; +- +- ocb_block_lshift(in->c, 1, out->c); +- +- out->c[15] ^= mask; +-} +- +-/* +- * Perform an xor on in1 and in2 - each of len bytes. Store result in out +- */ +-static void ocb_block_xor(const unsigned char *in1, +- const unsigned char *in2, size_t len, +- unsigned char *out) +-{ +- size_t i; +- for (i = 0; i < len; i++) { +- out[i] = in1[i] ^ in2[i]; +- } +-} +- +-/* +- * Lookup L_index in our lookup table. If we haven't already got it we need to +- * calculate it +- */ +-static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) +-{ +- size_t l_index = ctx->l_index; +- +- if (idx <= l_index) { +- return ctx->l + idx; +- } +- +- /* We don't have it - so calculate it */ +- if (idx >= ctx->max_l_index) { +- void *tmp_ptr; +- /* +- * Each additional entry allows to process almost double as +- * much data, so that in linear world the table will need to +- * be expanded with smaller and smaller increments. Originally +- * it was doubling in size, which was a waste. Growing it +- * linearly is not formally optimal, but is simpler to implement. +- * We grow table by minimally required 4*n that would accommodate +- * the index. +- */ +- ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3; +- tmp_ptr = +- OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); +- if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */ +- return NULL; +- ctx->l = tmp_ptr; +- } +- while (l_index < idx) { +- ocb_double(ctx->l + l_index, ctx->l + l_index + 1); +- l_index++; +- } +- ctx->l_index = l_index; +- +- return ctx->l + idx; +-} +- +-/* +- * Create a new OCB128_CONTEXT +- */ +-OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, +- block128_f encrypt, block128_f decrypt, +- ocb128_f stream) +-{ +- OCB128_CONTEXT *octx; +- int ret; +- +- if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) { +- ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt, +- stream); +- if (ret) +- return octx; +- OPENSSL_free(octx); +- } +- +- return NULL; +-} +- +-/* +- * Initialise an existing OCB128_CONTEXT +- */ +-int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, +- block128_f encrypt, block128_f decrypt, +- ocb128_f stream) +-{ +- memset(ctx, 0, sizeof(*ctx)); +- ctx->l_index = 0; +- ctx->max_l_index = 5; +- ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); +- if (ctx->l == NULL) +- return 0; +- +- /* +- * We set both the encryption and decryption key schedules - decryption +- * needs both. Don't really need decryption schedule if only doing +- * encryption - but it simplifies things to take it anyway +- */ +- ctx->encrypt = encrypt; +- ctx->decrypt = decrypt; +- ctx->stream = stream; +- ctx->keyenc = keyenc; +- ctx->keydec = keydec; +- +- /* L_* = ENCIPHER(K, zeros(128)) */ +- ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc); +- +- /* L_$ = double(L_*) */ +- ocb_double(&ctx->l_star, &ctx->l_dollar); +- +- /* L_0 = double(L_$) */ +- ocb_double(&ctx->l_dollar, ctx->l); +- +- /* L_{i} = double(L_{i-1}) */ +- ocb_double(ctx->l, ctx->l+1); +- ocb_double(ctx->l+1, ctx->l+2); +- ocb_double(ctx->l+2, ctx->l+3); +- ocb_double(ctx->l+3, ctx->l+4); +- ctx->l_index = 4; /* enough to process up to 496 bytes */ +- +- return 1; +-} +- +-/* +- * Copy an OCB128_CONTEXT object +- */ +-int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src, +- void *keyenc, void *keydec) +-{ +- memcpy(dest, src, sizeof(OCB128_CONTEXT)); +- if (keyenc) +- dest->keyenc = keyenc; +- if (keydec) +- dest->keydec = keydec; +- if (src->l) { +- dest->l = OPENSSL_malloc(src->max_l_index * 16); +- if (dest->l == NULL) +- return 0; +- memcpy(dest->l, src->l, (src->l_index + 1) * 16); +- } +- return 1; +-} +- +-/* +- * Set the IV to be used for this operation. Must be 1 - 15 bytes. +- */ +-int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv, +- size_t len, size_t taglen) +-{ +- unsigned char ktop[16], tmp[16], mask; +- unsigned char stretch[24], nonce[16]; +- size_t bottom, shift; +- +- /* +- * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths. +- * We don't support this at this stage +- */ +- if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) { +- return -1; +- } +- +- /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */ +- nonce[0] = ((taglen * 8) % 128) << 1; +- memset(nonce + 1, 0, 15); +- memcpy(nonce + 16 - len, iv, len); +- nonce[15 - len] |= 1; +- +- /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */ +- memcpy(tmp, nonce, 16); +- tmp[15] &= 0xc0; +- ctx->encrypt(tmp, ktop, ctx->keyenc); +- +- /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */ +- memcpy(stretch, ktop, 16); +- ocb_block_xor(ktop, ktop + 1, 8, stretch + 16); +- +- /* bottom = str2num(Nonce[123..128]) */ +- bottom = nonce[15] & 0x3f; +- +- /* Offset_0 = Stretch[1+bottom..128+bottom] */ +- shift = bottom % 8; +- ocb_block_lshift(stretch + (bottom / 8), shift, ctx->offset.c); +- mask = 0xff; +- mask <<= 8 - shift; +- ctx->offset.c[15] |= +- (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift); +- +- return 1; +-} +- +-/* +- * Provide any AAD. This can be called multiple times. Only the final time can +- * have a partial block +- */ +-int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, +- size_t len) +-{ +- u64 i, all_num_blocks; +- size_t num_blocks, last_len; +- OCB_BLOCK tmp1; +- OCB_BLOCK tmp2; +- +- /* Calculate the number of blocks of AAD provided now, and so far */ +- num_blocks = len / 16; +- all_num_blocks = num_blocks + ctx->blocks_hashed; +- +- /* Loop through all full blocks of AAD */ +- for (i = ctx->blocks_hashed + 1; i <= all_num_blocks; i++) { +- OCB_BLOCK *lookup; +- OCB_BLOCK *aad_block; +- +- /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ +- lookup = ocb_lookup_l(ctx, ocb_ntz(i)); +- if (lookup == NULL) +- return 0; +- ocb_block16_xor(&ctx->offset_aad, lookup, &ctx->offset_aad); +- +- /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ +- aad_block = (OCB_BLOCK *)(aad + ((i - ctx->blocks_hashed - 1) * 16)); +- ocb_block16_xor(&ctx->offset_aad, aad_block, &tmp1); +- ctx->encrypt(tmp1.c, tmp2.c, ctx->keyenc); +- ocb_block16_xor(&ctx->sum, &tmp2, &ctx->sum); +- } +- +- /* +- * Check if we have any partial blocks left over. This is only valid in the +- * last call to this function +- */ +- last_len = len % 16; +- +- if (last_len > 0) { +- /* Offset_* = Offset_m xor L_* */ +- ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad); +- +- /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ +- memset(&tmp1, 0, 16); +- memcpy(&tmp1, aad + (num_blocks * 16), last_len); +- ((unsigned char *)&tmp1)[last_len] = 0x80; +- ocb_block16_xor(&ctx->offset_aad, &tmp1, &tmp2); +- +- /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ +- ctx->encrypt(tmp2.c, tmp1.c, ctx->keyenc); +- ocb_block16_xor(&ctx->sum, &tmp1, &ctx->sum); +- } +- +- ctx->blocks_hashed = all_num_blocks; +- +- return 1; +-} +- +-/* +- * Provide any data to be encrypted. This can be called multiple times. Only +- * the final time can have a partial block +- */ +-int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, +- const unsigned char *in, unsigned char *out, +- size_t len) +-{ +- u64 i, all_num_blocks; +- size_t num_blocks, last_len; +- OCB_BLOCK tmp1; +- OCB_BLOCK tmp2; +- OCB_BLOCK pad; +- +- /* +- * Calculate the number of blocks of data to be encrypted provided now, and +- * so far +- */ +- num_blocks = len / 16; +- all_num_blocks = num_blocks + ctx->blocks_processed; +- +- if (num_blocks && all_num_blocks == (size_t)all_num_blocks +- && ctx->stream != NULL) { +- size_t max_idx = 0, top = (size_t)all_num_blocks; +- +- /* +- * See how many L_{i} entries we need to process data at hand +- * and pre-compute missing entries in the table [if any]... +- */ +- while (top >>= 1) +- max_idx++; +- if (ocb_lookup_l(ctx, max_idx) == NULL) +- return 0; +- +- ctx->stream(in, out, num_blocks, ctx->keyenc, +- (size_t)ctx->blocks_processed + 1, ctx->offset.c, +- (const unsigned char (*)[16])ctx->l, ctx->checksum.c); +- } else { +- /* Loop through all full blocks to be encrypted */ +- for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { +- OCB_BLOCK *lookup; +- OCB_BLOCK *inblock; +- OCB_BLOCK *outblock; +- +- /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ +- lookup = ocb_lookup_l(ctx, ocb_ntz(i)); +- if (lookup == NULL) +- return 0; +- ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); +- +- /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */ +- inblock = +- (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); +- ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); +- /* Checksum_i = Checksum_{i-1} xor P_i */ +- ocb_block16_xor_misaligned(&ctx->checksum, inblock, &ctx->checksum); +- ctx->encrypt(tmp1.c, tmp2.c, ctx->keyenc); +- outblock = +- (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); +- ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); +- } +- } +- +- /* +- * Check if we have any partial blocks left over. This is only valid in the +- * last call to this function +- */ +- last_len = len % 16; +- +- if (last_len > 0) { +- /* Offset_* = Offset_m xor L_* */ +- ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); +- +- /* Pad = ENCIPHER(K, Offset_*) */ +- ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); +- +- /* C_* = P_* xor Pad[1..bitlen(P_*)] */ +- ocb_block_xor(in + (len / 16) * 16, (unsigned char *)&pad, last_len, +- out + (num_blocks * 16)); +- +- /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ +- memset(&tmp1, 0, 16); +- memcpy(&tmp1, in + (len / 16) * 16, last_len); +- ((unsigned char *)(&tmp1))[last_len] = 0x80; +- ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); +- } +- +- ctx->blocks_processed = all_num_blocks; +- +- return 1; +-} +- +-/* +- * Provide any data to be decrypted. This can be called multiple times. Only +- * the final time can have a partial block +- */ +-int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, +- const unsigned char *in, unsigned char *out, +- size_t len) +-{ +- u64 i, all_num_blocks; +- size_t num_blocks, last_len; +- OCB_BLOCK tmp1; +- OCB_BLOCK tmp2; +- OCB_BLOCK pad; +- +- /* +- * Calculate the number of blocks of data to be decrypted provided now, and +- * so far +- */ +- num_blocks = len / 16; +- all_num_blocks = num_blocks + ctx->blocks_processed; +- +- if (num_blocks && all_num_blocks == (size_t)all_num_blocks +- && ctx->stream != NULL) { +- size_t max_idx = 0, top = (size_t)all_num_blocks; +- +- /* +- * See how many L_{i} entries we need to process data at hand +- * and pre-compute missing entries in the table [if any]... +- */ +- while (top >>= 1) +- max_idx++; +- if (ocb_lookup_l(ctx, max_idx) == NULL) +- return 0; +- +- ctx->stream(in, out, num_blocks, ctx->keydec, +- (size_t)ctx->blocks_processed + 1, ctx->offset.c, +- (const unsigned char (*)[16])ctx->l, ctx->checksum.c); +- } else { +- /* Loop through all full blocks to be decrypted */ +- for (i = ctx->blocks_processed + 1; i <= all_num_blocks; i++) { +- OCB_BLOCK *inblock; +- OCB_BLOCK *outblock; +- +- /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ +- OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i)); +- if (lookup == NULL) +- return 0; +- ocb_block16_xor(&ctx->offset, lookup, &ctx->offset); +- +- /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */ +- inblock = +- (OCB_BLOCK *)(in + ((i - ctx->blocks_processed - 1) * 16)); +- ocb_block16_xor_misaligned(&ctx->offset, inblock, &tmp1); +- ctx->decrypt(tmp1.c, tmp2.c, ctx->keydec); +- outblock = +- (OCB_BLOCK *)(out + ((i - ctx->blocks_processed - 1) * 16)); +- ocb_block16_xor_misaligned(&ctx->offset, &tmp2, outblock); +- +- /* Checksum_i = Checksum_{i-1} xor P_i */ +- ocb_block16_xor_misaligned(&ctx->checksum, outblock, &ctx->checksum); +- } +- } +- +- /* +- * Check if we have any partial blocks left over. This is only valid in the +- * last call to this function +- */ +- last_len = len % 16; +- +- if (last_len > 0) { +- /* Offset_* = Offset_m xor L_* */ +- ocb_block16_xor(&ctx->offset, &ctx->l_star, &ctx->offset); +- +- /* Pad = ENCIPHER(K, Offset_*) */ +- ctx->encrypt(ctx->offset.c, pad.c, ctx->keyenc); +- +- /* P_* = C_* xor Pad[1..bitlen(C_*)] */ +- ocb_block_xor(in + (len / 16) * 16, (unsigned char *)&pad, last_len, +- out + (num_blocks * 16)); +- +- /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ +- memset(&tmp1, 0, 16); +- memcpy(&tmp1, out + (len / 16) * 16, last_len); +- ((unsigned char *)(&tmp1))[last_len] = 0x80; +- ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); +- } +- +- ctx->blocks_processed = all_num_blocks; +- +- return 1; +-} +- +-/* +- * Calculate the tag and verify it against the supplied tag +- */ +-int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag, +- size_t len) +-{ +- OCB_BLOCK tmp1, tmp2; +- +- /* +- * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) +- */ +- ocb_block16_xor(&ctx->checksum, &ctx->offset, &tmp1); +- ocb_block16_xor(&tmp1, &ctx->l_dollar, &tmp2); +- ctx->encrypt(tmp2.c, tmp1.c, ctx->keyenc); +- ocb_block16_xor(&tmp1, &ctx->sum, &ctx->tag); +- +- if (len > 16 || len < 1) { +- return -1; +- } +- +- /* Compare the tag if we've been given one */ +- if (tag) +- return CRYPTO_memcmp(&ctx->tag, tag, len); +- else +- return -1; +-} +- +-/* +- * Retrieve the calculated tag +- */ +-int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len) +-{ +- if (len > 16 || len < 1) { +- return -1; +- } +- +- /* Calculate the tag */ +- CRYPTO_ocb128_finish(ctx, NULL, 0); +- +- /* Copy the tag into the supplied buffer */ +- memcpy(tag, &ctx->tag, len); +- +- return 1; +-} +- +-/* +- * Release all resources +- */ +-void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx) +-{ +- if (ctx) { +- OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16); +- OPENSSL_cleanse(ctx, sizeof(*ctx)); +- } +-} +- +-#endif /* OPENSSL_NO_OCB */ +diff --git a/Cryptlib/OpenSSL/crypto/modes/ofb128.c b/Cryptlib/OpenSSL/crypto/modes/ofb128.c +index 8309256..4dbaccd 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/ofb128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/ofb128.c +@@ -1,16 +1,64 @@ +-/* +- * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + /* + * The input and output encrypted as though 128bit ofb mode is being used. + * The extra state information to record how much of the 128bit block we have +@@ -23,6 +71,8 @@ void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + unsigned int n; + size_t l = 0; + ++ assert(in && out && key && ivec && num); ++ + n = *num; + + #if !defined(OPENSSL_SMALL_FOOTPRINT) +diff --git a/Cryptlib/OpenSSL/crypto/modes/wrap128.c b/Cryptlib/OpenSSL/crypto/modes/wrap128.c +index 46809a0..3849783 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/wrap128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/wrap128.c +@@ -1,50 +1,70 @@ ++/* crypto/modes/wrap128.c */ + /* +- * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. + */ +- +-/** Beware! ++/* ==================================================================== ++ * Copyright (c) 2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Following wrapping modes were designed for AES but this implementation +- * allows you to use them for any 128 bit block cipher. ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + +-/** RFC 3394 section 2.2.3.1 Default Initial Value */ + static const unsigned char default_iv[] = { + 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, + }; + +-/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */ +-static const unsigned char default_aiv[] = { +- 0xA6, 0x59, 0x59, 0xA6 +-}; +- +-/** Input size limit: lower than maximum of standards but far larger than +- * anything that will be used in practice. ++/* ++ * Input size limit: lower than maximum of standards but far larger than ++ * anything that will be used in practice. + */ + #define CRYPTO128_WRAP_MAX (1UL << 31) + +-/** Wrapping according to RFC 3394 section 2.2.1. +- * +- * @param[in] key Key value. +- * @param[in] iv IV value. Length = 8 bytes. NULL = use default_iv. +- * @param[in] in Plaintext as n 64-bit blocks, n >= 2. +- * @param[in] inlen Length of in. +- * @param[out] out Ciphertext. Minimal buffer length = (inlen + 8) bytes. +- * Input and output buffers can overlap if block function +- * supports that. +- * @param[in] block Block processing function. +- * @return 0 if inlen does not consist of n 64-bit blocks, n >= 2. +- * or if inlen > CRYPTO128_WRAP_MAX. +- * Output length if wrapping succeeded. +- */ + size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + unsigned char *out, + const unsigned char *in, size_t inlen, +@@ -52,7 +72,7 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + { + unsigned char *A, B[16], *R; + size_t i, j, t; +- if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX)) ++ if ((inlen & 0x7) || (inlen < 8) || (inlen > CRYPTO128_WRAP_MAX)) + return 0; + A = B; + t = 1; +@@ -80,26 +100,10 @@ size_t CRYPTO_128_wrap(void *key, const unsigned char *iv, + return inlen + 8; + } + +-/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2. +- * The IV check (step 3) is responsibility of the caller. +- * +- * @param[in] key Key value. +- * @param[out] iv Unchecked IV value. Minimal buffer length = 8 bytes. +- * @param[out] out Plaintext without IV. +- * Minimal buffer length = (inlen - 8) bytes. +- * Input and output buffers can overlap if block function +- * supports that. +- * @param[in] in Ciphertext as n 64-bit blocks. +- * @param[in] inlen Length of in. +- * @param[in] block Block processing function. +- * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] +- * or if inlen is not a multiple of 8. +- * Output length otherwise. +- */ +-static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, +- unsigned char *out, +- const unsigned char *in, size_t inlen, +- block128_f block) ++size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, ++ unsigned char *out, ++ const unsigned char *in, size_t inlen, ++ block128_f block) + { + unsigned char *A, B[16], *R; + size_t i, j, t; +@@ -124,206 +128,11 @@ static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv, + memcpy(R, B + 8, 8); + } + } +- memcpy(iv, A, 8); +- return inlen; +-} +- +-/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check. +- * The first block of plaintext has to match the supplied IV, otherwise an +- * error is returned. +- * +- * @param[in] key Key value. +- * @param[out] iv IV value to match against. Length = 8 bytes. +- * NULL = use default_iv. +- * @param[out] out Plaintext without IV. +- * Minimal buffer length = (inlen - 8) bytes. +- * Input and output buffers can overlap if block function +- * supports that. +- * @param[in] in Ciphertext as n 64-bit blocks. +- * @param[in] inlen Length of in. +- * @param[in] block Block processing function. +- * @return 0 if inlen is out of range [24, CRYPTO128_WRAP_MAX] +- * or if inlen is not a multiple of 8 +- * or if IV doesn't match expected value. +- * Output length otherwise. +- */ +-size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv, +- unsigned char *out, const unsigned char *in, +- size_t inlen, block128_f block) +-{ +- size_t ret; +- unsigned char got_iv[8]; +- +- ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block); +- if (ret == 0) +- return 0; +- + if (!iv) + iv = default_iv; +- if (CRYPTO_memcmp(got_iv, iv, 8)) { +- OPENSSL_cleanse(out, ret); +- return 0; +- } +- return ret; +-} +- +-/** Wrapping according to RFC 5649 section 4.1. +- * +- * @param[in] key Key value. +- * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. +- * @param[out] out Ciphertext. Minimal buffer length = (inlen + 15) bytes. +- * Input and output buffers can overlap if block function +- * supports that. +- * @param[in] in Plaintext as n 64-bit blocks, n >= 2. +- * @param[in] inlen Length of in. +- * @param[in] block Block processing function. +- * @return 0 if inlen is out of range [1, CRYPTO128_WRAP_MAX]. +- * Output length if wrapping succeeded. +- */ +-size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, +- unsigned char *out, +- const unsigned char *in, size_t inlen, +- block128_f block) +-{ +- /* n: number of 64-bit blocks in the padded key data +- * +- * If length of plain text is not a multiple of 8, pad the plain text octet +- * string on the right with octets of zeros, where final length is the +- * smallest multiple of 8 that is greater than length of plain text. +- * If length of plain text is a multiple of 8, then there is no padding. */ +- const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */ +- const size_t padded_len = blocks_padded * 8; +- const size_t padding_len = padded_len - inlen; +- /* RFC 5649 section 3: Alternative Initial Value */ +- unsigned char aiv[8]; +- int ret; +- +- /* Section 1: use 32-bit fixed field for plaintext octet length */ +- if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX) +- return 0; +- +- /* Section 3: Alternative Initial Value */ +- if (!icv) +- memcpy(aiv, default_aiv, 4); +- else +- memcpy(aiv, icv, 4); /* Standard doesn't mention this. */ +- +- aiv[4] = (inlen >> 24) & 0xFF; +- aiv[5] = (inlen >> 16) & 0xFF; +- aiv[6] = (inlen >> 8) & 0xFF; +- aiv[7] = inlen & 0xFF; +- +- if (padded_len == 8) { +- /* +- * Section 4.1 - special case in step 2: If the padded plaintext +- * contains exactly eight octets, then prepend the AIV and encrypt +- * the resulting 128-bit block using AES in ECB mode. +- */ +- memmove(out + 8, in, inlen); +- memcpy(out, aiv, 8); +- memset(out + 8 + inlen, 0, padding_len); +- block(out, out, key); +- ret = 16; /* AIV + padded input */ +- } else { +- memmove(out, in, inlen); +- memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ +- ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block); +- } +- +- return ret; +-} +- +-/** Unwrapping according to RFC 5649 section 4.2. +- * +- * @param[in] key Key value. +- * @param[in] icv (Non-standard) IV, 4 bytes. NULL = use default_aiv. +- * @param[out] out Plaintext. Minimal buffer length = inlen bytes. +- * Input and output buffers can overlap if block function +- * supports that. +- * @param[in] in Ciphertext as n 64-bit blocks. +- * @param[in] inlen Length of in. +- * @param[in] block Block processing function. +- * @return 0 if inlen is out of range [16, CRYPTO128_WRAP_MAX], +- * or if inlen is not a multiple of 8 +- * or if IV and message length indicator doesn't match. +- * Output length if unwrapping succeeded and IV matches. +- */ +-size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, +- unsigned char *out, +- const unsigned char *in, size_t inlen, +- block128_f block) +-{ +- /* n: number of 64-bit blocks in the padded key data */ +- size_t n = inlen / 8 - 1; +- size_t padded_len; +- size_t padding_len; +- size_t ptext_len; +- /* RFC 5649 section 3: Alternative Initial Value */ +- unsigned char aiv[8]; +- static unsigned char zeros[8] = { 0x0 }; +- size_t ret; +- +- /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */ +- if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX) +- return 0; +- +- memmove(out, in, inlen); +- if (inlen == 16) { +- /* +- * Section 4.2 - special case in step 1: When n=1, the ciphertext +- * contains exactly two 64-bit blocks and they are decrypted as a +- * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] | +- * C[1]) +- */ +- block(out, out, key); +- memcpy(aiv, out, 8); +- /* Remove AIV */ +- memmove(out, out + 8, 8); +- padded_len = 8; +- } else { +- padded_len = inlen - 8; +- ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); +- if (padded_len != ret) { +- OPENSSL_cleanse(out, inlen); +- return 0; +- } +- } +- +- /* +- * Section 3: AIV checks: Check that MSB(32,A) = A65959A6. Optionally a +- * user-supplied value can be used (even if standard doesn't mention +- * this). +- */ +- if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4)) +- || (icv && CRYPTO_memcmp(aiv, icv, 4))) { +- OPENSSL_cleanse(out, inlen); +- return 0; +- } +- +- /* +- * Check that 8*(n-1) < LSB(32,AIV) <= 8*n. If so, let ptext_len = +- * LSB(32,AIV). +- */ +- +- ptext_len = ((unsigned int)aiv[4] << 24) +- | ((unsigned int)aiv[5] << 16) +- | ((unsigned int)aiv[6] << 8) +- | (unsigned int)aiv[7]; +- if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) { +- OPENSSL_cleanse(out, inlen); +- return 0; +- } +- +- /* +- * Check that the rightmost padding_len octets of the output data are +- * zero. +- */ +- padding_len = padded_len - ptext_len; +- if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) { ++ if (memcmp(A, iv, 8)) { + OPENSSL_cleanse(out, inlen); + return 0; + } +- +- /* Section 4.2 step 3: Remove padding */ +- return ptext_len; ++ return inlen; + } +diff --git a/Cryptlib/OpenSSL/crypto/modes/xts128.c b/Cryptlib/OpenSSL/crypto/modes/xts128.c +index 81b1eac..8f2af58 100644 +--- a/Cryptlib/OpenSSL/crypto/modes/xts128.c ++++ b/Cryptlib/OpenSSL/crypto/modes/xts128.c +@@ -1,16 +1,63 @@ +-/* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include + #include "modes_lcl.h" + #include + ++#ifndef MODES_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++#include ++ + int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, + const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, +diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c +index 89c8c5c..f9dbed8 100644 +--- a/Cryptlib/OpenSSL/crypto/o_dir.c ++++ b/Cryptlib/OpenSSL/crypto/o_dir.c +@@ -1,10 +1,60 @@ ++/* crypto/o_dir.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -20,7 +70,7 @@ + #define LP_find_file OPENSSL_DIR_read + #define LP_find_file_end OPENSSL_DIR_end + +-#include "internal/o_dir.h" ++#include "o_dir.h" + + #define LPDIR_H + #if defined OPENSSL_SYS_UNIX || defined DJGPP +diff --git a/Cryptlib/OpenSSL/crypto/o_dir.h b/Cryptlib/OpenSSL/crypto/o_dir.h +new file mode 100644 +index 0000000..bf45a14 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/o_dir.h +@@ -0,0 +1,55 @@ ++/* crypto/o_dir.h */ ++/* ++ * Copied from Richard Levitte's (richard@levitte.org) LP library. All ++ * symbol names have been changed, with permission from the author. ++ */ ++ ++/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */ ++/* ++ * Copyright (c) 2004, Richard Levitte ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#ifndef O_DIR_H ++# define O_DIR_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; ++ ++ /* ++ * returns NULL on error or end-of-directory. If it is end-of-directory, ++ * errno will be zero ++ */ ++const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory); ++ /* returns 1 on success, 0 on error */ ++int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx); ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* LPDIR_H */ +diff --git a/Cryptlib/OpenSSL/crypto/o_fips.c b/Cryptlib/OpenSSL/crypto/o_fips.c +index bf6db65..f56d5bb 100644 +--- a/Cryptlib/OpenSSL/crypto/o_fips.c ++++ b/Cryptlib/OpenSSL/crypto/o_fips.c +@@ -1,19 +1,71 @@ + /* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Stephen henson (steve@openssl.org) for the OpenSSL project ++ * 2011. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #ifdef OPENSSL_FIPS + # include ++# include ++# include + #endif + + int FIPS_mode(void) + { ++ OPENSSL_init(); + #ifdef OPENSSL_FIPS + return FIPS_module_mode(); + #else +@@ -23,8 +75,18 @@ int FIPS_mode(void) + + int FIPS_mode_set(int r) + { ++ OPENSSL_init(); + #ifdef OPENSSL_FIPS +- return FIPS_module_mode_set(r); ++# ifndef FIPS_AUTH_USER_PASS ++# define FIPS_AUTH_USER_PASS "Default FIPS Crypto User Password" ++# endif ++ if (!FIPS_module_mode_set(r, FIPS_AUTH_USER_PASS)) ++ return 0; ++ if (r) ++ RAND_set_rand_method(FIPS_rand_get_method()); ++ else ++ RAND_set_rand_method(NULL); ++ return 1; + #else + if (r == 0) + return 1; +diff --git a/Cryptlib/OpenSSL/crypto/o_fopen.c b/Cryptlib/OpenSSL/crypto/o_fopen.c +deleted file mode 100644 +index a3a0065..0000000 +--- a/Cryptlib/OpenSSL/crypto/o_fopen.c ++++ /dev/null +@@ -1,103 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "internal/cryptlib.h" +- +-#if !defined(OPENSSL_NO_STDIO) +- +-# include +- +-FILE *openssl_fopen(const char *filename, const char *mode) +-{ +- FILE *file = NULL; +-# if defined(_WIN32) && defined(CP_UTF8) +- int sz, len_0 = (int)strlen(filename) + 1; +- DWORD flags; +- +- /* +- * Basically there are three cases to cover: a) filename is +- * pure ASCII string; b) actual UTF-8 encoded string and +- * c) locale-ized string, i.e. one containing 8-bit +- * characters that are meaningful in current system locale. +- * If filename is pure ASCII or real UTF-8 encoded string, +- * MultiByteToWideChar succeeds and _wfopen works. If +- * filename is locale-ized string, chances are that +- * MultiByteToWideChar fails reporting +- * ERROR_NO_UNICODE_TRANSLATION, in which case we fall +- * back to fopen... +- */ +- if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS), +- filename, len_0, NULL, 0)) > 0 || +- (GetLastError() == ERROR_INVALID_FLAGS && +- (sz = MultiByteToWideChar(CP_UTF8, (flags = 0), +- filename, len_0, NULL, 0)) > 0) +- ) { +- WCHAR wmode[8]; +- WCHAR *wfilename = _alloca(sz * sizeof(WCHAR)); +- +- if (MultiByteToWideChar(CP_UTF8, flags, +- filename, len_0, wfilename, sz) && +- MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, +- wmode, OSSL_NELEM(wmode)) && +- (file = _wfopen(wfilename, wmode)) == NULL && +- (errno == ENOENT || errno == EBADF) +- ) { +- /* +- * UTF-8 decode succeeded, but no file, filename +- * could still have been locale-ized... +- */ +- file = fopen(filename, mode); +- } +- } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) { +- file = fopen(filename, mode); +- } +-# elif defined(__DJGPP__) +- { +- char *newname = NULL; +- +- if (!HAS_LFN_SUPPORT(filename)) { +- char *iterator; +- char lastchar; +- +- newname = OPENSSL_malloc(strlen(filename) + 1); +- if (newname == NULL) +- return NULL; +- +- for (iterator = newname, lastchar = '\0'; +- *filename; filename++, iterator++) { +- if (lastchar == '/' && filename[0] == '.' +- && filename[1] != '.' && filename[1] != '/') { +- /* Leading dots are not permitted in plain DOS. */ +- *iterator = '_'; +- } else { +- *iterator = *filename; +- } +- lastchar = *filename; +- } +- *iterator = '\0'; +- filename = newname; +- } +- file = fopen(filename, mode); +- +- OPENSSL_free(newname); +- } +-# else +- file = fopen(filename, mode); +-# endif +- return file; +-} +- +-#else +- +-void *openssl_fopen(const char *filename, const char *mode) +-{ +- return NULL; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c +index 2e0c126..185841e 100644 +--- a/Cryptlib/OpenSSL/crypto/o_init.c ++++ b/Cryptlib/OpenSSL/crypto/o_init.c +@@ -1,10 +1,56 @@ ++/* o_init.c */ + /* +- * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -27,8 +73,14 @@ void OPENSSL_init(void) + done = 1; + #ifdef OPENSSL_FIPS + FIPS_set_locking_callbacks(CRYPTO_lock, CRYPTO_add_lock); ++# ifndef OPENSSL_NO_DEPRECATED ++ FIPS_crypto_set_id_callback(CRYPTO_thread_id); ++# endif + FIPS_set_error_callbacks(ERR_put_error, ERR_add_error_vdata); + FIPS_set_malloc_callbacks(CRYPTO_malloc, CRYPTO_free); + RAND_init_fips(); + #endif ++#if 0 ++ fprintf(stderr, "Called OPENSSL_init\n"); ++#endif + } +diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c +index beabec0..7e61cde 100644 +--- a/Cryptlib/OpenSSL/crypto/o_str.c ++++ b/Cryptlib/OpenSSL/crypto/o_str.c +@@ -1,250 +1,116 @@ ++/* crypto/o_str.c */ + /* +- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include + #include +-#include +-#include "internal/cryptlib.h" +-#include "internal/o_str.h" +- +-int OPENSSL_memcmp(const void *v1, const void *v2, size_t n) +-{ +- const unsigned char *c1 = v1, *c2 = v2; +- int ret = 0; +- +- while (n && (ret = *c1 - *c2) == 0) +- n--, c1++, c2++; +- +- return ret; +-} +- +-char *CRYPTO_strdup(const char *str, const char* file, int line) +-{ +- char *ret; +- size_t size; +- +- if (str == NULL) +- return NULL; +- size = strlen(str) + 1; +- ret = CRYPTO_malloc(size, file, line); +- if (ret != NULL) +- memcpy(ret, str, size); +- return ret; +-} +- +-char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) +-{ +- size_t maxlen; +- char *ret; +- +- if (str == NULL) +- return NULL; +- +- maxlen = OPENSSL_strnlen(str, s); +- +- ret = CRYPTO_malloc(maxlen + 1, file, line); +- if (ret) { +- memcpy(ret, str, maxlen); +- ret[maxlen] = '\0'; +- } +- return ret; +-} +- +-void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line) +-{ +- void *ret; ++#include "o_str.h" + +- if (data == NULL || siz >= INT_MAX) +- return NULL; +- +- ret = CRYPTO_malloc(siz, file, line); +- if (ret == NULL) { +- CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- return memcpy(ret, data, siz); +-} +- +-size_t OPENSSL_strnlen(const char *str, size_t maxlen) +-{ +- const char *p; +- +- for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; +- +- return p - str; +-} ++#if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ ++ !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && \ ++ !defined(NETWARE_CLIB) ++# include ++#endif + +-size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size) ++int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) + { +- size_t l = 0; +- for (; size > 1 && *src; size--) { +- *dst++ = *src++; +- l++; ++#if defined(OPENSSL_IMPLEMENTS_strncasecmp) ++ while (*str1 && *str2 && n) { ++ int res = toupper(*str1) - toupper(*str2); ++ if (res) ++ return res < 0 ? -1 : 1; ++ str1++; ++ str2++; ++ n--; + } +- if (size) +- *dst = '\0'; +- return l + strlen(src); +-} +- +-size_t OPENSSL_strlcat(char *dst, const char *src, size_t size) +-{ +- size_t l = 0; +- for (; size > 0 && *dst; size--, dst++) +- l++; +- return l + OPENSSL_strlcpy(dst, src, size); +-} +- +-int OPENSSL_hexchar2int(unsigned char c) +-{ +-#ifdef CHARSET_EBCDIC +- c = os_toebcdic[c]; +-#endif +- +- switch (c) { +- case '0': ++ if (n == 0) + return 0; +- case '1': ++ if (*str1) + return 1; +- case '2': +- return 2; +- case '3': +- return 3; +- case '4': +- return 4; +- case '5': +- return 5; +- case '6': +- return 6; +- case '7': +- return 7; +- case '8': +- return 8; +- case '9': +- return 9; +- case 'a': case 'A': +- return 0x0A; +- case 'b': case 'B': +- return 0x0B; +- case 'c': case 'C': +- return 0x0C; +- case 'd': case 'D': +- return 0x0D; +- case 'e': case 'E': +- return 0x0E; +- case 'f': case 'F': +- return 0x0F; +- } +- return -1; ++ if (*str2) ++ return -1; ++ return 0; ++#else ++ /* ++ * Recursion hazard warning! Whenever strncasecmp is #defined as ++ * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as ++ * well. ++ */ ++ return strncasecmp(str1, str2, n); ++#endif + } + +-/* +- * Give a string of hex digits convert to a buffer +- */ +-unsigned char *OPENSSL_hexstr2buf(const char *str, long *len) ++int OPENSSL_strcasecmp(const char *str1, const char *str2) + { +- unsigned char *hexbuf, *q; +- unsigned char ch, cl; +- int chi, cli; +- const unsigned char *p; +- size_t s; +- +- s = strlen(str); +- if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) { +- CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- for (p = (const unsigned char *)str, q = hexbuf; *p; ) { +- ch = *p++; +- if (ch == ':') +- continue; +- cl = *p++; +- if (!cl) { +- CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, +- CRYPTO_R_ODD_NUMBER_OF_DIGITS); +- OPENSSL_free(hexbuf); +- return NULL; +- } +- cli = OPENSSL_hexchar2int(cl); +- chi = OPENSSL_hexchar2int(ch); +- if (cli < 0 || chi < 0) { +- OPENSSL_free(hexbuf); +- CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT); +- return NULL; +- } +- *q++ = (unsigned char)((chi << 4) | cli); +- } +- +- if (len) +- *len = q - hexbuf; +- return hexbuf; ++#if defined(OPENSSL_IMPLEMENTS_strncasecmp) ++ return OPENSSL_strncasecmp(str1, str2, (size_t)-1); ++#else ++ return strcasecmp(str1, str2); ++#endif + } + +-/* +- * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its +- * hex representation @@@ (Contents of buffer are always kept in ASCII, also +- * on EBCDIC machines) +- */ +-char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len) ++int OPENSSL_memcmp(const void *v1, const void *v2, size_t n) + { +- const static char hexdig[] = "0123456789ABCDEF"; +- char *tmp, *q; +- const unsigned char *p; +- int i; +- +- if (len == 0) +- { +- return OPENSSL_zalloc(1); +- } +- +- if ((tmp = OPENSSL_malloc(len * 3)) == NULL) { +- CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- q = tmp; +- for (i = 0, p = buffer; i < len; i++, p++) { +- *q++ = hexdig[(*p >> 4) & 0xf]; +- *q++ = hexdig[*p & 0xf]; +- *q++ = ':'; +- } +- q[-1] = 0; +-#ifdef CHARSET_EBCDIC +- ebcdic2ascii(tmp, tmp, q - tmp - 1); +-#endif ++ const unsigned char *c1 = v1, *c2 = v2; ++ int ret = 0; + +- return tmp; +-} ++ while (n && (ret = *c1 - *c2) == 0) ++ n--, c1++, c2++; + +-int openssl_strerror_r(int errnum, char *buf, size_t buflen) +-{ +-#if defined(_MSC_VER) && _MSC_VER>=1400 +- return !strerror_s(buf, buflen, errnum); +-#elif defined(_GNU_SOURCE) +- return strerror_r(errnum, buf, buflen) != NULL; +-#elif (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) +- /* +- * We can use "real" strerror_r. The OpenSSL version differs in that it +- * gives 1 on success and 0 on failure for consistency with other OpenSSL +- * functions. Real strerror_r does it the other way around +- */ +- return !strerror_r(errnum, buf, buflen); +-#else +- char *err; +- /* Fall back to non-thread safe strerror()...its all we can do */ +- if (buflen < 2) +- return 0; +- err = strerror(errnum); +- /* Can this ever happen? */ +- if (err == NULL) +- return 0; +- strncpy(buf, err, buflen - 1); +- buf[buflen - 1] = '\0'; +- return 1; +-#endif ++ return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/o_str.h b/Cryptlib/OpenSSL/crypto/o_str.h +new file mode 100644 +index 0000000..fa512eb +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/o_str.h +@@ -0,0 +1,69 @@ ++/* crypto/o_str.h */ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2003. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_O_STR_H ++# define HEADER_O_STR_H ++ ++# include /* to get size_t */ ++ ++int OPENSSL_strcasecmp(const char *str1, const char *str2); ++int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); ++int OPENSSL_memcmp(const void *p1, const void *p2, size_t n); ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c +index 4b902e0..b99e599 100644 +--- a/Cryptlib/OpenSSL/crypto/o_time.c ++++ b/Cryptlib/OpenSSL/crypto/o_time.c +@@ -1,15 +1,69 @@ ++/* crypto/o_time.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2008. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include ++#include "o_time.h" + + #ifdef OPENSSL_SYS_VMS + # if __CRTL_VER >= 70000000 && \ +@@ -51,9 +105,12 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) + { + struct tm *ts = NULL; + +-#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) +- if (gmtime_r(timer, result) == NULL) +- return NULL; ++#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS) ++ /* ++ * should return &data, but doesn't on some systems, so we don't even ++ * look at the return value ++ */ ++ gmtime_r(timer, result); + ts = result; + #elif !defined(OPENSSL_SYS_VMS) || defined(VMS_GMTIME_OK) + ts = gmtime(timer); +@@ -142,7 +199,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) + /*- + * The VMS epoch is the astronomical Smithsonian date, + if I remember correctly, which is November 17, 1858. +- Furthermore, time is measure in tenths of microseconds ++ Furthermore, time is measure in thenths of microseconds + and stored in quadwords (64 bit integers). unix_epoch + below is January 1st 1970 expressed as a VMS time. The + following code was used to get this number: +@@ -234,7 +291,7 @@ int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) + int time_sec, time_year, time_month, time_day; + long time_jd; + +- /* Convert time and offset into Julian day and seconds */ ++ /* Convert time and offset into julian day and seconds */ + if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec)) + return 0; + +@@ -358,3 +415,63 @@ static void julian_to_date(long jd, int *y, int *m, int *d) + *m = j + 2 - (12 * L); + *y = 100 * (n - 49) + i + L; + } ++ ++#ifdef OPENSSL_TIME_TEST ++ ++# include ++ ++/* ++ * Time checking test code. Check times are identical for a wide range of ++ * offsets. This should be run on a machine with 64 bit time_t or it will ++ * trigger the very errors the routines fix. ++ */ ++ ++int main(int argc, char **argv) ++{ ++ long offset; ++ for (offset = 0; offset < 1000000; offset++) { ++ check_time(offset); ++ check_time(-offset); ++ check_time(offset * 1000); ++ check_time(-offset * 1000); ++ } ++} ++ ++int check_time(long offset) ++{ ++ struct tm tm1, tm2, o1; ++ int off_day, off_sec; ++ long toffset; ++ time_t t1, t2; ++ time(&t1); ++ t2 = t1 + offset; ++ OPENSSL_gmtime(&t2, &tm2); ++ OPENSSL_gmtime(&t1, &tm1); ++ o1 = tm1; ++ OPENSSL_gmtime_adj(&tm1, 0, offset); ++ if ((tm1.tm_year != tm2.tm_year) || ++ (tm1.tm_mon != tm2.tm_mon) || ++ (tm1.tm_mday != tm2.tm_mday) || ++ (tm1.tm_hour != tm2.tm_hour) || ++ (tm1.tm_min != tm2.tm_min) || (tm1.tm_sec != tm2.tm_sec)) { ++ fprintf(stderr, "TIME ERROR!!\n"); ++ fprintf(stderr, "Time1: %d/%d/%d, %d:%02d:%02d\n", ++ tm2.tm_mday, tm2.tm_mon + 1, tm2.tm_year + 1900, ++ tm2.tm_hour, tm2.tm_min, tm2.tm_sec); ++ fprintf(stderr, "Time2: %d/%d/%d, %d:%02d:%02d\n", ++ tm1.tm_mday, tm1.tm_mon + 1, tm1.tm_year + 1900, ++ tm1.tm_hour, tm1.tm_min, tm1.tm_sec); ++ return 0; ++ } ++ OPENSSL_gmtime_diff(&o1, &tm1, &off_day, &off_sec); ++ toffset = (long)off_day *SECS_PER_DAY + off_sec; ++ if (offset != toffset) { ++ fprintf(stderr, "TIME OFFSET ERROR!!\n"); ++ fprintf(stderr, "Expected %ld, Got %ld (%d:%d)\n", ++ offset, toffset, off_day, off_sec); ++ return 0; ++ } ++ return 1; ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/o_time.h b/Cryptlib/OpenSSL/crypto/o_time.h +new file mode 100644 +index 0000000..f192c6d +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/o_time.h +@@ -0,0 +1,70 @@ ++/* crypto/o_time.h */ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_O_TIME_H ++# define HEADER_O_TIME_H ++ ++# include ++ ++struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); ++int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); ++int OPENSSL_gmtime_diff(int *pday, int *psec, ++ const struct tm *from, const struct tm *to); ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c +index ed98df8..f106905 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/o_names.c ++++ b/Cryptlib/OpenSSL/crypto/objects/o_names.c +@@ -1,12 +1,3 @@ +-/* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + #include + #include + #include +@@ -16,40 +7,35 @@ + #include + #include + #include +-#include "obj_lcl.h" + + /* +- * We define this wrapper for two reasons. Firstly, later versions of +- * DEC C add linkage information to certain functions, which makes it +- * tricky to use them as values to regular function pointers. +- * Secondly, in the EDK2 build environment, the strcmp function is +- * actually an external function (AsciiStrCmp) with the Microsoft ABI, +- * so we can't transparently assign function pointers to it. +- * Arguably the latter is a stupidity of the UEFI environment, but +- * since the wrapper solves the DEC C issue too, let's just use the +- * same solution. ++ * Later versions of DEC C has started to add lnkage information to certain ++ * functions, which makes it tricky to use them as values to regular function ++ * pointers. One way is to define a macro that takes care of casting them ++ * correctly. + */ +-#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI) +-static int obj_strcmp(const char *a, const char *b) +-{ +- return strcmp(a, b); +-} ++#ifdef OPENSSL_SYS_VMS_DECC ++# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp + #else +-#define obj_strcmp strcmp ++# define OPENSSL_strcmp strcmp + #endif + + /* + * I use the ex_data stuff to manage the identifiers for the obj_name_types + * that applications may define. I only really use the free function field. + */ ++DECLARE_LHASH_OF(OBJ_NAME); + static LHASH_OF(OBJ_NAME) *names_lh = NULL; + static int names_type_num = OBJ_NAME_TYPE_NUM; + +-struct name_funcs_st { ++typedef struct name_funcs_st { + unsigned long (*hash_func) (const char *name); + int (*cmp_func) (const char *a, const char *b); + void (*free_func) (const char *, int, const char *); +-}; ++} NAME_FUNCS; ++ ++DECLARE_STACK_OF(NAME_FUNCS) ++IMPLEMENT_STACK_OF(NAME_FUNCS) + + static STACK_OF(NAME_FUNCS) *name_funcs_stack; + +@@ -59,16 +45,21 @@ static STACK_OF(NAME_FUNCS) *name_funcs_stack; + * casting without the need for macro-generated wrapper functions. + */ + +-static unsigned long obj_name_hash(const OBJ_NAME *a); +-static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b); ++/* static unsigned long obj_name_hash(OBJ_NAME *a); */ ++static unsigned long obj_name_hash(const void *a_void); ++/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ ++static int obj_name_cmp(const void *a_void, const void *b_void); ++ ++static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME) ++static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME) + + int OBJ_NAME_init(void) + { + if (names_lh != NULL) + return (1); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); +- names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ MemCheck_off(); ++ names_lh = lh_OBJ_NAME_new(); ++ MemCheck_on(); + return (names_lh != NULL); + } + +@@ -76,13 +67,14 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + int (*cmp_func) (const char *, const char *), + void (*free_func) (const char *, int, const char *)) + { +- int ret, i, push; ++ int ret; ++ int i; + NAME_FUNCS *name_funcs; + + if (name_funcs_stack == NULL) { +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); ++ MemCheck_off(); + name_funcs_stack = sk_NAME_FUNCS_new_null(); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); ++ MemCheck_on(); + } + if (name_funcs_stack == NULL) { + /* ERROR */ +@@ -91,25 +83,22 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + ret = names_type_num; + names_type_num++; + for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); +- name_funcs = OPENSSL_zalloc(sizeof(*name_funcs)); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); +- if (name_funcs == NULL) { ++ MemCheck_off(); ++ name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); ++ MemCheck_on(); ++ if (!name_funcs) { + OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); + return (0); + } +- name_funcs->hash_func = OPENSSL_LH_strhash; +- name_funcs->cmp_func = obj_strcmp; +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE); +- +- push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); +- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE); +- +- if (!push) { +- OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(name_funcs); +- return 0; +- } ++ name_funcs->hash_func = lh_strhash; ++ name_funcs->cmp_func = OPENSSL_strcmp; ++ name_funcs->free_func = 0; /* NULL is often declared to * ((void ++ * *)0), which according * to Compaq C is ++ * not really * compatible with a function ++ * * pointer. -- Richard Levitte */ ++ MemCheck_off(); ++ sk_NAME_FUNCS_push(name_funcs_stack, name_funcs); ++ MemCheck_on(); + } + name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); + if (hash_func != NULL) +@@ -121,9 +110,12 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), + return (ret); + } + +-static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) ++/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */ ++static int obj_name_cmp(const void *a_void, const void *b_void) + { + int ret; ++ const OBJ_NAME *a = (const OBJ_NAME *)a_void; ++ const OBJ_NAME *b = (const OBJ_NAME *)b_void; + + ret = a->type - b->type; + if (ret == 0) { +@@ -137,9 +129,11 @@ static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b) + return (ret); + } + +-static unsigned long obj_name_hash(const OBJ_NAME *a) ++/* static unsigned long obj_name_hash(OBJ_NAME *a) */ ++static unsigned long obj_name_hash(const void *a_void) + { + unsigned long ret; ++ const OBJ_NAME *a = (const OBJ_NAME *)a_void; + + if ((name_funcs_stack != NULL) + && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { +@@ -147,7 +141,7 @@ static unsigned long obj_name_hash(const OBJ_NAME *a) + sk_NAME_FUNCS_value(name_funcs_stack, + a->type)->hash_func(a->name); + } else { +- ret = OPENSSL_LH_strhash(a->name); ++ ret = lh_strhash(a->name); + } + ret ^= a->type; + return (ret); +@@ -194,7 +188,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) + alias = type & OBJ_NAME_ALIAS; + type &= ~OBJ_NAME_ALIAS; + +- onp = OPENSSL_malloc(sizeof(*onp)); ++ onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); + if (onp == NULL) { + /* ERROR */ + return 0; +@@ -258,30 +252,31 @@ int OBJ_NAME_remove(const char *name, int type) + return (0); + } + +-typedef struct { ++struct doall { + int type; + void (*fn) (const OBJ_NAME *, void *arg); + void *arg; +-} OBJ_DOALL; ++}; + +-static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d) ++static void do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d) + { + if (name->type == d->type) + d->fn(name, d->arg); + } + +-IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL); ++static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall) + + void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg), + void *arg) + { +- OBJ_DOALL d; ++ struct doall d; + + d.type = type; + d.fn = fn; + d.arg = arg; + +- lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d); ++ lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), ++ struct doall, &d); + } + + struct doall_sorted { +@@ -317,13 +312,13 @@ void OBJ_NAME_do_all_sorted(int type, + + d.type = type; + d.names = +- OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh)); ++ OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); + /* Really should return an error if !d.names...but its a void function! */ +- if (d.names != NULL) { ++ if (d.names) { + d.n = 0; + OBJ_NAME_do_all(type, do_all_sorted_fn, &d); + +- qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp); ++ qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + + for (n = 0; n < d.n; ++n) + fn(d.names[n], arg); +@@ -343,6 +338,8 @@ static void names_lh_free_doall(OBJ_NAME *onp) + OBJ_NAME_remove(onp->name, onp->type); + } + ++static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME) ++ + static void name_funcs_free(NAME_FUNCS *ptr) + { + OPENSSL_free(ptr); +@@ -356,15 +353,15 @@ void OBJ_NAME_cleanup(int type) + return; + + free_type = type; +- down_load = lh_OBJ_NAME_get_down_load(names_lh); +- lh_OBJ_NAME_set_down_load(names_lh, 0); ++ down_load = lh_OBJ_NAME_down_load(names_lh); ++ lh_OBJ_NAME_down_load(names_lh) = 0; + +- lh_OBJ_NAME_doall(names_lh, names_lh_free_doall); ++ lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); + if (type < 0) { + lh_OBJ_NAME_free(names_lh); + sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); + names_lh = NULL; + name_funcs_stack = NULL; + } else +- lh_OBJ_NAME_set_down_load(names_lh, down_load); ++ lh_OBJ_NAME_down_load(names_lh) = down_load; + } +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +index 259851b..aca382a 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +@@ -1,25 +1,85 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/objects/obj_dat.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/objects.h" ++#include + #include +-#include "internal/asn1_int.h" +-#include "obj_lcl.h" + + /* obj_dat.h is generated from objects.h by obj_dat.pl */ +-#include "obj_dat.h" ++#ifndef OPENSSL_NO_OBJECT ++# include "obj_dat.h" ++#else ++/* You will have to load all the objects needed manually in the application */ ++# define NUM_NID 0 ++# define NUM_SN 0 ++# define NUM_LN 0 ++# define NUM_OBJ 0 ++static const unsigned char lvalues[1]; ++static const ASN1_OBJECT nid_objs[1]; ++static const unsigned int sn_objs[1]; ++static const unsigned int ln_objs[1]; ++static const unsigned int obj_objs[1]; ++#endif + + DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); + DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); +@@ -30,10 +90,11 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj); + #define ADDED_LNAME 2 + #define ADDED_NID 3 + +-struct added_obj_st { ++typedef struct added_obj_st { + int type; + ASN1_OBJECT *obj; +-}; ++} ADDED_OBJ; ++DECLARE_LHASH_OF(ADDED_OBJ); + + static int new_nid = NUM_NID; + static LHASH_OF(ADDED_OBJ) *added = NULL; +@@ -68,10 +129,10 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) + ret ^= p[i] << ((i * 3) % 24); + break; + case ADDED_SNAME: +- ret = OPENSSL_LH_strhash(a->sn); ++ ret = lh_strhash(a->sn); + break; + case ADDED_LNAME: +- ret = OPENSSL_LH_strhash(a->ln); ++ ret = lh_strhash(a->ln); + break; + case ADDED_NID: + ret = a->nid; +@@ -85,6 +146,8 @@ static unsigned long added_obj_hash(const ADDED_OBJ *ca) + return (ret); + } + ++static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ) ++ + static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) + { + ASN1_OBJECT *a, *b; +@@ -123,11 +186,13 @@ static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) + } + } + ++static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ) ++ + static int init_added(void) + { + if (added != NULL) + return (1); +- added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp); ++ added = lh_ADDED_OBJ_new(); + return (added != NULL); + } + +@@ -150,14 +215,34 @@ static void cleanup3_doall(ADDED_OBJ *a) + OPENSSL_free(a); + } + +-void obj_cleanup_int(void) ++static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ) ++static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ) ++static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ) ++ ++/* ++ * The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting to ++ * use freed up OIDs. If neccessary the actual freeing up of OIDs is delayed. ++ */ ++int obj_cleanup_defer = 0; ++ ++void check_defer(int nid) ++{ ++ if (!obj_cleanup_defer && nid >= NUM_NID) ++ obj_cleanup_defer = 1; ++} ++ ++void OBJ_cleanup(void) + { ++ if (obj_cleanup_defer) { ++ obj_cleanup_defer = 2; ++ return; ++ } + if (added == NULL) + return; +- lh_ADDED_OBJ_set_down_load(added, 0); +- lh_ADDED_OBJ_doall(added, cleanup1_doall); /* zero counters */ +- lh_ADDED_OBJ_doall(added, cleanup2_doall); /* set counters */ +- lh_ADDED_OBJ_doall(added, cleanup3_doall); /* free objects */ ++ lh_ADDED_OBJ_down_load(added) = 0; ++ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ ++ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ ++ lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ + lh_ADDED_OBJ_free(added); + added = NULL; + } +@@ -182,16 +267,21 @@ int OBJ_add_object(const ASN1_OBJECT *obj) + return (0); + if ((o = OBJ_dup(obj)) == NULL) + goto err; +- if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) ++ if (!(ao[ADDED_NID] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) + goto err2; + if ((o->length != 0) && (obj->data != NULL)) +- if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) ++ if (! ++ (ao[ADDED_DATA] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) + goto err2; + if (o->sn != NULL) +- if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) ++ if (! ++ (ao[ADDED_SNAME] = ++ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) + goto err2; + if (o->ln != NULL) +- if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) ++ if (! ++ (ao[ADDED_LNAME] = ++ (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) + goto err2; + + for (i = ADDED_DATA; i <= ADDED_NID; i++) { +@@ -199,8 +289,9 @@ int OBJ_add_object(const ASN1_OBJECT *obj) + ao[i]->type = i; + ao[i]->obj = o; + aop = lh_ADDED_OBJ_insert(added, ao[i]); +- /* memory leak, but should not normally matter */ +- OPENSSL_free(aop); ++ /* memory leak, buit should not normally matter */ ++ if (aop != NULL) ++ OPENSSL_free(aop); + } + } + o->flags &= +@@ -212,8 +303,10 @@ int OBJ_add_object(const ASN1_OBJECT *obj) + OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE); + err: + for (i = ADDED_DATA; i <= ADDED_NID; i++) +- OPENSSL_free(ao[i]); +- OPENSSL_free(o); ++ if (ao[i] != NULL) ++ OPENSSL_free(ao[i]); ++ if (o != NULL) ++ OPENSSL_free(o); + return (NID_undef); + } + +@@ -373,10 +466,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) + } + /* Work out total size */ + j = ASN1_object_size(0, i, V_ASN1_OBJECT); +- if (j < 0) +- return NULL; + +- if ((buf = OPENSSL_malloc(j)) == NULL) ++ if ((buf = (unsigned char *)OPENSSL_malloc(j)) == NULL) + return NULL; + + p = buf; +@@ -413,7 +504,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + s = OBJ_nid2sn(nid); + if (s) { + if (buf) +- OPENSSL_strlcpy(buf, s, buf_len); ++ BUF_strlcpy(buf, s, buf_len); + n = strlen(s); + return n; + } +@@ -441,7 +532,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + if (!(c & 0x80)) + break; + if (!use_bn && (l > (ULONG_MAX >> 7L))) { +- if (bl == NULL && (bl = BN_new()) == NULL) ++ if (!bl && !(bl = BN_new())) + goto err; + if (!BN_set_word(bl, l)) + goto err; +@@ -487,7 +578,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + *buf = '\0'; + buf_len--; + } +- OPENSSL_strlcpy(buf, bndec, buf_len); ++ BUF_strlcpy(buf, bndec, buf_len); + if (i > buf_len) { + buf += buf_len; + buf_len = 0; +@@ -503,7 +594,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l); + i = strlen(tbuf); + if (buf && (buf_len > 0)) { +- OPENSSL_strlcpy(buf, tbuf, buf_len); ++ BUF_strlcpy(buf, tbuf, buf_len); + if (i > buf_len) { + buf += buf_len; + buf_len = 0; +@@ -517,11 +608,13 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + } + } + +- BN_free(bl); ++ if (bl) ++ BN_free(bl); + return n; + + err: +- BN_free(bl); ++ if (bl) ++ BN_free(bl); + return -1; + } + +@@ -634,7 +727,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, + + int OBJ_create_objects(BIO *in) + { +- char buf[512]; ++ MS_STATIC char buf[512]; + int i, num = 0; + char *o, *s, *l = NULL; + +@@ -681,48 +774,28 @@ int OBJ_create_objects(BIO *in) + + int OBJ_create(const char *oid, const char *sn, const char *ln) + { +- ASN1_OBJECT *tmpoid = NULL; + int ok = 0; ++ ASN1_OBJECT *op = NULL; ++ unsigned char *buf; ++ int i; + +- /* Check to see if short or long name already present */ +- if (OBJ_sn2nid(sn) != NID_undef || OBJ_ln2nid(ln) != NID_undef) { +- OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS); +- return 0; +- } +- +- /* Convert numerical OID string to an ASN1_OBJECT structure */ +- tmpoid = OBJ_txt2obj(oid, 1); ++ i = a2d_ASN1_OBJECT(NULL, 0, oid, -1); ++ if (i <= 0) ++ return (0); + +- /* If NID is not NID_undef then object already exists */ +- if (OBJ_obj2nid(tmpoid) != NID_undef) { +- OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS); +- goto err; ++ if ((buf = (unsigned char *)OPENSSL_malloc(i)) == NULL) { ++ OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE); ++ return (0); + } +- +- tmpoid->nid = OBJ_new_nid(1); +- tmpoid->sn = (char *)sn; +- tmpoid->ln = (char *)ln; +- +- ok = OBJ_add_object(tmpoid); +- +- tmpoid->sn = NULL; +- tmpoid->ln = NULL; +- ++ i = a2d_ASN1_OBJECT(buf, i, oid, -1); ++ if (i == 0) ++ goto err; ++ op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln); ++ if (op == NULL) ++ goto err; ++ ok = OBJ_add_object(op); + err: +- ASN1_OBJECT_free(tmpoid); +- return ok; +-} +- +-size_t OBJ_length(const ASN1_OBJECT *obj) +-{ +- if (obj == NULL) +- return 0; +- return obj->length; +-} +- +-const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj) +-{ +- if (obj == NULL) +- return NULL; +- return obj->data; ++ ASN1_OBJECT_free(op); ++ OPENSSL_free(buf); ++ return (ok); + } +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.h b/Cryptlib/OpenSSL/crypto/objects/obj_dat.h +index e1fc64f..b7e3cf2 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.h ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.h +@@ -1,5101 +1,5319 @@ +-/* +- * WARNING: do not edit! +- * Generated by crypto/objects/obj_dat.pl ++/* crypto/objects/obj_dat.h */ ++ ++/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the ++ * following command: ++ * perl obj_dat.pl obj_mac.h obj_dat.h ++ */ ++ ++/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-/* Serialized OID's */ +-static const unsigned char so[6765] = { +- 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01, /* [ 37] OBJ_rsaEncryption */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02, /* [ 46] OBJ_md2WithRSAEncryption */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04, /* [ 55] OBJ_md5WithRSAEncryption */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01, /* [ 64] OBJ_pbeWithMD2AndDES_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03, /* [ 73] OBJ_pbeWithMD5AndDES_CBC */ +- 0x55, /* [ 82] OBJ_X500 */ +- 0x55,0x04, /* [ 83] OBJ_X509 */ +- 0x55,0x04,0x03, /* [ 85] OBJ_commonName */ +- 0x55,0x04,0x06, /* [ 88] OBJ_countryName */ +- 0x55,0x04,0x07, /* [ 91] OBJ_localityName */ +- 0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ +- 0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ +- 0x55,0x04,0x0B, /* [ 100] OBJ_organizationalUnitName */ +- 0x55,0x08,0x01,0x01, /* [ 103] OBJ_rsa */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [ 107] OBJ_pkcs7 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01, /* [ 115] OBJ_pkcs7_data */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02, /* [ 124] OBJ_pkcs7_signed */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03, /* [ 133] OBJ_pkcs7_enveloped */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04, /* [ 142] OBJ_pkcs7_signedAndEnveloped */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05, /* [ 151] OBJ_pkcs7_digest */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06, /* [ 160] OBJ_pkcs7_encrypted */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [ 169] OBJ_pkcs3 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01, /* [ 177] OBJ_dhKeyAgreement */ +- 0x2B,0x0E,0x03,0x02,0x06, /* [ 186] OBJ_des_ecb */ +- 0x2B,0x0E,0x03,0x02,0x09, /* [ 191] OBJ_des_cfb64 */ +- 0x2B,0x0E,0x03,0x02,0x07, /* [ 196] OBJ_des_cbc */ +- 0x2B,0x0E,0x03,0x02,0x11, /* [ 201] OBJ_des_ede_ecb */ +- 0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02, /* [ 206] OBJ_idea_cbc */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [ 217] OBJ_rc2_cbc */ +- 0x2B,0x0E,0x03,0x02,0x12, /* [ 225] OBJ_sha */ +- 0x2B,0x0E,0x03,0x02,0x0F, /* [ 230] OBJ_shaWithRSAEncryption */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [ 235] OBJ_des_ede3_cbc */ +- 0x2B,0x0E,0x03,0x02,0x08, /* [ 243] OBJ_des_ofb64 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [ 248] OBJ_pkcs9 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01, /* [ 256] OBJ_pkcs9_emailAddress */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02, /* [ 265] OBJ_pkcs9_unstructuredName */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03, /* [ 274] OBJ_pkcs9_contentType */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04, /* [ 283] OBJ_pkcs9_messageDigest */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05, /* [ 292] OBJ_pkcs9_signingTime */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06, /* [ 301] OBJ_pkcs9_countersignature */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07, /* [ 310] OBJ_pkcs9_challengePassword */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08, /* [ 319] OBJ_pkcs9_unstructuredAddress */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09, /* [ 328] OBJ_pkcs9_extCertAttributes */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [ 337] OBJ_netscape */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [ 344] OBJ_netscape_cert_extension */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [ 352] OBJ_netscape_data_type */ +- 0x2B,0x0E,0x03,0x02,0x1A, /* [ 360] OBJ_sha1 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05, /* [ 365] OBJ_sha1WithRSAEncryption */ +- 0x2B,0x0E,0x03,0x02,0x0D, /* [ 374] OBJ_dsaWithSHA */ +- 0x2B,0x0E,0x03,0x02,0x0C, /* [ 379] OBJ_dsa_2 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B, /* [ 384] OBJ_pbeWithSHA1AndRC2_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C, /* [ 393] OBJ_id_pbkdf2 */ +- 0x2B,0x0E,0x03,0x02,0x1B, /* [ 402] OBJ_dsaWithSHA1_2 */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01, /* [ 407] OBJ_netscape_cert_type */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02, /* [ 416] OBJ_netscape_base_url */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03, /* [ 425] OBJ_netscape_revocation_url */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04, /* [ 434] OBJ_netscape_ca_revocation_url */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07, /* [ 443] OBJ_netscape_renewal_url */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08, /* [ 452] OBJ_netscape_ca_policy_url */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C, /* [ 461] OBJ_netscape_ssl_server_name */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D, /* [ 470] OBJ_netscape_comment */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05, /* [ 479] OBJ_netscape_cert_sequence */ +- 0x55,0x1D, /* [ 488] OBJ_id_ce */ +- 0x55,0x1D,0x0E, /* [ 490] OBJ_subject_key_identifier */ +- 0x55,0x1D,0x0F, /* [ 493] OBJ_key_usage */ +- 0x55,0x1D,0x10, /* [ 496] OBJ_private_key_usage_period */ +- 0x55,0x1D,0x11, /* [ 499] OBJ_subject_alt_name */ +- 0x55,0x1D,0x12, /* [ 502] OBJ_issuer_alt_name */ +- 0x55,0x1D,0x13, /* [ 505] OBJ_basic_constraints */ +- 0x55,0x1D,0x14, /* [ 508] OBJ_crl_number */ +- 0x55,0x1D,0x20, /* [ 511] OBJ_certificate_policies */ +- 0x55,0x1D,0x23, /* [ 514] OBJ_authority_key_identifier */ +- 0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02, /* [ 517] OBJ_bf_cbc */ +- 0x55,0x08,0x03,0x65, /* [ 526] OBJ_mdc2 */ +- 0x55,0x08,0x03,0x64, /* [ 530] OBJ_mdc2WithRSA */ +- 0x55,0x04,0x2A, /* [ 534] OBJ_givenName */ +- 0x55,0x04,0x04, /* [ 537] OBJ_surname */ +- 0x55,0x04,0x2B, /* [ 540] OBJ_initials */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C, /* [ 543] OBJ_uniqueIdentifier */ +- 0x55,0x1D,0x1F, /* [ 553] OBJ_crl_distribution_points */ +- 0x2B,0x0E,0x03,0x02,0x03, /* [ 556] OBJ_md5WithRSA */ +- 0x55,0x04,0x05, /* [ 561] OBJ_serialNumber */ +- 0x55,0x04,0x0C, /* [ 564] OBJ_title */ +- 0x55,0x04,0x0D, /* [ 567] OBJ_description */ +- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A, /* [ 570] OBJ_cast5_cbc */ +- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C, /* [ 579] OBJ_pbeWithMD5AndCast5_CBC */ +- 0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [ 588] OBJ_dsaWithSHA1 */ +- 0x2B,0x0E,0x03,0x02,0x1D, /* [ 595] OBJ_sha1WithRSA */ +- 0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [ 600] OBJ_dsa */ +- 0x2B,0x24,0x03,0x02,0x01, /* [ 607] OBJ_ripemd160 */ +- 0x2B,0x24,0x03,0x03,0x01,0x02, /* [ 612] OBJ_ripemd160WithRSA */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [ 618] OBJ_rc5_cbc */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08, /* [ 626] OBJ_zlib_compression */ +- 0x55,0x1D,0x25, /* [ 637] OBJ_ext_key_usage */ +- 0x2B,0x06,0x01,0x05,0x05,0x07, /* [ 640] OBJ_id_pkix */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [ 646] OBJ_id_kp */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [ 653] OBJ_server_auth */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [ 661] OBJ_client_auth */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [ 669] OBJ_code_sign */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [ 677] OBJ_email_protect */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [ 685] OBJ_time_stamp */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15, /* [ 693] OBJ_ms_code_ind */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16, /* [ 703] OBJ_ms_code_com */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01, /* [ 713] OBJ_ms_ctl_sign */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03, /* [ 723] OBJ_ms_sgc */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04, /* [ 733] OBJ_ms_efs */ +- 0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01, /* [ 743] OBJ_ns_sgc */ +- 0x55,0x1D,0x1B, /* [ 752] OBJ_delta_crl */ +- 0x55,0x1D,0x15, /* [ 755] OBJ_crl_reason */ +- 0x55,0x1D,0x18, /* [ 758] OBJ_invalidity_date */ +- 0x2B,0x65,0x01,0x04,0x01, /* [ 761] OBJ_sxnet */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01, /* [ 766] OBJ_pbe_WithSHA1And128BitRC4 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02, /* [ 776] OBJ_pbe_WithSHA1And40BitRC4 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03, /* [ 786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04, /* [ 796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05, /* [ 806] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06, /* [ 816] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01, /* [ 826] OBJ_keyBag */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02, /* [ 837] OBJ_pkcs8ShroudedKeyBag */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03, /* [ 848] OBJ_certBag */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04, /* [ 859] OBJ_crlBag */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05, /* [ 870] OBJ_secretBag */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06, /* [ 881] OBJ_safeContentsBag */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14, /* [ 892] OBJ_friendlyName */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15, /* [ 901] OBJ_localKeyID */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01, /* [ 910] OBJ_x509Certificate */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02, /* [ 920] OBJ_sdsiCertificate */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01, /* [ 930] OBJ_x509Crl */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D, /* [ 940] OBJ_pbes2 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E, /* [ 949] OBJ_pbmac1 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [ 958] OBJ_hmacWithSHA1 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [ 966] OBJ_id_qt_cps */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [ 974] OBJ_id_qt_unotice */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F, /* [ 982] OBJ_SMIMECapabilities */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04, /* [ 991] OBJ_pbeWithMD2AndRC2_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06, /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A, /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E, /* [ 1018] OBJ_ms_ext_req */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E, /* [ 1028] OBJ_ext_req */ +- 0x55,0x04,0x29, /* [ 1037] OBJ_name */ +- 0x55,0x04,0x2E, /* [ 1040] OBJ_dnQualifier */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [ 1043] OBJ_id_pe */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [ 1050] OBJ_id_ad */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [ 1057] OBJ_info_access */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [ 1065] OBJ_ad_OCSP */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [ 1073] OBJ_ad_ca_issuers */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [ 1081] OBJ_OCSP_sign */ +- 0x2A, /* [ 1089] OBJ_member_body */ +- 0x2A,0x86,0x48, /* [ 1090] OBJ_ISO_US */ +- 0x2A,0x86,0x48,0xCE,0x38, /* [ 1093] OBJ_X9_57 */ +- 0x2A,0x86,0x48,0xCE,0x38,0x04, /* [ 1098] OBJ_X9cm */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [ 1104] OBJ_pkcs1 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [ 1112] OBJ_pkcs5 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10, /* [ 1120] OBJ_SMIME */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00, /* [ 1129] OBJ_id_smime_mod */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01, /* [ 1139] OBJ_id_smime_ct */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02, /* [ 1149] OBJ_id_smime_aa */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03, /* [ 1159] OBJ_id_smime_alg */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04, /* [ 1169] OBJ_id_smime_cd */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05, /* [ 1179] OBJ_id_smime_spq */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06, /* [ 1189] OBJ_id_smime_cti */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01, /* [ 1199] OBJ_id_smime_mod_cms */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02, /* [ 1210] OBJ_id_smime_mod_ess */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03, /* [ 1221] OBJ_id_smime_mod_oid */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04, /* [ 1232] OBJ_id_smime_mod_msg_v3 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05, /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06, /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07, /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08, /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01, /* [ 1287] OBJ_id_smime_ct_receipt */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02, /* [ 1298] OBJ_id_smime_ct_authData */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03, /* [ 1309] OBJ_id_smime_ct_publishCert */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04, /* [ 1320] OBJ_id_smime_ct_TSTInfo */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05, /* [ 1331] OBJ_id_smime_ct_TDTInfo */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06, /* [ 1342] OBJ_id_smime_ct_contentInfo */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07, /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08, /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01, /* [ 1375] OBJ_id_smime_aa_receiptRequest */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02, /* [ 1386] OBJ_id_smime_aa_securityLabel */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03, /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04, /* [ 1408] OBJ_id_smime_aa_contentHint */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05, /* [ 1419] OBJ_id_smime_aa_msgSigDigest */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06, /* [ 1430] OBJ_id_smime_aa_encapContentType */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07, /* [ 1441] OBJ_id_smime_aa_contentIdentifier */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08, /* [ 1452] OBJ_id_smime_aa_macValue */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09, /* [ 1463] OBJ_id_smime_aa_equivalentLabels */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A, /* [ 1474] OBJ_id_smime_aa_contentReference */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B, /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C, /* [ 1496] OBJ_id_smime_aa_signingCertificate */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D, /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E, /* [ 1518] OBJ_id_smime_aa_timeStampToken */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F, /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10, /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11, /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12, /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13, /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14, /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15, /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16, /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17, /* [ 1617] OBJ_id_smime_aa_ets_certValues */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18, /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19, /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A, /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B, /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C, /* [ 1672] OBJ_id_smime_aa_signatureType */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D, /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01, /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02, /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03, /* [ 1716] OBJ_id_smime_alg_3DESwrap */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04, /* [ 1727] OBJ_id_smime_alg_RC2wrap */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05, /* [ 1738] OBJ_id_smime_alg_ESDH */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06, /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07, /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01, /* [ 1771] OBJ_id_smime_cd_ldap */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01, /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02, /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01, /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02, /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03, /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04, /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05, /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06, /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [ 1870] OBJ_md4 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [ 1878] OBJ_id_pkix_mod */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [ 1885] OBJ_id_qt */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [ 1892] OBJ_id_it */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [ 1899] OBJ_id_pkip */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [ 1906] OBJ_id_alg */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [ 1913] OBJ_id_cmc */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [ 1920] OBJ_id_on */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [ 1927] OBJ_id_pda */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [ 1934] OBJ_id_aca */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [ 1941] OBJ_id_qcs */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [ 1948] OBJ_id_cct */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [ 1955] OBJ_id_pkix1_explicit_88 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [ 1963] OBJ_id_pkix1_implicit_88 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [ 1971] OBJ_id_pkix1_explicit_93 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [ 1979] OBJ_id_pkix1_implicit_93 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [ 1987] OBJ_id_mod_crmf */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [ 1995] OBJ_id_mod_cmc */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [ 2003] OBJ_id_mod_kea_profile_88 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [ 2011] OBJ_id_mod_kea_profile_93 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [ 2019] OBJ_id_mod_cmp */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [ 2027] OBJ_id_mod_qualified_cert_88 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [ 2035] OBJ_id_mod_qualified_cert_93 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [ 2043] OBJ_id_mod_attribute_cert */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [ 2051] OBJ_id_mod_timestamp_protocol */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [ 2059] OBJ_id_mod_ocsp */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [ 2067] OBJ_id_mod_dvcs */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [ 2075] OBJ_id_mod_cmp2000 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [ 2083] OBJ_biometricInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [ 2091] OBJ_qcStatements */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [ 2099] OBJ_ac_auditEntity */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [ 2107] OBJ_ac_targeting */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [ 2115] OBJ_aaControls */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [ 2123] OBJ_sbgp_ipAddrBlock */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [ 2131] OBJ_sbgp_autonomousSysNum */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [ 2139] OBJ_sbgp_routerIdentifier */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [ 2147] OBJ_textNotice */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [ 2155] OBJ_ipsecEndSystem */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [ 2163] OBJ_ipsecTunnel */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [ 2171] OBJ_ipsecUser */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [ 2179] OBJ_dvcs */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [ 2187] OBJ_id_it_caProtEncCert */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [ 2195] OBJ_id_it_signKeyPairTypes */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [ 2203] OBJ_id_it_encKeyPairTypes */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [ 2211] OBJ_id_it_preferredSymmAlg */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [ 2219] OBJ_id_it_caKeyUpdateInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [ 2227] OBJ_id_it_currentCRL */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [ 2235] OBJ_id_it_unsupportedOIDs */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [ 2243] OBJ_id_it_subscriptionRequest */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [ 2251] OBJ_id_it_subscriptionResponse */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [ 2259] OBJ_id_it_keyPairParamReq */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [ 2267] OBJ_id_it_keyPairParamRep */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [ 2275] OBJ_id_it_revPassphrase */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [ 2283] OBJ_id_it_implicitConfirm */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [ 2291] OBJ_id_it_confirmWaitTime */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [ 2299] OBJ_id_it_origPKIMessage */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [ 2307] OBJ_id_regCtrl */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [ 2315] OBJ_id_regInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01, /* [ 2323] OBJ_id_regCtrl_regToken */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02, /* [ 2332] OBJ_id_regCtrl_authenticator */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03, /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04, /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05, /* [ 2359] OBJ_id_regCtrl_oldCertID */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06, /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01, /* [ 2377] OBJ_id_regInfo_utf8Pairs */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02, /* [ 2386] OBJ_id_regInfo_certReq */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [ 2395] OBJ_id_alg_des40 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [ 2403] OBJ_id_alg_noSignature */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [ 2419] OBJ_id_alg_dh_pop */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [ 2427] OBJ_id_cmc_statusInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [ 2435] OBJ_id_cmc_identification */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [ 2443] OBJ_id_cmc_identityProof */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [ 2451] OBJ_id_cmc_dataReturn */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [ 2459] OBJ_id_cmc_transactionId */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [ 2467] OBJ_id_cmc_senderNonce */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [ 2475] OBJ_id_cmc_recipientNonce */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [ 2483] OBJ_id_cmc_addExtensions */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [ 2491] OBJ_id_cmc_encryptedPOP */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [ 2499] OBJ_id_cmc_decryptedPOP */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [ 2507] OBJ_id_cmc_lraPOPWitness */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [ 2515] OBJ_id_cmc_getCert */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [ 2523] OBJ_id_cmc_getCRL */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [ 2531] OBJ_id_cmc_revokeRequest */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [ 2539] OBJ_id_cmc_regInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [ 2547] OBJ_id_cmc_responseInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [ 2555] OBJ_id_cmc_queryPending */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [ 2563] OBJ_id_cmc_popLinkRandom */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [ 2571] OBJ_id_cmc_popLinkWitness */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [ 2587] OBJ_id_on_personalData */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [ 2595] OBJ_id_pda_dateOfBirth */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [ 2603] OBJ_id_pda_placeOfBirth */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [ 2611] OBJ_id_pda_gender */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [ 2619] OBJ_id_pda_countryOfCitizenship */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [ 2627] OBJ_id_pda_countryOfResidence */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [ 2635] OBJ_id_aca_authenticationInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [ 2643] OBJ_id_aca_accessIdentity */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [ 2651] OBJ_id_aca_chargingIdentity */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [ 2659] OBJ_id_aca_group */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [ 2667] OBJ_id_aca_role */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [ 2683] OBJ_id_cct_crs */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [ 2691] OBJ_id_cct_PKIData */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [ 2699] OBJ_id_cct_PKIResponse */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [ 2707] OBJ_ad_timeStamping */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [ 2715] OBJ_ad_dvcs */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01, /* [ 2723] OBJ_id_pkix_OCSP_basic */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02, /* [ 2732] OBJ_id_pkix_OCSP_Nonce */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03, /* [ 2741] OBJ_id_pkix_OCSP_CrlID */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04, /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05, /* [ 2759] OBJ_id_pkix_OCSP_noCheck */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06, /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07, /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08, /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09, /* [ 2795] OBJ_id_pkix_OCSP_valid */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A, /* [ 2804] OBJ_id_pkix_OCSP_path */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B, /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */ +- 0x2B,0x0E,0x03,0x02, /* [ 2822] OBJ_algorithm */ +- 0x2B,0x0E,0x03,0x02,0x0B, /* [ 2826] OBJ_rsaSignature */ +- 0x55,0x08, /* [ 2831] OBJ_X500algorithms */ +- 0x2B, /* [ 2833] OBJ_org */ +- 0x2B,0x06, /* [ 2834] OBJ_dod */ +- 0x2B,0x06,0x01, /* [ 2836] OBJ_iana */ +- 0x2B,0x06,0x01,0x01, /* [ 2839] OBJ_Directory */ +- 0x2B,0x06,0x01,0x02, /* [ 2843] OBJ_Management */ +- 0x2B,0x06,0x01,0x03, /* [ 2847] OBJ_Experimental */ +- 0x2B,0x06,0x01,0x04, /* [ 2851] OBJ_Private */ +- 0x2B,0x06,0x01,0x05, /* [ 2855] OBJ_Security */ +- 0x2B,0x06,0x01,0x06, /* [ 2859] OBJ_SNMPv2 */ +- 0x2B,0x06,0x01,0x07, /* [ 2863] OBJ_Mail */ +- 0x2B,0x06,0x01,0x04,0x01, /* [ 2867] OBJ_Enterprises */ +- 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58, /* [ 2872] OBJ_dcObject */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19, /* [ 2881] OBJ_domainComponent */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D, /* [ 2891] OBJ_Domain */ +- 0x55,0x01,0x05, /* [ 2901] OBJ_selected_attribute_types */ +- 0x55,0x01,0x05,0x37, /* [ 2904] OBJ_clearance */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03, /* [ 2908] OBJ_md4WithRSAEncryption */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [ 2917] OBJ_ac_proxying */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [ 2925] OBJ_sinfo_access */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [ 2933] OBJ_id_aca_encAttrs */ +- 0x55,0x04,0x48, /* [ 2941] OBJ_role */ +- 0x55,0x1D,0x24, /* [ 2944] OBJ_policy_constraints */ +- 0x55,0x1D,0x37, /* [ 2947] OBJ_target_information */ +- 0x55,0x1D,0x38, /* [ 2950] OBJ_no_rev_avail */ +- 0x2A,0x86,0x48,0xCE,0x3D, /* [ 2953] OBJ_ansi_X9_62 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [ 2958] OBJ_X9_62_prime_field */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [ 2965] OBJ_X9_62_characteristic_two_field */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [ 2972] OBJ_X9_62_id_ecPublicKey */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [ 2979] OBJ_X9_62_prime192v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [ 2987] OBJ_X9_62_prime192v2 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [ 2995] OBJ_X9_62_prime192v3 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [ 3003] OBJ_X9_62_prime239v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [ 3011] OBJ_X9_62_prime239v2 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [ 3019] OBJ_X9_62_prime239v3 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [ 3027] OBJ_X9_62_prime256v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [ 3035] OBJ_ecdsa_with_SHA1 */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01, /* [ 3042] OBJ_ms_csp_name */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01, /* [ 3051] OBJ_aes_128_ecb */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02, /* [ 3060] OBJ_aes_128_cbc */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03, /* [ 3069] OBJ_aes_128_ofb128 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04, /* [ 3078] OBJ_aes_128_cfb128 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15, /* [ 3087] OBJ_aes_192_ecb */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16, /* [ 3096] OBJ_aes_192_cbc */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17, /* [ 3105] OBJ_aes_192_ofb128 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18, /* [ 3114] OBJ_aes_192_cfb128 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29, /* [ 3123] OBJ_aes_256_ecb */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A, /* [ 3132] OBJ_aes_256_cbc */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B, /* [ 3141] OBJ_aes_256_ofb128 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C, /* [ 3150] OBJ_aes_256_cfb128 */ +- 0x55,0x1D,0x17, /* [ 3159] OBJ_hold_instruction_code */ +- 0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [ 3162] OBJ_hold_instruction_none */ +- 0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [ 3169] OBJ_hold_instruction_call_issuer */ +- 0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [ 3176] OBJ_hold_instruction_reject */ +- 0x09, /* [ 3183] OBJ_data */ +- 0x09,0x92,0x26, /* [ 3184] OBJ_pss */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [ 3187] OBJ_ucl */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [ 3194] OBJ_pilot */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01, /* [ 3202] OBJ_pilotAttributeType */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03, /* [ 3211] OBJ_pilotAttributeSyntax */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04, /* [ 3220] OBJ_pilotObjectClass */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A, /* [ 3229] OBJ_pilotGroups */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04, /* [ 3238] OBJ_iA5StringSyntax */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05, /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03, /* [ 3258] OBJ_pilotObject */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04, /* [ 3268] OBJ_pilotPerson */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05, /* [ 3278] OBJ_account */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06, /* [ 3288] OBJ_document */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07, /* [ 3298] OBJ_room */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09, /* [ 3308] OBJ_documentSeries */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E, /* [ 3318] OBJ_rFC822localPart */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F, /* [ 3328] OBJ_dNSDomain */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11, /* [ 3338] OBJ_domainRelatedObject */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12, /* [ 3348] OBJ_friendlyCountry */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13, /* [ 3358] OBJ_simpleSecurityObject */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14, /* [ 3368] OBJ_pilotOrganization */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15, /* [ 3378] OBJ_pilotDSA */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16, /* [ 3388] OBJ_qualityLabelledData */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01, /* [ 3398] OBJ_userId */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02, /* [ 3408] OBJ_textEncodedORAddress */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03, /* [ 3418] OBJ_rfc822Mailbox */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04, /* [ 3428] OBJ_info */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05, /* [ 3438] OBJ_favouriteDrink */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06, /* [ 3448] OBJ_roomNumber */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07, /* [ 3458] OBJ_photo */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08, /* [ 3468] OBJ_userClass */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09, /* [ 3478] OBJ_host */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A, /* [ 3488] OBJ_manager */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B, /* [ 3498] OBJ_documentIdentifier */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C, /* [ 3508] OBJ_documentTitle */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D, /* [ 3518] OBJ_documentVersion */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E, /* [ 3528] OBJ_documentAuthor */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F, /* [ 3538] OBJ_documentLocation */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14, /* [ 3548] OBJ_homeTelephoneNumber */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15, /* [ 3558] OBJ_secretary */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16, /* [ 3568] OBJ_otherMailbox */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17, /* [ 3578] OBJ_lastModifiedTime */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18, /* [ 3588] OBJ_lastModifiedBy */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A, /* [ 3598] OBJ_aRecord */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B, /* [ 3608] OBJ_pilotAttributeType27 */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C, /* [ 3618] OBJ_mXRecord */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D, /* [ 3628] OBJ_nSRecord */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E, /* [ 3638] OBJ_sOARecord */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F, /* [ 3648] OBJ_cNAMERecord */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25, /* [ 3658] OBJ_associatedDomain */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26, /* [ 3668] OBJ_associatedName */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27, /* [ 3678] OBJ_homePostalAddress */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28, /* [ 3688] OBJ_personalTitle */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29, /* [ 3698] OBJ_mobileTelephoneNumber */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A, /* [ 3708] OBJ_pagerTelephoneNumber */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B, /* [ 3718] OBJ_friendlyCountryName */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D, /* [ 3728] OBJ_organizationalStatus */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E, /* [ 3738] OBJ_janetMailbox */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F, /* [ 3748] OBJ_mailPreferenceOption */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30, /* [ 3758] OBJ_buildingName */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31, /* [ 3768] OBJ_dSAQuality */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32, /* [ 3778] OBJ_singleLevelQuality */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33, /* [ 3788] OBJ_subtreeMinimumQuality */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34, /* [ 3798] OBJ_subtreeMaximumQuality */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35, /* [ 3808] OBJ_personalSignature */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36, /* [ 3818] OBJ_dITRedirect */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37, /* [ 3828] OBJ_audio */ +- 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38, /* [ 3838] OBJ_documentPublisher */ +- 0x55,0x04,0x2D, /* [ 3848] OBJ_x500UniqueIdentifier */ +- 0x2B,0x06,0x01,0x07,0x01, /* [ 3851] OBJ_mime_mhs */ +- 0x2B,0x06,0x01,0x07,0x01,0x01, /* [ 3856] OBJ_mime_mhs_headings */ +- 0x2B,0x06,0x01,0x07,0x01,0x02, /* [ 3862] OBJ_mime_mhs_bodies */ +- 0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [ 3868] OBJ_id_hex_partial_message */ +- 0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [ 3875] OBJ_id_hex_multipart_message */ +- 0x55,0x04,0x2C, /* [ 3882] OBJ_generationQualifier */ +- 0x55,0x04,0x41, /* [ 3885] OBJ_pseudonym */ +- 0x67,0x2A, /* [ 3888] OBJ_id_set */ +- 0x67,0x2A,0x00, /* [ 3890] OBJ_set_ctype */ +- 0x67,0x2A,0x01, /* [ 3893] OBJ_set_msgExt */ +- 0x67,0x2A,0x03, /* [ 3896] OBJ_set_attr */ +- 0x67,0x2A,0x05, /* [ 3899] OBJ_set_policy */ +- 0x67,0x2A,0x07, /* [ 3902] OBJ_set_certExt */ +- 0x67,0x2A,0x08, /* [ 3905] OBJ_set_brand */ +- 0x67,0x2A,0x00,0x00, /* [ 3908] OBJ_setct_PANData */ +- 0x67,0x2A,0x00,0x01, /* [ 3912] OBJ_setct_PANToken */ +- 0x67,0x2A,0x00,0x02, /* [ 3916] OBJ_setct_PANOnly */ +- 0x67,0x2A,0x00,0x03, /* [ 3920] OBJ_setct_OIData */ +- 0x67,0x2A,0x00,0x04, /* [ 3924] OBJ_setct_PI */ +- 0x67,0x2A,0x00,0x05, /* [ 3928] OBJ_setct_PIData */ +- 0x67,0x2A,0x00,0x06, /* [ 3932] OBJ_setct_PIDataUnsigned */ +- 0x67,0x2A,0x00,0x07, /* [ 3936] OBJ_setct_HODInput */ +- 0x67,0x2A,0x00,0x08, /* [ 3940] OBJ_setct_AuthResBaggage */ +- 0x67,0x2A,0x00,0x09, /* [ 3944] OBJ_setct_AuthRevReqBaggage */ +- 0x67,0x2A,0x00,0x0A, /* [ 3948] OBJ_setct_AuthRevResBaggage */ +- 0x67,0x2A,0x00,0x0B, /* [ 3952] OBJ_setct_CapTokenSeq */ +- 0x67,0x2A,0x00,0x0C, /* [ 3956] OBJ_setct_PInitResData */ +- 0x67,0x2A,0x00,0x0D, /* [ 3960] OBJ_setct_PI_TBS */ +- 0x67,0x2A,0x00,0x0E, /* [ 3964] OBJ_setct_PResData */ +- 0x67,0x2A,0x00,0x10, /* [ 3968] OBJ_setct_AuthReqTBS */ +- 0x67,0x2A,0x00,0x11, /* [ 3972] OBJ_setct_AuthResTBS */ +- 0x67,0x2A,0x00,0x12, /* [ 3976] OBJ_setct_AuthResTBSX */ +- 0x67,0x2A,0x00,0x13, /* [ 3980] OBJ_setct_AuthTokenTBS */ +- 0x67,0x2A,0x00,0x14, /* [ 3984] OBJ_setct_CapTokenData */ +- 0x67,0x2A,0x00,0x15, /* [ 3988] OBJ_setct_CapTokenTBS */ +- 0x67,0x2A,0x00,0x16, /* [ 3992] OBJ_setct_AcqCardCodeMsg */ +- 0x67,0x2A,0x00,0x17, /* [ 3996] OBJ_setct_AuthRevReqTBS */ +- 0x67,0x2A,0x00,0x18, /* [ 4000] OBJ_setct_AuthRevResData */ +- 0x67,0x2A,0x00,0x19, /* [ 4004] OBJ_setct_AuthRevResTBS */ +- 0x67,0x2A,0x00,0x1A, /* [ 4008] OBJ_setct_CapReqTBS */ +- 0x67,0x2A,0x00,0x1B, /* [ 4012] OBJ_setct_CapReqTBSX */ +- 0x67,0x2A,0x00,0x1C, /* [ 4016] OBJ_setct_CapResData */ +- 0x67,0x2A,0x00,0x1D, /* [ 4020] OBJ_setct_CapRevReqTBS */ +- 0x67,0x2A,0x00,0x1E, /* [ 4024] OBJ_setct_CapRevReqTBSX */ +- 0x67,0x2A,0x00,0x1F, /* [ 4028] OBJ_setct_CapRevResData */ +- 0x67,0x2A,0x00,0x20, /* [ 4032] OBJ_setct_CredReqTBS */ +- 0x67,0x2A,0x00,0x21, /* [ 4036] OBJ_setct_CredReqTBSX */ +- 0x67,0x2A,0x00,0x22, /* [ 4040] OBJ_setct_CredResData */ +- 0x67,0x2A,0x00,0x23, /* [ 4044] OBJ_setct_CredRevReqTBS */ +- 0x67,0x2A,0x00,0x24, /* [ 4048] OBJ_setct_CredRevReqTBSX */ +- 0x67,0x2A,0x00,0x25, /* [ 4052] OBJ_setct_CredRevResData */ +- 0x67,0x2A,0x00,0x26, /* [ 4056] OBJ_setct_PCertReqData */ +- 0x67,0x2A,0x00,0x27, /* [ 4060] OBJ_setct_PCertResTBS */ +- 0x67,0x2A,0x00,0x28, /* [ 4064] OBJ_setct_BatchAdminReqData */ +- 0x67,0x2A,0x00,0x29, /* [ 4068] OBJ_setct_BatchAdminResData */ +- 0x67,0x2A,0x00,0x2A, /* [ 4072] OBJ_setct_CardCInitResTBS */ +- 0x67,0x2A,0x00,0x2B, /* [ 4076] OBJ_setct_MeAqCInitResTBS */ +- 0x67,0x2A,0x00,0x2C, /* [ 4080] OBJ_setct_RegFormResTBS */ +- 0x67,0x2A,0x00,0x2D, /* [ 4084] OBJ_setct_CertReqData */ +- 0x67,0x2A,0x00,0x2E, /* [ 4088] OBJ_setct_CertReqTBS */ +- 0x67,0x2A,0x00,0x2F, /* [ 4092] OBJ_setct_CertResData */ +- 0x67,0x2A,0x00,0x30, /* [ 4096] OBJ_setct_CertInqReqTBS */ +- 0x67,0x2A,0x00,0x31, /* [ 4100] OBJ_setct_ErrorTBS */ +- 0x67,0x2A,0x00,0x32, /* [ 4104] OBJ_setct_PIDualSignedTBE */ +- 0x67,0x2A,0x00,0x33, /* [ 4108] OBJ_setct_PIUnsignedTBE */ +- 0x67,0x2A,0x00,0x34, /* [ 4112] OBJ_setct_AuthReqTBE */ +- 0x67,0x2A,0x00,0x35, /* [ 4116] OBJ_setct_AuthResTBE */ +- 0x67,0x2A,0x00,0x36, /* [ 4120] OBJ_setct_AuthResTBEX */ +- 0x67,0x2A,0x00,0x37, /* [ 4124] OBJ_setct_AuthTokenTBE */ +- 0x67,0x2A,0x00,0x38, /* [ 4128] OBJ_setct_CapTokenTBE */ +- 0x67,0x2A,0x00,0x39, /* [ 4132] OBJ_setct_CapTokenTBEX */ +- 0x67,0x2A,0x00,0x3A, /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */ +- 0x67,0x2A,0x00,0x3B, /* [ 4140] OBJ_setct_AuthRevReqTBE */ +- 0x67,0x2A,0x00,0x3C, /* [ 4144] OBJ_setct_AuthRevResTBE */ +- 0x67,0x2A,0x00,0x3D, /* [ 4148] OBJ_setct_AuthRevResTBEB */ +- 0x67,0x2A,0x00,0x3E, /* [ 4152] OBJ_setct_CapReqTBE */ +- 0x67,0x2A,0x00,0x3F, /* [ 4156] OBJ_setct_CapReqTBEX */ +- 0x67,0x2A,0x00,0x40, /* [ 4160] OBJ_setct_CapResTBE */ +- 0x67,0x2A,0x00,0x41, /* [ 4164] OBJ_setct_CapRevReqTBE */ +- 0x67,0x2A,0x00,0x42, /* [ 4168] OBJ_setct_CapRevReqTBEX */ +- 0x67,0x2A,0x00,0x43, /* [ 4172] OBJ_setct_CapRevResTBE */ +- 0x67,0x2A,0x00,0x44, /* [ 4176] OBJ_setct_CredReqTBE */ +- 0x67,0x2A,0x00,0x45, /* [ 4180] OBJ_setct_CredReqTBEX */ +- 0x67,0x2A,0x00,0x46, /* [ 4184] OBJ_setct_CredResTBE */ +- 0x67,0x2A,0x00,0x47, /* [ 4188] OBJ_setct_CredRevReqTBE */ +- 0x67,0x2A,0x00,0x48, /* [ 4192] OBJ_setct_CredRevReqTBEX */ +- 0x67,0x2A,0x00,0x49, /* [ 4196] OBJ_setct_CredRevResTBE */ +- 0x67,0x2A,0x00,0x4A, /* [ 4200] OBJ_setct_BatchAdminReqTBE */ +- 0x67,0x2A,0x00,0x4B, /* [ 4204] OBJ_setct_BatchAdminResTBE */ +- 0x67,0x2A,0x00,0x4C, /* [ 4208] OBJ_setct_RegFormReqTBE */ +- 0x67,0x2A,0x00,0x4D, /* [ 4212] OBJ_setct_CertReqTBE */ +- 0x67,0x2A,0x00,0x4E, /* [ 4216] OBJ_setct_CertReqTBEX */ +- 0x67,0x2A,0x00,0x4F, /* [ 4220] OBJ_setct_CertResTBE */ +- 0x67,0x2A,0x00,0x50, /* [ 4224] OBJ_setct_CRLNotificationTBS */ +- 0x67,0x2A,0x00,0x51, /* [ 4228] OBJ_setct_CRLNotificationResTBS */ +- 0x67,0x2A,0x00,0x52, /* [ 4232] OBJ_setct_BCIDistributionTBS */ +- 0x67,0x2A,0x01,0x01, /* [ 4236] OBJ_setext_genCrypt */ +- 0x67,0x2A,0x01,0x03, /* [ 4240] OBJ_setext_miAuth */ +- 0x67,0x2A,0x01,0x04, /* [ 4244] OBJ_setext_pinSecure */ +- 0x67,0x2A,0x01,0x05, /* [ 4248] OBJ_setext_pinAny */ +- 0x67,0x2A,0x01,0x07, /* [ 4252] OBJ_setext_track2 */ +- 0x67,0x2A,0x01,0x08, /* [ 4256] OBJ_setext_cv */ +- 0x67,0x2A,0x05,0x00, /* [ 4260] OBJ_set_policy_root */ +- 0x67,0x2A,0x07,0x00, /* [ 4264] OBJ_setCext_hashedRoot */ +- 0x67,0x2A,0x07,0x01, /* [ 4268] OBJ_setCext_certType */ +- 0x67,0x2A,0x07,0x02, /* [ 4272] OBJ_setCext_merchData */ +- 0x67,0x2A,0x07,0x03, /* [ 4276] OBJ_setCext_cCertRequired */ +- 0x67,0x2A,0x07,0x04, /* [ 4280] OBJ_setCext_tunneling */ +- 0x67,0x2A,0x07,0x05, /* [ 4284] OBJ_setCext_setExt */ +- 0x67,0x2A,0x07,0x06, /* [ 4288] OBJ_setCext_setQualf */ +- 0x67,0x2A,0x07,0x07, /* [ 4292] OBJ_setCext_PGWYcapabilities */ +- 0x67,0x2A,0x07,0x08, /* [ 4296] OBJ_setCext_TokenIdentifier */ +- 0x67,0x2A,0x07,0x09, /* [ 4300] OBJ_setCext_Track2Data */ +- 0x67,0x2A,0x07,0x0A, /* [ 4304] OBJ_setCext_TokenType */ +- 0x67,0x2A,0x07,0x0B, /* [ 4308] OBJ_setCext_IssuerCapabilities */ +- 0x67,0x2A,0x03,0x00, /* [ 4312] OBJ_setAttr_Cert */ +- 0x67,0x2A,0x03,0x01, /* [ 4316] OBJ_setAttr_PGWYcap */ +- 0x67,0x2A,0x03,0x02, /* [ 4320] OBJ_setAttr_TokenType */ +- 0x67,0x2A,0x03,0x03, /* [ 4324] OBJ_setAttr_IssCap */ +- 0x67,0x2A,0x03,0x00,0x00, /* [ 4328] OBJ_set_rootKeyThumb */ +- 0x67,0x2A,0x03,0x00,0x01, /* [ 4333] OBJ_set_addPolicy */ +- 0x67,0x2A,0x03,0x02,0x01, /* [ 4338] OBJ_setAttr_Token_EMV */ +- 0x67,0x2A,0x03,0x02,0x02, /* [ 4343] OBJ_setAttr_Token_B0Prime */ +- 0x67,0x2A,0x03,0x03,0x03, /* [ 4348] OBJ_setAttr_IssCap_CVM */ +- 0x67,0x2A,0x03,0x03,0x04, /* [ 4353] OBJ_setAttr_IssCap_T2 */ +- 0x67,0x2A,0x03,0x03,0x05, /* [ 4358] OBJ_setAttr_IssCap_Sig */ +- 0x67,0x2A,0x03,0x03,0x03,0x01, /* [ 4363] OBJ_setAttr_GenCryptgrm */ +- 0x67,0x2A,0x03,0x03,0x04,0x01, /* [ 4369] OBJ_setAttr_T2Enc */ +- 0x67,0x2A,0x03,0x03,0x04,0x02, /* [ 4375] OBJ_setAttr_T2cleartxt */ +- 0x67,0x2A,0x03,0x03,0x05,0x01, /* [ 4381] OBJ_setAttr_TokICCsig */ +- 0x67,0x2A,0x03,0x03,0x05,0x02, /* [ 4387] OBJ_setAttr_SecDevSig */ +- 0x67,0x2A,0x08,0x01, /* [ 4393] OBJ_set_brand_IATA_ATA */ +- 0x67,0x2A,0x08,0x1E, /* [ 4397] OBJ_set_brand_Diners */ +- 0x67,0x2A,0x08,0x22, /* [ 4401] OBJ_set_brand_AmericanExpress */ +- 0x67,0x2A,0x08,0x23, /* [ 4405] OBJ_set_brand_JCB */ +- 0x67,0x2A,0x08,0x04, /* [ 4409] OBJ_set_brand_Visa */ +- 0x67,0x2A,0x08,0x05, /* [ 4413] OBJ_set_brand_MasterCard */ +- 0x67,0x2A,0x08,0xAE,0x7B, /* [ 4417] OBJ_set_brand_Novus */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [ 4422] OBJ_des_cdmf */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06, /* [ 4430] OBJ_rsaOAEPEncryptionSET */ +- 0x67, /* [ 4439] OBJ_international_organizations */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02, /* [ 4440] OBJ_ms_smartcard_login */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03, /* [ 4450] OBJ_ms_upn */ +- 0x55,0x04,0x09, /* [ 4460] OBJ_streetAddress */ +- 0x55,0x04,0x11, /* [ 4463] OBJ_postalCode */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [ 4466] OBJ_id_ppl */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [ 4473] OBJ_proxyCertInfo */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [ 4481] OBJ_id_ppl_anyLanguage */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [ 4489] OBJ_id_ppl_inheritAll */ +- 0x55,0x1D,0x1E, /* [ 4497] OBJ_name_constraints */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [ 4500] OBJ_Independent */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B, /* [ 4508] OBJ_sha256WithRSAEncryption */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C, /* [ 4517] OBJ_sha384WithRSAEncryption */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D, /* [ 4526] OBJ_sha512WithRSAEncryption */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E, /* [ 4535] OBJ_sha224WithRSAEncryption */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01, /* [ 4544] OBJ_sha256 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02, /* [ 4553] OBJ_sha384 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03, /* [ 4562] OBJ_sha512 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04, /* [ 4571] OBJ_sha224 */ +- 0x2B, /* [ 4580] OBJ_identified_organization */ +- 0x2B,0x81,0x04, /* [ 4581] OBJ_certicom_arc */ +- 0x67,0x2B, /* [ 4584] OBJ_wap */ +- 0x67,0x2B,0x01, /* [ 4586] OBJ_wap_wsg */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01, /* [ 4597] OBJ_X9_62_onBasis */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02, /* [ 4606] OBJ_X9_62_tpBasis */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03, /* [ 4615] OBJ_X9_62_ppBasis */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [ 4624] OBJ_X9_62_c2pnb163v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [ 4632] OBJ_X9_62_c2pnb163v2 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [ 4640] OBJ_X9_62_c2pnb163v3 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [ 4648] OBJ_X9_62_c2pnb176v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [ 4656] OBJ_X9_62_c2tnb191v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [ 4664] OBJ_X9_62_c2tnb191v2 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [ 4672] OBJ_X9_62_c2tnb191v3 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [ 4680] OBJ_X9_62_c2onb191v4 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [ 4688] OBJ_X9_62_c2onb191v5 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [ 4696] OBJ_X9_62_c2pnb208w1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [ 4704] OBJ_X9_62_c2tnb239v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [ 4712] OBJ_X9_62_c2tnb239v2 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [ 4720] OBJ_X9_62_c2tnb239v3 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [ 4728] OBJ_X9_62_c2onb239v4 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [ 4736] OBJ_X9_62_c2onb239v5 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [ 4744] OBJ_X9_62_c2pnb272w1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [ 4752] OBJ_X9_62_c2pnb304w1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [ 4760] OBJ_X9_62_c2tnb359v1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [ 4768] OBJ_X9_62_c2pnb368w1 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [ 4776] OBJ_X9_62_c2tnb431r1 */ +- 0x2B,0x81,0x04,0x00,0x06, /* [ 4784] OBJ_secp112r1 */ +- 0x2B,0x81,0x04,0x00,0x07, /* [ 4789] OBJ_secp112r2 */ +- 0x2B,0x81,0x04,0x00,0x1C, /* [ 4794] OBJ_secp128r1 */ +- 0x2B,0x81,0x04,0x00,0x1D, /* [ 4799] OBJ_secp128r2 */ +- 0x2B,0x81,0x04,0x00,0x09, /* [ 4804] OBJ_secp160k1 */ +- 0x2B,0x81,0x04,0x00,0x08, /* [ 4809] OBJ_secp160r1 */ +- 0x2B,0x81,0x04,0x00,0x1E, /* [ 4814] OBJ_secp160r2 */ +- 0x2B,0x81,0x04,0x00,0x1F, /* [ 4819] OBJ_secp192k1 */ +- 0x2B,0x81,0x04,0x00,0x20, /* [ 4824] OBJ_secp224k1 */ +- 0x2B,0x81,0x04,0x00,0x21, /* [ 4829] OBJ_secp224r1 */ +- 0x2B,0x81,0x04,0x00,0x0A, /* [ 4834] OBJ_secp256k1 */ +- 0x2B,0x81,0x04,0x00,0x22, /* [ 4839] OBJ_secp384r1 */ +- 0x2B,0x81,0x04,0x00,0x23, /* [ 4844] OBJ_secp521r1 */ +- 0x2B,0x81,0x04,0x00,0x04, /* [ 4849] OBJ_sect113r1 */ +- 0x2B,0x81,0x04,0x00,0x05, /* [ 4854] OBJ_sect113r2 */ +- 0x2B,0x81,0x04,0x00,0x16, /* [ 4859] OBJ_sect131r1 */ +- 0x2B,0x81,0x04,0x00,0x17, /* [ 4864] OBJ_sect131r2 */ +- 0x2B,0x81,0x04,0x00,0x01, /* [ 4869] OBJ_sect163k1 */ +- 0x2B,0x81,0x04,0x00,0x02, /* [ 4874] OBJ_sect163r1 */ +- 0x2B,0x81,0x04,0x00,0x0F, /* [ 4879] OBJ_sect163r2 */ +- 0x2B,0x81,0x04,0x00,0x18, /* [ 4884] OBJ_sect193r1 */ +- 0x2B,0x81,0x04,0x00,0x19, /* [ 4889] OBJ_sect193r2 */ +- 0x2B,0x81,0x04,0x00,0x1A, /* [ 4894] OBJ_sect233k1 */ +- 0x2B,0x81,0x04,0x00,0x1B, /* [ 4899] OBJ_sect233r1 */ +- 0x2B,0x81,0x04,0x00,0x03, /* [ 4904] OBJ_sect239k1 */ +- 0x2B,0x81,0x04,0x00,0x10, /* [ 4909] OBJ_sect283k1 */ +- 0x2B,0x81,0x04,0x00,0x11, /* [ 4914] OBJ_sect283r1 */ +- 0x2B,0x81,0x04,0x00,0x24, /* [ 4919] OBJ_sect409k1 */ +- 0x2B,0x81,0x04,0x00,0x25, /* [ 4924] OBJ_sect409r1 */ +- 0x2B,0x81,0x04,0x00,0x26, /* [ 4929] OBJ_sect571k1 */ +- 0x2B,0x81,0x04,0x00,0x27, /* [ 4934] OBJ_sect571r1 */ +- 0x67,0x2B,0x01,0x04,0x01, /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */ +- 0x67,0x2B,0x01,0x04,0x03, /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */ +- 0x67,0x2B,0x01,0x04,0x04, /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */ +- 0x67,0x2B,0x01,0x04,0x05, /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */ +- 0x67,0x2B,0x01,0x04,0x06, /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */ +- 0x67,0x2B,0x01,0x04,0x07, /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */ +- 0x67,0x2B,0x01,0x04,0x08, /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */ +- 0x67,0x2B,0x01,0x04,0x09, /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */ +- 0x67,0x2B,0x01,0x04,0x0A, /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */ +- 0x67,0x2B,0x01,0x04,0x0B, /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */ +- 0x67,0x2B,0x01,0x04,0x0C, /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */ +- 0x55,0x1D,0x20,0x00, /* [ 4994] OBJ_any_policy */ +- 0x55,0x1D,0x21, /* [ 4998] OBJ_policy_mappings */ +- 0x55,0x1D,0x36, /* [ 5001] OBJ_inhibit_any_policy */ +- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02, /* [ 5004] OBJ_camellia_128_cbc */ +- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03, /* [ 5015] OBJ_camellia_192_cbc */ +- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04, /* [ 5026] OBJ_camellia_256_cbc */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [ 5037] OBJ_camellia_128_ecb */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [ 5045] OBJ_camellia_192_ecb */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [ 5053] OBJ_camellia_256_ecb */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [ 5061] OBJ_camellia_128_cfb128 */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [ 5069] OBJ_camellia_192_cfb128 */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [ 5077] OBJ_camellia_256_cfb128 */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [ 5085] OBJ_camellia_128_ofb128 */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [ 5093] OBJ_camellia_192_ofb128 */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [ 5101] OBJ_camellia_256_ofb128 */ +- 0x55,0x1D,0x09, /* [ 5109] OBJ_subject_directory_attributes */ +- 0x55,0x1D,0x1C, /* [ 5112] OBJ_issuing_distribution_point */ +- 0x55,0x1D,0x1D, /* [ 5115] OBJ_certificate_issuer */ +- 0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [ 5118] OBJ_kisa */ +- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [ 5124] OBJ_seed_ecb */ +- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [ 5132] OBJ_seed_cbc */ +- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [ 5140] OBJ_seed_ofb128 */ +- 0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [ 5148] OBJ_seed_cfb128 */ +- 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [ 5156] OBJ_hmac_md5 */ +- 0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [ 5164] OBJ_hmac_sha1 */ +- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D, /* [ 5172] OBJ_id_PasswordBasedMAC */ +- 0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E, /* [ 5181] OBJ_id_DHBasedMac */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [ 5190] OBJ_id_it_suppLangTags */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [ 5198] OBJ_caRepository */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09, /* [ 5206] OBJ_id_smime_ct_compressedData */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B, /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05, /* [ 5228] OBJ_id_aes128_wrap */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19, /* [ 5237] OBJ_id_aes192_wrap */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D, /* [ 5246] OBJ_id_aes256_wrap */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [ 5255] OBJ_ecdsa_with_Recommended */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [ 5262] OBJ_ecdsa_with_Specified */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [ 5269] OBJ_ecdsa_with_SHA224 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [ 5277] OBJ_ecdsa_with_SHA256 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [ 5285] OBJ_ecdsa_with_SHA384 */ +- 0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [ 5293] OBJ_ecdsa_with_SHA512 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [ 5301] OBJ_hmacWithMD5 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [ 5309] OBJ_hmacWithSHA224 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [ 5317] OBJ_hmacWithSHA256 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [ 5325] OBJ_hmacWithSHA384 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [ 5333] OBJ_hmacWithSHA512 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01, /* [ 5341] OBJ_dsa_with_SHA224 */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02, /* [ 5350] OBJ_dsa_with_SHA256 */ +- 0x28,0xCF,0x06,0x03,0x00,0x37, /* [ 5359] OBJ_whirlpool */ +- 0x2A,0x85,0x03,0x02,0x02, /* [ 5365] OBJ_cryptopro */ +- 0x2A,0x85,0x03,0x02,0x09, /* [ 5370] OBJ_cryptocom */ +- 0x2A,0x85,0x03,0x02,0x02,0x03, /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */ +- 0x2A,0x85,0x03,0x02,0x02,0x04, /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */ +- 0x2A,0x85,0x03,0x02,0x02,0x09, /* [ 5387] OBJ_id_GostR3411_94 */ +- 0x2A,0x85,0x03,0x02,0x02,0x0A, /* [ 5393] OBJ_id_HMACGostR3411_94 */ +- 0x2A,0x85,0x03,0x02,0x02,0x13, /* [ 5399] OBJ_id_GostR3410_2001 */ +- 0x2A,0x85,0x03,0x02,0x02,0x14, /* [ 5405] OBJ_id_GostR3410_94 */ +- 0x2A,0x85,0x03,0x02,0x02,0x15, /* [ 5411] OBJ_id_Gost28147_89 */ +- 0x2A,0x85,0x03,0x02,0x02,0x16, /* [ 5417] OBJ_id_Gost28147_89_MAC */ +- 0x2A,0x85,0x03,0x02,0x02,0x17, /* [ 5423] OBJ_id_GostR3411_94_prf */ +- 0x2A,0x85,0x03,0x02,0x02,0x62, /* [ 5429] OBJ_id_GostR3410_2001DH */ +- 0x2A,0x85,0x03,0x02,0x02,0x63, /* [ 5435] OBJ_id_GostR3410_94DH */ +- 0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ +- 0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */ +- 0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ +- 0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [ 5623] OBJ_id_GostR3410_94_a */ +- 0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [ 5630] OBJ_id_GostR3410_94_aBis */ +- 0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [ 5637] OBJ_id_GostR3410_94_b */ +- 0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [ 5644] OBJ_id_GostR3410_94_bBis */ +- 0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [ 5651] OBJ_id_Gost28147_89_cc */ +- 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [ 5659] OBJ_id_GostR3410_94_cc */ +- 0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [ 5667] OBJ_id_GostR3410_2001_cc */ +- 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ +- 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ +- 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02, /* [ 5699] OBJ_LocalKeySet */ +- 0x55,0x1D,0x2E, /* [ 5708] OBJ_freshest_crl */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [ 5711] OBJ_id_on_permanentIdentifier */ +- 0x55,0x04,0x0E, /* [ 5719] OBJ_searchGuide */ +- 0x55,0x04,0x0F, /* [ 5722] OBJ_businessCategory */ +- 0x55,0x04,0x10, /* [ 5725] OBJ_postalAddress */ +- 0x55,0x04,0x12, /* [ 5728] OBJ_postOfficeBox */ +- 0x55,0x04,0x13, /* [ 5731] OBJ_physicalDeliveryOfficeName */ +- 0x55,0x04,0x14, /* [ 5734] OBJ_telephoneNumber */ +- 0x55,0x04,0x15, /* [ 5737] OBJ_telexNumber */ +- 0x55,0x04,0x16, /* [ 5740] OBJ_teletexTerminalIdentifier */ +- 0x55,0x04,0x17, /* [ 5743] OBJ_facsimileTelephoneNumber */ +- 0x55,0x04,0x18, /* [ 5746] OBJ_x121Address */ +- 0x55,0x04,0x19, /* [ 5749] OBJ_internationaliSDNNumber */ +- 0x55,0x04,0x1A, /* [ 5752] OBJ_registeredAddress */ +- 0x55,0x04,0x1B, /* [ 5755] OBJ_destinationIndicator */ +- 0x55,0x04,0x1C, /* [ 5758] OBJ_preferredDeliveryMethod */ +- 0x55,0x04,0x1D, /* [ 5761] OBJ_presentationAddress */ +- 0x55,0x04,0x1E, /* [ 5764] OBJ_supportedApplicationContext */ +- 0x55,0x04,0x1F, /* [ 5767] OBJ_member */ +- 0x55,0x04,0x20, /* [ 5770] OBJ_owner */ +- 0x55,0x04,0x21, /* [ 5773] OBJ_roleOccupant */ +- 0x55,0x04,0x22, /* [ 5776] OBJ_seeAlso */ +- 0x55,0x04,0x23, /* [ 5779] OBJ_userPassword */ +- 0x55,0x04,0x24, /* [ 5782] OBJ_userCertificate */ +- 0x55,0x04,0x25, /* [ 5785] OBJ_cACertificate */ +- 0x55,0x04,0x26, /* [ 5788] OBJ_authorityRevocationList */ +- 0x55,0x04,0x27, /* [ 5791] OBJ_certificateRevocationList */ +- 0x55,0x04,0x28, /* [ 5794] OBJ_crossCertificatePair */ +- 0x55,0x04,0x2F, /* [ 5797] OBJ_enhancedSearchGuide */ +- 0x55,0x04,0x30, /* [ 5800] OBJ_protocolInformation */ +- 0x55,0x04,0x31, /* [ 5803] OBJ_distinguishedName */ +- 0x55,0x04,0x32, /* [ 5806] OBJ_uniqueMember */ +- 0x55,0x04,0x33, /* [ 5809] OBJ_houseIdentifier */ +- 0x55,0x04,0x34, /* [ 5812] OBJ_supportedAlgorithms */ +- 0x55,0x04,0x35, /* [ 5815] OBJ_deltaRevocationList */ +- 0x55,0x04,0x36, /* [ 5818] OBJ_dmdName */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09, /* [ 5821] OBJ_id_alg_PWRI_KEK */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06, /* [ 5832] OBJ_aes_128_gcm */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07, /* [ 5841] OBJ_aes_128_ccm */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08, /* [ 5850] OBJ_id_aes128_wrap_pad */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A, /* [ 5859] OBJ_aes_192_gcm */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B, /* [ 5868] OBJ_aes_192_ccm */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C, /* [ 5877] OBJ_id_aes192_wrap_pad */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E, /* [ 5886] OBJ_aes_256_gcm */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F, /* [ 5895] OBJ_aes_256_ccm */ +- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30, /* [ 5904] OBJ_id_aes256_wrap_pad */ +- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02, /* [ 5913] OBJ_id_camellia128_wrap */ +- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03, /* [ 5924] OBJ_id_camellia192_wrap */ +- 0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04, /* [ 5935] OBJ_id_camellia256_wrap */ +- 0x55,0x1D,0x25,0x00, /* [ 5946] OBJ_anyExtendedKeyUsage */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08, /* [ 5950] OBJ_mgf1 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A, /* [ 5959] OBJ_rsassaPss */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07, /* [ 5968] OBJ_rsaesOaep */ +- 0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [ 5977] OBJ_dhpublicnumber */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01, /* [ 5984] OBJ_brainpoolP160r1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02, /* [ 5993] OBJ_brainpoolP160t1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03, /* [ 6002] OBJ_brainpoolP192r1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04, /* [ 6011] OBJ_brainpoolP192t1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05, /* [ 6020] OBJ_brainpoolP224r1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06, /* [ 6029] OBJ_brainpoolP224t1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07, /* [ 6038] OBJ_brainpoolP256r1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08, /* [ 6047] OBJ_brainpoolP256t1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09, /* [ 6056] OBJ_brainpoolP320r1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A, /* [ 6065] OBJ_brainpoolP320t1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B, /* [ 6074] OBJ_brainpoolP384r1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C, /* [ 6083] OBJ_brainpoolP384t1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D, /* [ 6092] OBJ_brainpoolP512r1 */ +- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E, /* [ 6101] OBJ_brainpoolP512t1 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09, /* [ 6110] OBJ_pSpecified */ +- 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02, /* [ 6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0B,0x00, /* [ 6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0B,0x01, /* [ 6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0B,0x02, /* [ 6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0B,0x03, /* [ 6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ +- 0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03, /* [ 6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0E,0x00, /* [ 6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0E,0x01, /* [ 6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0E,0x02, /* [ 6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ +- 0x2B,0x81,0x04,0x01,0x0E,0x03, /* [ 6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ +- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02, /* [ 6185] OBJ_ct_precert_scts */ +- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03, /* [ 6195] OBJ_ct_precert_poison */ +- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04, /* [ 6205] OBJ_ct_precert_signer */ +- 0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05, /* [ 6215] OBJ_ct_cert_scts */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01, /* [ 6225] OBJ_jurisdictionLocalityName */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02, /* [ 6236] OBJ_jurisdictionStateOrProvinceName */ +- 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03, /* [ 6247] OBJ_jurisdictionCountryName */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [ 6258] OBJ_camellia_128_gcm */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [ 6266] OBJ_camellia_128_ccm */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [ 6274] OBJ_camellia_128_ctr */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [ 6282] OBJ_camellia_128_cmac */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [ 6290] OBJ_camellia_192_gcm */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [ 6298] OBJ_camellia_192_ccm */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [ 6306] OBJ_camellia_192_ctr */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [ 6314] OBJ_camellia_192_cmac */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [ 6322] OBJ_camellia_256_gcm */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [ 6330] OBJ_camellia_256_ccm */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [ 6338] OBJ_camellia_256_ctr */ +- 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [ 6346] OBJ_camellia_256_cmac */ +- 0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B, /* [ 6354] OBJ_id_scrypt */ +- 0x2A,0x85,0x03,0x07,0x01, /* [ 6363] OBJ_id_tc26 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01, /* [ 6368] OBJ_id_tc26_algorithms */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x01, /* [ 6374] OBJ_id_tc26_sign */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01, /* [ 6381] OBJ_id_GostR3410_2012_256 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02, /* [ 6389] OBJ_id_GostR3410_2012_512 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x02, /* [ 6397] OBJ_id_tc26_digest */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02, /* [ 6404] OBJ_id_GostR3411_2012_256 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03, /* [ 6412] OBJ_id_GostR3411_2012_512 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x03, /* [ 6420] OBJ_id_tc26_signwithdigest */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02, /* [ 6427] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03, /* [ 6435] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x04, /* [ 6443] OBJ_id_tc26_mac */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01, /* [ 6450] OBJ_id_tc26_hmac_gost_3411_2012_256 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02, /* [ 6458] OBJ_id_tc26_hmac_gost_3411_2012_512 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x05, /* [ 6466] OBJ_id_tc26_cipher */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x06, /* [ 6473] OBJ_id_tc26_agreement */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01, /* [ 6480] OBJ_id_tc26_agreement_gost_3410_2012_256 */ +- 0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02, /* [ 6488] OBJ_id_tc26_agreement_gost_3410_2012_512 */ +- 0x2A,0x85,0x03,0x07,0x01,0x02, /* [ 6496] OBJ_id_tc26_constants */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01, /* [ 6502] OBJ_id_tc26_sign_constants */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02, /* [ 6509] OBJ_id_tc26_gost_3410_2012_512_constants */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00, /* [ 6517] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01, /* [ 6526] OBJ_id_tc26_gost_3410_2012_512_paramSetA */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02, /* [ 6535] OBJ_id_tc26_gost_3410_2012_512_paramSetB */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x02, /* [ 6544] OBJ_id_tc26_digest_constants */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x05, /* [ 6551] OBJ_id_tc26_cipher_constants */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01, /* [ 6558] OBJ_id_tc26_gost_28147_constants */ +- 0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01, /* [ 6566] OBJ_id_tc26_gost_28147_param_Z */ +- 0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01, /* [ 6575] OBJ_INN */ +- 0x2A,0x85,0x03,0x64,0x01, /* [ 6583] OBJ_OGRN */ +- 0x2A,0x85,0x03,0x64,0x03, /* [ 6588] OBJ_SNILS */ +- 0x2A,0x85,0x03,0x64,0x6F, /* [ 6593] OBJ_subjectSignTool */ +- 0x2A,0x85,0x03,0x64,0x70, /* [ 6598] OBJ_issuerSignTool */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [ 6603] OBJ_tlsfeature */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11, /* [ 6611] OBJ_ipsec_IKE */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12, /* [ 6619] OBJ_capwapAC */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13, /* [ 6627] OBJ_capwapWTP */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15, /* [ 6635] OBJ_sshClient */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16, /* [ 6643] OBJ_sshServer */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17, /* [ 6651] OBJ_sendRouter */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18, /* [ 6659] OBJ_sendProxiedRouter */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19, /* [ 6667] OBJ_sendOwner */ +- 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A, /* [ 6675] OBJ_sendProxiedOwner */ +- 0x2B,0x06,0x01,0x05,0x02,0x03, /* [ 6683] OBJ_id_pkinit */ +- 0x2B,0x06,0x01,0x05,0x02,0x03,0x04, /* [ 6689] OBJ_pkInitClientAuth */ +- 0x2B,0x06,0x01,0x05,0x02,0x03,0x05, /* [ 6696] OBJ_pkInitKDC */ +- 0x2B,0x65,0x6E, /* [ 6703] OBJ_X25519 */ +- 0x2B,0x65,0x6F, /* [ 6706] OBJ_X448 */ +- 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10, /* [ 6709] OBJ_blake2b512 */ +- 0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08, /* [ 6720] OBJ_blake2s256 */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13, /* [ 6731] OBJ_id_smime_ct_contentCollection */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17, /* [ 6742] OBJ_id_smime_ct_authEnvelopedData */ +- 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C, /* [ 6753] OBJ_id_ct_xml */ ++#define NUM_NID 958 ++#define NUM_SN 951 ++#define NUM_LN 951 ++#define NUM_OBJ 890 ++ ++static const unsigned char lvalues[6255]={ ++0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05, /* [ 21] OBJ_md5 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04, /* [ 29] OBJ_rc4 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,/* [ 37] OBJ_rsaEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,/* [ 46] OBJ_md2WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,/* [ 55] OBJ_md5WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,/* [ 64] OBJ_pbeWithMD2AndDES_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,/* [ 73] OBJ_pbeWithMD5AndDES_CBC */ ++0x55, /* [ 82] OBJ_X500 */ ++0x55,0x04, /* [ 83] OBJ_X509 */ ++0x55,0x04,0x03, /* [ 85] OBJ_commonName */ ++0x55,0x04,0x06, /* [ 88] OBJ_countryName */ ++0x55,0x04,0x07, /* [ 91] OBJ_localityName */ ++0x55,0x04,0x08, /* [ 94] OBJ_stateOrProvinceName */ ++0x55,0x04,0x0A, /* [ 97] OBJ_organizationName */ ++0x55,0x04,0x0B, /* [100] OBJ_organizationalUnitName */ ++0x55,0x08,0x01,0x01, /* [103] OBJ_rsa */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07, /* [107] OBJ_pkcs7 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,/* [115] OBJ_pkcs7_data */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,/* [124] OBJ_pkcs7_signed */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,/* [133] OBJ_pkcs7_enveloped */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,/* [142] OBJ_pkcs7_signedAndEnveloped */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,/* [151] OBJ_pkcs7_digest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,/* [160] OBJ_pkcs7_encrypted */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03, /* [169] OBJ_pkcs3 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,/* [177] OBJ_dhKeyAgreement */ ++0x2B,0x0E,0x03,0x02,0x06, /* [186] OBJ_des_ecb */ ++0x2B,0x0E,0x03,0x02,0x09, /* [191] OBJ_des_cfb64 */ ++0x2B,0x0E,0x03,0x02,0x07, /* [196] OBJ_des_cbc */ ++0x2B,0x0E,0x03,0x02,0x11, /* [201] OBJ_des_ede_ecb */ ++0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [206] OBJ_idea_cbc */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02, /* [217] OBJ_rc2_cbc */ ++0x2B,0x0E,0x03,0x02,0x12, /* [225] OBJ_sha */ ++0x2B,0x0E,0x03,0x02,0x0F, /* [230] OBJ_shaWithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07, /* [235] OBJ_des_ede3_cbc */ ++0x2B,0x0E,0x03,0x02,0x08, /* [243] OBJ_des_ofb64 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09, /* [248] OBJ_pkcs9 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [256] OBJ_pkcs9_emailAddress */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [265] OBJ_pkcs9_unstructuredName */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [274] OBJ_pkcs9_contentType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [283] OBJ_pkcs9_messageDigest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [292] OBJ_pkcs9_signingTime */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [301] OBJ_pkcs9_countersignature */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [310] OBJ_pkcs9_challengePassword */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [319] OBJ_pkcs9_unstructuredAddress */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [328] OBJ_pkcs9_extCertAttributes */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42, /* [337] OBJ_netscape */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01, /* [344] OBJ_netscape_cert_extension */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02, /* [352] OBJ_netscape_data_type */ ++0x2B,0x0E,0x03,0x02,0x1A, /* [360] OBJ_sha1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [365] OBJ_sha1WithRSAEncryption */ ++0x2B,0x0E,0x03,0x02,0x0D, /* [374] OBJ_dsaWithSHA */ ++0x2B,0x0E,0x03,0x02,0x0C, /* [379] OBJ_dsa_2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [384] OBJ_pbeWithSHA1AndRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [393] OBJ_id_pbkdf2 */ ++0x2B,0x0E,0x03,0x02,0x1B, /* [402] OBJ_dsaWithSHA1_2 */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [407] OBJ_netscape_cert_type */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [416] OBJ_netscape_base_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [425] OBJ_netscape_revocation_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [434] OBJ_netscape_ca_revocation_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [443] OBJ_netscape_renewal_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [452] OBJ_netscape_ca_policy_url */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [461] OBJ_netscape_ssl_server_name */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [470] OBJ_netscape_comment */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [479] OBJ_netscape_cert_sequence */ ++0x55,0x1D, /* [488] OBJ_id_ce */ ++0x55,0x1D,0x0E, /* [490] OBJ_subject_key_identifier */ ++0x55,0x1D,0x0F, /* [493] OBJ_key_usage */ ++0x55,0x1D,0x10, /* [496] OBJ_private_key_usage_period */ ++0x55,0x1D,0x11, /* [499] OBJ_subject_alt_name */ ++0x55,0x1D,0x12, /* [502] OBJ_issuer_alt_name */ ++0x55,0x1D,0x13, /* [505] OBJ_basic_constraints */ ++0x55,0x1D,0x14, /* [508] OBJ_crl_number */ ++0x55,0x1D,0x20, /* [511] OBJ_certificate_policies */ ++0x55,0x1D,0x23, /* [514] OBJ_authority_key_identifier */ ++0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [517] OBJ_bf_cbc */ ++0x55,0x08,0x03,0x65, /* [526] OBJ_mdc2 */ ++0x55,0x08,0x03,0x64, /* [530] OBJ_mdc2WithRSA */ ++0x55,0x04,0x2A, /* [534] OBJ_givenName */ ++0x55,0x04,0x04, /* [537] OBJ_surname */ ++0x55,0x04,0x2B, /* [540] OBJ_initials */ ++0x55,0x1D,0x1F, /* [543] OBJ_crl_distribution_points */ ++0x2B,0x0E,0x03,0x02,0x03, /* [546] OBJ_md5WithRSA */ ++0x55,0x04,0x05, /* [551] OBJ_serialNumber */ ++0x55,0x04,0x0C, /* [554] OBJ_title */ ++0x55,0x04,0x0D, /* [557] OBJ_description */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [560] OBJ_cast5_cbc */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [569] OBJ_pbeWithMD5AndCast5_CBC */ ++0x2A,0x86,0x48,0xCE,0x38,0x04,0x03, /* [578] OBJ_dsaWithSHA1 */ ++0x2B,0x0E,0x03,0x02,0x1D, /* [585] OBJ_sha1WithRSA */ ++0x2A,0x86,0x48,0xCE,0x38,0x04,0x01, /* [590] OBJ_dsa */ ++0x2B,0x24,0x03,0x02,0x01, /* [597] OBJ_ripemd160 */ ++0x2B,0x24,0x03,0x03,0x01,0x02, /* [602] OBJ_ripemd160WithRSA */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [608] OBJ_rc5_cbc */ ++0x29,0x01,0x01,0x85,0x1A,0x01, /* [616] OBJ_rle_compression */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [622] OBJ_zlib_compression */ ++0x55,0x1D,0x25, /* [633] OBJ_ext_key_usage */ ++0x2B,0x06,0x01,0x05,0x05,0x07, /* [636] OBJ_id_pkix */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [642] OBJ_id_kp */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [649] OBJ_server_auth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [657] OBJ_client_auth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [665] OBJ_code_sign */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [673] OBJ_email_protect */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [681] OBJ_time_stamp */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [689] OBJ_ms_code_ind */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [699] OBJ_ms_code_com */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [709] OBJ_ms_ctl_sign */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [719] OBJ_ms_sgc */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [729] OBJ_ms_efs */ ++0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [739] OBJ_ns_sgc */ ++0x55,0x1D,0x1B, /* [748] OBJ_delta_crl */ ++0x55,0x1D,0x15, /* [751] OBJ_crl_reason */ ++0x55,0x1D,0x18, /* [754] OBJ_invalidity_date */ ++0x2B,0x65,0x01,0x04,0x01, /* [757] OBJ_sxnet */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [762] OBJ_pbe_WithSHA1And128BitRC4 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [772] OBJ_pbe_WithSHA1And40BitRC4 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [782] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [792] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [802] OBJ_pbe_WithSHA1And128BitRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [812] OBJ_pbe_WithSHA1And40BitRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [822] OBJ_keyBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [833] OBJ_pkcs8ShroudedKeyBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [844] OBJ_certBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [855] OBJ_crlBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [866] OBJ_secretBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [877] OBJ_safeContentsBag */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [888] OBJ_friendlyName */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [897] OBJ_localKeyID */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [906] OBJ_x509Certificate */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [916] OBJ_sdsiCertificate */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [926] OBJ_x509Crl */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [936] OBJ_pbes2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [945] OBJ_pbmac1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [954] OBJ_hmacWithSHA1 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [962] OBJ_id_qt_cps */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [970] OBJ_id_qt_unotice */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [978] OBJ_SMIMECapabilities */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [987] OBJ_pbeWithMD2AndRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [996] OBJ_pbeWithMD5AndRC2_CBC */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1005] OBJ_pbeWithSHA1AndDES_CBC */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1014] OBJ_ms_ext_req */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1024] OBJ_ext_req */ ++0x55,0x04,0x29, /* [1033] OBJ_name */ ++0x55,0x04,0x2E, /* [1036] OBJ_dnQualifier */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1039] OBJ_id_pe */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1046] OBJ_id_ad */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1053] OBJ_info_access */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1061] OBJ_ad_OCSP */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1069] OBJ_ad_ca_issuers */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1077] OBJ_OCSP_sign */ ++0x2A, /* [1085] OBJ_member_body */ ++0x2A,0x86,0x48, /* [1086] OBJ_ISO_US */ ++0x2A,0x86,0x48,0xCE,0x38, /* [1089] OBJ_X9_57 */ ++0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1094] OBJ_X9cm */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1100] OBJ_pkcs1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1108] OBJ_pkcs5 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1116] OBJ_SMIME */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1125] OBJ_id_smime_mod */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1135] OBJ_id_smime_ct */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1145] OBJ_id_smime_aa */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1155] OBJ_id_smime_alg */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1165] OBJ_id_smime_cd */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1175] OBJ_id_smime_spq */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1185] OBJ_id_smime_cti */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1195] OBJ_id_smime_mod_cms */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1206] OBJ_id_smime_mod_ess */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1217] OBJ_id_smime_mod_oid */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1228] OBJ_id_smime_mod_msg_v3 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1239] OBJ_id_smime_mod_ets_eSignature_88 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1250] OBJ_id_smime_mod_ets_eSignature_97 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1261] OBJ_id_smime_mod_ets_eSigPolicy_88 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1272] OBJ_id_smime_mod_ets_eSigPolicy_97 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1283] OBJ_id_smime_ct_receipt */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1294] OBJ_id_smime_ct_authData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1305] OBJ_id_smime_ct_publishCert */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1316] OBJ_id_smime_ct_TSTInfo */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1327] OBJ_id_smime_ct_TDTInfo */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1338] OBJ_id_smime_ct_contentInfo */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1349] OBJ_id_smime_ct_DVCSRequestData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1360] OBJ_id_smime_ct_DVCSResponseData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1371] OBJ_id_smime_aa_receiptRequest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1382] OBJ_id_smime_aa_securityLabel */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1393] OBJ_id_smime_aa_mlExpandHistory */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1404] OBJ_id_smime_aa_contentHint */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1415] OBJ_id_smime_aa_msgSigDigest */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1426] OBJ_id_smime_aa_encapContentType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1437] OBJ_id_smime_aa_contentIdentifier */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1448] OBJ_id_smime_aa_macValue */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1459] OBJ_id_smime_aa_equivalentLabels */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1470] OBJ_id_smime_aa_contentReference */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1481] OBJ_id_smime_aa_encrypKeyPref */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1492] OBJ_id_smime_aa_signingCertificate */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1503] OBJ_id_smime_aa_smimeEncryptCerts */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1514] OBJ_id_smime_aa_timeStampToken */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1525] OBJ_id_smime_aa_ets_sigPolicyId */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1536] OBJ_id_smime_aa_ets_commitmentType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1547] OBJ_id_smime_aa_ets_signerLocation */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1558] OBJ_id_smime_aa_ets_signerAttr */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1569] OBJ_id_smime_aa_ets_otherSigCert */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1580] OBJ_id_smime_aa_ets_contentTimestamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1591] OBJ_id_smime_aa_ets_CertificateRefs */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1602] OBJ_id_smime_aa_ets_RevocationRefs */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1613] OBJ_id_smime_aa_ets_certValues */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1624] OBJ_id_smime_aa_ets_revocationValues */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1635] OBJ_id_smime_aa_ets_escTimeStamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1646] OBJ_id_smime_aa_ets_certCRLTimestamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1657] OBJ_id_smime_aa_ets_archiveTimeStamp */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1668] OBJ_id_smime_aa_signatureType */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1679] OBJ_id_smime_aa_dvcs_dvc */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1690] OBJ_id_smime_alg_ESDHwith3DES */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1701] OBJ_id_smime_alg_ESDHwithRC2 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1712] OBJ_id_smime_alg_3DESwrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1723] OBJ_id_smime_alg_RC2wrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1734] OBJ_id_smime_alg_ESDH */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1745] OBJ_id_smime_alg_CMS3DESwrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1756] OBJ_id_smime_alg_CMSRC2wrap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1767] OBJ_id_smime_cd_ldap */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1778] OBJ_id_smime_spq_ets_sqt_uri */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1789] OBJ_id_smime_spq_ets_sqt_unotice */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1800] OBJ_id_smime_cti_ets_proofOfOrigin */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1811] OBJ_id_smime_cti_ets_proofOfReceipt */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1822] OBJ_id_smime_cti_ets_proofOfDelivery */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1833] OBJ_id_smime_cti_ets_proofOfSender */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1844] OBJ_id_smime_cti_ets_proofOfApproval */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1855] OBJ_id_smime_cti_ets_proofOfCreation */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1866] OBJ_md4 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1874] OBJ_id_pkix_mod */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1881] OBJ_id_qt */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1888] OBJ_id_it */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1895] OBJ_id_pkip */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1902] OBJ_id_alg */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1909] OBJ_id_cmc */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1916] OBJ_id_on */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1923] OBJ_id_pda */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1930] OBJ_id_aca */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1937] OBJ_id_qcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1944] OBJ_id_cct */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1951] OBJ_id_pkix1_explicit_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1959] OBJ_id_pkix1_implicit_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1967] OBJ_id_pkix1_explicit_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1975] OBJ_id_pkix1_implicit_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1983] OBJ_id_mod_crmf */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1991] OBJ_id_mod_cmc */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [1999] OBJ_id_mod_kea_profile_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2007] OBJ_id_mod_kea_profile_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2015] OBJ_id_mod_cmp */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2023] OBJ_id_mod_qualified_cert_88 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2031] OBJ_id_mod_qualified_cert_93 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2039] OBJ_id_mod_attribute_cert */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2047] OBJ_id_mod_timestamp_protocol */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2055] OBJ_id_mod_ocsp */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2063] OBJ_id_mod_dvcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2071] OBJ_id_mod_cmp2000 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2079] OBJ_biometricInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2087] OBJ_qcStatements */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2095] OBJ_ac_auditEntity */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2103] OBJ_ac_targeting */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2111] OBJ_aaControls */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2119] OBJ_sbgp_ipAddrBlock */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2127] OBJ_sbgp_autonomousSysNum */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2135] OBJ_sbgp_routerIdentifier */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2143] OBJ_textNotice */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2151] OBJ_ipsecEndSystem */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2159] OBJ_ipsecTunnel */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2167] OBJ_ipsecUser */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2175] OBJ_dvcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2183] OBJ_id_it_caProtEncCert */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2191] OBJ_id_it_signKeyPairTypes */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2199] OBJ_id_it_encKeyPairTypes */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2207] OBJ_id_it_preferredSymmAlg */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2215] OBJ_id_it_caKeyUpdateInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2223] OBJ_id_it_currentCRL */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2231] OBJ_id_it_unsupportedOIDs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2239] OBJ_id_it_subscriptionRequest */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2247] OBJ_id_it_subscriptionResponse */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2255] OBJ_id_it_keyPairParamReq */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2263] OBJ_id_it_keyPairParamRep */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2271] OBJ_id_it_revPassphrase */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2279] OBJ_id_it_implicitConfirm */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2287] OBJ_id_it_confirmWaitTime */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2295] OBJ_id_it_origPKIMessage */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2303] OBJ_id_regCtrl */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2311] OBJ_id_regInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2319] OBJ_id_regCtrl_regToken */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2328] OBJ_id_regCtrl_authenticator */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2337] OBJ_id_regCtrl_pkiPublicationInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2346] OBJ_id_regCtrl_pkiArchiveOptions */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2355] OBJ_id_regCtrl_oldCertID */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2364] OBJ_id_regCtrl_protocolEncrKey */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2373] OBJ_id_regInfo_utf8Pairs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2382] OBJ_id_regInfo_certReq */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2391] OBJ_id_alg_des40 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2399] OBJ_id_alg_noSignature */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2407] OBJ_id_alg_dh_sig_hmac_sha1 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2415] OBJ_id_alg_dh_pop */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2423] OBJ_id_cmc_statusInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2431] OBJ_id_cmc_identification */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2439] OBJ_id_cmc_identityProof */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2447] OBJ_id_cmc_dataReturn */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2455] OBJ_id_cmc_transactionId */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2463] OBJ_id_cmc_senderNonce */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2471] OBJ_id_cmc_recipientNonce */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2479] OBJ_id_cmc_addExtensions */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2487] OBJ_id_cmc_encryptedPOP */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2495] OBJ_id_cmc_decryptedPOP */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2503] OBJ_id_cmc_lraPOPWitness */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2511] OBJ_id_cmc_getCert */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2519] OBJ_id_cmc_getCRL */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2527] OBJ_id_cmc_revokeRequest */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2535] OBJ_id_cmc_regInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2543] OBJ_id_cmc_responseInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2551] OBJ_id_cmc_queryPending */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2559] OBJ_id_cmc_popLinkRandom */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2567] OBJ_id_cmc_popLinkWitness */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2575] OBJ_id_cmc_confirmCertAcceptance */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2583] OBJ_id_on_personalData */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2591] OBJ_id_pda_dateOfBirth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2599] OBJ_id_pda_placeOfBirth */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2607] OBJ_id_pda_gender */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2615] OBJ_id_pda_countryOfCitizenship */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2623] OBJ_id_pda_countryOfResidence */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2631] OBJ_id_aca_authenticationInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2639] OBJ_id_aca_accessIdentity */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2647] OBJ_id_aca_chargingIdentity */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2655] OBJ_id_aca_group */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2663] OBJ_id_aca_role */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2679] OBJ_id_cct_crs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2687] OBJ_id_cct_PKIData */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2695] OBJ_id_cct_PKIResponse */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2703] OBJ_ad_timeStamping */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2711] OBJ_ad_dvcs */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */ ++0x2B,0x0E,0x03,0x02, /* [2818] OBJ_algorithm */ ++0x2B,0x0E,0x03,0x02,0x0B, /* [2822] OBJ_rsaSignature */ ++0x55,0x08, /* [2827] OBJ_X500algorithms */ ++0x2B, /* [2829] OBJ_org */ ++0x2B,0x06, /* [2830] OBJ_dod */ ++0x2B,0x06,0x01, /* [2832] OBJ_iana */ ++0x2B,0x06,0x01,0x01, /* [2835] OBJ_Directory */ ++0x2B,0x06,0x01,0x02, /* [2839] OBJ_Management */ ++0x2B,0x06,0x01,0x03, /* [2843] OBJ_Experimental */ ++0x2B,0x06,0x01,0x04, /* [2847] OBJ_Private */ ++0x2B,0x06,0x01,0x05, /* [2851] OBJ_Security */ ++0x2B,0x06,0x01,0x06, /* [2855] OBJ_SNMPv2 */ ++0x2B,0x06,0x01,0x07, /* [2859] OBJ_Mail */ ++0x2B,0x06,0x01,0x04,0x01, /* [2863] OBJ_Enterprises */ ++0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */ ++0x55,0x01,0x05, /* [2897] OBJ_selected_attribute_types */ ++0x55,0x01,0x05,0x37, /* [2900] OBJ_clearance */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2904] OBJ_md4WithRSAEncryption */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2913] OBJ_ac_proxying */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2921] OBJ_sinfo_access */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2929] OBJ_id_aca_encAttrs */ ++0x55,0x04,0x48, /* [2937] OBJ_role */ ++0x55,0x1D,0x24, /* [2940] OBJ_policy_constraints */ ++0x55,0x1D,0x37, /* [2943] OBJ_target_information */ ++0x55,0x1D,0x38, /* [2946] OBJ_no_rev_avail */ ++0x2A,0x86,0x48,0xCE,0x3D, /* [2949] OBJ_ansi_X9_62 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2954] OBJ_X9_62_prime_field */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2961] OBJ_X9_62_characteristic_two_field */ ++0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2968] OBJ_X9_62_id_ecPublicKey */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2975] OBJ_X9_62_prime192v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2983] OBJ_X9_62_prime192v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2991] OBJ_X9_62_prime192v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [2999] OBJ_X9_62_prime239v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3007] OBJ_X9_62_prime239v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3015] OBJ_X9_62_prime239v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3023] OBJ_X9_62_prime256v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3031] OBJ_ecdsa_with_SHA1 */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3038] OBJ_ms_csp_name */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3047] OBJ_aes_128_ecb */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3056] OBJ_aes_128_cbc */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3065] OBJ_aes_128_ofb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3074] OBJ_aes_128_cfb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3083] OBJ_aes_192_ecb */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3092] OBJ_aes_192_cbc */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3101] OBJ_aes_192_ofb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3110] OBJ_aes_192_cfb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3119] OBJ_aes_256_ecb */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3128] OBJ_aes_256_cbc */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3137] OBJ_aes_256_ofb128 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3146] OBJ_aes_256_cfb128 */ ++0x55,0x1D,0x17, /* [3155] OBJ_hold_instruction_code */ ++0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3158] OBJ_hold_instruction_none */ ++0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3165] OBJ_hold_instruction_call_issuer */ ++0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3172] OBJ_hold_instruction_reject */ ++0x09, /* [3179] OBJ_data */ ++0x09,0x92,0x26, /* [3180] OBJ_pss */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3183] OBJ_ucl */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3190] OBJ_pilot */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3198] OBJ_pilotAttributeType */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3207] OBJ_pilotAttributeSyntax */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3216] OBJ_pilotObjectClass */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3225] OBJ_pilotGroups */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3234] OBJ_iA5StringSyntax */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3244] OBJ_caseIgnoreIA5StringSyntax */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3254] OBJ_pilotObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3264] OBJ_pilotPerson */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3274] OBJ_account */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3284] OBJ_document */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3294] OBJ_room */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3304] OBJ_documentSeries */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3314] OBJ_rFC822localPart */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3324] OBJ_dNSDomain */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3334] OBJ_domainRelatedObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3344] OBJ_friendlyCountry */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3354] OBJ_simpleSecurityObject */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3364] OBJ_pilotOrganization */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3374] OBJ_pilotDSA */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3384] OBJ_qualityLabelledData */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3394] OBJ_userId */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3404] OBJ_textEncodedORAddress */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3414] OBJ_rfc822Mailbox */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3424] OBJ_info */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3434] OBJ_favouriteDrink */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3444] OBJ_roomNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3454] OBJ_photo */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3464] OBJ_userClass */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3474] OBJ_host */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3484] OBJ_manager */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3494] OBJ_documentIdentifier */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3504] OBJ_documentTitle */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3514] OBJ_documentVersion */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3524] OBJ_documentAuthor */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3534] OBJ_documentLocation */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3544] OBJ_homeTelephoneNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3554] OBJ_secretary */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3564] OBJ_otherMailbox */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3574] OBJ_lastModifiedTime */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3584] OBJ_lastModifiedBy */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3594] OBJ_aRecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3604] OBJ_pilotAttributeType27 */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3614] OBJ_mXRecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3624] OBJ_nSRecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3634] OBJ_sOARecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3644] OBJ_cNAMERecord */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3654] OBJ_associatedDomain */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3664] OBJ_associatedName */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3674] OBJ_homePostalAddress */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3684] OBJ_personalTitle */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3694] OBJ_mobileTelephoneNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3704] OBJ_pagerTelephoneNumber */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3714] OBJ_friendlyCountryName */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3724] OBJ_organizationalStatus */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3734] OBJ_janetMailbox */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3744] OBJ_mailPreferenceOption */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3754] OBJ_buildingName */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3764] OBJ_dSAQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3774] OBJ_singleLevelQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3784] OBJ_subtreeMinimumQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3794] OBJ_subtreeMaximumQuality */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3804] OBJ_personalSignature */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3814] OBJ_dITRedirect */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3824] OBJ_audio */ ++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3834] OBJ_documentPublisher */ ++0x55,0x04,0x2D, /* [3844] OBJ_x500UniqueIdentifier */ ++0x2B,0x06,0x01,0x07,0x01, /* [3847] OBJ_mime_mhs */ ++0x2B,0x06,0x01,0x07,0x01,0x01, /* [3852] OBJ_mime_mhs_headings */ ++0x2B,0x06,0x01,0x07,0x01,0x02, /* [3858] OBJ_mime_mhs_bodies */ ++0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3864] OBJ_id_hex_partial_message */ ++0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3871] OBJ_id_hex_multipart_message */ ++0x55,0x04,0x2C, /* [3878] OBJ_generationQualifier */ ++0x55,0x04,0x41, /* [3881] OBJ_pseudonym */ ++0x67,0x2A, /* [3884] OBJ_id_set */ ++0x67,0x2A,0x00, /* [3886] OBJ_set_ctype */ ++0x67,0x2A,0x01, /* [3889] OBJ_set_msgExt */ ++0x67,0x2A,0x03, /* [3892] OBJ_set_attr */ ++0x67,0x2A,0x05, /* [3895] OBJ_set_policy */ ++0x67,0x2A,0x07, /* [3898] OBJ_set_certExt */ ++0x67,0x2A,0x08, /* [3901] OBJ_set_brand */ ++0x67,0x2A,0x00,0x00, /* [3904] OBJ_setct_PANData */ ++0x67,0x2A,0x00,0x01, /* [3908] OBJ_setct_PANToken */ ++0x67,0x2A,0x00,0x02, /* [3912] OBJ_setct_PANOnly */ ++0x67,0x2A,0x00,0x03, /* [3916] OBJ_setct_OIData */ ++0x67,0x2A,0x00,0x04, /* [3920] OBJ_setct_PI */ ++0x67,0x2A,0x00,0x05, /* [3924] OBJ_setct_PIData */ ++0x67,0x2A,0x00,0x06, /* [3928] OBJ_setct_PIDataUnsigned */ ++0x67,0x2A,0x00,0x07, /* [3932] OBJ_setct_HODInput */ ++0x67,0x2A,0x00,0x08, /* [3936] OBJ_setct_AuthResBaggage */ ++0x67,0x2A,0x00,0x09, /* [3940] OBJ_setct_AuthRevReqBaggage */ ++0x67,0x2A,0x00,0x0A, /* [3944] OBJ_setct_AuthRevResBaggage */ ++0x67,0x2A,0x00,0x0B, /* [3948] OBJ_setct_CapTokenSeq */ ++0x67,0x2A,0x00,0x0C, /* [3952] OBJ_setct_PInitResData */ ++0x67,0x2A,0x00,0x0D, /* [3956] OBJ_setct_PI_TBS */ ++0x67,0x2A,0x00,0x0E, /* [3960] OBJ_setct_PResData */ ++0x67,0x2A,0x00,0x10, /* [3964] OBJ_setct_AuthReqTBS */ ++0x67,0x2A,0x00,0x11, /* [3968] OBJ_setct_AuthResTBS */ ++0x67,0x2A,0x00,0x12, /* [3972] OBJ_setct_AuthResTBSX */ ++0x67,0x2A,0x00,0x13, /* [3976] OBJ_setct_AuthTokenTBS */ ++0x67,0x2A,0x00,0x14, /* [3980] OBJ_setct_CapTokenData */ ++0x67,0x2A,0x00,0x15, /* [3984] OBJ_setct_CapTokenTBS */ ++0x67,0x2A,0x00,0x16, /* [3988] OBJ_setct_AcqCardCodeMsg */ ++0x67,0x2A,0x00,0x17, /* [3992] OBJ_setct_AuthRevReqTBS */ ++0x67,0x2A,0x00,0x18, /* [3996] OBJ_setct_AuthRevResData */ ++0x67,0x2A,0x00,0x19, /* [4000] OBJ_setct_AuthRevResTBS */ ++0x67,0x2A,0x00,0x1A, /* [4004] OBJ_setct_CapReqTBS */ ++0x67,0x2A,0x00,0x1B, /* [4008] OBJ_setct_CapReqTBSX */ ++0x67,0x2A,0x00,0x1C, /* [4012] OBJ_setct_CapResData */ ++0x67,0x2A,0x00,0x1D, /* [4016] OBJ_setct_CapRevReqTBS */ ++0x67,0x2A,0x00,0x1E, /* [4020] OBJ_setct_CapRevReqTBSX */ ++0x67,0x2A,0x00,0x1F, /* [4024] OBJ_setct_CapRevResData */ ++0x67,0x2A,0x00,0x20, /* [4028] OBJ_setct_CredReqTBS */ ++0x67,0x2A,0x00,0x21, /* [4032] OBJ_setct_CredReqTBSX */ ++0x67,0x2A,0x00,0x22, /* [4036] OBJ_setct_CredResData */ ++0x67,0x2A,0x00,0x23, /* [4040] OBJ_setct_CredRevReqTBS */ ++0x67,0x2A,0x00,0x24, /* [4044] OBJ_setct_CredRevReqTBSX */ ++0x67,0x2A,0x00,0x25, /* [4048] OBJ_setct_CredRevResData */ ++0x67,0x2A,0x00,0x26, /* [4052] OBJ_setct_PCertReqData */ ++0x67,0x2A,0x00,0x27, /* [4056] OBJ_setct_PCertResTBS */ ++0x67,0x2A,0x00,0x28, /* [4060] OBJ_setct_BatchAdminReqData */ ++0x67,0x2A,0x00,0x29, /* [4064] OBJ_setct_BatchAdminResData */ ++0x67,0x2A,0x00,0x2A, /* [4068] OBJ_setct_CardCInitResTBS */ ++0x67,0x2A,0x00,0x2B, /* [4072] OBJ_setct_MeAqCInitResTBS */ ++0x67,0x2A,0x00,0x2C, /* [4076] OBJ_setct_RegFormResTBS */ ++0x67,0x2A,0x00,0x2D, /* [4080] OBJ_setct_CertReqData */ ++0x67,0x2A,0x00,0x2E, /* [4084] OBJ_setct_CertReqTBS */ ++0x67,0x2A,0x00,0x2F, /* [4088] OBJ_setct_CertResData */ ++0x67,0x2A,0x00,0x30, /* [4092] OBJ_setct_CertInqReqTBS */ ++0x67,0x2A,0x00,0x31, /* [4096] OBJ_setct_ErrorTBS */ ++0x67,0x2A,0x00,0x32, /* [4100] OBJ_setct_PIDualSignedTBE */ ++0x67,0x2A,0x00,0x33, /* [4104] OBJ_setct_PIUnsignedTBE */ ++0x67,0x2A,0x00,0x34, /* [4108] OBJ_setct_AuthReqTBE */ ++0x67,0x2A,0x00,0x35, /* [4112] OBJ_setct_AuthResTBE */ ++0x67,0x2A,0x00,0x36, /* [4116] OBJ_setct_AuthResTBEX */ ++0x67,0x2A,0x00,0x37, /* [4120] OBJ_setct_AuthTokenTBE */ ++0x67,0x2A,0x00,0x38, /* [4124] OBJ_setct_CapTokenTBE */ ++0x67,0x2A,0x00,0x39, /* [4128] OBJ_setct_CapTokenTBEX */ ++0x67,0x2A,0x00,0x3A, /* [4132] OBJ_setct_AcqCardCodeMsgTBE */ ++0x67,0x2A,0x00,0x3B, /* [4136] OBJ_setct_AuthRevReqTBE */ ++0x67,0x2A,0x00,0x3C, /* [4140] OBJ_setct_AuthRevResTBE */ ++0x67,0x2A,0x00,0x3D, /* [4144] OBJ_setct_AuthRevResTBEB */ ++0x67,0x2A,0x00,0x3E, /* [4148] OBJ_setct_CapReqTBE */ ++0x67,0x2A,0x00,0x3F, /* [4152] OBJ_setct_CapReqTBEX */ ++0x67,0x2A,0x00,0x40, /* [4156] OBJ_setct_CapResTBE */ ++0x67,0x2A,0x00,0x41, /* [4160] OBJ_setct_CapRevReqTBE */ ++0x67,0x2A,0x00,0x42, /* [4164] OBJ_setct_CapRevReqTBEX */ ++0x67,0x2A,0x00,0x43, /* [4168] OBJ_setct_CapRevResTBE */ ++0x67,0x2A,0x00,0x44, /* [4172] OBJ_setct_CredReqTBE */ ++0x67,0x2A,0x00,0x45, /* [4176] OBJ_setct_CredReqTBEX */ ++0x67,0x2A,0x00,0x46, /* [4180] OBJ_setct_CredResTBE */ ++0x67,0x2A,0x00,0x47, /* [4184] OBJ_setct_CredRevReqTBE */ ++0x67,0x2A,0x00,0x48, /* [4188] OBJ_setct_CredRevReqTBEX */ ++0x67,0x2A,0x00,0x49, /* [4192] OBJ_setct_CredRevResTBE */ ++0x67,0x2A,0x00,0x4A, /* [4196] OBJ_setct_BatchAdminReqTBE */ ++0x67,0x2A,0x00,0x4B, /* [4200] OBJ_setct_BatchAdminResTBE */ ++0x67,0x2A,0x00,0x4C, /* [4204] OBJ_setct_RegFormReqTBE */ ++0x67,0x2A,0x00,0x4D, /* [4208] OBJ_setct_CertReqTBE */ ++0x67,0x2A,0x00,0x4E, /* [4212] OBJ_setct_CertReqTBEX */ ++0x67,0x2A,0x00,0x4F, /* [4216] OBJ_setct_CertResTBE */ ++0x67,0x2A,0x00,0x50, /* [4220] OBJ_setct_CRLNotificationTBS */ ++0x67,0x2A,0x00,0x51, /* [4224] OBJ_setct_CRLNotificationResTBS */ ++0x67,0x2A,0x00,0x52, /* [4228] OBJ_setct_BCIDistributionTBS */ ++0x67,0x2A,0x01,0x01, /* [4232] OBJ_setext_genCrypt */ ++0x67,0x2A,0x01,0x03, /* [4236] OBJ_setext_miAuth */ ++0x67,0x2A,0x01,0x04, /* [4240] OBJ_setext_pinSecure */ ++0x67,0x2A,0x01,0x05, /* [4244] OBJ_setext_pinAny */ ++0x67,0x2A,0x01,0x07, /* [4248] OBJ_setext_track2 */ ++0x67,0x2A,0x01,0x08, /* [4252] OBJ_setext_cv */ ++0x67,0x2A,0x05,0x00, /* [4256] OBJ_set_policy_root */ ++0x67,0x2A,0x07,0x00, /* [4260] OBJ_setCext_hashedRoot */ ++0x67,0x2A,0x07,0x01, /* [4264] OBJ_setCext_certType */ ++0x67,0x2A,0x07,0x02, /* [4268] OBJ_setCext_merchData */ ++0x67,0x2A,0x07,0x03, /* [4272] OBJ_setCext_cCertRequired */ ++0x67,0x2A,0x07,0x04, /* [4276] OBJ_setCext_tunneling */ ++0x67,0x2A,0x07,0x05, /* [4280] OBJ_setCext_setExt */ ++0x67,0x2A,0x07,0x06, /* [4284] OBJ_setCext_setQualf */ ++0x67,0x2A,0x07,0x07, /* [4288] OBJ_setCext_PGWYcapabilities */ ++0x67,0x2A,0x07,0x08, /* [4292] OBJ_setCext_TokenIdentifier */ ++0x67,0x2A,0x07,0x09, /* [4296] OBJ_setCext_Track2Data */ ++0x67,0x2A,0x07,0x0A, /* [4300] OBJ_setCext_TokenType */ ++0x67,0x2A,0x07,0x0B, /* [4304] OBJ_setCext_IssuerCapabilities */ ++0x67,0x2A,0x03,0x00, /* [4308] OBJ_setAttr_Cert */ ++0x67,0x2A,0x03,0x01, /* [4312] OBJ_setAttr_PGWYcap */ ++0x67,0x2A,0x03,0x02, /* [4316] OBJ_setAttr_TokenType */ ++0x67,0x2A,0x03,0x03, /* [4320] OBJ_setAttr_IssCap */ ++0x67,0x2A,0x03,0x00,0x00, /* [4324] OBJ_set_rootKeyThumb */ ++0x67,0x2A,0x03,0x00,0x01, /* [4329] OBJ_set_addPolicy */ ++0x67,0x2A,0x03,0x02,0x01, /* [4334] OBJ_setAttr_Token_EMV */ ++0x67,0x2A,0x03,0x02,0x02, /* [4339] OBJ_setAttr_Token_B0Prime */ ++0x67,0x2A,0x03,0x03,0x03, /* [4344] OBJ_setAttr_IssCap_CVM */ ++0x67,0x2A,0x03,0x03,0x04, /* [4349] OBJ_setAttr_IssCap_T2 */ ++0x67,0x2A,0x03,0x03,0x05, /* [4354] OBJ_setAttr_IssCap_Sig */ ++0x67,0x2A,0x03,0x03,0x03,0x01, /* [4359] OBJ_setAttr_GenCryptgrm */ ++0x67,0x2A,0x03,0x03,0x04,0x01, /* [4365] OBJ_setAttr_T2Enc */ ++0x67,0x2A,0x03,0x03,0x04,0x02, /* [4371] OBJ_setAttr_T2cleartxt */ ++0x67,0x2A,0x03,0x03,0x05,0x01, /* [4377] OBJ_setAttr_TokICCsig */ ++0x67,0x2A,0x03,0x03,0x05,0x02, /* [4383] OBJ_setAttr_SecDevSig */ ++0x67,0x2A,0x08,0x01, /* [4389] OBJ_set_brand_IATA_ATA */ ++0x67,0x2A,0x08,0x1E, /* [4393] OBJ_set_brand_Diners */ ++0x67,0x2A,0x08,0x22, /* [4397] OBJ_set_brand_AmericanExpress */ ++0x67,0x2A,0x08,0x23, /* [4401] OBJ_set_brand_JCB */ ++0x67,0x2A,0x08,0x04, /* [4405] OBJ_set_brand_Visa */ ++0x67,0x2A,0x08,0x05, /* [4409] OBJ_set_brand_MasterCard */ ++0x67,0x2A,0x08,0xAE,0x7B, /* [4413] OBJ_set_brand_Novus */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4418] OBJ_des_cdmf */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4426] OBJ_rsaOAEPEncryptionSET */ ++0x67, /* [4435] OBJ_international_organizations */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4436] OBJ_ms_smartcard_login */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4446] OBJ_ms_upn */ ++0x55,0x04,0x09, /* [4456] OBJ_streetAddress */ ++0x55,0x04,0x11, /* [4459] OBJ_postalCode */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4462] OBJ_id_ppl */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4469] OBJ_proxyCertInfo */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4477] OBJ_id_ppl_anyLanguage */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4485] OBJ_id_ppl_inheritAll */ ++0x55,0x1D,0x1E, /* [4493] OBJ_name_constraints */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4496] OBJ_Independent */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4504] OBJ_sha256WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4513] OBJ_sha384WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4522] OBJ_sha512WithRSAEncryption */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4531] OBJ_sha224WithRSAEncryption */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4540] OBJ_sha256 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4549] OBJ_sha384 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4558] OBJ_sha512 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4567] OBJ_sha224 */ ++0x2B, /* [4576] OBJ_identified_organization */ ++0x2B,0x81,0x04, /* [4577] OBJ_certicom_arc */ ++0x67,0x2B, /* [4580] OBJ_wap */ ++0x67,0x2B,0x01, /* [4582] OBJ_wap_wsg */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4585] OBJ_X9_62_id_characteristic_two_basis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4593] OBJ_X9_62_onBasis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4602] OBJ_X9_62_tpBasis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4611] OBJ_X9_62_ppBasis */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4620] OBJ_X9_62_c2pnb163v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4628] OBJ_X9_62_c2pnb163v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4636] OBJ_X9_62_c2pnb163v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4644] OBJ_X9_62_c2pnb176v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4652] OBJ_X9_62_c2tnb191v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4660] OBJ_X9_62_c2tnb191v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4668] OBJ_X9_62_c2tnb191v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4676] OBJ_X9_62_c2onb191v4 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4684] OBJ_X9_62_c2onb191v5 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4692] OBJ_X9_62_c2pnb208w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4700] OBJ_X9_62_c2tnb239v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4708] OBJ_X9_62_c2tnb239v2 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4716] OBJ_X9_62_c2tnb239v3 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4724] OBJ_X9_62_c2onb239v4 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4732] OBJ_X9_62_c2onb239v5 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4740] OBJ_X9_62_c2pnb272w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4748] OBJ_X9_62_c2pnb304w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4756] OBJ_X9_62_c2tnb359v1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4764] OBJ_X9_62_c2pnb368w1 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4772] OBJ_X9_62_c2tnb431r1 */ ++0x2B,0x81,0x04,0x00,0x06, /* [4780] OBJ_secp112r1 */ ++0x2B,0x81,0x04,0x00,0x07, /* [4785] OBJ_secp112r2 */ ++0x2B,0x81,0x04,0x00,0x1C, /* [4790] OBJ_secp128r1 */ ++0x2B,0x81,0x04,0x00,0x1D, /* [4795] OBJ_secp128r2 */ ++0x2B,0x81,0x04,0x00,0x09, /* [4800] OBJ_secp160k1 */ ++0x2B,0x81,0x04,0x00,0x08, /* [4805] OBJ_secp160r1 */ ++0x2B,0x81,0x04,0x00,0x1E, /* [4810] OBJ_secp160r2 */ ++0x2B,0x81,0x04,0x00,0x1F, /* [4815] OBJ_secp192k1 */ ++0x2B,0x81,0x04,0x00,0x20, /* [4820] OBJ_secp224k1 */ ++0x2B,0x81,0x04,0x00,0x21, /* [4825] OBJ_secp224r1 */ ++0x2B,0x81,0x04,0x00,0x0A, /* [4830] OBJ_secp256k1 */ ++0x2B,0x81,0x04,0x00,0x22, /* [4835] OBJ_secp384r1 */ ++0x2B,0x81,0x04,0x00,0x23, /* [4840] OBJ_secp521r1 */ ++0x2B,0x81,0x04,0x00,0x04, /* [4845] OBJ_sect113r1 */ ++0x2B,0x81,0x04,0x00,0x05, /* [4850] OBJ_sect113r2 */ ++0x2B,0x81,0x04,0x00,0x16, /* [4855] OBJ_sect131r1 */ ++0x2B,0x81,0x04,0x00,0x17, /* [4860] OBJ_sect131r2 */ ++0x2B,0x81,0x04,0x00,0x01, /* [4865] OBJ_sect163k1 */ ++0x2B,0x81,0x04,0x00,0x02, /* [4870] OBJ_sect163r1 */ ++0x2B,0x81,0x04,0x00,0x0F, /* [4875] OBJ_sect163r2 */ ++0x2B,0x81,0x04,0x00,0x18, /* [4880] OBJ_sect193r1 */ ++0x2B,0x81,0x04,0x00,0x19, /* [4885] OBJ_sect193r2 */ ++0x2B,0x81,0x04,0x00,0x1A, /* [4890] OBJ_sect233k1 */ ++0x2B,0x81,0x04,0x00,0x1B, /* [4895] OBJ_sect233r1 */ ++0x2B,0x81,0x04,0x00,0x03, /* [4900] OBJ_sect239k1 */ ++0x2B,0x81,0x04,0x00,0x10, /* [4905] OBJ_sect283k1 */ ++0x2B,0x81,0x04,0x00,0x11, /* [4910] OBJ_sect283r1 */ ++0x2B,0x81,0x04,0x00,0x24, /* [4915] OBJ_sect409k1 */ ++0x2B,0x81,0x04,0x00,0x25, /* [4920] OBJ_sect409r1 */ ++0x2B,0x81,0x04,0x00,0x26, /* [4925] OBJ_sect571k1 */ ++0x2B,0x81,0x04,0x00,0x27, /* [4930] OBJ_sect571r1 */ ++0x67,0x2B,0x01,0x04,0x01, /* [4935] OBJ_wap_wsg_idm_ecid_wtls1 */ ++0x67,0x2B,0x01,0x04,0x03, /* [4940] OBJ_wap_wsg_idm_ecid_wtls3 */ ++0x67,0x2B,0x01,0x04,0x04, /* [4945] OBJ_wap_wsg_idm_ecid_wtls4 */ ++0x67,0x2B,0x01,0x04,0x05, /* [4950] OBJ_wap_wsg_idm_ecid_wtls5 */ ++0x67,0x2B,0x01,0x04,0x06, /* [4955] OBJ_wap_wsg_idm_ecid_wtls6 */ ++0x67,0x2B,0x01,0x04,0x07, /* [4960] OBJ_wap_wsg_idm_ecid_wtls7 */ ++0x67,0x2B,0x01,0x04,0x08, /* [4965] OBJ_wap_wsg_idm_ecid_wtls8 */ ++0x67,0x2B,0x01,0x04,0x09, /* [4970] OBJ_wap_wsg_idm_ecid_wtls9 */ ++0x67,0x2B,0x01,0x04,0x0A, /* [4975] OBJ_wap_wsg_idm_ecid_wtls10 */ ++0x67,0x2B,0x01,0x04,0x0B, /* [4980] OBJ_wap_wsg_idm_ecid_wtls11 */ ++0x67,0x2B,0x01,0x04,0x0C, /* [4985] OBJ_wap_wsg_idm_ecid_wtls12 */ ++0x55,0x1D,0x20,0x00, /* [4990] OBJ_any_policy */ ++0x55,0x1D,0x21, /* [4994] OBJ_policy_mappings */ ++0x55,0x1D,0x36, /* [4997] OBJ_inhibit_any_policy */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5000] OBJ_camellia_128_cbc */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5011] OBJ_camellia_192_cbc */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5022] OBJ_camellia_256_cbc */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5033] OBJ_camellia_128_ecb */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5041] OBJ_camellia_192_ecb */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5049] OBJ_camellia_256_ecb */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5057] OBJ_camellia_128_cfb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5065] OBJ_camellia_192_cfb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5073] OBJ_camellia_256_cfb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5081] OBJ_camellia_128_ofb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5089] OBJ_camellia_192_ofb128 */ ++0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5097] OBJ_camellia_256_ofb128 */ ++0x55,0x1D,0x09, /* [5105] OBJ_subject_directory_attributes */ ++0x55,0x1D,0x1C, /* [5108] OBJ_issuing_distribution_point */ ++0x55,0x1D,0x1D, /* [5111] OBJ_certificate_issuer */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5114] OBJ_kisa */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5120] OBJ_seed_ecb */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5128] OBJ_seed_cbc */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5136] OBJ_seed_ofb128 */ ++0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5144] OBJ_seed_cfb128 */ ++0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5152] OBJ_hmac_md5 */ ++0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5160] OBJ_hmac_sha1 */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5168] OBJ_id_PasswordBasedMAC */ ++0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5177] OBJ_id_DHBasedMac */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5186] OBJ_id_it_suppLangTags */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5194] OBJ_caRepository */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5202] OBJ_id_smime_ct_compressedData */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5213] OBJ_id_ct_asciiTextWithCRLF */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5224] OBJ_id_aes128_wrap */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5233] OBJ_id_aes192_wrap */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5242] OBJ_id_aes256_wrap */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5251] OBJ_ecdsa_with_Recommended */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5258] OBJ_ecdsa_with_Specified */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5265] OBJ_ecdsa_with_SHA224 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5273] OBJ_ecdsa_with_SHA256 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5281] OBJ_ecdsa_with_SHA384 */ ++0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5289] OBJ_ecdsa_with_SHA512 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5297] OBJ_hmacWithMD5 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5305] OBJ_hmacWithSHA224 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5313] OBJ_hmacWithSHA256 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5321] OBJ_hmacWithSHA384 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5329] OBJ_hmacWithSHA512 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5337] OBJ_dsa_with_SHA224 */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5346] OBJ_dsa_with_SHA256 */ ++0x28,0xCF,0x06,0x03,0x00,0x37, /* [5355] OBJ_whirlpool */ ++0x2A,0x85,0x03,0x02,0x02, /* [5361] OBJ_cryptopro */ ++0x2A,0x85,0x03,0x02,0x09, /* [5366] OBJ_cryptocom */ ++0x2A,0x85,0x03,0x02,0x02,0x03, /* [5371] OBJ_id_GostR3411_94_with_GostR3410_2001 */ ++0x2A,0x85,0x03,0x02,0x02,0x04, /* [5377] OBJ_id_GostR3411_94_with_GostR3410_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x09, /* [5383] OBJ_id_GostR3411_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5389] OBJ_id_HMACGostR3411_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x13, /* [5395] OBJ_id_GostR3410_2001 */ ++0x2A,0x85,0x03,0x02,0x02,0x14, /* [5401] OBJ_id_GostR3410_94 */ ++0x2A,0x85,0x03,0x02,0x02,0x15, /* [5407] OBJ_id_Gost28147_89 */ ++0x2A,0x85,0x03,0x02,0x02,0x16, /* [5413] OBJ_id_Gost28147_89_MAC */ ++0x2A,0x85,0x03,0x02,0x02,0x17, /* [5419] OBJ_id_GostR3411_94_prf */ ++0x2A,0x85,0x03,0x02,0x02,0x62, /* [5425] OBJ_id_GostR3410_2001DH */ ++0x2A,0x85,0x03,0x02,0x02,0x63, /* [5431] OBJ_id_GostR3410_94DH */ ++0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5437] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ ++0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5444] OBJ_id_Gost28147_89_None_KeyMeshing */ ++0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5451] OBJ_id_GostR3411_94_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5458] OBJ_id_GostR3411_94_CryptoProParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5465] OBJ_id_Gost28147_89_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5472] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5479] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5486] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5493] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5500] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5507] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5514] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5521] OBJ_id_GostR3410_94_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5528] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5535] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5542] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5549] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5556] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5563] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5570] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5577] OBJ_id_GostR3410_2001_TestParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5584] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5591] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5598] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5605] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5612] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5619] OBJ_id_GostR3410_94_a */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5626] OBJ_id_GostR3410_94_aBis */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5633] OBJ_id_GostR3410_94_b */ ++0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5640] OBJ_id_GostR3410_94_bBis */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5647] OBJ_id_Gost28147_89_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5655] OBJ_id_GostR3410_94_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5663] OBJ_id_GostR3410_2001_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5671] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5679] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ ++0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5687] OBJ_id_GostR3410_2001_ParamSet_cc */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5695] OBJ_LocalKeySet */ ++0x55,0x1D,0x2E, /* [5704] OBJ_freshest_crl */ ++0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5707] OBJ_id_on_permanentIdentifier */ ++0x55,0x04,0x0E, /* [5715] OBJ_searchGuide */ ++0x55,0x04,0x0F, /* [5718] OBJ_businessCategory */ ++0x55,0x04,0x10, /* [5721] OBJ_postalAddress */ ++0x55,0x04,0x12, /* [5724] OBJ_postOfficeBox */ ++0x55,0x04,0x13, /* [5727] OBJ_physicalDeliveryOfficeName */ ++0x55,0x04,0x14, /* [5730] OBJ_telephoneNumber */ ++0x55,0x04,0x15, /* [5733] OBJ_telexNumber */ ++0x55,0x04,0x16, /* [5736] OBJ_teletexTerminalIdentifier */ ++0x55,0x04,0x17, /* [5739] OBJ_facsimileTelephoneNumber */ ++0x55,0x04,0x18, /* [5742] OBJ_x121Address */ ++0x55,0x04,0x19, /* [5745] OBJ_internationaliSDNNumber */ ++0x55,0x04,0x1A, /* [5748] OBJ_registeredAddress */ ++0x55,0x04,0x1B, /* [5751] OBJ_destinationIndicator */ ++0x55,0x04,0x1C, /* [5754] OBJ_preferredDeliveryMethod */ ++0x55,0x04,0x1D, /* [5757] OBJ_presentationAddress */ ++0x55,0x04,0x1E, /* [5760] OBJ_supportedApplicationContext */ ++0x55,0x04,0x1F, /* [5763] OBJ_member */ ++0x55,0x04,0x20, /* [5766] OBJ_owner */ ++0x55,0x04,0x21, /* [5769] OBJ_roleOccupant */ ++0x55,0x04,0x22, /* [5772] OBJ_seeAlso */ ++0x55,0x04,0x23, /* [5775] OBJ_userPassword */ ++0x55,0x04,0x24, /* [5778] OBJ_userCertificate */ ++0x55,0x04,0x25, /* [5781] OBJ_cACertificate */ ++0x55,0x04,0x26, /* [5784] OBJ_authorityRevocationList */ ++0x55,0x04,0x27, /* [5787] OBJ_certificateRevocationList */ ++0x55,0x04,0x28, /* [5790] OBJ_crossCertificatePair */ ++0x55,0x04,0x2F, /* [5793] OBJ_enhancedSearchGuide */ ++0x55,0x04,0x30, /* [5796] OBJ_protocolInformation */ ++0x55,0x04,0x31, /* [5799] OBJ_distinguishedName */ ++0x55,0x04,0x32, /* [5802] OBJ_uniqueMember */ ++0x55,0x04,0x33, /* [5805] OBJ_houseIdentifier */ ++0x55,0x04,0x34, /* [5808] OBJ_supportedAlgorithms */ ++0x55,0x04,0x35, /* [5811] OBJ_deltaRevocationList */ ++0x55,0x04,0x36, /* [5814] OBJ_dmdName */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5817] OBJ_id_alg_PWRI_KEK */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5828] OBJ_aes_128_gcm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5837] OBJ_aes_128_ccm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5846] OBJ_id_aes128_wrap_pad */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5855] OBJ_aes_192_gcm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5864] OBJ_aes_192_ccm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5873] OBJ_id_aes192_wrap_pad */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5882] OBJ_aes_256_gcm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5891] OBJ_aes_256_ccm */ ++0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5900] OBJ_id_aes256_wrap_pad */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5909] OBJ_id_camellia128_wrap */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5920] OBJ_id_camellia192_wrap */ ++0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5931] OBJ_id_camellia256_wrap */ ++0x55,0x1D,0x25,0x00, /* [5942] OBJ_anyExtendedKeyUsage */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5946] OBJ_mgf1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5955] OBJ_rsassaPss */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5964] OBJ_rsaesOaep */ ++0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5973] OBJ_dhpublicnumber */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5980] OBJ_brainpoolP160r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5989] OBJ_brainpoolP160t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [5998] OBJ_brainpoolP192r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6007] OBJ_brainpoolP192t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6016] OBJ_brainpoolP224r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6025] OBJ_brainpoolP224t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6034] OBJ_brainpoolP256r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6043] OBJ_brainpoolP256t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6052] OBJ_brainpoolP320r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6061] OBJ_brainpoolP320t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6070] OBJ_brainpoolP384r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6079] OBJ_brainpoolP384t1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6088] OBJ_brainpoolP512r1 */ ++0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6097] OBJ_brainpoolP512t1 */ ++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6106] OBJ_pSpecified */ ++0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6115] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6124] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6130] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6136] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6142] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ ++0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6148] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6157] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6163] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6169] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ ++0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6175] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6181] OBJ_ct_precert_scts */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6191] OBJ_ct_precert_poison */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6201] OBJ_ct_precert_signer */ ++0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6211] OBJ_ct_cert_scts */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6221] OBJ_jurisdictionLocalityName */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6232] OBJ_jurisdictionStateOrProvinceName */ ++0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6243] OBJ_jurisdictionCountryName */ + }; + +-#define NUM_NID 1061 +-static const ASN1_OBJECT nid_objs[NUM_NID] = { +- {"UNDEF", "undefined", NID_undef}, +- {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, +- {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]}, +- {"MD2", "md2", NID_md2, 8, &so[13]}, +- {"MD5", "md5", NID_md5, 8, &so[21]}, +- {"RC4", "rc4", NID_rc4, 8, &so[29]}, +- {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]}, +- {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]}, +- {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]}, +- {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]}, +- {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]}, +- {"X500", "directory services (X.500)", NID_X500, 1, &so[82]}, +- {"X509", "X509", NID_X509, 2, &so[83]}, +- {"CN", "commonName", NID_commonName, 3, &so[85]}, +- {"C", "countryName", NID_countryName, 3, &so[88]}, +- {"L", "localityName", NID_localityName, 3, &so[91]}, +- {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]}, +- {"O", "organizationName", NID_organizationName, 3, &so[97]}, +- {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]}, +- {"RSA", "rsa", NID_rsa, 4, &so[103]}, +- {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]}, +- {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]}, +- {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]}, +- {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]}, +- {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]}, +- {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]}, +- {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]}, +- {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]}, +- {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]}, +- {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]}, +- {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]}, +- {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]}, +- {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]}, +- {"DES-EDE3", "des-ede3", NID_des_ede3_ecb}, +- {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]}, +- {"IDEA-CFB", "idea-cfb", NID_idea_cfb64}, +- {"IDEA-ECB", "idea-ecb", NID_idea_ecb}, +- {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]}, +- {"RC2-ECB", "rc2-ecb", NID_rc2_ecb}, +- {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64}, +- {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64}, +- {"SHA", "sha", NID_sha, 5, &so[225]}, +- {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]}, +- {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc}, +- {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]}, +- {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]}, +- {"IDEA-OFB", "idea-ofb", NID_idea_ofb64}, +- {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]}, +- {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]}, +- {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]}, +- {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]}, +- {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]}, +- {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]}, +- {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]}, +- {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]}, +- {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]}, +- {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]}, +- {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]}, +- {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]}, +- {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]}, +- {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64}, +- {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64}, +- {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64}, +- {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64}, +- {"SHA1", "sha1", NID_sha1, 5, &so[360]}, +- {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]}, +- {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]}, +- {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]}, +- {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]}, +- {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]}, +- {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]}, +- {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]}, +- {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]}, +- {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]}, +- {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]}, +- {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]}, +- {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]}, +- {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]}, +- {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]}, +- {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]}, +- {"DESX-CBC", "desx-cbc", NID_desx_cbc}, +- {"id-ce", "id-ce", NID_id_ce, 2, &so[488]}, +- {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]}, +- {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]}, +- {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]}, +- {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]}, +- {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]}, +- {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]}, +- {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]}, +- {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]}, +- {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]}, +- {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]}, +- {"BF-ECB", "bf-ecb", NID_bf_ecb}, +- {"BF-CFB", "bf-cfb", NID_bf_cfb64}, +- {"BF-OFB", "bf-ofb", NID_bf_ofb64}, +- {"MDC2", "mdc2", NID_mdc2, 4, &so[526]}, +- {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]}, +- {"RC4-40", "rc4-40", NID_rc4_40}, +- {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc}, +- {"GN", "givenName", NID_givenName, 3, &so[534]}, +- {"SN", "surname", NID_surname, 3, &so[537]}, +- {"initials", "initials", NID_initials, 3, &so[540]}, +- {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]}, +- {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]}, +- {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]}, +- {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]}, +- {"title", "title", NID_title, 3, &so[564]}, +- {"description", "description", NID_description, 3, &so[567]}, +- {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]}, +- {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb}, +- {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64}, +- {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64}, +- {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]}, +- {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]}, +- {"MD5-SHA1", "md5-sha1", NID_md5_sha1}, +- {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]}, +- {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]}, +- {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]}, +- { NULL, NULL, NID_undef }, +- {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]}, +- {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]}, +- {"RC5-ECB", "rc5-ecb", NID_rc5_ecb}, +- {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64}, +- {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64}, +- { NULL, NULL, NID_undef }, +- {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]}, +- {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]}, +- {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]}, +- {"id-kp", "id-kp", NID_id_kp, 7, &so[646]}, +- {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]}, +- {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]}, +- {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]}, +- {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]}, +- {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]}, +- {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]}, +- {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]}, +- {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]}, +- {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]}, +- {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]}, +- {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]}, +- {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]}, +- {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]}, +- {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]}, +- {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]}, +- {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]}, +- {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]}, +- {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]}, +- {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]}, +- {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]}, +- {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]}, +- {"keyBag", "keyBag", NID_keyBag, 11, &so[826]}, +- {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]}, +- {"certBag", "certBag", NID_certBag, 11, &so[848]}, +- {"crlBag", "crlBag", NID_crlBag, 11, &so[859]}, +- {"secretBag", "secretBag", NID_secretBag, 11, &so[870]}, +- {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]}, +- {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]}, +- {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]}, +- {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]}, +- {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]}, +- {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]}, +- {"PBES2", "PBES2", NID_pbes2, 9, &so[940]}, +- {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]}, +- {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]}, +- {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]}, +- {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]}, +- {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc}, +- {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]}, +- {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]}, +- {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]}, +- {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]}, +- {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]}, +- {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]}, +- {"name", "name", NID_name, 3, &so[1037]}, +- {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]}, +- {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]}, +- {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]}, +- {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]}, +- {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]}, +- {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]}, +- {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]}, +- {"ISO", "iso", NID_iso}, +- {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]}, +- {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]}, +- {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]}, +- {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]}, +- {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]}, +- {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]}, +- {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]}, +- {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]}, +- {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]}, +- {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]}, +- {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]}, +- {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]}, +- {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]}, +- {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]}, +- {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]}, +- {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]}, +- {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]}, +- {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]}, +- {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]}, +- {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]}, +- {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]}, +- {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]}, +- {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]}, +- {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]}, +- {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]}, +- {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]}, +- {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]}, +- {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]}, +- {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]}, +- {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]}, +- {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]}, +- {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]}, +- {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]}, +- {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]}, +- {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]}, +- {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]}, +- {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]}, +- {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]}, +- {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]}, +- {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]}, +- {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]}, +- {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]}, +- {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]}, +- {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]}, +- {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]}, +- {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]}, +- {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]}, +- {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]}, +- {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]}, +- {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]}, +- {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]}, +- {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]}, +- {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]}, +- {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]}, +- {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]}, +- {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]}, +- {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]}, +- {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]}, +- {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]}, +- {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]}, +- {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]}, +- {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]}, +- {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]}, +- {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]}, +- {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]}, +- {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]}, +- {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]}, +- {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]}, +- {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]}, +- {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]}, +- {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]}, +- {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]}, +- {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]}, +- {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]}, +- {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]}, +- {"MD4", "md4", NID_md4, 8, &so[1870]}, +- {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]}, +- {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]}, +- {"id-it", "id-it", NID_id_it, 7, &so[1892]}, +- {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]}, +- {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]}, +- {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]}, +- {"id-on", "id-on", NID_id_on, 7, &so[1920]}, +- {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]}, +- {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]}, +- {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]}, +- {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]}, +- {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]}, +- {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]}, +- {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]}, +- {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]}, +- {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]}, +- {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]}, +- {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]}, +- {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]}, +- {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]}, +- {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]}, +- {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]}, +- {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]}, +- {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]}, +- {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]}, +- {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]}, +- {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]}, +- {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]}, +- {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]}, +- {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]}, +- {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]}, +- {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]}, +- {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]}, +- {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]}, +- {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]}, +- {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]}, +- {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]}, +- {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]}, +- {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]}, +- {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]}, +- {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]}, +- {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]}, +- {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]}, +- {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]}, +- {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]}, +- {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]}, +- {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]}, +- {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]}, +- {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]}, +- {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]}, +- {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]}, +- {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]}, +- {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]}, +- {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]}, +- {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]}, +- {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]}, +- {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]}, +- {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]}, +- {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]}, +- {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]}, +- {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]}, +- {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]}, +- {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]}, +- {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]}, +- {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]}, +- {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]}, +- {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]}, +- {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]}, +- {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]}, +- {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]}, +- {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]}, +- {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]}, +- {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]}, +- {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]}, +- {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]}, +- {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]}, +- {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]}, +- {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]}, +- {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]}, +- {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]}, +- {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]}, +- {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]}, +- {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]}, +- {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]}, +- {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]}, +- {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]}, +- {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]}, +- {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]}, +- {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]}, +- {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]}, +- {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]}, +- {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]}, +- { NULL, NULL, NID_undef }, +- {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]}, +- {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]}, +- {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]}, +- {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]}, +- {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]}, +- {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]}, +- {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]}, +- {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]}, +- {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]}, +- {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]}, +- {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]}, +- {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]}, +- {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]}, +- {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]}, +- {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]}, +- {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]}, +- {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]}, +- {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]}, +- {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]}, +- {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]}, +- {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]}, +- {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]}, +- {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]}, +- {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]}, +- {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]}, +- {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]}, +- {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]}, +- {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]}, +- {"ORG", "org", NID_org, 1, &so[2833]}, +- {"DOD", "dod", NID_dod, 2, &so[2834]}, +- {"IANA", "iana", NID_iana, 3, &so[2836]}, +- {"directory", "Directory", NID_Directory, 4, &so[2839]}, +- {"mgmt", "Management", NID_Management, 4, &so[2843]}, +- {"experimental", "Experimental", NID_Experimental, 4, &so[2847]}, +- {"private", "Private", NID_Private, 4, &so[2851]}, +- {"security", "Security", NID_Security, 4, &so[2855]}, +- {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]}, +- {"Mail", "Mail", NID_Mail, 4, &so[2863]}, +- {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]}, +- {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]}, +- {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]}, +- {"domain", "Domain", NID_Domain, 10, &so[2891]}, +- {"NULL", "NULL", NID_joint_iso_ccitt}, +- {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]}, +- {"clearance", "clearance", NID_clearance, 4, &so[2904]}, +- {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]}, +- {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]}, +- {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]}, +- {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]}, +- {"role", "role", NID_role, 3, &so[2941]}, +- {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]}, +- {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]}, +- {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]}, +- {"NULL", "NULL", NID_ccitt}, +- {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]}, +- {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]}, +- {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]}, +- {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]}, +- {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]}, +- {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]}, +- {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]}, +- {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]}, +- {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]}, +- {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]}, +- {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]}, +- {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]}, +- {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]}, +- {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]}, +- {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]}, +- {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]}, +- {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]}, +- {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]}, +- {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]}, +- {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]}, +- {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]}, +- {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]}, +- {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]}, +- {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]}, +- {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]}, +- {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]}, +- {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]}, +- {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]}, +- {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]}, +- {"data", "data", NID_data, 1, &so[3183]}, +- {"pss", "pss", NID_pss, 3, &so[3184]}, +- {"ucl", "ucl", NID_ucl, 7, &so[3187]}, +- {"pilot", "pilot", NID_pilot, 8, &so[3194]}, +- {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]}, +- {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]}, +- {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]}, +- {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]}, +- {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]}, +- {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]}, +- {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]}, +- {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]}, +- {"account", "account", NID_account, 10, &so[3278]}, +- {"document", "document", NID_document, 10, &so[3288]}, +- {"room", "room", NID_room, 10, &so[3298]}, +- {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]}, +- {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]}, +- {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]}, +- {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]}, +- {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]}, +- {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]}, +- {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]}, +- {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]}, +- {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]}, +- {"UID", "userId", NID_userId, 10, &so[3398]}, +- {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]}, +- {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]}, +- {"info", "info", NID_info, 10, &so[3428]}, +- {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]}, +- {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]}, +- {"photo", "photo", NID_photo, 10, &so[3458]}, +- {"userClass", "userClass", NID_userClass, 10, &so[3468]}, +- {"host", "host", NID_host, 10, &so[3478]}, +- {"manager", "manager", NID_manager, 10, &so[3488]}, +- {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]}, +- {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]}, +- {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]}, +- {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]}, +- {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]}, +- {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]}, +- {"secretary", "secretary", NID_secretary, 10, &so[3558]}, +- {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]}, +- {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]}, +- {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]}, +- {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]}, +- {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]}, +- {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]}, +- {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]}, +- {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]}, +- {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]}, +- {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]}, +- {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]}, +- {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]}, +- {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]}, +- {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]}, +- {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]}, +- {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]}, +- {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]}, +- {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]}, +- {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]}, +- {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]}, +- {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]}, +- {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]}, +- {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]}, +- {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]}, +- {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]}, +- {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]}, +- {"audio", "audio", NID_audio, 10, &so[3828]}, +- {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]}, +- {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]}, +- {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]}, +- {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]}, +- {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]}, +- {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]}, +- {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]}, +- {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]}, +- {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]}, +- { NULL, NULL, NID_undef }, +- {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]}, +- {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]}, +- {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]}, +- {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]}, +- {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]}, +- {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]}, +- {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]}, +- {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]}, +- {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]}, +- {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]}, +- {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]}, +- {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]}, +- {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]}, +- {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]}, +- {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]}, +- {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]}, +- {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]}, +- {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]}, +- {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]}, +- {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]}, +- {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]}, +- {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]}, +- {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]}, +- {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]}, +- {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]}, +- {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]}, +- {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]}, +- {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]}, +- {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]}, +- {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]}, +- {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]}, +- {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]}, +- {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]}, +- {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]}, +- {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]}, +- {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]}, +- {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]}, +- {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]}, +- {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]}, +- {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]}, +- {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]}, +- {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]}, +- {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]}, +- {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]}, +- {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]}, +- {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]}, +- {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]}, +- {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]}, +- {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]}, +- {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]}, +- {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]}, +- {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]}, +- {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]}, +- {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]}, +- {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]}, +- {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]}, +- {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]}, +- {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]}, +- {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]}, +- {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]}, +- {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]}, +- {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]}, +- {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]}, +- {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]}, +- {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]}, +- {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]}, +- {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]}, +- {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]}, +- {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]}, +- {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]}, +- {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]}, +- {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]}, +- {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]}, +- {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]}, +- {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]}, +- {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]}, +- {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]}, +- {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]}, +- {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]}, +- {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]}, +- {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]}, +- {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]}, +- {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]}, +- {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]}, +- {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]}, +- {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]}, +- {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]}, +- {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]}, +- {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]}, +- {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]}, +- {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]}, +- {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]}, +- {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]}, +- {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]}, +- {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]}, +- {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]}, +- {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]}, +- {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]}, +- {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]}, +- {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]}, +- {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]}, +- {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]}, +- {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]}, +- {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]}, +- {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]}, +- {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]}, +- {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]}, +- {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]}, +- {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]}, +- {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]}, +- {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]}, +- {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]}, +- {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]}, +- {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]}, +- {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]}, +- {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]}, +- {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]}, +- {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]}, +- {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]}, +- {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]}, +- {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]}, +- {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]}, +- {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]}, +- {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]}, +- {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]}, +- {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]}, +- {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]}, +- {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]}, +- {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]}, +- {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]}, +- {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]}, +- {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]}, +- {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]}, +- {"ITU-T", "itu-t", NID_itu_t}, +- {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t}, +- {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]}, +- {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]}, +- {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]}, +- {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1}, +- {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1}, +- {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1}, +- {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8}, +- {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8}, +- {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8}, +- {"DES-CFB1", "des-cfb1", NID_des_cfb1}, +- {"DES-CFB8", "des-cfb8", NID_des_cfb8}, +- {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1}, +- {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8}, +- {"street", "streetAddress", NID_streetAddress, 3, &so[4460]}, +- {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]}, +- {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]}, +- {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]}, +- {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]}, +- {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]}, +- {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]}, +- {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]}, +- {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]}, +- {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]}, +- {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]}, +- {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]}, +- {"SHA256", "sha256", NID_sha256, 9, &so[4544]}, +- {"SHA384", "sha384", NID_sha384, 9, &so[4553]}, +- {"SHA512", "sha512", NID_sha512, 9, &so[4562]}, +- {"SHA224", "sha224", NID_sha224, 9, &so[4571]}, +- {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]}, +- {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]}, +- {"wap", "wap", NID_wap, 2, &so[4584]}, +- {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]}, +- {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]}, +- {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]}, +- {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]}, +- {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]}, +- {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]}, +- {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]}, +- {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]}, +- {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]}, +- {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]}, +- {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]}, +- {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]}, +- {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]}, +- {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]}, +- {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]}, +- {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]}, +- {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]}, +- {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]}, +- {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]}, +- {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]}, +- {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]}, +- {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]}, +- {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]}, +- {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]}, +- {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]}, +- {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]}, +- {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]}, +- {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]}, +- {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]}, +- {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]}, +- {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]}, +- {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]}, +- {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]}, +- {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]}, +- {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]}, +- {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]}, +- {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]}, +- {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]}, +- {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]}, +- {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]}, +- {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]}, +- {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]}, +- {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]}, +- {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]}, +- {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]}, +- {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]}, +- {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]}, +- {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]}, +- {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]}, +- {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]}, +- {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]}, +- {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]}, +- {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]}, +- {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]}, +- {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]}, +- {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]}, +- {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]}, +- {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]}, +- {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]}, +- {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]}, +- {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]}, +- {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]}, +- {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]}, +- {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]}, +- {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]}, +- {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]}, +- {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]}, +- {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]}, +- {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]}, +- {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]}, +- {"Oakley-EC2N-3", "ipsec3", NID_ipsec3}, +- {"Oakley-EC2N-4", "ipsec4", NID_ipsec4}, +- {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]}, +- {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]}, +- {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]}, +- {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]}, +- {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]}, +- {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]}, +- {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]}, +- {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]}, +- {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]}, +- {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1}, +- {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1}, +- {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1}, +- {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8}, +- {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8}, +- {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8}, +- {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]}, +- {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]}, +- {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]}, +- {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]}, +- {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]}, +- {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]}, +- { NULL, NULL, NID_undef }, +- {"KISA", "kisa", NID_kisa, 6, &so[5118]}, +- { NULL, NULL, NID_undef }, +- { NULL, NULL, NID_undef }, +- {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]}, +- {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]}, +- {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]}, +- {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]}, +- {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]}, +- {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]}, +- {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]}, +- {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]}, +- {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]}, +- {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]}, +- {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]}, +- {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]}, +- {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]}, +- {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]}, +- {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]}, +- {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]}, +- {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]}, +- {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]}, +- {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]}, +- {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]}, +- {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]}, +- {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]}, +- {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]}, +- {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]}, +- {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]}, +- {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]}, +- {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]}, +- {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]}, +- {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]}, +- {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]}, +- {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]}, +- {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]}, +- {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]}, +- {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]}, +- {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]}, +- {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]}, +- {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]}, +- {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]}, +- {"gost89-cnt", "gost89-cnt", NID_gost89_cnt}, +- {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]}, +- {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]}, +- {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]}, +- {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]}, +- {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]}, +- {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]}, +- {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]}, +- {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]}, +- {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]}, +- {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]}, +- {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]}, +- {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]}, +- {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]}, +- {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]}, +- {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]}, +- {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]}, +- {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]}, +- {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]}, +- {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]}, +- {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]}, +- {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]}, +- {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]}, +- {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]}, +- {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]}, +- {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]}, +- {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]}, +- {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]}, +- {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]}, +- {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]}, +- {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]}, +- {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]}, +- {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]}, +- {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]}, +- {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]}, +- {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]}, +- {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]}, +- {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]}, +- {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]}, +- {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]}, +- {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]}, +- {"HMAC", "hmac", NID_hmac}, +- {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]}, +- {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]}, +- {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]}, +- {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]}, +- {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]}, +- {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]}, +- {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]}, +- {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]}, +- {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]}, +- {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]}, +- {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]}, +- {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]}, +- {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]}, +- {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]}, +- {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]}, +- {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]}, +- {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]}, +- {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]}, +- {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]}, +- {"member", "member", NID_member, 3, &so[5767]}, +- {"owner", "owner", NID_owner, 3, &so[5770]}, +- {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]}, +- {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]}, +- {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]}, +- {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]}, +- {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]}, +- {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]}, +- {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]}, +- {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]}, +- {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]}, +- {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]}, +- {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]}, +- {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]}, +- {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]}, +- {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]}, +- {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]}, +- {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]}, +- {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]}, +- {"CMAC", "cmac", NID_cmac}, +- {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]}, +- {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]}, +- {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]}, +- {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]}, +- {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]}, +- {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]}, +- {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]}, +- {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]}, +- {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]}, +- {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr}, +- {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr}, +- {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr}, +- {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]}, +- {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]}, +- {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]}, +- {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]}, +- {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]}, +- {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]}, +- {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts}, +- {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts}, +- {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5}, +- {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1}, +- {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1}, +- {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1}, +- {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5968]}, +- {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5977]}, +- {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[5984]}, +- {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[5993]}, +- {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6002]}, +- {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6011]}, +- {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6020]}, +- {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6029]}, +- {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6038]}, +- {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6047]}, +- {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6056]}, +- {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6065]}, +- {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6074]}, +- {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6083]}, +- {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6092]}, +- {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6101]}, +- {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6110]}, +- {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6119]}, +- {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6128]}, +- {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6134]}, +- {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6140]}, +- {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6146]}, +- {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6152]}, +- {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6161]}, +- {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6167]}, +- {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6173]}, +- {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6179]}, +- {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf}, +- {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf}, +- {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256}, +- {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256}, +- {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256}, +- {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6185]}, +- {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6195]}, +- {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6205]}, +- {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6215]}, +- {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6225]}, +- {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6236]}, +- {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6247]}, +- {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb}, +- {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb}, +- {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb}, +- {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6258]}, +- {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6266]}, +- {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6274]}, +- {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6282]}, +- {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6290]}, +- {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6298]}, +- {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6306]}, +- {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6314]}, +- {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6322]}, +- {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6330]}, +- {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6338]}, +- {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6346]}, +- {"id-scrypt", "id-scrypt", NID_id_scrypt, 9, &so[6354]}, +- {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6363]}, +- {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12}, +- {"gost-mac-12", "gost-mac-12", NID_gost_mac_12}, +- {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6368]}, +- {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6374]}, +- {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6381]}, +- {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6389]}, +- {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6397]}, +- {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6404]}, +- {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6412]}, +- {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6420]}, +- {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6427]}, +- {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6435]}, +- {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6443]}, +- {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6450]}, +- {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6458]}, +- {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6466]}, +- {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6473]}, +- {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6480]}, +- {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6488]}, +- {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6496]}, +- {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6502]}, +- {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6509]}, +- {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6517]}, +- {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6526]}, +- {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6535]}, +- {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6544]}, +- {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6551]}, +- {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6558]}, +- {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6566]}, +- {"INN", "INN", NID_INN, 8, &so[6575]}, +- {"OGRN", "OGRN", NID_OGRN, 5, &so[6583]}, +- {"SNILS", "SNILS", NID_SNILS, 5, &so[6588]}, +- {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6593]}, +- {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6598]}, +- {"gost89-cbc", "gost89-cbc", NID_gost89_cbc}, +- {"gost89-ecb", "gost89-ecb", NID_gost89_ecb}, +- {"gost89-ctr", "gost89-ctr", NID_gost89_ctr}, +- {"grasshopper-ecb", "grasshopper-ecb", NID_grasshopper_ecb}, +- {"grasshopper-ctr", "grasshopper-ctr", NID_grasshopper_ctr}, +- {"grasshopper-ofb", "grasshopper-ofb", NID_grasshopper_ofb}, +- {"grasshopper-cbc", "grasshopper-cbc", NID_grasshopper_cbc}, +- {"grasshopper-cfb", "grasshopper-cfb", NID_grasshopper_cfb}, +- {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac}, +- {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305}, +- {"ChaCha20", "chacha20", NID_chacha20}, +- {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6603]}, +- {"TLS1-PRF", "tls1-prf", NID_tls1_prf}, +- {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6611]}, +- {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6619]}, +- {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6627]}, +- {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6635]}, +- {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6643]}, +- {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6651]}, +- {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6659]}, +- {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6667]}, +- {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6675]}, +- {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6683]}, +- {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6689]}, +- {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6696]}, +- {"X25519", "X25519", NID_X25519, 3, &so[6703]}, +- {"X448", "X448", NID_X448, 3, &so[6706]}, +- {"HKDF", "hkdf", NID_hkdf}, +- {"KxRSA", "kx-rsa", NID_kx_rsa}, +- {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe}, +- {"KxDHE", "kx-dhe", NID_kx_dhe}, +- {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk}, +- {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk}, +- {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk}, +- {"KxPSK", "kx-psk", NID_kx_psk}, +- {"KxSRP", "kx-srp", NID_kx_srp}, +- {"KxGOST", "kx-gost", NID_kx_gost}, +- {"AuthRSA", "auth-rsa", NID_auth_rsa}, +- {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa}, +- {"AuthPSK", "auth-psk", NID_auth_psk}, +- {"AuthDSS", "auth-dss", NID_auth_dss}, +- {"AuthGOST01", "auth-gost01", NID_auth_gost01}, +- {"AuthGOST12", "auth-gost12", NID_auth_gost12}, +- {"AuthSRP", "auth-srp", NID_auth_srp}, +- {"AuthNULL", "auth-null", NID_auth_null}, +- { NULL, NULL, NID_undef }, +- { NULL, NULL, NID_undef }, +- {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6709]}, +- {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6720]}, +- {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6731]}, +- {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6742]}, +- {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6753]}, ++static const ASN1_OBJECT nid_objs[NUM_NID]={ ++{"UNDEF","undefined",NID_undef,0,NULL,0}, ++{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[0]),0}, ++{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[6]),0}, ++{"MD2","md2",NID_md2,8,&(lvalues[13]),0}, ++{"MD5","md5",NID_md5,8,&(lvalues[21]),0}, ++{"RC4","rc4",NID_rc4,8,&(lvalues[29]),0}, ++{"rsaEncryption","rsaEncryption",NID_rsaEncryption,9,&(lvalues[37]),0}, ++{"RSA-MD2","md2WithRSAEncryption",NID_md2WithRSAEncryption,9, ++ &(lvalues[46]),0}, ++{"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9, ++ &(lvalues[55]),0}, ++{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9, ++ &(lvalues[64]),0}, ++{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9, ++ &(lvalues[73]),0}, ++{"X500","directory services (X.500)",NID_X500,1,&(lvalues[82]),0}, ++{"X509","X509",NID_X509,2,&(lvalues[83]),0}, ++{"CN","commonName",NID_commonName,3,&(lvalues[85]),0}, ++{"C","countryName",NID_countryName,3,&(lvalues[88]),0}, ++{"L","localityName",NID_localityName,3,&(lvalues[91]),0}, ++{"ST","stateOrProvinceName",NID_stateOrProvinceName,3,&(lvalues[94]),0}, ++{"O","organizationName",NID_organizationName,3,&(lvalues[97]),0}, ++{"OU","organizationalUnitName",NID_organizationalUnitName,3, ++ &(lvalues[100]),0}, ++{"RSA","rsa",NID_rsa,4,&(lvalues[103]),0}, ++{"pkcs7","pkcs7",NID_pkcs7,8,&(lvalues[107]),0}, ++{"pkcs7-data","pkcs7-data",NID_pkcs7_data,9,&(lvalues[115]),0}, ++{"pkcs7-signedData","pkcs7-signedData",NID_pkcs7_signed,9, ++ &(lvalues[124]),0}, ++{"pkcs7-envelopedData","pkcs7-envelopedData",NID_pkcs7_enveloped,9, ++ &(lvalues[133]),0}, ++{"pkcs7-signedAndEnvelopedData","pkcs7-signedAndEnvelopedData", ++ NID_pkcs7_signedAndEnveloped,9,&(lvalues[142]),0}, ++{"pkcs7-digestData","pkcs7-digestData",NID_pkcs7_digest,9, ++ &(lvalues[151]),0}, ++{"pkcs7-encryptedData","pkcs7-encryptedData",NID_pkcs7_encrypted,9, ++ &(lvalues[160]),0}, ++{"pkcs3","pkcs3",NID_pkcs3,8,&(lvalues[169]),0}, ++{"dhKeyAgreement","dhKeyAgreement",NID_dhKeyAgreement,9, ++ &(lvalues[177]),0}, ++{"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[186]),0}, ++{"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[191]),0}, ++{"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[196]),0}, ++{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[201]),0}, ++{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL,0}, ++{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[206]),0}, ++{"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL,0}, ++{"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL,0}, ++{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[217]),0}, ++{"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL,0}, ++{"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL,0}, ++{"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL,0}, ++{"SHA","sha",NID_sha,5,&(lvalues[225]),0}, ++{"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5, ++ &(lvalues[230]),0}, ++{"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL,0}, ++{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[235]),0}, ++{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[243]),0}, ++{"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL,0}, ++{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[248]),0}, ++{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9, ++ &(lvalues[256]),0}, ++{"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9, ++ &(lvalues[265]),0}, ++{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[274]),0}, ++{"messageDigest","messageDigest",NID_pkcs9_messageDigest,9, ++ &(lvalues[283]),0}, ++{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[292]),0}, ++{"countersignature","countersignature",NID_pkcs9_countersignature,9, ++ &(lvalues[301]),0}, ++{"challengePassword","challengePassword",NID_pkcs9_challengePassword, ++ 9,&(lvalues[310]),0}, ++{"unstructuredAddress","unstructuredAddress", ++ NID_pkcs9_unstructuredAddress,9,&(lvalues[319]),0}, ++{"extendedCertificateAttributes","extendedCertificateAttributes", ++ NID_pkcs9_extCertAttributes,9,&(lvalues[328]),0}, ++{"Netscape","Netscape Communications Corp.",NID_netscape,7, ++ &(lvalues[337]),0}, ++{"nsCertExt","Netscape Certificate Extension", ++ NID_netscape_cert_extension,8,&(lvalues[344]),0}, ++{"nsDataType","Netscape Data Type",NID_netscape_data_type,8, ++ &(lvalues[352]),0}, ++{"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL,0}, ++{"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL,0}, ++{"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL,0}, ++{"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL,0}, ++{"SHA1","sha1",NID_sha1,5,&(lvalues[360]),0}, ++{"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9, ++ &(lvalues[365]),0}, ++{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[374]),0}, ++{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[379]),0}, ++{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC, ++ 9,&(lvalues[384]),0}, ++{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[393]),0}, ++{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[402]),0}, ++{"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9, ++ &(lvalues[407]),0}, ++{"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9, ++ &(lvalues[416]),0}, ++{"nsRevocationUrl","Netscape Revocation Url", ++ NID_netscape_revocation_url,9,&(lvalues[425]),0}, ++{"nsCaRevocationUrl","Netscape CA Revocation Url", ++ NID_netscape_ca_revocation_url,9,&(lvalues[434]),0}, ++{"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9, ++ &(lvalues[443]),0}, ++{"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url, ++ 9,&(lvalues[452]),0}, ++{"nsSslServerName","Netscape SSL Server Name", ++ NID_netscape_ssl_server_name,9,&(lvalues[461]),0}, ++{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[470]),0}, ++{"nsCertSequence","Netscape Certificate Sequence", ++ NID_netscape_cert_sequence,9,&(lvalues[479]),0}, ++{"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL,0}, ++{"id-ce","id-ce",NID_id_ce,2,&(lvalues[488]),0}, ++{"subjectKeyIdentifier","X509v3 Subject Key Identifier", ++ NID_subject_key_identifier,3,&(lvalues[490]),0}, ++{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[493]),0}, ++{"privateKeyUsagePeriod","X509v3 Private Key Usage Period", ++ NID_private_key_usage_period,3,&(lvalues[496]),0}, ++{"subjectAltName","X509v3 Subject Alternative Name", ++ NID_subject_alt_name,3,&(lvalues[499]),0}, ++{"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name, ++ 3,&(lvalues[502]),0}, ++{"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints, ++ 3,&(lvalues[505]),0}, ++{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[508]),0}, ++{"certificatePolicies","X509v3 Certificate Policies", ++ NID_certificate_policies,3,&(lvalues[511]),0}, ++{"authorityKeyIdentifier","X509v3 Authority Key Identifier", ++ NID_authority_key_identifier,3,&(lvalues[514]),0}, ++{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[517]),0}, ++{"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL,0}, ++{"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL,0}, ++{"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL,0}, ++{"MDC2","mdc2",NID_mdc2,4,&(lvalues[526]),0}, ++{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[530]),0}, ++{"RC4-40","rc4-40",NID_rc4_40,0,NULL,0}, ++{"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL,0}, ++{"GN","givenName",NID_givenName,3,&(lvalues[534]),0}, ++{"SN","surname",NID_surname,3,&(lvalues[537]),0}, ++{"initials","initials",NID_initials,3,&(lvalues[540]),0}, ++{NULL,NULL,NID_undef,0,NULL,0}, ++{"crlDistributionPoints","X509v3 CRL Distribution Points", ++ NID_crl_distribution_points,3,&(lvalues[543]),0}, ++{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[546]),0}, ++{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[551]),0}, ++{"title","title",NID_title,3,&(lvalues[554]),0}, ++{"description","description",NID_description,3,&(lvalues[557]),0}, ++{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[560]),0}, ++{"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL,0}, ++{"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL,0}, ++{"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL,0}, ++{"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC", ++ NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[569]),0}, ++{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[578]),0}, ++{"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL,0}, ++{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[585]),0}, ++{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[590]),0}, ++{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[597]),0}, ++{NULL,NULL,NID_undef,0,NULL,0}, ++{"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6, ++ &(lvalues[602]),0}, ++{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[608]),0}, ++{"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, ++{"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, ++{"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, ++{"RLE","run length compression",NID_rle_compression,6,&(lvalues[616]),0}, ++{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[622]),0}, ++{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, ++ &(lvalues[633]),0}, ++{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[636]),0}, ++{"id-kp","id-kp",NID_id_kp,7,&(lvalues[642]),0}, ++{"serverAuth","TLS Web Server Authentication",NID_server_auth,8, ++ &(lvalues[649]),0}, ++{"clientAuth","TLS Web Client Authentication",NID_client_auth,8, ++ &(lvalues[657]),0}, ++{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[665]),0}, ++{"emailProtection","E-mail Protection",NID_email_protect,8, ++ &(lvalues[673]),0}, ++{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[681]),0}, ++{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, ++ &(lvalues[689]),0}, ++{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, ++ &(lvalues[699]),0}, ++{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, ++ &(lvalues[709]),0}, ++{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[719]),0}, ++{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, ++ &(lvalues[729]),0}, ++{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[739]),0}, ++{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, ++ &(lvalues[748]),0}, ++{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[751]),0}, ++{"invalidityDate","Invalidity Date",NID_invalidity_date,3, ++ &(lvalues[754]),0}, ++{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[757]),0}, ++{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", ++ NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[762]),0}, ++{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", ++ NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[772]),0}, ++{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", ++ NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[782]),0}, ++{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", ++ NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[792]),0}, ++{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", ++ NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[802]),0}, ++{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", ++ NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[812]),0}, ++{"keyBag","keyBag",NID_keyBag,11,&(lvalues[822]),0}, ++{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, ++ 11,&(lvalues[833]),0}, ++{"certBag","certBag",NID_certBag,11,&(lvalues[844]),0}, ++{"crlBag","crlBag",NID_crlBag,11,&(lvalues[855]),0}, ++{"secretBag","secretBag",NID_secretBag,11,&(lvalues[866]),0}, ++{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, ++ &(lvalues[877]),0}, ++{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[888]),0}, ++{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[897]),0}, ++{"x509Certificate","x509Certificate",NID_x509Certificate,10, ++ &(lvalues[906]),0}, ++{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, ++ &(lvalues[916]),0}, ++{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[926]),0}, ++{"PBES2","PBES2",NID_pbes2,9,&(lvalues[936]),0}, ++{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[945]),0}, ++{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[954]),0}, ++{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[962]),0}, ++{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, ++ &(lvalues[970]),0}, ++{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, ++{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, ++ &(lvalues[978]),0}, ++{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, ++ &(lvalues[987]),0}, ++{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, ++ &(lvalues[996]),0}, ++{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, ++ &(lvalues[1005]),0}, ++{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, ++ &(lvalues[1014]),0}, ++{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1024]),0}, ++{"name","name",NID_name,3,&(lvalues[1033]),0}, ++{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1036]),0}, ++{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1039]),0}, ++{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1046]),0}, ++{"authorityInfoAccess","Authority Information Access",NID_info_access, ++ 8,&(lvalues[1053]),0}, ++{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1061]),0}, ++{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1069]),0}, ++{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1077]),0}, ++{"ISO","iso",NID_iso,0,NULL,0}, ++{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1085]),0}, ++{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1086]),0}, ++{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1089]),0}, ++{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1094]),0}, ++{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1100]),0}, ++{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1108]),0}, ++{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1116]),0}, ++{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1125]),0}, ++{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1135]),0}, ++{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1145]),0}, ++{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1155]),0}, ++{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1165]),0}, ++{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1175]),0}, ++{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1185]),0}, ++{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, ++ &(lvalues[1195]),0}, ++{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, ++ &(lvalues[1206]),0}, ++{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, ++ &(lvalues[1217]),0}, ++{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, ++ 11,&(lvalues[1228]),0}, ++{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", ++ NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1239]),0}, ++{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", ++ NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1250]),0}, ++{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", ++ NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1261]),0}, ++{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", ++ NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1272]),0}, ++{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, ++ 11,&(lvalues[1283]),0}, ++{"id-smime-ct-authData","id-smime-ct-authData", ++ NID_id_smime_ct_authData,11,&(lvalues[1294]),0}, ++{"id-smime-ct-publishCert","id-smime-ct-publishCert", ++ NID_id_smime_ct_publishCert,11,&(lvalues[1305]),0}, ++{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, ++ 11,&(lvalues[1316]),0}, ++{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, ++ 11,&(lvalues[1327]),0}, ++{"id-smime-ct-contentInfo","id-smime-ct-contentInfo", ++ NID_id_smime_ct_contentInfo,11,&(lvalues[1338]),0}, ++{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", ++ NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1349]),0}, ++{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", ++ NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1360]),0}, ++{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", ++ NID_id_smime_aa_receiptRequest,11,&(lvalues[1371]),0}, ++{"id-smime-aa-securityLabel","id-smime-aa-securityLabel", ++ NID_id_smime_aa_securityLabel,11,&(lvalues[1382]),0}, ++{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", ++ NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1393]),0}, ++{"id-smime-aa-contentHint","id-smime-aa-contentHint", ++ NID_id_smime_aa_contentHint,11,&(lvalues[1404]),0}, ++{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", ++ NID_id_smime_aa_msgSigDigest,11,&(lvalues[1415]),0}, ++{"id-smime-aa-encapContentType","id-smime-aa-encapContentType", ++ NID_id_smime_aa_encapContentType,11,&(lvalues[1426]),0}, ++{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", ++ NID_id_smime_aa_contentIdentifier,11,&(lvalues[1437]),0}, ++{"id-smime-aa-macValue","id-smime-aa-macValue", ++ NID_id_smime_aa_macValue,11,&(lvalues[1448]),0}, ++{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", ++ NID_id_smime_aa_equivalentLabels,11,&(lvalues[1459]),0}, ++{"id-smime-aa-contentReference","id-smime-aa-contentReference", ++ NID_id_smime_aa_contentReference,11,&(lvalues[1470]),0}, ++{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", ++ NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1481]),0}, ++{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", ++ NID_id_smime_aa_signingCertificate,11,&(lvalues[1492]),0}, ++{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", ++ NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1503]),0}, ++{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", ++ NID_id_smime_aa_timeStampToken,11,&(lvalues[1514]),0}, ++{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", ++ NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1525]),0}, ++{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", ++ NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1536]),0}, ++{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", ++ NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1547]),0}, ++{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", ++ NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1558]),0}, ++{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", ++ NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1569]),0}, ++{"id-smime-aa-ets-contentTimestamp", ++ "id-smime-aa-ets-contentTimestamp", ++ NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1580]),0}, ++{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", ++ NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1591]),0}, ++{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", ++ NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1602]),0}, ++{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", ++ NID_id_smime_aa_ets_certValues,11,&(lvalues[1613]),0}, ++{"id-smime-aa-ets-revocationValues", ++ "id-smime-aa-ets-revocationValues", ++ NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1624]),0}, ++{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", ++ NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1635]),0}, ++{"id-smime-aa-ets-certCRLTimestamp", ++ "id-smime-aa-ets-certCRLTimestamp", ++ NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1646]),0}, ++{"id-smime-aa-ets-archiveTimeStamp", ++ "id-smime-aa-ets-archiveTimeStamp", ++ NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1657]),0}, ++{"id-smime-aa-signatureType","id-smime-aa-signatureType", ++ NID_id_smime_aa_signatureType,11,&(lvalues[1668]),0}, ++{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", ++ NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1679]),0}, ++{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", ++ NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1690]),0}, ++{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", ++ NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1701]),0}, ++{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", ++ NID_id_smime_alg_3DESwrap,11,&(lvalues[1712]),0}, ++{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", ++ NID_id_smime_alg_RC2wrap,11,&(lvalues[1723]),0}, ++{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, ++ &(lvalues[1734]),0}, ++{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", ++ NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1745]),0}, ++{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", ++ NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1756]),0}, ++{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, ++ &(lvalues[1767]),0}, ++{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", ++ NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1778]),0}, ++{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", ++ NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1789]),0}, ++{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", ++ NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1800]),0}, ++{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", ++ NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1811]),0}, ++{"id-smime-cti-ets-proofOfDelivery", ++ "id-smime-cti-ets-proofOfDelivery", ++ NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1822]),0}, ++{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", ++ NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1833]),0}, ++{"id-smime-cti-ets-proofOfApproval", ++ "id-smime-cti-ets-proofOfApproval", ++ NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1844]),0}, ++{"id-smime-cti-ets-proofOfCreation", ++ "id-smime-cti-ets-proofOfCreation", ++ NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1855]),0}, ++{"MD4","md4",NID_md4,8,&(lvalues[1866]),0}, ++{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1874]),0}, ++{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1881]),0}, ++{"id-it","id-it",NID_id_it,7,&(lvalues[1888]),0}, ++{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1895]),0}, ++{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1902]),0}, ++{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1909]),0}, ++{"id-on","id-on",NID_id_on,7,&(lvalues[1916]),0}, ++{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1923]),0}, ++{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1930]),0}, ++{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1937]),0}, ++{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1944]),0}, ++{"id-pkix1-explicit-88","id-pkix1-explicit-88", ++ NID_id_pkix1_explicit_88,8,&(lvalues[1951]),0}, ++{"id-pkix1-implicit-88","id-pkix1-implicit-88", ++ NID_id_pkix1_implicit_88,8,&(lvalues[1959]),0}, ++{"id-pkix1-explicit-93","id-pkix1-explicit-93", ++ NID_id_pkix1_explicit_93,8,&(lvalues[1967]),0}, ++{"id-pkix1-implicit-93","id-pkix1-implicit-93", ++ NID_id_pkix1_implicit_93,8,&(lvalues[1975]),0}, ++{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1983]),0}, ++{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1991]),0}, ++{"id-mod-kea-profile-88","id-mod-kea-profile-88", ++ NID_id_mod_kea_profile_88,8,&(lvalues[1999]),0}, ++{"id-mod-kea-profile-93","id-mod-kea-profile-93", ++ NID_id_mod_kea_profile_93,8,&(lvalues[2007]),0}, ++{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2015]),0}, ++{"id-mod-qualified-cert-88","id-mod-qualified-cert-88", ++ NID_id_mod_qualified_cert_88,8,&(lvalues[2023]),0}, ++{"id-mod-qualified-cert-93","id-mod-qualified-cert-93", ++ NID_id_mod_qualified_cert_93,8,&(lvalues[2031]),0}, ++{"id-mod-attribute-cert","id-mod-attribute-cert", ++ NID_id_mod_attribute_cert,8,&(lvalues[2039]),0}, ++{"id-mod-timestamp-protocol","id-mod-timestamp-protocol", ++ NID_id_mod_timestamp_protocol,8,&(lvalues[2047]),0}, ++{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2055]),0}, ++{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2063]),0}, ++{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, ++ &(lvalues[2071]),0}, ++{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2079]),0}, ++{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2087]),0}, ++{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, ++ &(lvalues[2095]),0}, ++{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2103]),0}, ++{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2111]),0}, ++{"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, ++ &(lvalues[2119]),0}, ++{"sbgp-autonomousSysNum","sbgp-autonomousSysNum", ++ NID_sbgp_autonomousSysNum,8,&(lvalues[2127]),0}, ++{"sbgp-routerIdentifier","sbgp-routerIdentifier", ++ NID_sbgp_routerIdentifier,8,&(lvalues[2135]),0}, ++{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2143]),0}, ++{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, ++ &(lvalues[2151]),0}, ++{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2159]),0}, ++{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2167]),0}, ++{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2175]),0}, ++{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, ++ 8,&(lvalues[2183]),0}, ++{"id-it-signKeyPairTypes","id-it-signKeyPairTypes", ++ NID_id_it_signKeyPairTypes,8,&(lvalues[2191]),0}, ++{"id-it-encKeyPairTypes","id-it-encKeyPairTypes", ++ NID_id_it_encKeyPairTypes,8,&(lvalues[2199]),0}, ++{"id-it-preferredSymmAlg","id-it-preferredSymmAlg", ++ NID_id_it_preferredSymmAlg,8,&(lvalues[2207]),0}, ++{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", ++ NID_id_it_caKeyUpdateInfo,8,&(lvalues[2215]),0}, ++{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, ++ &(lvalues[2223]),0}, ++{"id-it-unsupportedOIDs","id-it-unsupportedOIDs", ++ NID_id_it_unsupportedOIDs,8,&(lvalues[2231]),0}, ++{"id-it-subscriptionRequest","id-it-subscriptionRequest", ++ NID_id_it_subscriptionRequest,8,&(lvalues[2239]),0}, ++{"id-it-subscriptionResponse","id-it-subscriptionResponse", ++ NID_id_it_subscriptionResponse,8,&(lvalues[2247]),0}, ++{"id-it-keyPairParamReq","id-it-keyPairParamReq", ++ NID_id_it_keyPairParamReq,8,&(lvalues[2255]),0}, ++{"id-it-keyPairParamRep","id-it-keyPairParamRep", ++ NID_id_it_keyPairParamRep,8,&(lvalues[2263]),0}, ++{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, ++ 8,&(lvalues[2271]),0}, ++{"id-it-implicitConfirm","id-it-implicitConfirm", ++ NID_id_it_implicitConfirm,8,&(lvalues[2279]),0}, ++{"id-it-confirmWaitTime","id-it-confirmWaitTime", ++ NID_id_it_confirmWaitTime,8,&(lvalues[2287]),0}, ++{"id-it-origPKIMessage","id-it-origPKIMessage", ++ NID_id_it_origPKIMessage,8,&(lvalues[2295]),0}, ++{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2303]),0}, ++{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2311]),0}, ++{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, ++ 9,&(lvalues[2319]),0}, ++{"id-regCtrl-authenticator","id-regCtrl-authenticator", ++ NID_id_regCtrl_authenticator,9,&(lvalues[2328]),0}, ++{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", ++ NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2337]),0}, ++{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", ++ NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2346]),0}, ++{"id-regCtrl-oldCertID","id-regCtrl-oldCertID", ++ NID_id_regCtrl_oldCertID,9,&(lvalues[2355]),0}, ++{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", ++ NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2364]),0}, ++{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", ++ NID_id_regInfo_utf8Pairs,9,&(lvalues[2373]),0}, ++{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, ++ &(lvalues[2382]),0}, ++{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2391]),0}, ++{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, ++ &(lvalues[2399]),0}, ++{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", ++ NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2407]),0}, ++{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2415]),0}, ++{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, ++ &(lvalues[2423]),0}, ++{"id-cmc-identification","id-cmc-identification", ++ NID_id_cmc_identification,8,&(lvalues[2431]),0}, ++{"id-cmc-identityProof","id-cmc-identityProof", ++ NID_id_cmc_identityProof,8,&(lvalues[2439]),0}, ++{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, ++ &(lvalues[2447]),0}, ++{"id-cmc-transactionId","id-cmc-transactionId", ++ NID_id_cmc_transactionId,8,&(lvalues[2455]),0}, ++{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, ++ &(lvalues[2463]),0}, ++{"id-cmc-recipientNonce","id-cmc-recipientNonce", ++ NID_id_cmc_recipientNonce,8,&(lvalues[2471]),0}, ++{"id-cmc-addExtensions","id-cmc-addExtensions", ++ NID_id_cmc_addExtensions,8,&(lvalues[2479]),0}, ++{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, ++ 8,&(lvalues[2487]),0}, ++{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, ++ 8,&(lvalues[2495]),0}, ++{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", ++ NID_id_cmc_lraPOPWitness,8,&(lvalues[2503]),0}, ++{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, ++ &(lvalues[2511]),0}, ++{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2519]),0}, ++{"id-cmc-revokeRequest","id-cmc-revokeRequest", ++ NID_id_cmc_revokeRequest,8,&(lvalues[2527]),0}, ++{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, ++ &(lvalues[2535]),0}, ++{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, ++ 8,&(lvalues[2543]),0}, ++{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, ++ 8,&(lvalues[2551]),0}, ++{"id-cmc-popLinkRandom","id-cmc-popLinkRandom", ++ NID_id_cmc_popLinkRandom,8,&(lvalues[2559]),0}, ++{"id-cmc-popLinkWitness","id-cmc-popLinkWitness", ++ NID_id_cmc_popLinkWitness,8,&(lvalues[2567]),0}, ++{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", ++ NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2575]),0}, ++{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, ++ &(lvalues[2583]),0}, ++{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, ++ &(lvalues[2591]),0}, ++{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, ++ 8,&(lvalues[2599]),0}, ++{NULL,NULL,NID_undef,0,NULL,0}, ++{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0}, ++{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", ++ NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0}, ++{"id-pda-countryOfResidence","id-pda-countryOfResidence", ++ NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0}, ++{"id-aca-authenticationInfo","id-aca-authenticationInfo", ++ NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0}, ++{"id-aca-accessIdentity","id-aca-accessIdentity", ++ NID_id_aca_accessIdentity,8,&(lvalues[2639]),0}, ++{"id-aca-chargingIdentity","id-aca-chargingIdentity", ++ NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0}, ++{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0}, ++{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0}, ++{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", ++ NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0}, ++{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0}, ++{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, ++ &(lvalues[2687]),0}, ++{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, ++ &(lvalues[2695]),0}, ++{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, ++ &(lvalues[2703]),0}, ++{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0}, ++{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, ++ &(lvalues[2719]),0}, ++{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0}, ++{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0}, ++{"acceptableResponses","Acceptable OCSP Responses", ++ NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0}, ++{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0}, ++{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, ++ 9,&(lvalues[2764]),0}, ++{"serviceLocator","OCSP Service Locator", ++ NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0}, ++{"extendedStatus","Extended OCSP Status", ++ NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0}, ++{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0}, ++{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0}, ++{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, ++ &(lvalues[2809]),0}, ++{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0}, ++{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0}, ++{"X500algorithms","directory services - algorithms", ++ NID_X500algorithms,2,&(lvalues[2827]),0}, ++{"ORG","org",NID_org,1,&(lvalues[2829]),0}, ++{"DOD","dod",NID_dod,2,&(lvalues[2830]),0}, ++{"IANA","iana",NID_iana,3,&(lvalues[2832]),0}, ++{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0}, ++{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0}, ++{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0}, ++{"private","Private",NID_Private,4,&(lvalues[2847]),0}, ++{"security","Security",NID_Security,4,&(lvalues[2851]),0}, ++{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0}, ++{"Mail","Mail",NID_Mail,4,&(lvalues[2859]),0}, ++{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0}, ++{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0}, ++{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0}, ++{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0}, ++{"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0}, ++{"selected-attribute-types","Selected Attribute Types", ++ NID_selected_attribute_types,3,&(lvalues[2897]),0}, ++{"clearance","clearance",NID_clearance,4,&(lvalues[2900]),0}, ++{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, ++ &(lvalues[2904]),0}, ++{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2913]),0}, ++{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, ++ &(lvalues[2921]),0}, ++{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, ++ &(lvalues[2929]),0}, ++{"role","role",NID_role,3,&(lvalues[2937]),0}, ++{"policyConstraints","X509v3 Policy Constraints", ++ NID_policy_constraints,3,&(lvalues[2940]),0}, ++{"targetInformation","X509v3 AC Targeting",NID_target_information,3, ++ &(lvalues[2943]),0}, ++{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, ++ &(lvalues[2946]),0}, ++{"NULL","NULL",NID_ccitt,0,NULL,0}, ++{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2949]),0}, ++{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2954]),0}, ++{"characteristic-two-field","characteristic-two-field", ++ NID_X9_62_characteristic_two_field,7,&(lvalues[2961]),0}, ++{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, ++ &(lvalues[2968]),0}, ++{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2975]),0}, ++{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2983]),0}, ++{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2991]),0}, ++{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2999]),0}, ++{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3007]),0}, ++{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3015]),0}, ++{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3023]),0}, ++{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, ++ &(lvalues[3031]),0}, ++{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3038]),0}, ++{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3047]),0}, ++{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3056]),0}, ++{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3065]),0}, ++{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3074]),0}, ++{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3083]),0}, ++{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3092]),0}, ++{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3101]),0}, ++{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3110]),0}, ++{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3119]),0}, ++{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3128]),0}, ++{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3137]),0}, ++{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3146]),0}, ++{"holdInstructionCode","Hold Instruction Code", ++ NID_hold_instruction_code,3,&(lvalues[3155]),0}, ++{"holdInstructionNone","Hold Instruction None", ++ NID_hold_instruction_none,7,&(lvalues[3158]),0}, ++{"holdInstructionCallIssuer","Hold Instruction Call Issuer", ++ NID_hold_instruction_call_issuer,7,&(lvalues[3165]),0}, ++{"holdInstructionReject","Hold Instruction Reject", ++ NID_hold_instruction_reject,7,&(lvalues[3172]),0}, ++{"data","data",NID_data,1,&(lvalues[3179]),0}, ++{"pss","pss",NID_pss,3,&(lvalues[3180]),0}, ++{"ucl","ucl",NID_ucl,7,&(lvalues[3183]),0}, ++{"pilot","pilot",NID_pilot,8,&(lvalues[3190]),0}, ++{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, ++ &(lvalues[3198]),0}, ++{"pilotAttributeSyntax","pilotAttributeSyntax", ++ NID_pilotAttributeSyntax,9,&(lvalues[3207]),0}, ++{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, ++ &(lvalues[3216]),0}, ++{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3225]),0}, ++{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, ++ &(lvalues[3234]),0}, ++{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", ++ NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3244]),0}, ++{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3254]),0}, ++{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3264]),0}, ++{"account","account",NID_account,10,&(lvalues[3274]),0}, ++{"document","document",NID_document,10,&(lvalues[3284]),0}, ++{"room","room",NID_room,10,&(lvalues[3294]),0}, ++{"documentSeries","documentSeries",NID_documentSeries,10, ++ &(lvalues[3304]),0}, ++{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, ++ &(lvalues[3314]),0}, ++{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3324]),0}, ++{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, ++ 10,&(lvalues[3334]),0}, ++{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, ++ &(lvalues[3344]),0}, ++{"simpleSecurityObject","simpleSecurityObject", ++ NID_simpleSecurityObject,10,&(lvalues[3354]),0}, ++{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, ++ &(lvalues[3364]),0}, ++{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3374]),0}, ++{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, ++ 10,&(lvalues[3384]),0}, ++{"UID","userId",NID_userId,10,&(lvalues[3394]),0}, ++{"textEncodedORAddress","textEncodedORAddress", ++ NID_textEncodedORAddress,10,&(lvalues[3404]),0}, ++{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3414]),0}, ++{"info","info",NID_info,10,&(lvalues[3424]),0}, ++{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, ++ &(lvalues[3434]),0}, ++{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3444]),0}, ++{"photo","photo",NID_photo,10,&(lvalues[3454]),0}, ++{"userClass","userClass",NID_userClass,10,&(lvalues[3464]),0}, ++{"host","host",NID_host,10,&(lvalues[3474]),0}, ++{"manager","manager",NID_manager,10,&(lvalues[3484]),0}, ++{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, ++ &(lvalues[3494]),0}, ++{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3504]),0}, ++{"documentVersion","documentVersion",NID_documentVersion,10, ++ &(lvalues[3514]),0}, ++{"documentAuthor","documentAuthor",NID_documentAuthor,10, ++ &(lvalues[3524]),0}, ++{"documentLocation","documentLocation",NID_documentLocation,10, ++ &(lvalues[3534]),0}, ++{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, ++ 10,&(lvalues[3544]),0}, ++{"secretary","secretary",NID_secretary,10,&(lvalues[3554]),0}, ++{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3564]),0}, ++{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, ++ &(lvalues[3574]),0}, ++{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, ++ &(lvalues[3584]),0}, ++{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3594]),0}, ++{"pilotAttributeType27","pilotAttributeType27", ++ NID_pilotAttributeType27,10,&(lvalues[3604]),0}, ++{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3614]),0}, ++{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3624]),0}, ++{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3634]),0}, ++{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3644]),0}, ++{"associatedDomain","associatedDomain",NID_associatedDomain,10, ++ &(lvalues[3654]),0}, ++{"associatedName","associatedName",NID_associatedName,10, ++ &(lvalues[3664]),0}, ++{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, ++ &(lvalues[3674]),0}, ++{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3684]),0}, ++{"mobileTelephoneNumber","mobileTelephoneNumber", ++ NID_mobileTelephoneNumber,10,&(lvalues[3694]),0}, ++{"pagerTelephoneNumber","pagerTelephoneNumber", ++ NID_pagerTelephoneNumber,10,&(lvalues[3704]),0}, ++{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, ++ 10,&(lvalues[3714]),0}, ++{"organizationalStatus","organizationalStatus", ++ NID_organizationalStatus,10,&(lvalues[3724]),0}, ++{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3734]),0}, ++{"mailPreferenceOption","mailPreferenceOption", ++ NID_mailPreferenceOption,10,&(lvalues[3744]),0}, ++{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3754]),0}, ++{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3764]),0}, ++{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, ++ &(lvalues[3774]),0}, ++{"subtreeMinimumQuality","subtreeMinimumQuality", ++ NID_subtreeMinimumQuality,10,&(lvalues[3784]),0}, ++{"subtreeMaximumQuality","subtreeMaximumQuality", ++ NID_subtreeMaximumQuality,10,&(lvalues[3794]),0}, ++{"personalSignature","personalSignature",NID_personalSignature,10, ++ &(lvalues[3804]),0}, ++{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3814]),0}, ++{"audio","audio",NID_audio,10,&(lvalues[3824]),0}, ++{"documentPublisher","documentPublisher",NID_documentPublisher,10, ++ &(lvalues[3834]),0}, ++{"x500UniqueIdentifier","x500UniqueIdentifier", ++ NID_x500UniqueIdentifier,3,&(lvalues[3844]),0}, ++{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3847]),0}, ++{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, ++ &(lvalues[3852]),0}, ++{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, ++ &(lvalues[3858]),0}, ++{"id-hex-partial-message","id-hex-partial-message", ++ NID_id_hex_partial_message,7,&(lvalues[3864]),0}, ++{"id-hex-multipart-message","id-hex-multipart-message", ++ NID_id_hex_multipart_message,7,&(lvalues[3871]),0}, ++{"generationQualifier","generationQualifier",NID_generationQualifier, ++ 3,&(lvalues[3878]),0}, ++{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3881]),0}, ++{NULL,NULL,NID_undef,0,NULL,0}, ++{"id-set","Secure Electronic Transactions",NID_id_set,2, ++ &(lvalues[3884]),0}, ++{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3886]),0}, ++{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3889]),0}, ++{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3892]),0}, ++{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3895]),0}, ++{"set-certExt","certificate extensions",NID_set_certExt,3, ++ &(lvalues[3898]),0}, ++{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3901]),0}, ++{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3904]),0}, ++{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, ++ &(lvalues[3908]),0}, ++{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3912]),0}, ++{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3916]),0}, ++{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3920]),0}, ++{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3924]),0}, ++{"setct-PIDataUnsigned","setct-PIDataUnsigned", ++ NID_setct_PIDataUnsigned,4,&(lvalues[3928]),0}, ++{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, ++ &(lvalues[3932]),0}, ++{"setct-AuthResBaggage","setct-AuthResBaggage", ++ NID_setct_AuthResBaggage,4,&(lvalues[3936]),0}, ++{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", ++ NID_setct_AuthRevReqBaggage,4,&(lvalues[3940]),0}, ++{"setct-AuthRevResBaggage","setct-AuthRevResBaggage", ++ NID_setct_AuthRevResBaggage,4,&(lvalues[3944]),0}, ++{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, ++ &(lvalues[3948]),0}, ++{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, ++ &(lvalues[3952]),0}, ++{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3956]),0}, ++{"setct-PResData","setct-PResData",NID_setct_PResData,4, ++ &(lvalues[3960]),0}, ++{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, ++ &(lvalues[3964]),0}, ++{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, ++ &(lvalues[3968]),0}, ++{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, ++ &(lvalues[3972]),0}, ++{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, ++ &(lvalues[3976]),0}, ++{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, ++ &(lvalues[3980]),0}, ++{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, ++ &(lvalues[3984]),0}, ++{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", ++ NID_setct_AcqCardCodeMsg,4,&(lvalues[3988]),0}, ++{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, ++ 4,&(lvalues[3992]),0}, ++{"setct-AuthRevResData","setct-AuthRevResData", ++ NID_setct_AuthRevResData,4,&(lvalues[3996]),0}, ++{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, ++ 4,&(lvalues[4000]),0}, ++{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, ++ &(lvalues[4004]),0}, ++{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, ++ &(lvalues[4008]),0}, ++{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, ++ &(lvalues[4012]),0}, ++{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, ++ &(lvalues[4016]),0}, ++{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, ++ 4,&(lvalues[4020]),0}, ++{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, ++ 4,&(lvalues[4024]),0}, ++{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, ++ &(lvalues[4028]),0}, ++{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, ++ &(lvalues[4032]),0}, ++{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, ++ &(lvalues[4036]),0}, ++{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, ++ 4,&(lvalues[4040]),0}, ++{"setct-CredRevReqTBSX","setct-CredRevReqTBSX", ++ NID_setct_CredRevReqTBSX,4,&(lvalues[4044]),0}, ++{"setct-CredRevResData","setct-CredRevResData", ++ NID_setct_CredRevResData,4,&(lvalues[4048]),0}, ++{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, ++ &(lvalues[4052]),0}, ++{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, ++ &(lvalues[4056]),0}, ++{"setct-BatchAdminReqData","setct-BatchAdminReqData", ++ NID_setct_BatchAdminReqData,4,&(lvalues[4060]),0}, ++{"setct-BatchAdminResData","setct-BatchAdminResData", ++ NID_setct_BatchAdminResData,4,&(lvalues[4064]),0}, ++{"setct-CardCInitResTBS","setct-CardCInitResTBS", ++ NID_setct_CardCInitResTBS,4,&(lvalues[4068]),0}, ++{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", ++ NID_setct_MeAqCInitResTBS,4,&(lvalues[4072]),0}, ++{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, ++ 4,&(lvalues[4076]),0}, ++{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, ++ &(lvalues[4080]),0}, ++{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, ++ &(lvalues[4084]),0}, ++{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, ++ &(lvalues[4088]),0}, ++{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, ++ 4,&(lvalues[4092]),0}, ++{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, ++ &(lvalues[4096]),0}, ++{"setct-PIDualSignedTBE","setct-PIDualSignedTBE", ++ NID_setct_PIDualSignedTBE,4,&(lvalues[4100]),0}, ++{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, ++ 4,&(lvalues[4104]),0}, ++{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, ++ &(lvalues[4108]),0}, ++{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, ++ &(lvalues[4112]),0}, ++{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, ++ &(lvalues[4116]),0}, ++{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, ++ &(lvalues[4120]),0}, ++{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, ++ &(lvalues[4124]),0}, ++{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, ++ &(lvalues[4128]),0}, ++{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", ++ NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4132]),0}, ++{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, ++ 4,&(lvalues[4136]),0}, ++{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, ++ 4,&(lvalues[4140]),0}, ++{"setct-AuthRevResTBEB","setct-AuthRevResTBEB", ++ NID_setct_AuthRevResTBEB,4,&(lvalues[4144]),0}, ++{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, ++ &(lvalues[4148]),0}, ++{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, ++ &(lvalues[4152]),0}, ++{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, ++ &(lvalues[4156]),0}, ++{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, ++ &(lvalues[4160]),0}, ++{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, ++ 4,&(lvalues[4164]),0}, ++{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, ++ &(lvalues[4168]),0}, ++{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, ++ &(lvalues[4172]),0}, ++{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, ++ &(lvalues[4176]),0}, ++{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, ++ &(lvalues[4180]),0}, ++{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, ++ 4,&(lvalues[4184]),0}, ++{"setct-CredRevReqTBEX","setct-CredRevReqTBEX", ++ NID_setct_CredRevReqTBEX,4,&(lvalues[4188]),0}, ++{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, ++ 4,&(lvalues[4192]),0}, ++{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", ++ NID_setct_BatchAdminReqTBE,4,&(lvalues[4196]),0}, ++{"setct-BatchAdminResTBE","setct-BatchAdminResTBE", ++ NID_setct_BatchAdminResTBE,4,&(lvalues[4200]),0}, ++{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, ++ 4,&(lvalues[4204]),0}, ++{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, ++ &(lvalues[4208]),0}, ++{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, ++ &(lvalues[4212]),0}, ++{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, ++ &(lvalues[4216]),0}, ++{"setct-CRLNotificationTBS","setct-CRLNotificationTBS", ++ NID_setct_CRLNotificationTBS,4,&(lvalues[4220]),0}, ++{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", ++ NID_setct_CRLNotificationResTBS,4,&(lvalues[4224]),0}, ++{"setct-BCIDistributionTBS","setct-BCIDistributionTBS", ++ NID_setct_BCIDistributionTBS,4,&(lvalues[4228]),0}, ++{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, ++ &(lvalues[4232]),0}, ++{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, ++ &(lvalues[4236]),0}, ++{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, ++ &(lvalues[4240]),0}, ++{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4244]),0}, ++{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4248]),0}, ++{"setext-cv","additional verification",NID_setext_cv,4, ++ &(lvalues[4252]),0}, ++{"set-policy-root","set-policy-root",NID_set_policy_root,4, ++ &(lvalues[4256]),0}, ++{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, ++ &(lvalues[4260]),0}, ++{"setCext-certType","setCext-certType",NID_setCext_certType,4, ++ &(lvalues[4264]),0}, ++{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, ++ &(lvalues[4268]),0}, ++{"setCext-cCertRequired","setCext-cCertRequired", ++ NID_setCext_cCertRequired,4,&(lvalues[4272]),0}, ++{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, ++ &(lvalues[4276]),0}, ++{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, ++ &(lvalues[4280]),0}, ++{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, ++ &(lvalues[4284]),0}, ++{"setCext-PGWYcapabilities","setCext-PGWYcapabilities", ++ NID_setCext_PGWYcapabilities,4,&(lvalues[4288]),0}, ++{"setCext-TokenIdentifier","setCext-TokenIdentifier", ++ NID_setCext_TokenIdentifier,4,&(lvalues[4292]),0}, ++{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, ++ &(lvalues[4296]),0}, ++{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, ++ &(lvalues[4300]),0}, ++{"setCext-IssuerCapabilities","setCext-IssuerCapabilities", ++ NID_setCext_IssuerCapabilities,4,&(lvalues[4304]),0}, ++{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4308]),0}, ++{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, ++ 4,&(lvalues[4312]),0}, ++{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, ++ &(lvalues[4316]),0}, ++{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, ++ &(lvalues[4320]),0}, ++{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, ++ &(lvalues[4324]),0}, ++{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4329]),0}, ++{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, ++ &(lvalues[4334]),0}, ++{"setAttr-Token-B0Prime","setAttr-Token-B0Prime", ++ NID_setAttr_Token_B0Prime,5,&(lvalues[4339]),0}, ++{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, ++ &(lvalues[4344]),0}, ++{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, ++ &(lvalues[4349]),0}, ++{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, ++ &(lvalues[4354]),0}, ++{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, ++ 6,&(lvalues[4359]),0}, ++{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, ++ &(lvalues[4365]),0}, ++{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, ++ &(lvalues[4371]),0}, ++{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, ++ &(lvalues[4377]),0}, ++{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, ++ 6,&(lvalues[4383]),0}, ++{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, ++ &(lvalues[4389]),0}, ++{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, ++ &(lvalues[4393]),0}, ++{"set-brand-AmericanExpress","set-brand-AmericanExpress", ++ NID_set_brand_AmericanExpress,4,&(lvalues[4397]),0}, ++{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4401]),0}, ++{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, ++ &(lvalues[4405]),0}, ++{"set-brand-MasterCard","set-brand-MasterCard", ++ NID_set_brand_MasterCard,4,&(lvalues[4409]),0}, ++{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, ++ &(lvalues[4413]),0}, ++{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4418]),0}, ++{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", ++ NID_rsaOAEPEncryptionSET,9,&(lvalues[4426]),0}, ++{"ITU-T","itu-t",NID_itu_t,0,NULL,0}, ++{"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0}, ++{"international-organizations","International Organizations", ++ NID_international_organizations,1,&(lvalues[4435]),0}, ++{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, ++ 10,&(lvalues[4436]),0}, ++{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, ++ &(lvalues[4446]),0}, ++{"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, ++{"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, ++{"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, ++{"AES-128-CFB8","aes-128-cfb8",NID_aes_128_cfb8,0,NULL,0}, ++{"AES-192-CFB8","aes-192-cfb8",NID_aes_192_cfb8,0,NULL,0}, ++{"AES-256-CFB8","aes-256-cfb8",NID_aes_256_cfb8,0,NULL,0}, ++{"DES-CFB1","des-cfb1",NID_des_cfb1,0,NULL,0}, ++{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, ++{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, ++{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, ++{"street","streetAddress",NID_streetAddress,3,&(lvalues[4456]),0}, ++{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4459]),0}, ++{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4462]),0}, ++{"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, ++ &(lvalues[4469]),0}, ++{"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, ++ &(lvalues[4477]),0}, ++{"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, ++ &(lvalues[4485]),0}, ++{"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, ++ &(lvalues[4493]),0}, ++{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4496]),0}, ++{"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, ++ &(lvalues[4504]),0}, ++{"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, ++ &(lvalues[4513]),0}, ++{"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, ++ &(lvalues[4522]),0}, ++{"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, ++ &(lvalues[4531]),0}, ++{"SHA256","sha256",NID_sha256,9,&(lvalues[4540]),0}, ++{"SHA384","sha384",NID_sha384,9,&(lvalues[4549]),0}, ++{"SHA512","sha512",NID_sha512,9,&(lvalues[4558]),0}, ++{"SHA224","sha224",NID_sha224,9,&(lvalues[4567]),0}, ++{"identified-organization","identified-organization", ++ NID_identified_organization,1,&(lvalues[4576]),0}, ++{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4577]),0}, ++{"wap","wap",NID_wap,2,&(lvalues[4580]),0}, ++{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4582]),0}, ++{"id-characteristic-two-basis","id-characteristic-two-basis", ++ NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4585]),0}, ++{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4593]),0}, ++{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4602]),0}, ++{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4611]),0}, ++{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4620]),0}, ++{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4628]),0}, ++{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4636]),0}, ++{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4644]),0}, ++{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4652]),0}, ++{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4660]),0}, ++{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4668]),0}, ++{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4676]),0}, ++{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4684]),0}, ++{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4692]),0}, ++{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4700]),0}, ++{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4708]),0}, ++{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4716]),0}, ++{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4724]),0}, ++{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4732]),0}, ++{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4740]),0}, ++{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4748]),0}, ++{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4756]),0}, ++{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4764]),0}, ++{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4772]),0}, ++{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4780]),0}, ++{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4785]),0}, ++{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4790]),0}, ++{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4795]),0}, ++{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4800]),0}, ++{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4805]),0}, ++{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4810]),0}, ++{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4815]),0}, ++{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4820]),0}, ++{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4825]),0}, ++{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4830]),0}, ++{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4835]),0}, ++{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4840]),0}, ++{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4845]),0}, ++{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4850]),0}, ++{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4855]),0}, ++{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4860]),0}, ++{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4865]),0}, ++{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4870]),0}, ++{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4875]),0}, ++{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4880]),0}, ++{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4885]),0}, ++{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4890]),0}, ++{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4895]),0}, ++{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4900]),0}, ++{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4905]),0}, ++{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4910]),0}, ++{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4915]),0}, ++{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4920]),0}, ++{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4925]),0}, ++{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4930]),0}, ++{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", ++ NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4935]),0}, ++{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", ++ NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4940]),0}, ++{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", ++ NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4945]),0}, ++{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", ++ NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4950]),0}, ++{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", ++ NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4955]),0}, ++{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", ++ NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4960]),0}, ++{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", ++ NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4965]),0}, ++{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", ++ NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4970]),0}, ++{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", ++ NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4975]),0}, ++{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", ++ NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4980]),0}, ++{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", ++ NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4985]),0}, ++{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4990]),0}, ++{"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, ++ &(lvalues[4994]),0}, ++{"inhibitAnyPolicy","X509v3 Inhibit Any Policy", ++ NID_inhibit_any_policy,3,&(lvalues[4997]),0}, ++{"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, ++{"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, ++{"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, ++ &(lvalues[5000]),0}, ++{"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, ++ &(lvalues[5011]),0}, ++{"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, ++ &(lvalues[5022]),0}, ++{"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, ++ &(lvalues[5033]),0}, ++{"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, ++ &(lvalues[5041]),0}, ++{"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, ++ &(lvalues[5049]),0}, ++{"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, ++ &(lvalues[5057]),0}, ++{"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, ++ &(lvalues[5065]),0}, ++{"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, ++ &(lvalues[5073]),0}, ++{"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, ++{"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, ++{"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, ++{"CAMELLIA-128-CFB8","camellia-128-cfb8",NID_camellia_128_cfb8,0,NULL,0}, ++{"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, ++{"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, ++{"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, ++ &(lvalues[5081]),0}, ++{"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, ++ &(lvalues[5089]),0}, ++{"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, ++ &(lvalues[5097]),0}, ++{"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", ++ NID_subject_directory_attributes,3,&(lvalues[5105]),0}, ++{"issuingDistributionPoint","X509v3 Issuing Distrubution Point", ++ NID_issuing_distribution_point,3,&(lvalues[5108]),0}, ++{"certificateIssuer","X509v3 Certificate Issuer", ++ NID_certificate_issuer,3,&(lvalues[5111]),0}, ++{NULL,NULL,NID_undef,0,NULL,0}, ++{"KISA","kisa",NID_kisa,6,&(lvalues[5114]),0}, ++{NULL,NULL,NID_undef,0,NULL,0}, ++{NULL,NULL,NID_undef,0,NULL,0}, ++{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5120]),0}, ++{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5128]),0}, ++{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5136]),0}, ++{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5144]),0}, ++{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5152]),0}, ++{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5160]),0}, ++{"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, ++ &(lvalues[5168]),0}, ++{"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, ++ &(lvalues[5177]),0}, ++{"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, ++ &(lvalues[5186]),0}, ++{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5194]),0}, ++{"id-smime-ct-compressedData","id-smime-ct-compressedData", ++ NID_id_smime_ct_compressedData,11,&(lvalues[5202]),0}, ++{"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", ++ NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5213]),0}, ++{"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, ++ &(lvalues[5224]),0}, ++{"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, ++ &(lvalues[5233]),0}, ++{"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, ++ &(lvalues[5242]),0}, ++{"ecdsa-with-Recommended","ecdsa-with-Recommended", ++ NID_ecdsa_with_Recommended,7,&(lvalues[5251]),0}, ++{"ecdsa-with-Specified","ecdsa-with-Specified", ++ NID_ecdsa_with_Specified,7,&(lvalues[5258]),0}, ++{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, ++ &(lvalues[5265]),0}, ++{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, ++ &(lvalues[5273]),0}, ++{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, ++ &(lvalues[5281]),0}, ++{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, ++ &(lvalues[5289]),0}, ++{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5297]),0}, ++{"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, ++ &(lvalues[5305]),0}, ++{"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, ++ &(lvalues[5313]),0}, ++{"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, ++ &(lvalues[5321]),0}, ++{"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, ++ &(lvalues[5329]),0}, ++{"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, ++ &(lvalues[5337]),0}, ++{"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, ++ &(lvalues[5346]),0}, ++{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5355]),0}, ++{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5361]),0}, ++{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5366]),0}, ++{"id-GostR3411-94-with-GostR3410-2001", ++ "GOST R 34.11-94 with GOST R 34.10-2001", ++ NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5371]),0}, ++{"id-GostR3411-94-with-GostR3410-94", ++ "GOST R 34.11-94 with GOST R 34.10-94", ++ NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5377]),0}, ++{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5383]),0}, ++{"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, ++ &(lvalues[5389]),0}, ++{"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, ++ &(lvalues[5395]),0}, ++{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5401]),0}, ++{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5407]),0}, ++{"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, ++{"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, ++ &(lvalues[5413]),0}, ++{"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, ++ &(lvalues[5419]),0}, ++{"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, ++ 6,&(lvalues[5425]),0}, ++{"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, ++ &(lvalues[5431]),0}, ++{"id-Gost28147-89-CryptoPro-KeyMeshing", ++ "id-Gost28147-89-CryptoPro-KeyMeshing", ++ NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5437]),0}, ++{"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", ++ NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5444]),0}, ++{"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", ++ NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5451]),0}, ++{"id-GostR3411-94-CryptoProParamSet", ++ "id-GostR3411-94-CryptoProParamSet", ++ NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5458]),0}, ++{"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", ++ NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5465]),0}, ++{"id-Gost28147-89-CryptoPro-A-ParamSet", ++ "id-Gost28147-89-CryptoPro-A-ParamSet", ++ NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5472]),0}, ++{"id-Gost28147-89-CryptoPro-B-ParamSet", ++ "id-Gost28147-89-CryptoPro-B-ParamSet", ++ NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5479]),0}, ++{"id-Gost28147-89-CryptoPro-C-ParamSet", ++ "id-Gost28147-89-CryptoPro-C-ParamSet", ++ NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5486]),0}, ++{"id-Gost28147-89-CryptoPro-D-ParamSet", ++ "id-Gost28147-89-CryptoPro-D-ParamSet", ++ NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5493]),0}, ++{"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", ++ "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", ++ NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5500]), ++ 0}, ++{"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", ++ "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", ++ NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5507]), ++ 0}, ++{"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", ++ "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", ++ NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5514]),0}, ++{"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", ++ NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5521]),0}, ++{"id-GostR3410-94-CryptoPro-A-ParamSet", ++ "id-GostR3410-94-CryptoPro-A-ParamSet", ++ NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5528]),0}, ++{"id-GostR3410-94-CryptoPro-B-ParamSet", ++ "id-GostR3410-94-CryptoPro-B-ParamSet", ++ NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5535]),0}, ++{"id-GostR3410-94-CryptoPro-C-ParamSet", ++ "id-GostR3410-94-CryptoPro-C-ParamSet", ++ NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5542]),0}, ++{"id-GostR3410-94-CryptoPro-D-ParamSet", ++ "id-GostR3410-94-CryptoPro-D-ParamSet", ++ NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5549]),0}, ++{"id-GostR3410-94-CryptoPro-XchA-ParamSet", ++ "id-GostR3410-94-CryptoPro-XchA-ParamSet", ++ NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5556]),0}, ++{"id-GostR3410-94-CryptoPro-XchB-ParamSet", ++ "id-GostR3410-94-CryptoPro-XchB-ParamSet", ++ NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5563]),0}, ++{"id-GostR3410-94-CryptoPro-XchC-ParamSet", ++ "id-GostR3410-94-CryptoPro-XchC-ParamSet", ++ NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5570]),0}, ++{"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", ++ NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5577]),0}, ++{"id-GostR3410-2001-CryptoPro-A-ParamSet", ++ "id-GostR3410-2001-CryptoPro-A-ParamSet", ++ NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5584]),0}, ++{"id-GostR3410-2001-CryptoPro-B-ParamSet", ++ "id-GostR3410-2001-CryptoPro-B-ParamSet", ++ NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5591]),0}, ++{"id-GostR3410-2001-CryptoPro-C-ParamSet", ++ "id-GostR3410-2001-CryptoPro-C-ParamSet", ++ NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5598]),0}, ++{"id-GostR3410-2001-CryptoPro-XchA-ParamSet", ++ "id-GostR3410-2001-CryptoPro-XchA-ParamSet", ++ NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5605]),0}, ++ ++{"id-GostR3410-2001-CryptoPro-XchB-ParamSet", ++ "id-GostR3410-2001-CryptoPro-XchB-ParamSet", ++ NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5612]),0}, ++ ++{"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, ++ &(lvalues[5619]),0}, ++{"id-GostR3410-94-aBis","id-GostR3410-94-aBis", ++ NID_id_GostR3410_94_aBis,7,&(lvalues[5626]),0}, ++{"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, ++ &(lvalues[5633]),0}, ++{"id-GostR3410-94-bBis","id-GostR3410-94-bBis", ++ NID_id_GostR3410_94_bBis,7,&(lvalues[5640]),0}, ++{"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", ++ NID_id_Gost28147_89_cc,8,&(lvalues[5647]),0}, ++{"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, ++ &(lvalues[5655]),0}, ++{"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, ++ &(lvalues[5663]),0}, ++{"id-GostR3411-94-with-GostR3410-94-cc", ++ "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", ++ NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5671]),0}, ++{"id-GostR3411-94-with-GostR3410-2001-cc", ++ "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", ++ NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5679]),0}, ++{"id-GostR3410-2001-ParamSet-cc", ++ "GOST R 3410-2001 Parameter Set Cryptocom", ++ NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5687]),0}, ++{"HMAC","hmac",NID_hmac,0,NULL,0}, ++{"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, ++ &(lvalues[5695]),0}, ++{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, ++ &(lvalues[5704]),0}, ++{"id-on-permanentIdentifier","Permanent Identifier", ++ NID_id_on_permanentIdentifier,8,&(lvalues[5707]),0}, ++{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5715]),0}, ++{"businessCategory","businessCategory",NID_businessCategory,3, ++ &(lvalues[5718]),0}, ++{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5721]),0}, ++{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5724]),0}, ++{"physicalDeliveryOfficeName","physicalDeliveryOfficeName", ++ NID_physicalDeliveryOfficeName,3,&(lvalues[5727]),0}, ++{"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, ++ &(lvalues[5730]),0}, ++{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5733]),0}, ++{"teletexTerminalIdentifier","teletexTerminalIdentifier", ++ NID_teletexTerminalIdentifier,3,&(lvalues[5736]),0}, ++{"facsimileTelephoneNumber","facsimileTelephoneNumber", ++ NID_facsimileTelephoneNumber,3,&(lvalues[5739]),0}, ++{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5742]),0}, ++{"internationaliSDNNumber","internationaliSDNNumber", ++ NID_internationaliSDNNumber,3,&(lvalues[5745]),0}, ++{"registeredAddress","registeredAddress",NID_registeredAddress,3, ++ &(lvalues[5748]),0}, ++{"destinationIndicator","destinationIndicator", ++ NID_destinationIndicator,3,&(lvalues[5751]),0}, ++{"preferredDeliveryMethod","preferredDeliveryMethod", ++ NID_preferredDeliveryMethod,3,&(lvalues[5754]),0}, ++{"presentationAddress","presentationAddress",NID_presentationAddress, ++ 3,&(lvalues[5757]),0}, ++{"supportedApplicationContext","supportedApplicationContext", ++ NID_supportedApplicationContext,3,&(lvalues[5760]),0}, ++{"member","member",NID_member,3,&(lvalues[5763]),0}, ++{"owner","owner",NID_owner,3,&(lvalues[5766]),0}, ++{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5769]),0}, ++{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5772]),0}, ++{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5775]),0}, ++{"userCertificate","userCertificate",NID_userCertificate,3, ++ &(lvalues[5778]),0}, ++{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5781]),0}, ++{"authorityRevocationList","authorityRevocationList", ++ NID_authorityRevocationList,3,&(lvalues[5784]),0}, ++{"certificateRevocationList","certificateRevocationList", ++ NID_certificateRevocationList,3,&(lvalues[5787]),0}, ++{"crossCertificatePair","crossCertificatePair", ++ NID_crossCertificatePair,3,&(lvalues[5790]),0}, ++{"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, ++ 3,&(lvalues[5793]),0}, ++{"protocolInformation","protocolInformation",NID_protocolInformation, ++ 3,&(lvalues[5796]),0}, ++{"distinguishedName","distinguishedName",NID_distinguishedName,3, ++ &(lvalues[5799]),0}, ++{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5802]),0}, ++{"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, ++ &(lvalues[5805]),0}, ++{"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, ++ 3,&(lvalues[5808]),0}, ++{"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, ++ 3,&(lvalues[5811]),0}, ++{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5814]),0}, ++{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11, ++ &(lvalues[5817]),0}, ++{"CMAC","cmac",NID_cmac,0,NULL,0}, ++{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5828]),0}, ++{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5837]),0}, ++{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9, ++ &(lvalues[5846]),0}, ++{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5855]),0}, ++{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5864]),0}, ++{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9, ++ &(lvalues[5873]),0}, ++{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5882]),0}, ++{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5891]),0}, ++{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9, ++ &(lvalues[5900]),0}, ++{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0}, ++{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0}, ++{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0}, ++{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap, ++ 11,&(lvalues[5909]),0}, ++{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap, ++ 11,&(lvalues[5920]),0}, ++{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap, ++ 11,&(lvalues[5931]),0}, ++{"anyExtendedKeyUsage","Any Extended Key Usage", ++ NID_anyExtendedKeyUsage,4,&(lvalues[5942]),0}, ++{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5946]),0}, ++{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5955]),0}, ++{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0}, ++{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0}, ++{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0}, ++{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1", ++ NID_aes_128_cbc_hmac_sha1,0,NULL,0}, ++{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1", ++ NID_aes_192_cbc_hmac_sha1,0,NULL,0}, ++{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", ++ NID_aes_256_cbc_hmac_sha1,0,NULL,0}, ++{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5964]),0}, ++{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5973]),0}, ++{"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9, ++ &(lvalues[5980]),0}, ++{"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9, ++ &(lvalues[5989]),0}, ++{"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9, ++ &(lvalues[5998]),0}, ++{"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9, ++ &(lvalues[6007]),0}, ++{"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9, ++ &(lvalues[6016]),0}, ++{"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9, ++ &(lvalues[6025]),0}, ++{"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9, ++ &(lvalues[6034]),0}, ++{"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9, ++ &(lvalues[6043]),0}, ++{"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9, ++ &(lvalues[6052]),0}, ++{"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9, ++ &(lvalues[6061]),0}, ++{"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9, ++ &(lvalues[6070]),0}, ++{"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9, ++ &(lvalues[6079]),0}, ++{"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9, ++ &(lvalues[6088]),0}, ++{"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, ++ &(lvalues[6097]),0}, ++{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6106]),0}, ++{"dhSinglePass-stdDH-sha1kdf-scheme", ++ "dhSinglePass-stdDH-sha1kdf-scheme", ++ NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6115]),0}, ++{"dhSinglePass-stdDH-sha224kdf-scheme", ++ "dhSinglePass-stdDH-sha224kdf-scheme", ++ NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6124]),0}, ++{"dhSinglePass-stdDH-sha256kdf-scheme", ++ "dhSinglePass-stdDH-sha256kdf-scheme", ++ NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6130]),0}, ++{"dhSinglePass-stdDH-sha384kdf-scheme", ++ "dhSinglePass-stdDH-sha384kdf-scheme", ++ NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6136]),0}, ++{"dhSinglePass-stdDH-sha512kdf-scheme", ++ "dhSinglePass-stdDH-sha512kdf-scheme", ++ NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6142]),0}, ++{"dhSinglePass-cofactorDH-sha1kdf-scheme", ++ "dhSinglePass-cofactorDH-sha1kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6148]),0}, ++{"dhSinglePass-cofactorDH-sha224kdf-scheme", ++ "dhSinglePass-cofactorDH-sha224kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6157]),0}, ++{"dhSinglePass-cofactorDH-sha256kdf-scheme", ++ "dhSinglePass-cofactorDH-sha256kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6163]),0}, ++{"dhSinglePass-cofactorDH-sha384kdf-scheme", ++ "dhSinglePass-cofactorDH-sha384kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6169]),0}, ++{"dhSinglePass-cofactorDH-sha512kdf-scheme", ++ "dhSinglePass-cofactorDH-sha512kdf-scheme", ++ NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6175]),0}, ++{"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, ++{"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, ++{"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256", ++ NID_aes_128_cbc_hmac_sha256,0,NULL,0}, ++{"AES-192-CBC-HMAC-SHA256","aes-192-cbc-hmac-sha256", ++ NID_aes_192_cbc_hmac_sha256,0,NULL,0}, ++{"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256", ++ NID_aes_256_cbc_hmac_sha256,0,NULL,0}, ++{"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10, ++ &(lvalues[6181]),0}, ++{"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison, ++ 10,&(lvalues[6191]),0}, ++{"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, ++ 10,&(lvalues[6201]),0}, ++{"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10, ++ &(lvalues[6211]),0}, ++{"jurisdictionL","jurisdictionLocalityName", ++ NID_jurisdictionLocalityName,11,&(lvalues[6221]),0}, ++{"jurisdictionST","jurisdictionStateOrProvinceName", ++ NID_jurisdictionStateOrProvinceName,11,&(lvalues[6232]),0}, ++{"jurisdictionC","jurisdictionCountryName", ++ NID_jurisdictionCountryName,11,&(lvalues[6243]),0}, + }; + +-#define NUM_SN 1052 +-static const unsigned int sn_objs[NUM_SN] = { +- 364, /* "AD_DVCS" */ +- 419, /* "AES-128-CBC" */ +- 916, /* "AES-128-CBC-HMAC-SHA1" */ +- 948, /* "AES-128-CBC-HMAC-SHA256" */ +- 421, /* "AES-128-CFB" */ +- 650, /* "AES-128-CFB1" */ +- 653, /* "AES-128-CFB8" */ +- 904, /* "AES-128-CTR" */ +- 418, /* "AES-128-ECB" */ +- 958, /* "AES-128-OCB" */ +- 420, /* "AES-128-OFB" */ +- 913, /* "AES-128-XTS" */ +- 423, /* "AES-192-CBC" */ +- 917, /* "AES-192-CBC-HMAC-SHA1" */ +- 949, /* "AES-192-CBC-HMAC-SHA256" */ +- 425, /* "AES-192-CFB" */ +- 651, /* "AES-192-CFB1" */ +- 654, /* "AES-192-CFB8" */ +- 905, /* "AES-192-CTR" */ +- 422, /* "AES-192-ECB" */ +- 959, /* "AES-192-OCB" */ +- 424, /* "AES-192-OFB" */ +- 427, /* "AES-256-CBC" */ +- 918, /* "AES-256-CBC-HMAC-SHA1" */ +- 950, /* "AES-256-CBC-HMAC-SHA256" */ +- 429, /* "AES-256-CFB" */ +- 652, /* "AES-256-CFB1" */ +- 655, /* "AES-256-CFB8" */ +- 906, /* "AES-256-CTR" */ +- 426, /* "AES-256-ECB" */ +- 960, /* "AES-256-OCB" */ +- 428, /* "AES-256-OFB" */ +- 914, /* "AES-256-XTS" */ +- 1049, /* "AuthDSS" */ +- 1047, /* "AuthECDSA" */ +- 1050, /* "AuthGOST01" */ +- 1051, /* "AuthGOST12" */ +- 1053, /* "AuthNULL" */ +- 1048, /* "AuthPSK" */ +- 1046, /* "AuthRSA" */ +- 1052, /* "AuthSRP" */ +- 91, /* "BF-CBC" */ +- 93, /* "BF-CFB" */ +- 92, /* "BF-ECB" */ +- 94, /* "BF-OFB" */ +- 1056, /* "BLAKE2b512" */ +- 1057, /* "BLAKE2s256" */ +- 14, /* "C" */ +- 751, /* "CAMELLIA-128-CBC" */ +- 962, /* "CAMELLIA-128-CCM" */ +- 757, /* "CAMELLIA-128-CFB" */ +- 760, /* "CAMELLIA-128-CFB1" */ +- 763, /* "CAMELLIA-128-CFB8" */ +- 964, /* "CAMELLIA-128-CMAC" */ +- 963, /* "CAMELLIA-128-CTR" */ +- 754, /* "CAMELLIA-128-ECB" */ +- 961, /* "CAMELLIA-128-GCM" */ +- 766, /* "CAMELLIA-128-OFB" */ +- 752, /* "CAMELLIA-192-CBC" */ +- 966, /* "CAMELLIA-192-CCM" */ +- 758, /* "CAMELLIA-192-CFB" */ +- 761, /* "CAMELLIA-192-CFB1" */ +- 764, /* "CAMELLIA-192-CFB8" */ +- 968, /* "CAMELLIA-192-CMAC" */ +- 967, /* "CAMELLIA-192-CTR" */ +- 755, /* "CAMELLIA-192-ECB" */ +- 965, /* "CAMELLIA-192-GCM" */ +- 767, /* "CAMELLIA-192-OFB" */ +- 753, /* "CAMELLIA-256-CBC" */ +- 970, /* "CAMELLIA-256-CCM" */ +- 759, /* "CAMELLIA-256-CFB" */ +- 762, /* "CAMELLIA-256-CFB1" */ +- 765, /* "CAMELLIA-256-CFB8" */ +- 972, /* "CAMELLIA-256-CMAC" */ +- 971, /* "CAMELLIA-256-CTR" */ +- 756, /* "CAMELLIA-256-ECB" */ +- 969, /* "CAMELLIA-256-GCM" */ +- 768, /* "CAMELLIA-256-OFB" */ +- 108, /* "CAST5-CBC" */ +- 110, /* "CAST5-CFB" */ +- 109, /* "CAST5-ECB" */ +- 111, /* "CAST5-OFB" */ +- 894, /* "CMAC" */ +- 13, /* "CN" */ +- 141, /* "CRLReason" */ +- 417, /* "CSPName" */ +- 1019, /* "ChaCha20" */ +- 1018, /* "ChaCha20-Poly1305" */ +- 367, /* "CrlID" */ +- 391, /* "DC" */ +- 31, /* "DES-CBC" */ +- 643, /* "DES-CDMF" */ +- 30, /* "DES-CFB" */ +- 656, /* "DES-CFB1" */ +- 657, /* "DES-CFB8" */ +- 29, /* "DES-ECB" */ +- 32, /* "DES-EDE" */ +- 43, /* "DES-EDE-CBC" */ +- 60, /* "DES-EDE-CFB" */ +- 62, /* "DES-EDE-OFB" */ +- 33, /* "DES-EDE3" */ +- 44, /* "DES-EDE3-CBC" */ +- 61, /* "DES-EDE3-CFB" */ +- 658, /* "DES-EDE3-CFB1" */ +- 659, /* "DES-EDE3-CFB8" */ +- 63, /* "DES-EDE3-OFB" */ +- 45, /* "DES-OFB" */ +- 80, /* "DESX-CBC" */ +- 380, /* "DOD" */ +- 116, /* "DSA" */ +- 66, /* "DSA-SHA" */ +- 113, /* "DSA-SHA1" */ +- 70, /* "DSA-SHA1-old" */ +- 67, /* "DSA-old" */ +- 297, /* "DVCS" */ +- 99, /* "GN" */ +- 1036, /* "HKDF" */ +- 855, /* "HMAC" */ +- 780, /* "HMAC-MD5" */ +- 781, /* "HMAC-SHA1" */ +- 381, /* "IANA" */ +- 34, /* "IDEA-CBC" */ +- 35, /* "IDEA-CFB" */ +- 36, /* "IDEA-ECB" */ +- 46, /* "IDEA-OFB" */ +- 1004, /* "INN" */ +- 181, /* "ISO" */ +- 183, /* "ISO-US" */ +- 645, /* "ITU-T" */ +- 646, /* "JOINT-ISO-ITU-T" */ +- 773, /* "KISA" */ +- 1039, /* "KxDHE" */ +- 1041, /* "KxDHE-PSK" */ +- 1038, /* "KxECDHE" */ +- 1040, /* "KxECDHE-PSK" */ +- 1045, /* "KxGOST" */ +- 1043, /* "KxPSK" */ +- 1037, /* "KxRSA" */ +- 1042, /* "KxRSA_PSK" */ +- 1044, /* "KxSRP" */ +- 15, /* "L" */ +- 856, /* "LocalKeySet" */ +- 3, /* "MD2" */ +- 257, /* "MD4" */ +- 4, /* "MD5" */ +- 114, /* "MD5-SHA1" */ +- 95, /* "MDC2" */ +- 911, /* "MGF1" */ +- 388, /* "Mail" */ +- 393, /* "NULL" */ +- 404, /* "NULL" */ +- 57, /* "Netscape" */ +- 366, /* "Nonce" */ +- 17, /* "O" */ +- 178, /* "OCSP" */ +- 180, /* "OCSPSigning" */ +- 1005, /* "OGRN" */ +- 379, /* "ORG" */ +- 18, /* "OU" */ +- 749, /* "Oakley-EC2N-3" */ +- 750, /* "Oakley-EC2N-4" */ +- 9, /* "PBE-MD2-DES" */ +- 168, /* "PBE-MD2-RC2-64" */ +- 10, /* "PBE-MD5-DES" */ +- 169, /* "PBE-MD5-RC2-64" */ +- 147, /* "PBE-SHA1-2DES" */ +- 146, /* "PBE-SHA1-3DES" */ +- 170, /* "PBE-SHA1-DES" */ +- 148, /* "PBE-SHA1-RC2-128" */ +- 149, /* "PBE-SHA1-RC2-40" */ +- 68, /* "PBE-SHA1-RC2-64" */ +- 144, /* "PBE-SHA1-RC4-128" */ +- 145, /* "PBE-SHA1-RC4-40" */ +- 161, /* "PBES2" */ +- 69, /* "PBKDF2" */ +- 162, /* "PBMAC1" */ +- 127, /* "PKIX" */ +- 935, /* "PSPECIFIED" */ +- 98, /* "RC2-40-CBC" */ +- 166, /* "RC2-64-CBC" */ +- 37, /* "RC2-CBC" */ +- 39, /* "RC2-CFB" */ +- 38, /* "RC2-ECB" */ +- 40, /* "RC2-OFB" */ +- 5, /* "RC4" */ +- 97, /* "RC4-40" */ +- 915, /* "RC4-HMAC-MD5" */ +- 120, /* "RC5-CBC" */ +- 122, /* "RC5-CFB" */ +- 121, /* "RC5-ECB" */ +- 123, /* "RC5-OFB" */ +- 117, /* "RIPEMD160" */ +- 19, /* "RSA" */ +- 7, /* "RSA-MD2" */ +- 396, /* "RSA-MD4" */ +- 8, /* "RSA-MD5" */ +- 96, /* "RSA-MDC2" */ +- 104, /* "RSA-NP-MD5" */ +- 119, /* "RSA-RIPEMD160" */ +- 42, /* "RSA-SHA" */ +- 65, /* "RSA-SHA1" */ +- 115, /* "RSA-SHA1-2" */ +- 671, /* "RSA-SHA224" */ +- 668, /* "RSA-SHA256" */ +- 669, /* "RSA-SHA384" */ +- 670, /* "RSA-SHA512" */ +- 919, /* "RSAES-OAEP" */ +- 912, /* "RSASSA-PSS" */ +- 777, /* "SEED-CBC" */ +- 779, /* "SEED-CFB" */ +- 776, /* "SEED-ECB" */ +- 778, /* "SEED-OFB" */ +- 41, /* "SHA" */ +- 64, /* "SHA1" */ +- 675, /* "SHA224" */ +- 672, /* "SHA256" */ +- 673, /* "SHA384" */ +- 674, /* "SHA512" */ +- 188, /* "SMIME" */ +- 167, /* "SMIME-CAPS" */ +- 100, /* "SN" */ +- 1006, /* "SNILS" */ +- 16, /* "ST" */ +- 143, /* "SXNetID" */ +- 1021, /* "TLS1-PRF" */ +- 458, /* "UID" */ +- 0, /* "UNDEF" */ +- 1034, /* "X25519" */ +- 1035, /* "X448" */ +- 11, /* "X500" */ +- 378, /* "X500algorithms" */ +- 12, /* "X509" */ +- 184, /* "X9-57" */ +- 185, /* "X9cm" */ +- 125, /* "ZLIB" */ +- 478, /* "aRecord" */ +- 289, /* "aaControls" */ +- 287, /* "ac-auditEntity" */ +- 397, /* "ac-proxying" */ +- 288, /* "ac-targeting" */ +- 368, /* "acceptableResponses" */ +- 446, /* "account" */ +- 363, /* "ad_timestamping" */ +- 376, /* "algorithm" */ +- 405, /* "ansi-X9-62" */ +- 910, /* "anyExtendedKeyUsage" */ +- 746, /* "anyPolicy" */ +- 370, /* "archiveCutoff" */ +- 484, /* "associatedDomain" */ +- 485, /* "associatedName" */ +- 501, /* "audio" */ +- 177, /* "authorityInfoAccess" */ +- 90, /* "authorityKeyIdentifier" */ +- 882, /* "authorityRevocationList" */ +- 87, /* "basicConstraints" */ +- 365, /* "basicOCSPResponse" */ +- 285, /* "biometricInfo" */ +- 921, /* "brainpoolP160r1" */ +- 922, /* "brainpoolP160t1" */ +- 923, /* "brainpoolP192r1" */ +- 924, /* "brainpoolP192t1" */ +- 925, /* "brainpoolP224r1" */ +- 926, /* "brainpoolP224t1" */ +- 927, /* "brainpoolP256r1" */ +- 928, /* "brainpoolP256t1" */ +- 929, /* "brainpoolP320r1" */ +- 930, /* "brainpoolP320t1" */ +- 931, /* "brainpoolP384r1" */ +- 932, /* "brainpoolP384t1" */ +- 933, /* "brainpoolP512r1" */ +- 934, /* "brainpoolP512t1" */ +- 494, /* "buildingName" */ +- 860, /* "businessCategory" */ +- 691, /* "c2onb191v4" */ +- 692, /* "c2onb191v5" */ +- 697, /* "c2onb239v4" */ +- 698, /* "c2onb239v5" */ +- 684, /* "c2pnb163v1" */ +- 685, /* "c2pnb163v2" */ +- 686, /* "c2pnb163v3" */ +- 687, /* "c2pnb176v1" */ +- 693, /* "c2pnb208w1" */ +- 699, /* "c2pnb272w1" */ +- 700, /* "c2pnb304w1" */ +- 702, /* "c2pnb368w1" */ +- 688, /* "c2tnb191v1" */ +- 689, /* "c2tnb191v2" */ +- 690, /* "c2tnb191v3" */ +- 694, /* "c2tnb239v1" */ +- 695, /* "c2tnb239v2" */ +- 696, /* "c2tnb239v3" */ +- 701, /* "c2tnb359v1" */ +- 703, /* "c2tnb431r1" */ +- 881, /* "cACertificate" */ +- 483, /* "cNAMERecord" */ +- 179, /* "caIssuers" */ +- 785, /* "caRepository" */ +- 1023, /* "capwapAC" */ +- 1024, /* "capwapWTP" */ +- 443, /* "caseIgnoreIA5StringSyntax" */ +- 152, /* "certBag" */ +- 677, /* "certicom-arc" */ +- 771, /* "certificateIssuer" */ +- 89, /* "certificatePolicies" */ +- 883, /* "certificateRevocationList" */ +- 54, /* "challengePassword" */ +- 407, /* "characteristic-two-field" */ +- 395, /* "clearance" */ +- 130, /* "clientAuth" */ +- 131, /* "codeSigning" */ +- 50, /* "contentType" */ +- 53, /* "countersignature" */ +- 153, /* "crlBag" */ +- 103, /* "crlDistributionPoints" */ +- 88, /* "crlNumber" */ +- 884, /* "crossCertificatePair" */ +- 806, /* "cryptocom" */ +- 805, /* "cryptopro" */ +- 954, /* "ct_cert_scts" */ +- 952, /* "ct_precert_poison" */ +- 951, /* "ct_precert_scts" */ +- 953, /* "ct_precert_signer" */ +- 500, /* "dITRedirect" */ +- 451, /* "dNSDomain" */ +- 495, /* "dSAQuality" */ +- 434, /* "data" */ +- 390, /* "dcobject" */ +- 140, /* "deltaCRL" */ +- 891, /* "deltaRevocationList" */ +- 107, /* "description" */ +- 871, /* "destinationIndicator" */ +- 947, /* "dh-cofactor-kdf" */ +- 946, /* "dh-std-kdf" */ +- 28, /* "dhKeyAgreement" */ +- 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ +- 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ +- 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ +- 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ +- 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ +- 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ +- 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ +- 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ +- 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ +- 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ +- 920, /* "dhpublicnumber" */ +- 382, /* "directory" */ +- 887, /* "distinguishedName" */ +- 892, /* "dmdName" */ +- 174, /* "dnQualifier" */ +- 447, /* "document" */ +- 471, /* "documentAuthor" */ +- 468, /* "documentIdentifier" */ +- 472, /* "documentLocation" */ +- 502, /* "documentPublisher" */ +- 449, /* "documentSeries" */ +- 469, /* "documentTitle" */ +- 470, /* "documentVersion" */ +- 392, /* "domain" */ +- 452, /* "domainRelatedObject" */ +- 802, /* "dsa_with_SHA224" */ +- 803, /* "dsa_with_SHA256" */ +- 791, /* "ecdsa-with-Recommended" */ +- 416, /* "ecdsa-with-SHA1" */ +- 793, /* "ecdsa-with-SHA224" */ +- 794, /* "ecdsa-with-SHA256" */ +- 795, /* "ecdsa-with-SHA384" */ +- 796, /* "ecdsa-with-SHA512" */ +- 792, /* "ecdsa-with-Specified" */ +- 48, /* "emailAddress" */ +- 132, /* "emailProtection" */ +- 885, /* "enhancedSearchGuide" */ +- 389, /* "enterprises" */ +- 384, /* "experimental" */ +- 172, /* "extReq" */ +- 56, /* "extendedCertificateAttributes" */ +- 126, /* "extendedKeyUsage" */ +- 372, /* "extendedStatus" */ +- 867, /* "facsimileTelephoneNumber" */ +- 462, /* "favouriteDrink" */ +- 857, /* "freshestCRL" */ +- 453, /* "friendlyCountry" */ +- 490, /* "friendlyCountryName" */ +- 156, /* "friendlyName" */ +- 509, /* "generationQualifier" */ +- 815, /* "gost-mac" */ +- 976, /* "gost-mac-12" */ +- 811, /* "gost2001" */ +- 851, /* "gost2001cc" */ +- 979, /* "gost2012_256" */ +- 980, /* "gost2012_512" */ +- 813, /* "gost89" */ +- 1009, /* "gost89-cbc" */ +- 814, /* "gost89-cnt" */ +- 975, /* "gost89-cnt-12" */ +- 1011, /* "gost89-ctr" */ +- 1010, /* "gost89-ecb" */ +- 812, /* "gost94" */ +- 850, /* "gost94cc" */ +- 1015, /* "grasshopper-cbc" */ +- 1016, /* "grasshopper-cfb" */ +- 1013, /* "grasshopper-ctr" */ +- 1012, /* "grasshopper-ecb" */ +- 1017, /* "grasshopper-mac" */ +- 1014, /* "grasshopper-ofb" */ +- 797, /* "hmacWithMD5" */ +- 163, /* "hmacWithSHA1" */ +- 798, /* "hmacWithSHA224" */ +- 799, /* "hmacWithSHA256" */ +- 800, /* "hmacWithSHA384" */ +- 801, /* "hmacWithSHA512" */ +- 432, /* "holdInstructionCallIssuer" */ +- 430, /* "holdInstructionCode" */ +- 431, /* "holdInstructionNone" */ +- 433, /* "holdInstructionReject" */ +- 486, /* "homePostalAddress" */ +- 473, /* "homeTelephoneNumber" */ +- 466, /* "host" */ +- 889, /* "houseIdentifier" */ +- 442, /* "iA5StringSyntax" */ +- 783, /* "id-DHBasedMac" */ +- 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +- 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +- 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +- 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +- 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +- 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +- 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +- 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +- 820, /* "id-Gost28147-89-None-KeyMeshing" */ +- 823, /* "id-Gost28147-89-TestParamSet" */ +- 849, /* "id-Gost28147-89-cc" */ +- 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +- 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +- 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +- 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +- 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +- 854, /* "id-GostR3410-2001-ParamSet-cc" */ +- 839, /* "id-GostR3410-2001-TestParamSet" */ +- 817, /* "id-GostR3410-2001DH" */ +- 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +- 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +- 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +- 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +- 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +- 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +- 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +- 831, /* "id-GostR3410-94-TestParamSet" */ +- 845, /* "id-GostR3410-94-a" */ +- 846, /* "id-GostR3410-94-aBis" */ +- 847, /* "id-GostR3410-94-b" */ +- 848, /* "id-GostR3410-94-bBis" */ +- 818, /* "id-GostR3410-94DH" */ +- 822, /* "id-GostR3411-94-CryptoProParamSet" */ +- 821, /* "id-GostR3411-94-TestParamSet" */ +- 807, /* "id-GostR3411-94-with-GostR3410-2001" */ +- 853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ +- 808, /* "id-GostR3411-94-with-GostR3410-94" */ +- 852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ +- 810, /* "id-HMACGostR3411-94" */ +- 782, /* "id-PasswordBasedMAC" */ +- 266, /* "id-aca" */ +- 355, /* "id-aca-accessIdentity" */ +- 354, /* "id-aca-authenticationInfo" */ +- 356, /* "id-aca-chargingIdentity" */ +- 399, /* "id-aca-encAttrs" */ +- 357, /* "id-aca-group" */ +- 358, /* "id-aca-role" */ +- 176, /* "id-ad" */ +- 896, /* "id-aes128-CCM" */ +- 895, /* "id-aes128-GCM" */ +- 788, /* "id-aes128-wrap" */ +- 897, /* "id-aes128-wrap-pad" */ +- 899, /* "id-aes192-CCM" */ +- 898, /* "id-aes192-GCM" */ +- 789, /* "id-aes192-wrap" */ +- 900, /* "id-aes192-wrap-pad" */ +- 902, /* "id-aes256-CCM" */ +- 901, /* "id-aes256-GCM" */ +- 790, /* "id-aes256-wrap" */ +- 903, /* "id-aes256-wrap-pad" */ +- 262, /* "id-alg" */ +- 893, /* "id-alg-PWRI-KEK" */ +- 323, /* "id-alg-des40" */ +- 326, /* "id-alg-dh-pop" */ +- 325, /* "id-alg-dh-sig-hmac-sha1" */ +- 324, /* "id-alg-noSignature" */ +- 907, /* "id-camellia128-wrap" */ +- 908, /* "id-camellia192-wrap" */ +- 909, /* "id-camellia256-wrap" */ +- 268, /* "id-cct" */ +- 361, /* "id-cct-PKIData" */ +- 362, /* "id-cct-PKIResponse" */ +- 360, /* "id-cct-crs" */ +- 81, /* "id-ce" */ +- 680, /* "id-characteristic-two-basis" */ +- 263, /* "id-cmc" */ +- 334, /* "id-cmc-addExtensions" */ +- 346, /* "id-cmc-confirmCertAcceptance" */ +- 330, /* "id-cmc-dataReturn" */ +- 336, /* "id-cmc-decryptedPOP" */ +- 335, /* "id-cmc-encryptedPOP" */ +- 339, /* "id-cmc-getCRL" */ +- 338, /* "id-cmc-getCert" */ +- 328, /* "id-cmc-identification" */ +- 329, /* "id-cmc-identityProof" */ +- 337, /* "id-cmc-lraPOPWitness" */ +- 344, /* "id-cmc-popLinkRandom" */ +- 345, /* "id-cmc-popLinkWitness" */ +- 343, /* "id-cmc-queryPending" */ +- 333, /* "id-cmc-recipientNonce" */ +- 341, /* "id-cmc-regInfo" */ +- 342, /* "id-cmc-responseInfo" */ +- 340, /* "id-cmc-revokeRequest" */ +- 332, /* "id-cmc-senderNonce" */ +- 327, /* "id-cmc-statusInfo" */ +- 331, /* "id-cmc-transactionId" */ +- 787, /* "id-ct-asciiTextWithCRLF" */ +- 1060, /* "id-ct-xml" */ +- 408, /* "id-ecPublicKey" */ +- 508, /* "id-hex-multipart-message" */ +- 507, /* "id-hex-partial-message" */ +- 260, /* "id-it" */ +- 302, /* "id-it-caKeyUpdateInfo" */ +- 298, /* "id-it-caProtEncCert" */ +- 311, /* "id-it-confirmWaitTime" */ +- 303, /* "id-it-currentCRL" */ +- 300, /* "id-it-encKeyPairTypes" */ +- 310, /* "id-it-implicitConfirm" */ +- 308, /* "id-it-keyPairParamRep" */ +- 307, /* "id-it-keyPairParamReq" */ +- 312, /* "id-it-origPKIMessage" */ +- 301, /* "id-it-preferredSymmAlg" */ +- 309, /* "id-it-revPassphrase" */ +- 299, /* "id-it-signKeyPairTypes" */ +- 305, /* "id-it-subscriptionRequest" */ +- 306, /* "id-it-subscriptionResponse" */ +- 784, /* "id-it-suppLangTags" */ +- 304, /* "id-it-unsupportedOIDs" */ +- 128, /* "id-kp" */ +- 280, /* "id-mod-attribute-cert" */ +- 274, /* "id-mod-cmc" */ +- 277, /* "id-mod-cmp" */ +- 284, /* "id-mod-cmp2000" */ +- 273, /* "id-mod-crmf" */ +- 283, /* "id-mod-dvcs" */ +- 275, /* "id-mod-kea-profile-88" */ +- 276, /* "id-mod-kea-profile-93" */ +- 282, /* "id-mod-ocsp" */ +- 278, /* "id-mod-qualified-cert-88" */ +- 279, /* "id-mod-qualified-cert-93" */ +- 281, /* "id-mod-timestamp-protocol" */ +- 264, /* "id-on" */ +- 858, /* "id-on-permanentIdentifier" */ +- 347, /* "id-on-personalData" */ +- 265, /* "id-pda" */ +- 352, /* "id-pda-countryOfCitizenship" */ +- 353, /* "id-pda-countryOfResidence" */ +- 348, /* "id-pda-dateOfBirth" */ +- 351, /* "id-pda-gender" */ +- 349, /* "id-pda-placeOfBirth" */ +- 175, /* "id-pe" */ +- 1031, /* "id-pkinit" */ +- 261, /* "id-pkip" */ +- 258, /* "id-pkix-mod" */ +- 269, /* "id-pkix1-explicit-88" */ +- 271, /* "id-pkix1-explicit-93" */ +- 270, /* "id-pkix1-implicit-88" */ +- 272, /* "id-pkix1-implicit-93" */ +- 662, /* "id-ppl" */ +- 664, /* "id-ppl-anyLanguage" */ +- 667, /* "id-ppl-independent" */ +- 665, /* "id-ppl-inheritAll" */ +- 267, /* "id-qcs" */ +- 359, /* "id-qcs-pkixQCSyntax-v1" */ +- 259, /* "id-qt" */ +- 164, /* "id-qt-cps" */ +- 165, /* "id-qt-unotice" */ +- 313, /* "id-regCtrl" */ +- 316, /* "id-regCtrl-authenticator" */ +- 319, /* "id-regCtrl-oldCertID" */ +- 318, /* "id-regCtrl-pkiArchiveOptions" */ +- 317, /* "id-regCtrl-pkiPublicationInfo" */ +- 320, /* "id-regCtrl-protocolEncrKey" */ +- 315, /* "id-regCtrl-regToken" */ +- 314, /* "id-regInfo" */ +- 322, /* "id-regInfo-certReq" */ +- 321, /* "id-regInfo-utf8Pairs" */ +- 973, /* "id-scrypt" */ +- 512, /* "id-set" */ +- 191, /* "id-smime-aa" */ +- 215, /* "id-smime-aa-contentHint" */ +- 218, /* "id-smime-aa-contentIdentifier" */ +- 221, /* "id-smime-aa-contentReference" */ +- 240, /* "id-smime-aa-dvcs-dvc" */ +- 217, /* "id-smime-aa-encapContentType" */ +- 222, /* "id-smime-aa-encrypKeyPref" */ +- 220, /* "id-smime-aa-equivalentLabels" */ +- 232, /* "id-smime-aa-ets-CertificateRefs" */ +- 233, /* "id-smime-aa-ets-RevocationRefs" */ +- 238, /* "id-smime-aa-ets-archiveTimeStamp" */ +- 237, /* "id-smime-aa-ets-certCRLTimestamp" */ +- 234, /* "id-smime-aa-ets-certValues" */ +- 227, /* "id-smime-aa-ets-commitmentType" */ +- 231, /* "id-smime-aa-ets-contentTimestamp" */ +- 236, /* "id-smime-aa-ets-escTimeStamp" */ +- 230, /* "id-smime-aa-ets-otherSigCert" */ +- 235, /* "id-smime-aa-ets-revocationValues" */ +- 226, /* "id-smime-aa-ets-sigPolicyId" */ +- 229, /* "id-smime-aa-ets-signerAttr" */ +- 228, /* "id-smime-aa-ets-signerLocation" */ +- 219, /* "id-smime-aa-macValue" */ +- 214, /* "id-smime-aa-mlExpandHistory" */ +- 216, /* "id-smime-aa-msgSigDigest" */ +- 212, /* "id-smime-aa-receiptRequest" */ +- 213, /* "id-smime-aa-securityLabel" */ +- 239, /* "id-smime-aa-signatureType" */ +- 223, /* "id-smime-aa-signingCertificate" */ +- 224, /* "id-smime-aa-smimeEncryptCerts" */ +- 225, /* "id-smime-aa-timeStampToken" */ +- 192, /* "id-smime-alg" */ +- 243, /* "id-smime-alg-3DESwrap" */ +- 246, /* "id-smime-alg-CMS3DESwrap" */ +- 247, /* "id-smime-alg-CMSRC2wrap" */ +- 245, /* "id-smime-alg-ESDH" */ +- 241, /* "id-smime-alg-ESDHwith3DES" */ +- 242, /* "id-smime-alg-ESDHwithRC2" */ +- 244, /* "id-smime-alg-RC2wrap" */ +- 193, /* "id-smime-cd" */ +- 248, /* "id-smime-cd-ldap" */ +- 190, /* "id-smime-ct" */ +- 210, /* "id-smime-ct-DVCSRequestData" */ +- 211, /* "id-smime-ct-DVCSResponseData" */ +- 208, /* "id-smime-ct-TDTInfo" */ +- 207, /* "id-smime-ct-TSTInfo" */ +- 205, /* "id-smime-ct-authData" */ +- 1059, /* "id-smime-ct-authEnvelopedData" */ +- 786, /* "id-smime-ct-compressedData" */ +- 1058, /* "id-smime-ct-contentCollection" */ +- 209, /* "id-smime-ct-contentInfo" */ +- 206, /* "id-smime-ct-publishCert" */ +- 204, /* "id-smime-ct-receipt" */ +- 195, /* "id-smime-cti" */ +- 255, /* "id-smime-cti-ets-proofOfApproval" */ +- 256, /* "id-smime-cti-ets-proofOfCreation" */ +- 253, /* "id-smime-cti-ets-proofOfDelivery" */ +- 251, /* "id-smime-cti-ets-proofOfOrigin" */ +- 252, /* "id-smime-cti-ets-proofOfReceipt" */ +- 254, /* "id-smime-cti-ets-proofOfSender" */ +- 189, /* "id-smime-mod" */ +- 196, /* "id-smime-mod-cms" */ +- 197, /* "id-smime-mod-ess" */ +- 202, /* "id-smime-mod-ets-eSigPolicy-88" */ +- 203, /* "id-smime-mod-ets-eSigPolicy-97" */ +- 200, /* "id-smime-mod-ets-eSignature-88" */ +- 201, /* "id-smime-mod-ets-eSignature-97" */ +- 199, /* "id-smime-mod-msg-v3" */ +- 198, /* "id-smime-mod-oid" */ +- 194, /* "id-smime-spq" */ +- 250, /* "id-smime-spq-ets-sqt-unotice" */ +- 249, /* "id-smime-spq-ets-sqt-uri" */ +- 974, /* "id-tc26" */ +- 991, /* "id-tc26-agreement" */ +- 992, /* "id-tc26-agreement-gost-3410-2012-256" */ +- 993, /* "id-tc26-agreement-gost-3410-2012-512" */ +- 977, /* "id-tc26-algorithms" */ +- 990, /* "id-tc26-cipher" */ +- 1001, /* "id-tc26-cipher-constants" */ +- 994, /* "id-tc26-constants" */ +- 981, /* "id-tc26-digest" */ +- 1000, /* "id-tc26-digest-constants" */ +- 1002, /* "id-tc26-gost-28147-constants" */ +- 1003, /* "id-tc26-gost-28147-param-Z" */ +- 996, /* "id-tc26-gost-3410-2012-512-constants" */ +- 998, /* "id-tc26-gost-3410-2012-512-paramSetA" */ +- 999, /* "id-tc26-gost-3410-2012-512-paramSetB" */ +- 997, /* "id-tc26-gost-3410-2012-512-paramSetTest" */ +- 988, /* "id-tc26-hmac-gost-3411-2012-256" */ +- 989, /* "id-tc26-hmac-gost-3411-2012-512" */ +- 987, /* "id-tc26-mac" */ +- 978, /* "id-tc26-sign" */ +- 995, /* "id-tc26-sign-constants" */ +- 984, /* "id-tc26-signwithdigest" */ +- 985, /* "id-tc26-signwithdigest-gost3410-2012-256" */ +- 986, /* "id-tc26-signwithdigest-gost3410-2012-512" */ +- 676, /* "identified-organization" */ +- 461, /* "info" */ +- 748, /* "inhibitAnyPolicy" */ +- 101, /* "initials" */ +- 647, /* "international-organizations" */ +- 869, /* "internationaliSDNNumber" */ +- 142, /* "invalidityDate" */ +- 294, /* "ipsecEndSystem" */ +- 1022, /* "ipsecIKE" */ +- 295, /* "ipsecTunnel" */ +- 296, /* "ipsecUser" */ +- 86, /* "issuerAltName" */ +- 1008, /* "issuerSignTool" */ +- 770, /* "issuingDistributionPoint" */ +- 492, /* "janetMailbox" */ +- 957, /* "jurisdictionC" */ +- 955, /* "jurisdictionL" */ +- 956, /* "jurisdictionST" */ +- 150, /* "keyBag" */ +- 83, /* "keyUsage" */ +- 477, /* "lastModifiedBy" */ +- 476, /* "lastModifiedTime" */ +- 157, /* "localKeyID" */ +- 480, /* "mXRecord" */ +- 460, /* "mail" */ +- 493, /* "mailPreferenceOption" */ +- 467, /* "manager" */ +- 982, /* "md_gost12_256" */ +- 983, /* "md_gost12_512" */ +- 809, /* "md_gost94" */ +- 875, /* "member" */ +- 182, /* "member-body" */ +- 51, /* "messageDigest" */ +- 383, /* "mgmt" */ +- 504, /* "mime-mhs" */ +- 506, /* "mime-mhs-bodies" */ +- 505, /* "mime-mhs-headings" */ +- 488, /* "mobileTelephoneNumber" */ +- 136, /* "msCTLSign" */ +- 135, /* "msCodeCom" */ +- 134, /* "msCodeInd" */ +- 138, /* "msEFS" */ +- 171, /* "msExtReq" */ +- 137, /* "msSGC" */ +- 648, /* "msSmartcardLogin" */ +- 649, /* "msUPN" */ +- 481, /* "nSRecord" */ +- 173, /* "name" */ +- 666, /* "nameConstraints" */ +- 369, /* "noCheck" */ +- 403, /* "noRevAvail" */ +- 72, /* "nsBaseUrl" */ +- 76, /* "nsCaPolicyUrl" */ +- 74, /* "nsCaRevocationUrl" */ +- 58, /* "nsCertExt" */ +- 79, /* "nsCertSequence" */ +- 71, /* "nsCertType" */ +- 78, /* "nsComment" */ +- 59, /* "nsDataType" */ +- 75, /* "nsRenewalUrl" */ +- 73, /* "nsRevocationUrl" */ +- 139, /* "nsSGC" */ +- 77, /* "nsSslServerName" */ +- 681, /* "onBasis" */ +- 491, /* "organizationalStatus" */ +- 475, /* "otherMailbox" */ +- 876, /* "owner" */ +- 489, /* "pagerTelephoneNumber" */ +- 374, /* "path" */ +- 112, /* "pbeWithMD5AndCast5CBC" */ +- 499, /* "personalSignature" */ +- 487, /* "personalTitle" */ +- 464, /* "photo" */ +- 863, /* "physicalDeliveryOfficeName" */ +- 437, /* "pilot" */ +- 439, /* "pilotAttributeSyntax" */ +- 438, /* "pilotAttributeType" */ +- 479, /* "pilotAttributeType27" */ +- 456, /* "pilotDSA" */ +- 441, /* "pilotGroups" */ +- 444, /* "pilotObject" */ +- 440, /* "pilotObjectClass" */ +- 455, /* "pilotOrganization" */ +- 445, /* "pilotPerson" */ +- 1032, /* "pkInitClientAuth" */ +- 1033, /* "pkInitKDC" */ +- 2, /* "pkcs" */ +- 186, /* "pkcs1" */ +- 27, /* "pkcs3" */ +- 187, /* "pkcs5" */ +- 20, /* "pkcs7" */ +- 21, /* "pkcs7-data" */ +- 25, /* "pkcs7-digestData" */ +- 26, /* "pkcs7-encryptedData" */ +- 23, /* "pkcs7-envelopedData" */ +- 24, /* "pkcs7-signedAndEnvelopedData" */ +- 22, /* "pkcs7-signedData" */ +- 151, /* "pkcs8ShroudedKeyBag" */ +- 47, /* "pkcs9" */ +- 401, /* "policyConstraints" */ +- 747, /* "policyMappings" */ +- 862, /* "postOfficeBox" */ +- 861, /* "postalAddress" */ +- 661, /* "postalCode" */ +- 683, /* "ppBasis" */ +- 872, /* "preferredDeliveryMethod" */ +- 873, /* "presentationAddress" */ +- 816, /* "prf-gostr3411-94" */ +- 406, /* "prime-field" */ +- 409, /* "prime192v1" */ +- 410, /* "prime192v2" */ +- 411, /* "prime192v3" */ +- 412, /* "prime239v1" */ +- 413, /* "prime239v2" */ +- 414, /* "prime239v3" */ +- 415, /* "prime256v1" */ +- 385, /* "private" */ +- 84, /* "privateKeyUsagePeriod" */ +- 886, /* "protocolInformation" */ +- 663, /* "proxyCertInfo" */ +- 510, /* "pseudonym" */ +- 435, /* "pss" */ +- 286, /* "qcStatements" */ +- 457, /* "qualityLabelledData" */ +- 450, /* "rFC822localPart" */ +- 870, /* "registeredAddress" */ +- 400, /* "role" */ +- 877, /* "roleOccupant" */ +- 448, /* "room" */ +- 463, /* "roomNumber" */ +- 6, /* "rsaEncryption" */ +- 644, /* "rsaOAEPEncryptionSET" */ +- 377, /* "rsaSignature" */ +- 1, /* "rsadsi" */ +- 482, /* "sOARecord" */ +- 155, /* "safeContentsBag" */ +- 291, /* "sbgp-autonomousSysNum" */ +- 290, /* "sbgp-ipAddrBlock" */ +- 292, /* "sbgp-routerIdentifier" */ +- 159, /* "sdsiCertificate" */ +- 859, /* "searchGuide" */ +- 704, /* "secp112r1" */ +- 705, /* "secp112r2" */ +- 706, /* "secp128r1" */ +- 707, /* "secp128r2" */ +- 708, /* "secp160k1" */ +- 709, /* "secp160r1" */ +- 710, /* "secp160r2" */ +- 711, /* "secp192k1" */ +- 712, /* "secp224k1" */ +- 713, /* "secp224r1" */ +- 714, /* "secp256k1" */ +- 715, /* "secp384r1" */ +- 716, /* "secp521r1" */ +- 154, /* "secretBag" */ +- 474, /* "secretary" */ +- 717, /* "sect113r1" */ +- 718, /* "sect113r2" */ +- 719, /* "sect131r1" */ +- 720, /* "sect131r2" */ +- 721, /* "sect163k1" */ +- 722, /* "sect163r1" */ +- 723, /* "sect163r2" */ +- 724, /* "sect193r1" */ +- 725, /* "sect193r2" */ +- 726, /* "sect233k1" */ +- 727, /* "sect233r1" */ +- 728, /* "sect239k1" */ +- 729, /* "sect283k1" */ +- 730, /* "sect283r1" */ +- 731, /* "sect409k1" */ +- 732, /* "sect409r1" */ +- 733, /* "sect571k1" */ +- 734, /* "sect571r1" */ +- 1025, /* "secureShellClient" */ +- 1026, /* "secureShellServer" */ +- 386, /* "security" */ +- 878, /* "seeAlso" */ +- 394, /* "selected-attribute-types" */ +- 1029, /* "sendOwner" */ +- 1030, /* "sendProxiedOwner" */ +- 1028, /* "sendProxiedRouter" */ +- 1027, /* "sendRouter" */ +- 105, /* "serialNumber" */ +- 129, /* "serverAuth" */ +- 371, /* "serviceLocator" */ +- 625, /* "set-addPolicy" */ +- 515, /* "set-attr" */ +- 518, /* "set-brand" */ +- 638, /* "set-brand-AmericanExpress" */ +- 637, /* "set-brand-Diners" */ +- 636, /* "set-brand-IATA-ATA" */ +- 639, /* "set-brand-JCB" */ +- 641, /* "set-brand-MasterCard" */ +- 642, /* "set-brand-Novus" */ +- 640, /* "set-brand-Visa" */ +- 517, /* "set-certExt" */ +- 513, /* "set-ctype" */ +- 514, /* "set-msgExt" */ +- 516, /* "set-policy" */ +- 607, /* "set-policy-root" */ +- 624, /* "set-rootKeyThumb" */ +- 620, /* "setAttr-Cert" */ +- 631, /* "setAttr-GenCryptgrm" */ +- 623, /* "setAttr-IssCap" */ +- 628, /* "setAttr-IssCap-CVM" */ +- 630, /* "setAttr-IssCap-Sig" */ +- 629, /* "setAttr-IssCap-T2" */ +- 621, /* "setAttr-PGWYcap" */ +- 635, /* "setAttr-SecDevSig" */ +- 632, /* "setAttr-T2Enc" */ +- 633, /* "setAttr-T2cleartxt" */ +- 634, /* "setAttr-TokICCsig" */ +- 627, /* "setAttr-Token-B0Prime" */ +- 626, /* "setAttr-Token-EMV" */ +- 622, /* "setAttr-TokenType" */ +- 619, /* "setCext-IssuerCapabilities" */ +- 615, /* "setCext-PGWYcapabilities" */ +- 616, /* "setCext-TokenIdentifier" */ +- 618, /* "setCext-TokenType" */ +- 617, /* "setCext-Track2Data" */ +- 611, /* "setCext-cCertRequired" */ +- 609, /* "setCext-certType" */ +- 608, /* "setCext-hashedRoot" */ +- 610, /* "setCext-merchData" */ +- 613, /* "setCext-setExt" */ +- 614, /* "setCext-setQualf" */ +- 612, /* "setCext-tunneling" */ +- 540, /* "setct-AcqCardCodeMsg" */ +- 576, /* "setct-AcqCardCodeMsgTBE" */ +- 570, /* "setct-AuthReqTBE" */ +- 534, /* "setct-AuthReqTBS" */ +- 527, /* "setct-AuthResBaggage" */ +- 571, /* "setct-AuthResTBE" */ +- 572, /* "setct-AuthResTBEX" */ +- 535, /* "setct-AuthResTBS" */ +- 536, /* "setct-AuthResTBSX" */ +- 528, /* "setct-AuthRevReqBaggage" */ +- 577, /* "setct-AuthRevReqTBE" */ +- 541, /* "setct-AuthRevReqTBS" */ +- 529, /* "setct-AuthRevResBaggage" */ +- 542, /* "setct-AuthRevResData" */ +- 578, /* "setct-AuthRevResTBE" */ +- 579, /* "setct-AuthRevResTBEB" */ +- 543, /* "setct-AuthRevResTBS" */ +- 573, /* "setct-AuthTokenTBE" */ +- 537, /* "setct-AuthTokenTBS" */ +- 600, /* "setct-BCIDistributionTBS" */ +- 558, /* "setct-BatchAdminReqData" */ +- 592, /* "setct-BatchAdminReqTBE" */ +- 559, /* "setct-BatchAdminResData" */ +- 593, /* "setct-BatchAdminResTBE" */ +- 599, /* "setct-CRLNotificationResTBS" */ +- 598, /* "setct-CRLNotificationTBS" */ +- 580, /* "setct-CapReqTBE" */ +- 581, /* "setct-CapReqTBEX" */ +- 544, /* "setct-CapReqTBS" */ +- 545, /* "setct-CapReqTBSX" */ +- 546, /* "setct-CapResData" */ +- 582, /* "setct-CapResTBE" */ +- 583, /* "setct-CapRevReqTBE" */ +- 584, /* "setct-CapRevReqTBEX" */ +- 547, /* "setct-CapRevReqTBS" */ +- 548, /* "setct-CapRevReqTBSX" */ +- 549, /* "setct-CapRevResData" */ +- 585, /* "setct-CapRevResTBE" */ +- 538, /* "setct-CapTokenData" */ +- 530, /* "setct-CapTokenSeq" */ +- 574, /* "setct-CapTokenTBE" */ +- 575, /* "setct-CapTokenTBEX" */ +- 539, /* "setct-CapTokenTBS" */ +- 560, /* "setct-CardCInitResTBS" */ +- 566, /* "setct-CertInqReqTBS" */ +- 563, /* "setct-CertReqData" */ +- 595, /* "setct-CertReqTBE" */ +- 596, /* "setct-CertReqTBEX" */ +- 564, /* "setct-CertReqTBS" */ +- 565, /* "setct-CertResData" */ +- 597, /* "setct-CertResTBE" */ +- 586, /* "setct-CredReqTBE" */ +- 587, /* "setct-CredReqTBEX" */ +- 550, /* "setct-CredReqTBS" */ +- 551, /* "setct-CredReqTBSX" */ +- 552, /* "setct-CredResData" */ +- 588, /* "setct-CredResTBE" */ +- 589, /* "setct-CredRevReqTBE" */ +- 590, /* "setct-CredRevReqTBEX" */ +- 553, /* "setct-CredRevReqTBS" */ +- 554, /* "setct-CredRevReqTBSX" */ +- 555, /* "setct-CredRevResData" */ +- 591, /* "setct-CredRevResTBE" */ +- 567, /* "setct-ErrorTBS" */ +- 526, /* "setct-HODInput" */ +- 561, /* "setct-MeAqCInitResTBS" */ +- 522, /* "setct-OIData" */ +- 519, /* "setct-PANData" */ +- 521, /* "setct-PANOnly" */ +- 520, /* "setct-PANToken" */ +- 556, /* "setct-PCertReqData" */ +- 557, /* "setct-PCertResTBS" */ +- 523, /* "setct-PI" */ +- 532, /* "setct-PI-TBS" */ +- 524, /* "setct-PIData" */ +- 525, /* "setct-PIDataUnsigned" */ +- 568, /* "setct-PIDualSignedTBE" */ +- 569, /* "setct-PIUnsignedTBE" */ +- 531, /* "setct-PInitResData" */ +- 533, /* "setct-PResData" */ +- 594, /* "setct-RegFormReqTBE" */ +- 562, /* "setct-RegFormResTBS" */ +- 606, /* "setext-cv" */ +- 601, /* "setext-genCrypt" */ +- 602, /* "setext-miAuth" */ +- 604, /* "setext-pinAny" */ +- 603, /* "setext-pinSecure" */ +- 605, /* "setext-track2" */ +- 52, /* "signingTime" */ +- 454, /* "simpleSecurityObject" */ +- 496, /* "singleLevelQuality" */ +- 387, /* "snmpv2" */ +- 660, /* "street" */ +- 85, /* "subjectAltName" */ +- 769, /* "subjectDirectoryAttributes" */ +- 398, /* "subjectInfoAccess" */ +- 82, /* "subjectKeyIdentifier" */ +- 1007, /* "subjectSignTool" */ +- 498, /* "subtreeMaximumQuality" */ +- 497, /* "subtreeMinimumQuality" */ +- 890, /* "supportedAlgorithms" */ +- 874, /* "supportedApplicationContext" */ +- 402, /* "targetInformation" */ +- 864, /* "telephoneNumber" */ +- 866, /* "teletexTerminalIdentifier" */ +- 865, /* "telexNumber" */ +- 459, /* "textEncodedORAddress" */ +- 293, /* "textNotice" */ +- 133, /* "timeStamping" */ +- 106, /* "title" */ +- 1020, /* "tlsfeature" */ +- 682, /* "tpBasis" */ +- 375, /* "trustRoot" */ +- 436, /* "ucl" */ +- 102, /* "uid" */ +- 888, /* "uniqueMember" */ +- 55, /* "unstructuredAddress" */ +- 49, /* "unstructuredName" */ +- 880, /* "userCertificate" */ +- 465, /* "userClass" */ +- 879, /* "userPassword" */ +- 373, /* "valid" */ +- 678, /* "wap" */ +- 679, /* "wap-wsg" */ +- 735, /* "wap-wsg-idm-ecid-wtls1" */ +- 743, /* "wap-wsg-idm-ecid-wtls10" */ +- 744, /* "wap-wsg-idm-ecid-wtls11" */ +- 745, /* "wap-wsg-idm-ecid-wtls12" */ +- 736, /* "wap-wsg-idm-ecid-wtls3" */ +- 737, /* "wap-wsg-idm-ecid-wtls4" */ +- 738, /* "wap-wsg-idm-ecid-wtls5" */ +- 739, /* "wap-wsg-idm-ecid-wtls6" */ +- 740, /* "wap-wsg-idm-ecid-wtls7" */ +- 741, /* "wap-wsg-idm-ecid-wtls8" */ +- 742, /* "wap-wsg-idm-ecid-wtls9" */ +- 804, /* "whirlpool" */ +- 868, /* "x121Address" */ +- 503, /* "x500UniqueIdentifier" */ +- 158, /* "x509Certificate" */ +- 160, /* "x509Crl" */ ++static const unsigned int sn_objs[NUM_SN]={ ++364, /* "AD_DVCS" */ ++419, /* "AES-128-CBC" */ ++916, /* "AES-128-CBC-HMAC-SHA1" */ ++948, /* "AES-128-CBC-HMAC-SHA256" */ ++421, /* "AES-128-CFB" */ ++650, /* "AES-128-CFB1" */ ++653, /* "AES-128-CFB8" */ ++904, /* "AES-128-CTR" */ ++418, /* "AES-128-ECB" */ ++420, /* "AES-128-OFB" */ ++913, /* "AES-128-XTS" */ ++423, /* "AES-192-CBC" */ ++917, /* "AES-192-CBC-HMAC-SHA1" */ ++949, /* "AES-192-CBC-HMAC-SHA256" */ ++425, /* "AES-192-CFB" */ ++651, /* "AES-192-CFB1" */ ++654, /* "AES-192-CFB8" */ ++905, /* "AES-192-CTR" */ ++422, /* "AES-192-ECB" */ ++424, /* "AES-192-OFB" */ ++427, /* "AES-256-CBC" */ ++918, /* "AES-256-CBC-HMAC-SHA1" */ ++950, /* "AES-256-CBC-HMAC-SHA256" */ ++429, /* "AES-256-CFB" */ ++652, /* "AES-256-CFB1" */ ++655, /* "AES-256-CFB8" */ ++906, /* "AES-256-CTR" */ ++426, /* "AES-256-ECB" */ ++428, /* "AES-256-OFB" */ ++914, /* "AES-256-XTS" */ ++91, /* "BF-CBC" */ ++93, /* "BF-CFB" */ ++92, /* "BF-ECB" */ ++94, /* "BF-OFB" */ ++14, /* "C" */ ++751, /* "CAMELLIA-128-CBC" */ ++757, /* "CAMELLIA-128-CFB" */ ++760, /* "CAMELLIA-128-CFB1" */ ++763, /* "CAMELLIA-128-CFB8" */ ++754, /* "CAMELLIA-128-ECB" */ ++766, /* "CAMELLIA-128-OFB" */ ++752, /* "CAMELLIA-192-CBC" */ ++758, /* "CAMELLIA-192-CFB" */ ++761, /* "CAMELLIA-192-CFB1" */ ++764, /* "CAMELLIA-192-CFB8" */ ++755, /* "CAMELLIA-192-ECB" */ ++767, /* "CAMELLIA-192-OFB" */ ++753, /* "CAMELLIA-256-CBC" */ ++759, /* "CAMELLIA-256-CFB" */ ++762, /* "CAMELLIA-256-CFB1" */ ++765, /* "CAMELLIA-256-CFB8" */ ++756, /* "CAMELLIA-256-ECB" */ ++768, /* "CAMELLIA-256-OFB" */ ++108, /* "CAST5-CBC" */ ++110, /* "CAST5-CFB" */ ++109, /* "CAST5-ECB" */ ++111, /* "CAST5-OFB" */ ++894, /* "CMAC" */ ++13, /* "CN" */ ++141, /* "CRLReason" */ ++417, /* "CSPName" */ ++367, /* "CrlID" */ ++391, /* "DC" */ ++31, /* "DES-CBC" */ ++643, /* "DES-CDMF" */ ++30, /* "DES-CFB" */ ++656, /* "DES-CFB1" */ ++657, /* "DES-CFB8" */ ++29, /* "DES-ECB" */ ++32, /* "DES-EDE" */ ++43, /* "DES-EDE-CBC" */ ++60, /* "DES-EDE-CFB" */ ++62, /* "DES-EDE-OFB" */ ++33, /* "DES-EDE3" */ ++44, /* "DES-EDE3-CBC" */ ++61, /* "DES-EDE3-CFB" */ ++658, /* "DES-EDE3-CFB1" */ ++659, /* "DES-EDE3-CFB8" */ ++63, /* "DES-EDE3-OFB" */ ++45, /* "DES-OFB" */ ++80, /* "DESX-CBC" */ ++380, /* "DOD" */ ++116, /* "DSA" */ ++66, /* "DSA-SHA" */ ++113, /* "DSA-SHA1" */ ++70, /* "DSA-SHA1-old" */ ++67, /* "DSA-old" */ ++297, /* "DVCS" */ ++99, /* "GN" */ ++855, /* "HMAC" */ ++780, /* "HMAC-MD5" */ ++781, /* "HMAC-SHA1" */ ++381, /* "IANA" */ ++34, /* "IDEA-CBC" */ ++35, /* "IDEA-CFB" */ ++36, /* "IDEA-ECB" */ ++46, /* "IDEA-OFB" */ ++181, /* "ISO" */ ++183, /* "ISO-US" */ ++645, /* "ITU-T" */ ++646, /* "JOINT-ISO-ITU-T" */ ++773, /* "KISA" */ ++15, /* "L" */ ++856, /* "LocalKeySet" */ ++ 3, /* "MD2" */ ++257, /* "MD4" */ ++ 4, /* "MD5" */ ++114, /* "MD5-SHA1" */ ++95, /* "MDC2" */ ++911, /* "MGF1" */ ++388, /* "Mail" */ ++393, /* "NULL" */ ++404, /* "NULL" */ ++57, /* "Netscape" */ ++366, /* "Nonce" */ ++17, /* "O" */ ++178, /* "OCSP" */ ++180, /* "OCSPSigning" */ ++379, /* "ORG" */ ++18, /* "OU" */ ++749, /* "Oakley-EC2N-3" */ ++750, /* "Oakley-EC2N-4" */ ++ 9, /* "PBE-MD2-DES" */ ++168, /* "PBE-MD2-RC2-64" */ ++10, /* "PBE-MD5-DES" */ ++169, /* "PBE-MD5-RC2-64" */ ++147, /* "PBE-SHA1-2DES" */ ++146, /* "PBE-SHA1-3DES" */ ++170, /* "PBE-SHA1-DES" */ ++148, /* "PBE-SHA1-RC2-128" */ ++149, /* "PBE-SHA1-RC2-40" */ ++68, /* "PBE-SHA1-RC2-64" */ ++144, /* "PBE-SHA1-RC4-128" */ ++145, /* "PBE-SHA1-RC4-40" */ ++161, /* "PBES2" */ ++69, /* "PBKDF2" */ ++162, /* "PBMAC1" */ ++127, /* "PKIX" */ ++935, /* "PSPECIFIED" */ ++98, /* "RC2-40-CBC" */ ++166, /* "RC2-64-CBC" */ ++37, /* "RC2-CBC" */ ++39, /* "RC2-CFB" */ ++38, /* "RC2-ECB" */ ++40, /* "RC2-OFB" */ ++ 5, /* "RC4" */ ++97, /* "RC4-40" */ ++915, /* "RC4-HMAC-MD5" */ ++120, /* "RC5-CBC" */ ++122, /* "RC5-CFB" */ ++121, /* "RC5-ECB" */ ++123, /* "RC5-OFB" */ ++117, /* "RIPEMD160" */ ++124, /* "RLE" */ ++19, /* "RSA" */ ++ 7, /* "RSA-MD2" */ ++396, /* "RSA-MD4" */ ++ 8, /* "RSA-MD5" */ ++96, /* "RSA-MDC2" */ ++104, /* "RSA-NP-MD5" */ ++119, /* "RSA-RIPEMD160" */ ++42, /* "RSA-SHA" */ ++65, /* "RSA-SHA1" */ ++115, /* "RSA-SHA1-2" */ ++671, /* "RSA-SHA224" */ ++668, /* "RSA-SHA256" */ ++669, /* "RSA-SHA384" */ ++670, /* "RSA-SHA512" */ ++919, /* "RSAES-OAEP" */ ++912, /* "RSASSA-PSS" */ ++777, /* "SEED-CBC" */ ++779, /* "SEED-CFB" */ ++776, /* "SEED-ECB" */ ++778, /* "SEED-OFB" */ ++41, /* "SHA" */ ++64, /* "SHA1" */ ++675, /* "SHA224" */ ++672, /* "SHA256" */ ++673, /* "SHA384" */ ++674, /* "SHA512" */ ++188, /* "SMIME" */ ++167, /* "SMIME-CAPS" */ ++100, /* "SN" */ ++16, /* "ST" */ ++143, /* "SXNetID" */ ++458, /* "UID" */ ++ 0, /* "UNDEF" */ ++11, /* "X500" */ ++378, /* "X500algorithms" */ ++12, /* "X509" */ ++184, /* "X9-57" */ ++185, /* "X9cm" */ ++125, /* "ZLIB" */ ++478, /* "aRecord" */ ++289, /* "aaControls" */ ++287, /* "ac-auditEntity" */ ++397, /* "ac-proxying" */ ++288, /* "ac-targeting" */ ++368, /* "acceptableResponses" */ ++446, /* "account" */ ++363, /* "ad_timestamping" */ ++376, /* "algorithm" */ ++405, /* "ansi-X9-62" */ ++910, /* "anyExtendedKeyUsage" */ ++746, /* "anyPolicy" */ ++370, /* "archiveCutoff" */ ++484, /* "associatedDomain" */ ++485, /* "associatedName" */ ++501, /* "audio" */ ++177, /* "authorityInfoAccess" */ ++90, /* "authorityKeyIdentifier" */ ++882, /* "authorityRevocationList" */ ++87, /* "basicConstraints" */ ++365, /* "basicOCSPResponse" */ ++285, /* "biometricInfo" */ ++921, /* "brainpoolP160r1" */ ++922, /* "brainpoolP160t1" */ ++923, /* "brainpoolP192r1" */ ++924, /* "brainpoolP192t1" */ ++925, /* "brainpoolP224r1" */ ++926, /* "brainpoolP224t1" */ ++927, /* "brainpoolP256r1" */ ++928, /* "brainpoolP256t1" */ ++929, /* "brainpoolP320r1" */ ++930, /* "brainpoolP320t1" */ ++931, /* "brainpoolP384r1" */ ++932, /* "brainpoolP384t1" */ ++933, /* "brainpoolP512r1" */ ++934, /* "brainpoolP512t1" */ ++494, /* "buildingName" */ ++860, /* "businessCategory" */ ++691, /* "c2onb191v4" */ ++692, /* "c2onb191v5" */ ++697, /* "c2onb239v4" */ ++698, /* "c2onb239v5" */ ++684, /* "c2pnb163v1" */ ++685, /* "c2pnb163v2" */ ++686, /* "c2pnb163v3" */ ++687, /* "c2pnb176v1" */ ++693, /* "c2pnb208w1" */ ++699, /* "c2pnb272w1" */ ++700, /* "c2pnb304w1" */ ++702, /* "c2pnb368w1" */ ++688, /* "c2tnb191v1" */ ++689, /* "c2tnb191v2" */ ++690, /* "c2tnb191v3" */ ++694, /* "c2tnb239v1" */ ++695, /* "c2tnb239v2" */ ++696, /* "c2tnb239v3" */ ++701, /* "c2tnb359v1" */ ++703, /* "c2tnb431r1" */ ++881, /* "cACertificate" */ ++483, /* "cNAMERecord" */ ++179, /* "caIssuers" */ ++785, /* "caRepository" */ ++443, /* "caseIgnoreIA5StringSyntax" */ ++152, /* "certBag" */ ++677, /* "certicom-arc" */ ++771, /* "certificateIssuer" */ ++89, /* "certificatePolicies" */ ++883, /* "certificateRevocationList" */ ++54, /* "challengePassword" */ ++407, /* "characteristic-two-field" */ ++395, /* "clearance" */ ++130, /* "clientAuth" */ ++131, /* "codeSigning" */ ++50, /* "contentType" */ ++53, /* "countersignature" */ ++153, /* "crlBag" */ ++103, /* "crlDistributionPoints" */ ++88, /* "crlNumber" */ ++884, /* "crossCertificatePair" */ ++806, /* "cryptocom" */ ++805, /* "cryptopro" */ ++954, /* "ct_cert_scts" */ ++952, /* "ct_precert_poison" */ ++951, /* "ct_precert_scts" */ ++953, /* "ct_precert_signer" */ ++500, /* "dITRedirect" */ ++451, /* "dNSDomain" */ ++495, /* "dSAQuality" */ ++434, /* "data" */ ++390, /* "dcobject" */ ++140, /* "deltaCRL" */ ++891, /* "deltaRevocationList" */ ++107, /* "description" */ ++871, /* "destinationIndicator" */ ++947, /* "dh-cofactor-kdf" */ ++946, /* "dh-std-kdf" */ ++28, /* "dhKeyAgreement" */ ++941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ ++942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ ++943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ ++944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ ++945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ ++936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ ++937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ ++938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ ++939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ ++940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ ++920, /* "dhpublicnumber" */ ++382, /* "directory" */ ++887, /* "distinguishedName" */ ++892, /* "dmdName" */ ++174, /* "dnQualifier" */ ++447, /* "document" */ ++471, /* "documentAuthor" */ ++468, /* "documentIdentifier" */ ++472, /* "documentLocation" */ ++502, /* "documentPublisher" */ ++449, /* "documentSeries" */ ++469, /* "documentTitle" */ ++470, /* "documentVersion" */ ++392, /* "domain" */ ++452, /* "domainRelatedObject" */ ++802, /* "dsa_with_SHA224" */ ++803, /* "dsa_with_SHA256" */ ++791, /* "ecdsa-with-Recommended" */ ++416, /* "ecdsa-with-SHA1" */ ++793, /* "ecdsa-with-SHA224" */ ++794, /* "ecdsa-with-SHA256" */ ++795, /* "ecdsa-with-SHA384" */ ++796, /* "ecdsa-with-SHA512" */ ++792, /* "ecdsa-with-Specified" */ ++48, /* "emailAddress" */ ++132, /* "emailProtection" */ ++885, /* "enhancedSearchGuide" */ ++389, /* "enterprises" */ ++384, /* "experimental" */ ++172, /* "extReq" */ ++56, /* "extendedCertificateAttributes" */ ++126, /* "extendedKeyUsage" */ ++372, /* "extendedStatus" */ ++867, /* "facsimileTelephoneNumber" */ ++462, /* "favouriteDrink" */ ++857, /* "freshestCRL" */ ++453, /* "friendlyCountry" */ ++490, /* "friendlyCountryName" */ ++156, /* "friendlyName" */ ++509, /* "generationQualifier" */ ++815, /* "gost-mac" */ ++811, /* "gost2001" */ ++851, /* "gost2001cc" */ ++813, /* "gost89" */ ++814, /* "gost89-cnt" */ ++812, /* "gost94" */ ++850, /* "gost94cc" */ ++797, /* "hmacWithMD5" */ ++163, /* "hmacWithSHA1" */ ++798, /* "hmacWithSHA224" */ ++799, /* "hmacWithSHA256" */ ++800, /* "hmacWithSHA384" */ ++801, /* "hmacWithSHA512" */ ++432, /* "holdInstructionCallIssuer" */ ++430, /* "holdInstructionCode" */ ++431, /* "holdInstructionNone" */ ++433, /* "holdInstructionReject" */ ++486, /* "homePostalAddress" */ ++473, /* "homeTelephoneNumber" */ ++466, /* "host" */ ++889, /* "houseIdentifier" */ ++442, /* "iA5StringSyntax" */ ++783, /* "id-DHBasedMac" */ ++824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ ++825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ ++826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ ++827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ ++819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ ++829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ ++828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ ++830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ ++820, /* "id-Gost28147-89-None-KeyMeshing" */ ++823, /* "id-Gost28147-89-TestParamSet" */ ++849, /* "id-Gost28147-89-cc" */ ++840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ ++841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ ++842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ ++843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ ++844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ ++854, /* "id-GostR3410-2001-ParamSet-cc" */ ++839, /* "id-GostR3410-2001-TestParamSet" */ ++817, /* "id-GostR3410-2001DH" */ ++832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ ++833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ ++834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ ++835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ ++836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ ++837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ ++838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ ++831, /* "id-GostR3410-94-TestParamSet" */ ++845, /* "id-GostR3410-94-a" */ ++846, /* "id-GostR3410-94-aBis" */ ++847, /* "id-GostR3410-94-b" */ ++848, /* "id-GostR3410-94-bBis" */ ++818, /* "id-GostR3410-94DH" */ ++822, /* "id-GostR3411-94-CryptoProParamSet" */ ++821, /* "id-GostR3411-94-TestParamSet" */ ++807, /* "id-GostR3411-94-with-GostR3410-2001" */ ++853, /* "id-GostR3411-94-with-GostR3410-2001-cc" */ ++808, /* "id-GostR3411-94-with-GostR3410-94" */ ++852, /* "id-GostR3411-94-with-GostR3410-94-cc" */ ++810, /* "id-HMACGostR3411-94" */ ++782, /* "id-PasswordBasedMAC" */ ++266, /* "id-aca" */ ++355, /* "id-aca-accessIdentity" */ ++354, /* "id-aca-authenticationInfo" */ ++356, /* "id-aca-chargingIdentity" */ ++399, /* "id-aca-encAttrs" */ ++357, /* "id-aca-group" */ ++358, /* "id-aca-role" */ ++176, /* "id-ad" */ ++896, /* "id-aes128-CCM" */ ++895, /* "id-aes128-GCM" */ ++788, /* "id-aes128-wrap" */ ++897, /* "id-aes128-wrap-pad" */ ++899, /* "id-aes192-CCM" */ ++898, /* "id-aes192-GCM" */ ++789, /* "id-aes192-wrap" */ ++900, /* "id-aes192-wrap-pad" */ ++902, /* "id-aes256-CCM" */ ++901, /* "id-aes256-GCM" */ ++790, /* "id-aes256-wrap" */ ++903, /* "id-aes256-wrap-pad" */ ++262, /* "id-alg" */ ++893, /* "id-alg-PWRI-KEK" */ ++323, /* "id-alg-des40" */ ++326, /* "id-alg-dh-pop" */ ++325, /* "id-alg-dh-sig-hmac-sha1" */ ++324, /* "id-alg-noSignature" */ ++907, /* "id-camellia128-wrap" */ ++908, /* "id-camellia192-wrap" */ ++909, /* "id-camellia256-wrap" */ ++268, /* "id-cct" */ ++361, /* "id-cct-PKIData" */ ++362, /* "id-cct-PKIResponse" */ ++360, /* "id-cct-crs" */ ++81, /* "id-ce" */ ++680, /* "id-characteristic-two-basis" */ ++263, /* "id-cmc" */ ++334, /* "id-cmc-addExtensions" */ ++346, /* "id-cmc-confirmCertAcceptance" */ ++330, /* "id-cmc-dataReturn" */ ++336, /* "id-cmc-decryptedPOP" */ ++335, /* "id-cmc-encryptedPOP" */ ++339, /* "id-cmc-getCRL" */ ++338, /* "id-cmc-getCert" */ ++328, /* "id-cmc-identification" */ ++329, /* "id-cmc-identityProof" */ ++337, /* "id-cmc-lraPOPWitness" */ ++344, /* "id-cmc-popLinkRandom" */ ++345, /* "id-cmc-popLinkWitness" */ ++343, /* "id-cmc-queryPending" */ ++333, /* "id-cmc-recipientNonce" */ ++341, /* "id-cmc-regInfo" */ ++342, /* "id-cmc-responseInfo" */ ++340, /* "id-cmc-revokeRequest" */ ++332, /* "id-cmc-senderNonce" */ ++327, /* "id-cmc-statusInfo" */ ++331, /* "id-cmc-transactionId" */ ++787, /* "id-ct-asciiTextWithCRLF" */ ++408, /* "id-ecPublicKey" */ ++508, /* "id-hex-multipart-message" */ ++507, /* "id-hex-partial-message" */ ++260, /* "id-it" */ ++302, /* "id-it-caKeyUpdateInfo" */ ++298, /* "id-it-caProtEncCert" */ ++311, /* "id-it-confirmWaitTime" */ ++303, /* "id-it-currentCRL" */ ++300, /* "id-it-encKeyPairTypes" */ ++310, /* "id-it-implicitConfirm" */ ++308, /* "id-it-keyPairParamRep" */ ++307, /* "id-it-keyPairParamReq" */ ++312, /* "id-it-origPKIMessage" */ ++301, /* "id-it-preferredSymmAlg" */ ++309, /* "id-it-revPassphrase" */ ++299, /* "id-it-signKeyPairTypes" */ ++305, /* "id-it-subscriptionRequest" */ ++306, /* "id-it-subscriptionResponse" */ ++784, /* "id-it-suppLangTags" */ ++304, /* "id-it-unsupportedOIDs" */ ++128, /* "id-kp" */ ++280, /* "id-mod-attribute-cert" */ ++274, /* "id-mod-cmc" */ ++277, /* "id-mod-cmp" */ ++284, /* "id-mod-cmp2000" */ ++273, /* "id-mod-crmf" */ ++283, /* "id-mod-dvcs" */ ++275, /* "id-mod-kea-profile-88" */ ++276, /* "id-mod-kea-profile-93" */ ++282, /* "id-mod-ocsp" */ ++278, /* "id-mod-qualified-cert-88" */ ++279, /* "id-mod-qualified-cert-93" */ ++281, /* "id-mod-timestamp-protocol" */ ++264, /* "id-on" */ ++858, /* "id-on-permanentIdentifier" */ ++347, /* "id-on-personalData" */ ++265, /* "id-pda" */ ++352, /* "id-pda-countryOfCitizenship" */ ++353, /* "id-pda-countryOfResidence" */ ++348, /* "id-pda-dateOfBirth" */ ++351, /* "id-pda-gender" */ ++349, /* "id-pda-placeOfBirth" */ ++175, /* "id-pe" */ ++261, /* "id-pkip" */ ++258, /* "id-pkix-mod" */ ++269, /* "id-pkix1-explicit-88" */ ++271, /* "id-pkix1-explicit-93" */ ++270, /* "id-pkix1-implicit-88" */ ++272, /* "id-pkix1-implicit-93" */ ++662, /* "id-ppl" */ ++664, /* "id-ppl-anyLanguage" */ ++667, /* "id-ppl-independent" */ ++665, /* "id-ppl-inheritAll" */ ++267, /* "id-qcs" */ ++359, /* "id-qcs-pkixQCSyntax-v1" */ ++259, /* "id-qt" */ ++164, /* "id-qt-cps" */ ++165, /* "id-qt-unotice" */ ++313, /* "id-regCtrl" */ ++316, /* "id-regCtrl-authenticator" */ ++319, /* "id-regCtrl-oldCertID" */ ++318, /* "id-regCtrl-pkiArchiveOptions" */ ++317, /* "id-regCtrl-pkiPublicationInfo" */ ++320, /* "id-regCtrl-protocolEncrKey" */ ++315, /* "id-regCtrl-regToken" */ ++314, /* "id-regInfo" */ ++322, /* "id-regInfo-certReq" */ ++321, /* "id-regInfo-utf8Pairs" */ ++512, /* "id-set" */ ++191, /* "id-smime-aa" */ ++215, /* "id-smime-aa-contentHint" */ ++218, /* "id-smime-aa-contentIdentifier" */ ++221, /* "id-smime-aa-contentReference" */ ++240, /* "id-smime-aa-dvcs-dvc" */ ++217, /* "id-smime-aa-encapContentType" */ ++222, /* "id-smime-aa-encrypKeyPref" */ ++220, /* "id-smime-aa-equivalentLabels" */ ++232, /* "id-smime-aa-ets-CertificateRefs" */ ++233, /* "id-smime-aa-ets-RevocationRefs" */ ++238, /* "id-smime-aa-ets-archiveTimeStamp" */ ++237, /* "id-smime-aa-ets-certCRLTimestamp" */ ++234, /* "id-smime-aa-ets-certValues" */ ++227, /* "id-smime-aa-ets-commitmentType" */ ++231, /* "id-smime-aa-ets-contentTimestamp" */ ++236, /* "id-smime-aa-ets-escTimeStamp" */ ++230, /* "id-smime-aa-ets-otherSigCert" */ ++235, /* "id-smime-aa-ets-revocationValues" */ ++226, /* "id-smime-aa-ets-sigPolicyId" */ ++229, /* "id-smime-aa-ets-signerAttr" */ ++228, /* "id-smime-aa-ets-signerLocation" */ ++219, /* "id-smime-aa-macValue" */ ++214, /* "id-smime-aa-mlExpandHistory" */ ++216, /* "id-smime-aa-msgSigDigest" */ ++212, /* "id-smime-aa-receiptRequest" */ ++213, /* "id-smime-aa-securityLabel" */ ++239, /* "id-smime-aa-signatureType" */ ++223, /* "id-smime-aa-signingCertificate" */ ++224, /* "id-smime-aa-smimeEncryptCerts" */ ++225, /* "id-smime-aa-timeStampToken" */ ++192, /* "id-smime-alg" */ ++243, /* "id-smime-alg-3DESwrap" */ ++246, /* "id-smime-alg-CMS3DESwrap" */ ++247, /* "id-smime-alg-CMSRC2wrap" */ ++245, /* "id-smime-alg-ESDH" */ ++241, /* "id-smime-alg-ESDHwith3DES" */ ++242, /* "id-smime-alg-ESDHwithRC2" */ ++244, /* "id-smime-alg-RC2wrap" */ ++193, /* "id-smime-cd" */ ++248, /* "id-smime-cd-ldap" */ ++190, /* "id-smime-ct" */ ++210, /* "id-smime-ct-DVCSRequestData" */ ++211, /* "id-smime-ct-DVCSResponseData" */ ++208, /* "id-smime-ct-TDTInfo" */ ++207, /* "id-smime-ct-TSTInfo" */ ++205, /* "id-smime-ct-authData" */ ++786, /* "id-smime-ct-compressedData" */ ++209, /* "id-smime-ct-contentInfo" */ ++206, /* "id-smime-ct-publishCert" */ ++204, /* "id-smime-ct-receipt" */ ++195, /* "id-smime-cti" */ ++255, /* "id-smime-cti-ets-proofOfApproval" */ ++256, /* "id-smime-cti-ets-proofOfCreation" */ ++253, /* "id-smime-cti-ets-proofOfDelivery" */ ++251, /* "id-smime-cti-ets-proofOfOrigin" */ ++252, /* "id-smime-cti-ets-proofOfReceipt" */ ++254, /* "id-smime-cti-ets-proofOfSender" */ ++189, /* "id-smime-mod" */ ++196, /* "id-smime-mod-cms" */ ++197, /* "id-smime-mod-ess" */ ++202, /* "id-smime-mod-ets-eSigPolicy-88" */ ++203, /* "id-smime-mod-ets-eSigPolicy-97" */ ++200, /* "id-smime-mod-ets-eSignature-88" */ ++201, /* "id-smime-mod-ets-eSignature-97" */ ++199, /* "id-smime-mod-msg-v3" */ ++198, /* "id-smime-mod-oid" */ ++194, /* "id-smime-spq" */ ++250, /* "id-smime-spq-ets-sqt-unotice" */ ++249, /* "id-smime-spq-ets-sqt-uri" */ ++676, /* "identified-organization" */ ++461, /* "info" */ ++748, /* "inhibitAnyPolicy" */ ++101, /* "initials" */ ++647, /* "international-organizations" */ ++869, /* "internationaliSDNNumber" */ ++142, /* "invalidityDate" */ ++294, /* "ipsecEndSystem" */ ++295, /* "ipsecTunnel" */ ++296, /* "ipsecUser" */ ++86, /* "issuerAltName" */ ++770, /* "issuingDistributionPoint" */ ++492, /* "janetMailbox" */ ++957, /* "jurisdictionC" */ ++955, /* "jurisdictionL" */ ++956, /* "jurisdictionST" */ ++150, /* "keyBag" */ ++83, /* "keyUsage" */ ++477, /* "lastModifiedBy" */ ++476, /* "lastModifiedTime" */ ++157, /* "localKeyID" */ ++480, /* "mXRecord" */ ++460, /* "mail" */ ++493, /* "mailPreferenceOption" */ ++467, /* "manager" */ ++809, /* "md_gost94" */ ++875, /* "member" */ ++182, /* "member-body" */ ++51, /* "messageDigest" */ ++383, /* "mgmt" */ ++504, /* "mime-mhs" */ ++506, /* "mime-mhs-bodies" */ ++505, /* "mime-mhs-headings" */ ++488, /* "mobileTelephoneNumber" */ ++136, /* "msCTLSign" */ ++135, /* "msCodeCom" */ ++134, /* "msCodeInd" */ ++138, /* "msEFS" */ ++171, /* "msExtReq" */ ++137, /* "msSGC" */ ++648, /* "msSmartcardLogin" */ ++649, /* "msUPN" */ ++481, /* "nSRecord" */ ++173, /* "name" */ ++666, /* "nameConstraints" */ ++369, /* "noCheck" */ ++403, /* "noRevAvail" */ ++72, /* "nsBaseUrl" */ ++76, /* "nsCaPolicyUrl" */ ++74, /* "nsCaRevocationUrl" */ ++58, /* "nsCertExt" */ ++79, /* "nsCertSequence" */ ++71, /* "nsCertType" */ ++78, /* "nsComment" */ ++59, /* "nsDataType" */ ++75, /* "nsRenewalUrl" */ ++73, /* "nsRevocationUrl" */ ++139, /* "nsSGC" */ ++77, /* "nsSslServerName" */ ++681, /* "onBasis" */ ++491, /* "organizationalStatus" */ ++475, /* "otherMailbox" */ ++876, /* "owner" */ ++489, /* "pagerTelephoneNumber" */ ++374, /* "path" */ ++112, /* "pbeWithMD5AndCast5CBC" */ ++499, /* "personalSignature" */ ++487, /* "personalTitle" */ ++464, /* "photo" */ ++863, /* "physicalDeliveryOfficeName" */ ++437, /* "pilot" */ ++439, /* "pilotAttributeSyntax" */ ++438, /* "pilotAttributeType" */ ++479, /* "pilotAttributeType27" */ ++456, /* "pilotDSA" */ ++441, /* "pilotGroups" */ ++444, /* "pilotObject" */ ++440, /* "pilotObjectClass" */ ++455, /* "pilotOrganization" */ ++445, /* "pilotPerson" */ ++ 2, /* "pkcs" */ ++186, /* "pkcs1" */ ++27, /* "pkcs3" */ ++187, /* "pkcs5" */ ++20, /* "pkcs7" */ ++21, /* "pkcs7-data" */ ++25, /* "pkcs7-digestData" */ ++26, /* "pkcs7-encryptedData" */ ++23, /* "pkcs7-envelopedData" */ ++24, /* "pkcs7-signedAndEnvelopedData" */ ++22, /* "pkcs7-signedData" */ ++151, /* "pkcs8ShroudedKeyBag" */ ++47, /* "pkcs9" */ ++401, /* "policyConstraints" */ ++747, /* "policyMappings" */ ++862, /* "postOfficeBox" */ ++861, /* "postalAddress" */ ++661, /* "postalCode" */ ++683, /* "ppBasis" */ ++872, /* "preferredDeliveryMethod" */ ++873, /* "presentationAddress" */ ++816, /* "prf-gostr3411-94" */ ++406, /* "prime-field" */ ++409, /* "prime192v1" */ ++410, /* "prime192v2" */ ++411, /* "prime192v3" */ ++412, /* "prime239v1" */ ++413, /* "prime239v2" */ ++414, /* "prime239v3" */ ++415, /* "prime256v1" */ ++385, /* "private" */ ++84, /* "privateKeyUsagePeriod" */ ++886, /* "protocolInformation" */ ++663, /* "proxyCertInfo" */ ++510, /* "pseudonym" */ ++435, /* "pss" */ ++286, /* "qcStatements" */ ++457, /* "qualityLabelledData" */ ++450, /* "rFC822localPart" */ ++870, /* "registeredAddress" */ ++400, /* "role" */ ++877, /* "roleOccupant" */ ++448, /* "room" */ ++463, /* "roomNumber" */ ++ 6, /* "rsaEncryption" */ ++644, /* "rsaOAEPEncryptionSET" */ ++377, /* "rsaSignature" */ ++ 1, /* "rsadsi" */ ++482, /* "sOARecord" */ ++155, /* "safeContentsBag" */ ++291, /* "sbgp-autonomousSysNum" */ ++290, /* "sbgp-ipAddrBlock" */ ++292, /* "sbgp-routerIdentifier" */ ++159, /* "sdsiCertificate" */ ++859, /* "searchGuide" */ ++704, /* "secp112r1" */ ++705, /* "secp112r2" */ ++706, /* "secp128r1" */ ++707, /* "secp128r2" */ ++708, /* "secp160k1" */ ++709, /* "secp160r1" */ ++710, /* "secp160r2" */ ++711, /* "secp192k1" */ ++712, /* "secp224k1" */ ++713, /* "secp224r1" */ ++714, /* "secp256k1" */ ++715, /* "secp384r1" */ ++716, /* "secp521r1" */ ++154, /* "secretBag" */ ++474, /* "secretary" */ ++717, /* "sect113r1" */ ++718, /* "sect113r2" */ ++719, /* "sect131r1" */ ++720, /* "sect131r2" */ ++721, /* "sect163k1" */ ++722, /* "sect163r1" */ ++723, /* "sect163r2" */ ++724, /* "sect193r1" */ ++725, /* "sect193r2" */ ++726, /* "sect233k1" */ ++727, /* "sect233r1" */ ++728, /* "sect239k1" */ ++729, /* "sect283k1" */ ++730, /* "sect283r1" */ ++731, /* "sect409k1" */ ++732, /* "sect409r1" */ ++733, /* "sect571k1" */ ++734, /* "sect571r1" */ ++386, /* "security" */ ++878, /* "seeAlso" */ ++394, /* "selected-attribute-types" */ ++105, /* "serialNumber" */ ++129, /* "serverAuth" */ ++371, /* "serviceLocator" */ ++625, /* "set-addPolicy" */ ++515, /* "set-attr" */ ++518, /* "set-brand" */ ++638, /* "set-brand-AmericanExpress" */ ++637, /* "set-brand-Diners" */ ++636, /* "set-brand-IATA-ATA" */ ++639, /* "set-brand-JCB" */ ++641, /* "set-brand-MasterCard" */ ++642, /* "set-brand-Novus" */ ++640, /* "set-brand-Visa" */ ++517, /* "set-certExt" */ ++513, /* "set-ctype" */ ++514, /* "set-msgExt" */ ++516, /* "set-policy" */ ++607, /* "set-policy-root" */ ++624, /* "set-rootKeyThumb" */ ++620, /* "setAttr-Cert" */ ++631, /* "setAttr-GenCryptgrm" */ ++623, /* "setAttr-IssCap" */ ++628, /* "setAttr-IssCap-CVM" */ ++630, /* "setAttr-IssCap-Sig" */ ++629, /* "setAttr-IssCap-T2" */ ++621, /* "setAttr-PGWYcap" */ ++635, /* "setAttr-SecDevSig" */ ++632, /* "setAttr-T2Enc" */ ++633, /* "setAttr-T2cleartxt" */ ++634, /* "setAttr-TokICCsig" */ ++627, /* "setAttr-Token-B0Prime" */ ++626, /* "setAttr-Token-EMV" */ ++622, /* "setAttr-TokenType" */ ++619, /* "setCext-IssuerCapabilities" */ ++615, /* "setCext-PGWYcapabilities" */ ++616, /* "setCext-TokenIdentifier" */ ++618, /* "setCext-TokenType" */ ++617, /* "setCext-Track2Data" */ ++611, /* "setCext-cCertRequired" */ ++609, /* "setCext-certType" */ ++608, /* "setCext-hashedRoot" */ ++610, /* "setCext-merchData" */ ++613, /* "setCext-setExt" */ ++614, /* "setCext-setQualf" */ ++612, /* "setCext-tunneling" */ ++540, /* "setct-AcqCardCodeMsg" */ ++576, /* "setct-AcqCardCodeMsgTBE" */ ++570, /* "setct-AuthReqTBE" */ ++534, /* "setct-AuthReqTBS" */ ++527, /* "setct-AuthResBaggage" */ ++571, /* "setct-AuthResTBE" */ ++572, /* "setct-AuthResTBEX" */ ++535, /* "setct-AuthResTBS" */ ++536, /* "setct-AuthResTBSX" */ ++528, /* "setct-AuthRevReqBaggage" */ ++577, /* "setct-AuthRevReqTBE" */ ++541, /* "setct-AuthRevReqTBS" */ ++529, /* "setct-AuthRevResBaggage" */ ++542, /* "setct-AuthRevResData" */ ++578, /* "setct-AuthRevResTBE" */ ++579, /* "setct-AuthRevResTBEB" */ ++543, /* "setct-AuthRevResTBS" */ ++573, /* "setct-AuthTokenTBE" */ ++537, /* "setct-AuthTokenTBS" */ ++600, /* "setct-BCIDistributionTBS" */ ++558, /* "setct-BatchAdminReqData" */ ++592, /* "setct-BatchAdminReqTBE" */ ++559, /* "setct-BatchAdminResData" */ ++593, /* "setct-BatchAdminResTBE" */ ++599, /* "setct-CRLNotificationResTBS" */ ++598, /* "setct-CRLNotificationTBS" */ ++580, /* "setct-CapReqTBE" */ ++581, /* "setct-CapReqTBEX" */ ++544, /* "setct-CapReqTBS" */ ++545, /* "setct-CapReqTBSX" */ ++546, /* "setct-CapResData" */ ++582, /* "setct-CapResTBE" */ ++583, /* "setct-CapRevReqTBE" */ ++584, /* "setct-CapRevReqTBEX" */ ++547, /* "setct-CapRevReqTBS" */ ++548, /* "setct-CapRevReqTBSX" */ ++549, /* "setct-CapRevResData" */ ++585, /* "setct-CapRevResTBE" */ ++538, /* "setct-CapTokenData" */ ++530, /* "setct-CapTokenSeq" */ ++574, /* "setct-CapTokenTBE" */ ++575, /* "setct-CapTokenTBEX" */ ++539, /* "setct-CapTokenTBS" */ ++560, /* "setct-CardCInitResTBS" */ ++566, /* "setct-CertInqReqTBS" */ ++563, /* "setct-CertReqData" */ ++595, /* "setct-CertReqTBE" */ ++596, /* "setct-CertReqTBEX" */ ++564, /* "setct-CertReqTBS" */ ++565, /* "setct-CertResData" */ ++597, /* "setct-CertResTBE" */ ++586, /* "setct-CredReqTBE" */ ++587, /* "setct-CredReqTBEX" */ ++550, /* "setct-CredReqTBS" */ ++551, /* "setct-CredReqTBSX" */ ++552, /* "setct-CredResData" */ ++588, /* "setct-CredResTBE" */ ++589, /* "setct-CredRevReqTBE" */ ++590, /* "setct-CredRevReqTBEX" */ ++553, /* "setct-CredRevReqTBS" */ ++554, /* "setct-CredRevReqTBSX" */ ++555, /* "setct-CredRevResData" */ ++591, /* "setct-CredRevResTBE" */ ++567, /* "setct-ErrorTBS" */ ++526, /* "setct-HODInput" */ ++561, /* "setct-MeAqCInitResTBS" */ ++522, /* "setct-OIData" */ ++519, /* "setct-PANData" */ ++521, /* "setct-PANOnly" */ ++520, /* "setct-PANToken" */ ++556, /* "setct-PCertReqData" */ ++557, /* "setct-PCertResTBS" */ ++523, /* "setct-PI" */ ++532, /* "setct-PI-TBS" */ ++524, /* "setct-PIData" */ ++525, /* "setct-PIDataUnsigned" */ ++568, /* "setct-PIDualSignedTBE" */ ++569, /* "setct-PIUnsignedTBE" */ ++531, /* "setct-PInitResData" */ ++533, /* "setct-PResData" */ ++594, /* "setct-RegFormReqTBE" */ ++562, /* "setct-RegFormResTBS" */ ++606, /* "setext-cv" */ ++601, /* "setext-genCrypt" */ ++602, /* "setext-miAuth" */ ++604, /* "setext-pinAny" */ ++603, /* "setext-pinSecure" */ ++605, /* "setext-track2" */ ++52, /* "signingTime" */ ++454, /* "simpleSecurityObject" */ ++496, /* "singleLevelQuality" */ ++387, /* "snmpv2" */ ++660, /* "street" */ ++85, /* "subjectAltName" */ ++769, /* "subjectDirectoryAttributes" */ ++398, /* "subjectInfoAccess" */ ++82, /* "subjectKeyIdentifier" */ ++498, /* "subtreeMaximumQuality" */ ++497, /* "subtreeMinimumQuality" */ ++890, /* "supportedAlgorithms" */ ++874, /* "supportedApplicationContext" */ ++402, /* "targetInformation" */ ++864, /* "telephoneNumber" */ ++866, /* "teletexTerminalIdentifier" */ ++865, /* "telexNumber" */ ++459, /* "textEncodedORAddress" */ ++293, /* "textNotice" */ ++133, /* "timeStamping" */ ++106, /* "title" */ ++682, /* "tpBasis" */ ++375, /* "trustRoot" */ ++436, /* "ucl" */ ++888, /* "uniqueMember" */ ++55, /* "unstructuredAddress" */ ++49, /* "unstructuredName" */ ++880, /* "userCertificate" */ ++465, /* "userClass" */ ++879, /* "userPassword" */ ++373, /* "valid" */ ++678, /* "wap" */ ++679, /* "wap-wsg" */ ++735, /* "wap-wsg-idm-ecid-wtls1" */ ++743, /* "wap-wsg-idm-ecid-wtls10" */ ++744, /* "wap-wsg-idm-ecid-wtls11" */ ++745, /* "wap-wsg-idm-ecid-wtls12" */ ++736, /* "wap-wsg-idm-ecid-wtls3" */ ++737, /* "wap-wsg-idm-ecid-wtls4" */ ++738, /* "wap-wsg-idm-ecid-wtls5" */ ++739, /* "wap-wsg-idm-ecid-wtls6" */ ++740, /* "wap-wsg-idm-ecid-wtls7" */ ++741, /* "wap-wsg-idm-ecid-wtls8" */ ++742, /* "wap-wsg-idm-ecid-wtls9" */ ++804, /* "whirlpool" */ ++868, /* "x121Address" */ ++503, /* "x500UniqueIdentifier" */ ++158, /* "x509Certificate" */ ++160, /* "x509Crl" */ + }; + +-#define NUM_LN 1052 +-static const unsigned int ln_objs[NUM_LN] = { +- 363, /* "AD Time Stamping" */ +- 405, /* "ANSI X9.62" */ +- 368, /* "Acceptable OCSP Responses" */ +- 910, /* "Any Extended Key Usage" */ +- 664, /* "Any language" */ +- 177, /* "Authority Information Access" */ +- 365, /* "Basic OCSP Response" */ +- 285, /* "Biometric Info" */ +- 179, /* "CA Issuers" */ +- 785, /* "CA Repository" */ +- 954, /* "CT Certificate SCTs" */ +- 952, /* "CT Precertificate Poison" */ +- 951, /* "CT Precertificate SCTs" */ +- 953, /* "CT Precertificate Signer" */ +- 131, /* "Code Signing" */ +- 1024, /* "Ctrl/Provision WAP Termination" */ +- 1023, /* "Ctrl/provision WAP Access" */ +- 783, /* "Diffie-Hellman based MAC" */ +- 382, /* "Directory" */ +- 392, /* "Domain" */ +- 132, /* "E-mail Protection" */ +- 389, /* "Enterprises" */ +- 384, /* "Experimental" */ +- 372, /* "Extended OCSP Status" */ +- 172, /* "Extension Request" */ +- 813, /* "GOST 28147-89" */ +- 849, /* "GOST 28147-89 Cryptocom ParamSet" */ +- 815, /* "GOST 28147-89 MAC" */ +- 1003, /* "GOST 28147-89 TC26 parameter set" */ +- 851, /* "GOST 34.10-2001 Cryptocom" */ +- 850, /* "GOST 34.10-94 Cryptocom" */ +- 811, /* "GOST R 34.10-2001" */ +- 817, /* "GOST R 34.10-2001 DH" */ +- 998, /* "GOST R 34.10-2012 (512 bit) ParamSet A" */ +- 999, /* "GOST R 34.10-2012 (512 bit) ParamSet B" */ +- 997, /* "GOST R 34.10-2012 (512 bit) testing parameter set" */ +- 979, /* "GOST R 34.10-2012 with 256 bit modulus" */ +- 980, /* "GOST R 34.10-2012 with 512 bit modulus" */ +- 985, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */ +- 986, /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */ +- 812, /* "GOST R 34.10-94" */ +- 818, /* "GOST R 34.10-94 DH" */ +- 982, /* "GOST R 34.11-2012 with 256 bit hash" */ +- 983, /* "GOST R 34.11-2012 with 512 bit hash" */ +- 809, /* "GOST R 34.11-94" */ +- 816, /* "GOST R 34.11-94 PRF" */ +- 807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ +- 853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ +- 808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ +- 852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ +- 854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ +- 988, /* "HMAC GOST 34.11-2012 256 bit" */ +- 989, /* "HMAC GOST 34.11-2012 512 bit" */ +- 810, /* "HMAC GOST 34.11-94" */ +- 432, /* "Hold Instruction Call Issuer" */ +- 430, /* "Hold Instruction Code" */ +- 431, /* "Hold Instruction None" */ +- 433, /* "Hold Instruction Reject" */ +- 634, /* "ICC or token signature" */ +- 1004, /* "INN" */ +- 294, /* "IPSec End System" */ +- 295, /* "IPSec Tunnel" */ +- 296, /* "IPSec User" */ +- 182, /* "ISO Member Body" */ +- 183, /* "ISO US Member Body" */ +- 667, /* "Independent" */ +- 665, /* "Inherit all" */ +- 647, /* "International Organizations" */ +- 142, /* "Invalidity Date" */ +- 504, /* "MIME MHS" */ +- 388, /* "Mail" */ +- 383, /* "Management" */ +- 417, /* "Microsoft CSP Name" */ +- 135, /* "Microsoft Commercial Code Signing" */ +- 138, /* "Microsoft Encrypted File System" */ +- 171, /* "Microsoft Extension Request" */ +- 134, /* "Microsoft Individual Code Signing" */ +- 856, /* "Microsoft Local Key set" */ +- 137, /* "Microsoft Server Gated Crypto" */ +- 648, /* "Microsoft Smartcardlogin" */ +- 136, /* "Microsoft Trust List Signing" */ +- 649, /* "Microsoft Universal Principal Name" */ +- 393, /* "NULL" */ +- 404, /* "NULL" */ +- 72, /* "Netscape Base Url" */ +- 76, /* "Netscape CA Policy Url" */ +- 74, /* "Netscape CA Revocation Url" */ +- 71, /* "Netscape Cert Type" */ +- 58, /* "Netscape Certificate Extension" */ +- 79, /* "Netscape Certificate Sequence" */ +- 78, /* "Netscape Comment" */ +- 57, /* "Netscape Communications Corp." */ +- 59, /* "Netscape Data Type" */ +- 75, /* "Netscape Renewal Url" */ +- 73, /* "Netscape Revocation Url" */ +- 77, /* "Netscape SSL Server Name" */ +- 139, /* "Netscape Server Gated Crypto" */ +- 178, /* "OCSP" */ +- 370, /* "OCSP Archive Cutoff" */ +- 367, /* "OCSP CRL ID" */ +- 369, /* "OCSP No Check" */ +- 366, /* "OCSP Nonce" */ +- 371, /* "OCSP Service Locator" */ +- 180, /* "OCSP Signing" */ +- 1005, /* "OGRN" */ +- 161, /* "PBES2" */ +- 69, /* "PBKDF2" */ +- 162, /* "PBMAC1" */ +- 1032, /* "PKINIT Client Auth" */ +- 127, /* "PKIX" */ +- 858, /* "Permanent Identifier" */ +- 164, /* "Policy Qualifier CPS" */ +- 165, /* "Policy Qualifier User Notice" */ +- 385, /* "Private" */ +- 663, /* "Proxy Certificate Information" */ +- 1, /* "RSA Data Security, Inc." */ +- 2, /* "RSA Data Security, Inc. PKCS" */ +- 188, /* "S/MIME" */ +- 167, /* "S/MIME Capabilities" */ +- 1006, /* "SNILS" */ +- 387, /* "SNMPv2" */ +- 1025, /* "SSH Client" */ +- 1026, /* "SSH Server" */ +- 512, /* "Secure Electronic Transactions" */ +- 386, /* "Security" */ +- 394, /* "Selected Attribute Types" */ +- 1029, /* "Send Owner" */ +- 1030, /* "Send Proxied Owner" */ +- 1028, /* "Send Proxied Router" */ +- 1027, /* "Send Router" */ +- 1033, /* "Signing KDC Response" */ +- 1008, /* "Signing Tool of Issuer" */ +- 1007, /* "Signing Tool of Subject" */ +- 143, /* "Strong Extranet ID" */ +- 398, /* "Subject Information Access" */ +- 1020, /* "TLS Feature" */ +- 130, /* "TLS Web Client Authentication" */ +- 129, /* "TLS Web Server Authentication" */ +- 133, /* "Time Stamping" */ +- 375, /* "Trust Root" */ +- 1034, /* "X25519" */ +- 1035, /* "X448" */ +- 12, /* "X509" */ +- 402, /* "X509v3 AC Targeting" */ +- 746, /* "X509v3 Any Policy" */ +- 90, /* "X509v3 Authority Key Identifier" */ +- 87, /* "X509v3 Basic Constraints" */ +- 103, /* "X509v3 CRL Distribution Points" */ +- 88, /* "X509v3 CRL Number" */ +- 141, /* "X509v3 CRL Reason Code" */ +- 771, /* "X509v3 Certificate Issuer" */ +- 89, /* "X509v3 Certificate Policies" */ +- 140, /* "X509v3 Delta CRL Indicator" */ +- 126, /* "X509v3 Extended Key Usage" */ +- 857, /* "X509v3 Freshest CRL" */ +- 748, /* "X509v3 Inhibit Any Policy" */ +- 86, /* "X509v3 Issuer Alternative Name" */ +- 770, /* "X509v3 Issuing Distribution Point" */ +- 83, /* "X509v3 Key Usage" */ +- 666, /* "X509v3 Name Constraints" */ +- 403, /* "X509v3 No Revocation Available" */ +- 401, /* "X509v3 Policy Constraints" */ +- 747, /* "X509v3 Policy Mappings" */ +- 84, /* "X509v3 Private Key Usage Period" */ +- 85, /* "X509v3 Subject Alternative Name" */ +- 769, /* "X509v3 Subject Directory Attributes" */ +- 82, /* "X509v3 Subject Key Identifier" */ +- 920, /* "X9.42 DH" */ +- 184, /* "X9.57" */ +- 185, /* "X9.57 CM ?" */ +- 478, /* "aRecord" */ +- 289, /* "aaControls" */ +- 287, /* "ac-auditEntity" */ +- 397, /* "ac-proxying" */ +- 288, /* "ac-targeting" */ +- 446, /* "account" */ +- 364, /* "ad dvcs" */ +- 606, /* "additional verification" */ +- 419, /* "aes-128-cbc" */ +- 916, /* "aes-128-cbc-hmac-sha1" */ +- 948, /* "aes-128-cbc-hmac-sha256" */ +- 896, /* "aes-128-ccm" */ +- 421, /* "aes-128-cfb" */ +- 650, /* "aes-128-cfb1" */ +- 653, /* "aes-128-cfb8" */ +- 904, /* "aes-128-ctr" */ +- 418, /* "aes-128-ecb" */ +- 895, /* "aes-128-gcm" */ +- 958, /* "aes-128-ocb" */ +- 420, /* "aes-128-ofb" */ +- 913, /* "aes-128-xts" */ +- 423, /* "aes-192-cbc" */ +- 917, /* "aes-192-cbc-hmac-sha1" */ +- 949, /* "aes-192-cbc-hmac-sha256" */ +- 899, /* "aes-192-ccm" */ +- 425, /* "aes-192-cfb" */ +- 651, /* "aes-192-cfb1" */ +- 654, /* "aes-192-cfb8" */ +- 905, /* "aes-192-ctr" */ +- 422, /* "aes-192-ecb" */ +- 898, /* "aes-192-gcm" */ +- 959, /* "aes-192-ocb" */ +- 424, /* "aes-192-ofb" */ +- 427, /* "aes-256-cbc" */ +- 918, /* "aes-256-cbc-hmac-sha1" */ +- 950, /* "aes-256-cbc-hmac-sha256" */ +- 902, /* "aes-256-ccm" */ +- 429, /* "aes-256-cfb" */ +- 652, /* "aes-256-cfb1" */ +- 655, /* "aes-256-cfb8" */ +- 906, /* "aes-256-ctr" */ +- 426, /* "aes-256-ecb" */ +- 901, /* "aes-256-gcm" */ +- 960, /* "aes-256-ocb" */ +- 428, /* "aes-256-ofb" */ +- 914, /* "aes-256-xts" */ +- 376, /* "algorithm" */ +- 484, /* "associatedDomain" */ +- 485, /* "associatedName" */ +- 501, /* "audio" */ +- 1049, /* "auth-dss" */ +- 1047, /* "auth-ecdsa" */ +- 1050, /* "auth-gost01" */ +- 1051, /* "auth-gost12" */ +- 1053, /* "auth-null" */ +- 1048, /* "auth-psk" */ +- 1046, /* "auth-rsa" */ +- 1052, /* "auth-srp" */ +- 882, /* "authorityRevocationList" */ +- 91, /* "bf-cbc" */ +- 93, /* "bf-cfb" */ +- 92, /* "bf-ecb" */ +- 94, /* "bf-ofb" */ +- 1056, /* "blake2b512" */ +- 1057, /* "blake2s256" */ +- 921, /* "brainpoolP160r1" */ +- 922, /* "brainpoolP160t1" */ +- 923, /* "brainpoolP192r1" */ +- 924, /* "brainpoolP192t1" */ +- 925, /* "brainpoolP224r1" */ +- 926, /* "brainpoolP224t1" */ +- 927, /* "brainpoolP256r1" */ +- 928, /* "brainpoolP256t1" */ +- 929, /* "brainpoolP320r1" */ +- 930, /* "brainpoolP320t1" */ +- 931, /* "brainpoolP384r1" */ +- 932, /* "brainpoolP384t1" */ +- 933, /* "brainpoolP512r1" */ +- 934, /* "brainpoolP512t1" */ +- 494, /* "buildingName" */ +- 860, /* "businessCategory" */ +- 691, /* "c2onb191v4" */ +- 692, /* "c2onb191v5" */ +- 697, /* "c2onb239v4" */ +- 698, /* "c2onb239v5" */ +- 684, /* "c2pnb163v1" */ +- 685, /* "c2pnb163v2" */ +- 686, /* "c2pnb163v3" */ +- 687, /* "c2pnb176v1" */ +- 693, /* "c2pnb208w1" */ +- 699, /* "c2pnb272w1" */ +- 700, /* "c2pnb304w1" */ +- 702, /* "c2pnb368w1" */ +- 688, /* "c2tnb191v1" */ +- 689, /* "c2tnb191v2" */ +- 690, /* "c2tnb191v3" */ +- 694, /* "c2tnb239v1" */ +- 695, /* "c2tnb239v2" */ +- 696, /* "c2tnb239v3" */ +- 701, /* "c2tnb359v1" */ +- 703, /* "c2tnb431r1" */ +- 881, /* "cACertificate" */ +- 483, /* "cNAMERecord" */ +- 751, /* "camellia-128-cbc" */ +- 962, /* "camellia-128-ccm" */ +- 757, /* "camellia-128-cfb" */ +- 760, /* "camellia-128-cfb1" */ +- 763, /* "camellia-128-cfb8" */ +- 964, /* "camellia-128-cmac" */ +- 963, /* "camellia-128-ctr" */ +- 754, /* "camellia-128-ecb" */ +- 961, /* "camellia-128-gcm" */ +- 766, /* "camellia-128-ofb" */ +- 752, /* "camellia-192-cbc" */ +- 966, /* "camellia-192-ccm" */ +- 758, /* "camellia-192-cfb" */ +- 761, /* "camellia-192-cfb1" */ +- 764, /* "camellia-192-cfb8" */ +- 968, /* "camellia-192-cmac" */ +- 967, /* "camellia-192-ctr" */ +- 755, /* "camellia-192-ecb" */ +- 965, /* "camellia-192-gcm" */ +- 767, /* "camellia-192-ofb" */ +- 753, /* "camellia-256-cbc" */ +- 970, /* "camellia-256-ccm" */ +- 759, /* "camellia-256-cfb" */ +- 762, /* "camellia-256-cfb1" */ +- 765, /* "camellia-256-cfb8" */ +- 972, /* "camellia-256-cmac" */ +- 971, /* "camellia-256-ctr" */ +- 756, /* "camellia-256-ecb" */ +- 969, /* "camellia-256-gcm" */ +- 768, /* "camellia-256-ofb" */ +- 443, /* "caseIgnoreIA5StringSyntax" */ +- 108, /* "cast5-cbc" */ +- 110, /* "cast5-cfb" */ +- 109, /* "cast5-ecb" */ +- 111, /* "cast5-ofb" */ +- 152, /* "certBag" */ +- 677, /* "certicom-arc" */ +- 517, /* "certificate extensions" */ +- 883, /* "certificateRevocationList" */ +- 1019, /* "chacha20" */ +- 1018, /* "chacha20-poly1305" */ +- 54, /* "challengePassword" */ +- 407, /* "characteristic-two-field" */ +- 395, /* "clearance" */ +- 633, /* "cleartext track 2" */ +- 894, /* "cmac" */ +- 13, /* "commonName" */ +- 513, /* "content types" */ +- 50, /* "contentType" */ +- 53, /* "countersignature" */ +- 14, /* "countryName" */ +- 153, /* "crlBag" */ +- 884, /* "crossCertificatePair" */ +- 806, /* "cryptocom" */ +- 805, /* "cryptopro" */ +- 500, /* "dITRedirect" */ +- 451, /* "dNSDomain" */ +- 495, /* "dSAQuality" */ +- 434, /* "data" */ +- 390, /* "dcObject" */ +- 891, /* "deltaRevocationList" */ +- 31, /* "des-cbc" */ +- 643, /* "des-cdmf" */ +- 30, /* "des-cfb" */ +- 656, /* "des-cfb1" */ +- 657, /* "des-cfb8" */ +- 29, /* "des-ecb" */ +- 32, /* "des-ede" */ +- 43, /* "des-ede-cbc" */ +- 60, /* "des-ede-cfb" */ +- 62, /* "des-ede-ofb" */ +- 33, /* "des-ede3" */ +- 44, /* "des-ede3-cbc" */ +- 61, /* "des-ede3-cfb" */ +- 658, /* "des-ede3-cfb1" */ +- 659, /* "des-ede3-cfb8" */ +- 63, /* "des-ede3-ofb" */ +- 45, /* "des-ofb" */ +- 107, /* "description" */ +- 871, /* "destinationIndicator" */ +- 80, /* "desx-cbc" */ +- 947, /* "dh-cofactor-kdf" */ +- 946, /* "dh-std-kdf" */ +- 28, /* "dhKeyAgreement" */ +- 941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ +- 942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ +- 943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ +- 944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ +- 945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ +- 936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ +- 937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ +- 938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ +- 939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ +- 940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ +- 11, /* "directory services (X.500)" */ +- 378, /* "directory services - algorithms" */ +- 887, /* "distinguishedName" */ +- 892, /* "dmdName" */ +- 174, /* "dnQualifier" */ +- 447, /* "document" */ +- 471, /* "documentAuthor" */ +- 468, /* "documentIdentifier" */ +- 472, /* "documentLocation" */ +- 502, /* "documentPublisher" */ +- 449, /* "documentSeries" */ +- 469, /* "documentTitle" */ +- 470, /* "documentVersion" */ +- 380, /* "dod" */ +- 391, /* "domainComponent" */ +- 452, /* "domainRelatedObject" */ +- 116, /* "dsaEncryption" */ +- 67, /* "dsaEncryption-old" */ +- 66, /* "dsaWithSHA" */ +- 113, /* "dsaWithSHA1" */ +- 70, /* "dsaWithSHA1-old" */ +- 802, /* "dsa_with_SHA224" */ +- 803, /* "dsa_with_SHA256" */ +- 297, /* "dvcs" */ +- 791, /* "ecdsa-with-Recommended" */ +- 416, /* "ecdsa-with-SHA1" */ +- 793, /* "ecdsa-with-SHA224" */ +- 794, /* "ecdsa-with-SHA256" */ +- 795, /* "ecdsa-with-SHA384" */ +- 796, /* "ecdsa-with-SHA512" */ +- 792, /* "ecdsa-with-Specified" */ +- 48, /* "emailAddress" */ +- 632, /* "encrypted track 2" */ +- 885, /* "enhancedSearchGuide" */ +- 56, /* "extendedCertificateAttributes" */ +- 867, /* "facsimileTelephoneNumber" */ +- 462, /* "favouriteDrink" */ +- 453, /* "friendlyCountry" */ +- 490, /* "friendlyCountryName" */ +- 156, /* "friendlyName" */ +- 631, /* "generate cryptogram" */ +- 509, /* "generationQualifier" */ +- 601, /* "generic cryptogram" */ +- 99, /* "givenName" */ +- 976, /* "gost-mac-12" */ +- 1009, /* "gost89-cbc" */ +- 814, /* "gost89-cnt" */ +- 975, /* "gost89-cnt-12" */ +- 1011, /* "gost89-ctr" */ +- 1010, /* "gost89-ecb" */ +- 1015, /* "grasshopper-cbc" */ +- 1016, /* "grasshopper-cfb" */ +- 1013, /* "grasshopper-ctr" */ +- 1012, /* "grasshopper-ecb" */ +- 1017, /* "grasshopper-mac" */ +- 1014, /* "grasshopper-ofb" */ +- 1036, /* "hkdf" */ +- 855, /* "hmac" */ +- 780, /* "hmac-md5" */ +- 781, /* "hmac-sha1" */ +- 797, /* "hmacWithMD5" */ +- 163, /* "hmacWithSHA1" */ +- 798, /* "hmacWithSHA224" */ +- 799, /* "hmacWithSHA256" */ +- 800, /* "hmacWithSHA384" */ +- 801, /* "hmacWithSHA512" */ +- 486, /* "homePostalAddress" */ +- 473, /* "homeTelephoneNumber" */ +- 466, /* "host" */ +- 889, /* "houseIdentifier" */ +- 442, /* "iA5StringSyntax" */ +- 381, /* "iana" */ +- 824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ +- 825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ +- 826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ +- 827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ +- 819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ +- 829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ +- 828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ +- 830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ +- 820, /* "id-Gost28147-89-None-KeyMeshing" */ +- 823, /* "id-Gost28147-89-TestParamSet" */ +- 840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ +- 841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ +- 842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ +- 843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ +- 844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ +- 839, /* "id-GostR3410-2001-TestParamSet" */ +- 832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ +- 833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ +- 834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ +- 835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ +- 836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ +- 837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ +- 838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ +- 831, /* "id-GostR3410-94-TestParamSet" */ +- 845, /* "id-GostR3410-94-a" */ +- 846, /* "id-GostR3410-94-aBis" */ +- 847, /* "id-GostR3410-94-b" */ +- 848, /* "id-GostR3410-94-bBis" */ +- 822, /* "id-GostR3411-94-CryptoProParamSet" */ +- 821, /* "id-GostR3411-94-TestParamSet" */ +- 266, /* "id-aca" */ +- 355, /* "id-aca-accessIdentity" */ +- 354, /* "id-aca-authenticationInfo" */ +- 356, /* "id-aca-chargingIdentity" */ +- 399, /* "id-aca-encAttrs" */ +- 357, /* "id-aca-group" */ +- 358, /* "id-aca-role" */ +- 176, /* "id-ad" */ +- 788, /* "id-aes128-wrap" */ +- 897, /* "id-aes128-wrap-pad" */ +- 789, /* "id-aes192-wrap" */ +- 900, /* "id-aes192-wrap-pad" */ +- 790, /* "id-aes256-wrap" */ +- 903, /* "id-aes256-wrap-pad" */ +- 262, /* "id-alg" */ +- 893, /* "id-alg-PWRI-KEK" */ +- 323, /* "id-alg-des40" */ +- 326, /* "id-alg-dh-pop" */ +- 325, /* "id-alg-dh-sig-hmac-sha1" */ +- 324, /* "id-alg-noSignature" */ +- 907, /* "id-camellia128-wrap" */ +- 908, /* "id-camellia192-wrap" */ +- 909, /* "id-camellia256-wrap" */ +- 268, /* "id-cct" */ +- 361, /* "id-cct-PKIData" */ +- 362, /* "id-cct-PKIResponse" */ +- 360, /* "id-cct-crs" */ +- 81, /* "id-ce" */ +- 680, /* "id-characteristic-two-basis" */ +- 263, /* "id-cmc" */ +- 334, /* "id-cmc-addExtensions" */ +- 346, /* "id-cmc-confirmCertAcceptance" */ +- 330, /* "id-cmc-dataReturn" */ +- 336, /* "id-cmc-decryptedPOP" */ +- 335, /* "id-cmc-encryptedPOP" */ +- 339, /* "id-cmc-getCRL" */ +- 338, /* "id-cmc-getCert" */ +- 328, /* "id-cmc-identification" */ +- 329, /* "id-cmc-identityProof" */ +- 337, /* "id-cmc-lraPOPWitness" */ +- 344, /* "id-cmc-popLinkRandom" */ +- 345, /* "id-cmc-popLinkWitness" */ +- 343, /* "id-cmc-queryPending" */ +- 333, /* "id-cmc-recipientNonce" */ +- 341, /* "id-cmc-regInfo" */ +- 342, /* "id-cmc-responseInfo" */ +- 340, /* "id-cmc-revokeRequest" */ +- 332, /* "id-cmc-senderNonce" */ +- 327, /* "id-cmc-statusInfo" */ +- 331, /* "id-cmc-transactionId" */ +- 787, /* "id-ct-asciiTextWithCRLF" */ +- 1060, /* "id-ct-xml" */ +- 408, /* "id-ecPublicKey" */ +- 508, /* "id-hex-multipart-message" */ +- 507, /* "id-hex-partial-message" */ +- 260, /* "id-it" */ +- 302, /* "id-it-caKeyUpdateInfo" */ +- 298, /* "id-it-caProtEncCert" */ +- 311, /* "id-it-confirmWaitTime" */ +- 303, /* "id-it-currentCRL" */ +- 300, /* "id-it-encKeyPairTypes" */ +- 310, /* "id-it-implicitConfirm" */ +- 308, /* "id-it-keyPairParamRep" */ +- 307, /* "id-it-keyPairParamReq" */ +- 312, /* "id-it-origPKIMessage" */ +- 301, /* "id-it-preferredSymmAlg" */ +- 309, /* "id-it-revPassphrase" */ +- 299, /* "id-it-signKeyPairTypes" */ +- 305, /* "id-it-subscriptionRequest" */ +- 306, /* "id-it-subscriptionResponse" */ +- 784, /* "id-it-suppLangTags" */ +- 304, /* "id-it-unsupportedOIDs" */ +- 128, /* "id-kp" */ +- 280, /* "id-mod-attribute-cert" */ +- 274, /* "id-mod-cmc" */ +- 277, /* "id-mod-cmp" */ +- 284, /* "id-mod-cmp2000" */ +- 273, /* "id-mod-crmf" */ +- 283, /* "id-mod-dvcs" */ +- 275, /* "id-mod-kea-profile-88" */ +- 276, /* "id-mod-kea-profile-93" */ +- 282, /* "id-mod-ocsp" */ +- 278, /* "id-mod-qualified-cert-88" */ +- 279, /* "id-mod-qualified-cert-93" */ +- 281, /* "id-mod-timestamp-protocol" */ +- 264, /* "id-on" */ +- 347, /* "id-on-personalData" */ +- 265, /* "id-pda" */ +- 352, /* "id-pda-countryOfCitizenship" */ +- 353, /* "id-pda-countryOfResidence" */ +- 348, /* "id-pda-dateOfBirth" */ +- 351, /* "id-pda-gender" */ +- 349, /* "id-pda-placeOfBirth" */ +- 175, /* "id-pe" */ +- 1031, /* "id-pkinit" */ +- 261, /* "id-pkip" */ +- 258, /* "id-pkix-mod" */ +- 269, /* "id-pkix1-explicit-88" */ +- 271, /* "id-pkix1-explicit-93" */ +- 270, /* "id-pkix1-implicit-88" */ +- 272, /* "id-pkix1-implicit-93" */ +- 662, /* "id-ppl" */ +- 267, /* "id-qcs" */ +- 359, /* "id-qcs-pkixQCSyntax-v1" */ +- 259, /* "id-qt" */ +- 313, /* "id-regCtrl" */ +- 316, /* "id-regCtrl-authenticator" */ +- 319, /* "id-regCtrl-oldCertID" */ +- 318, /* "id-regCtrl-pkiArchiveOptions" */ +- 317, /* "id-regCtrl-pkiPublicationInfo" */ +- 320, /* "id-regCtrl-protocolEncrKey" */ +- 315, /* "id-regCtrl-regToken" */ +- 314, /* "id-regInfo" */ +- 322, /* "id-regInfo-certReq" */ +- 321, /* "id-regInfo-utf8Pairs" */ +- 973, /* "id-scrypt" */ +- 191, /* "id-smime-aa" */ +- 215, /* "id-smime-aa-contentHint" */ +- 218, /* "id-smime-aa-contentIdentifier" */ +- 221, /* "id-smime-aa-contentReference" */ +- 240, /* "id-smime-aa-dvcs-dvc" */ +- 217, /* "id-smime-aa-encapContentType" */ +- 222, /* "id-smime-aa-encrypKeyPref" */ +- 220, /* "id-smime-aa-equivalentLabels" */ +- 232, /* "id-smime-aa-ets-CertificateRefs" */ +- 233, /* "id-smime-aa-ets-RevocationRefs" */ +- 238, /* "id-smime-aa-ets-archiveTimeStamp" */ +- 237, /* "id-smime-aa-ets-certCRLTimestamp" */ +- 234, /* "id-smime-aa-ets-certValues" */ +- 227, /* "id-smime-aa-ets-commitmentType" */ +- 231, /* "id-smime-aa-ets-contentTimestamp" */ +- 236, /* "id-smime-aa-ets-escTimeStamp" */ +- 230, /* "id-smime-aa-ets-otherSigCert" */ +- 235, /* "id-smime-aa-ets-revocationValues" */ +- 226, /* "id-smime-aa-ets-sigPolicyId" */ +- 229, /* "id-smime-aa-ets-signerAttr" */ +- 228, /* "id-smime-aa-ets-signerLocation" */ +- 219, /* "id-smime-aa-macValue" */ +- 214, /* "id-smime-aa-mlExpandHistory" */ +- 216, /* "id-smime-aa-msgSigDigest" */ +- 212, /* "id-smime-aa-receiptRequest" */ +- 213, /* "id-smime-aa-securityLabel" */ +- 239, /* "id-smime-aa-signatureType" */ +- 223, /* "id-smime-aa-signingCertificate" */ +- 224, /* "id-smime-aa-smimeEncryptCerts" */ +- 225, /* "id-smime-aa-timeStampToken" */ +- 192, /* "id-smime-alg" */ +- 243, /* "id-smime-alg-3DESwrap" */ +- 246, /* "id-smime-alg-CMS3DESwrap" */ +- 247, /* "id-smime-alg-CMSRC2wrap" */ +- 245, /* "id-smime-alg-ESDH" */ +- 241, /* "id-smime-alg-ESDHwith3DES" */ +- 242, /* "id-smime-alg-ESDHwithRC2" */ +- 244, /* "id-smime-alg-RC2wrap" */ +- 193, /* "id-smime-cd" */ +- 248, /* "id-smime-cd-ldap" */ +- 190, /* "id-smime-ct" */ +- 210, /* "id-smime-ct-DVCSRequestData" */ +- 211, /* "id-smime-ct-DVCSResponseData" */ +- 208, /* "id-smime-ct-TDTInfo" */ +- 207, /* "id-smime-ct-TSTInfo" */ +- 205, /* "id-smime-ct-authData" */ +- 1059, /* "id-smime-ct-authEnvelopedData" */ +- 786, /* "id-smime-ct-compressedData" */ +- 1058, /* "id-smime-ct-contentCollection" */ +- 209, /* "id-smime-ct-contentInfo" */ +- 206, /* "id-smime-ct-publishCert" */ +- 204, /* "id-smime-ct-receipt" */ +- 195, /* "id-smime-cti" */ +- 255, /* "id-smime-cti-ets-proofOfApproval" */ +- 256, /* "id-smime-cti-ets-proofOfCreation" */ +- 253, /* "id-smime-cti-ets-proofOfDelivery" */ +- 251, /* "id-smime-cti-ets-proofOfOrigin" */ +- 252, /* "id-smime-cti-ets-proofOfReceipt" */ +- 254, /* "id-smime-cti-ets-proofOfSender" */ +- 189, /* "id-smime-mod" */ +- 196, /* "id-smime-mod-cms" */ +- 197, /* "id-smime-mod-ess" */ +- 202, /* "id-smime-mod-ets-eSigPolicy-88" */ +- 203, /* "id-smime-mod-ets-eSigPolicy-97" */ +- 200, /* "id-smime-mod-ets-eSignature-88" */ +- 201, /* "id-smime-mod-ets-eSignature-97" */ +- 199, /* "id-smime-mod-msg-v3" */ +- 198, /* "id-smime-mod-oid" */ +- 194, /* "id-smime-spq" */ +- 250, /* "id-smime-spq-ets-sqt-unotice" */ +- 249, /* "id-smime-spq-ets-sqt-uri" */ +- 974, /* "id-tc26" */ +- 991, /* "id-tc26-agreement" */ +- 992, /* "id-tc26-agreement-gost-3410-2012-256" */ +- 993, /* "id-tc26-agreement-gost-3410-2012-512" */ +- 977, /* "id-tc26-algorithms" */ +- 990, /* "id-tc26-cipher" */ +- 1001, /* "id-tc26-cipher-constants" */ +- 994, /* "id-tc26-constants" */ +- 981, /* "id-tc26-digest" */ +- 1000, /* "id-tc26-digest-constants" */ +- 1002, /* "id-tc26-gost-28147-constants" */ +- 996, /* "id-tc26-gost-3410-2012-512-constants" */ +- 987, /* "id-tc26-mac" */ +- 978, /* "id-tc26-sign" */ +- 995, /* "id-tc26-sign-constants" */ +- 984, /* "id-tc26-signwithdigest" */ +- 34, /* "idea-cbc" */ +- 35, /* "idea-cfb" */ +- 36, /* "idea-ecb" */ +- 46, /* "idea-ofb" */ +- 676, /* "identified-organization" */ +- 461, /* "info" */ +- 101, /* "initials" */ +- 869, /* "internationaliSDNNumber" */ +- 1022, /* "ipsec Internet Key Exchange" */ +- 749, /* "ipsec3" */ +- 750, /* "ipsec4" */ +- 181, /* "iso" */ +- 623, /* "issuer capabilities" */ +- 645, /* "itu-t" */ +- 492, /* "janetMailbox" */ +- 646, /* "joint-iso-itu-t" */ +- 957, /* "jurisdictionCountryName" */ +- 955, /* "jurisdictionLocalityName" */ +- 956, /* "jurisdictionStateOrProvinceName" */ +- 150, /* "keyBag" */ +- 773, /* "kisa" */ +- 1039, /* "kx-dhe" */ +- 1041, /* "kx-dhe-psk" */ +- 1038, /* "kx-ecdhe" */ +- 1040, /* "kx-ecdhe-psk" */ +- 1045, /* "kx-gost" */ +- 1043, /* "kx-psk" */ +- 1037, /* "kx-rsa" */ +- 1042, /* "kx-rsa-psk" */ +- 1044, /* "kx-srp" */ +- 477, /* "lastModifiedBy" */ +- 476, /* "lastModifiedTime" */ +- 157, /* "localKeyID" */ +- 15, /* "localityName" */ +- 480, /* "mXRecord" */ +- 493, /* "mailPreferenceOption" */ +- 467, /* "manager" */ +- 3, /* "md2" */ +- 7, /* "md2WithRSAEncryption" */ +- 257, /* "md4" */ +- 396, /* "md4WithRSAEncryption" */ +- 4, /* "md5" */ +- 114, /* "md5-sha1" */ +- 104, /* "md5WithRSA" */ +- 8, /* "md5WithRSAEncryption" */ +- 95, /* "mdc2" */ +- 96, /* "mdc2WithRSA" */ +- 875, /* "member" */ +- 602, /* "merchant initiated auth" */ +- 514, /* "message extensions" */ +- 51, /* "messageDigest" */ +- 911, /* "mgf1" */ +- 506, /* "mime-mhs-bodies" */ +- 505, /* "mime-mhs-headings" */ +- 488, /* "mobileTelephoneNumber" */ +- 481, /* "nSRecord" */ +- 173, /* "name" */ +- 681, /* "onBasis" */ +- 379, /* "org" */ +- 17, /* "organizationName" */ +- 491, /* "organizationalStatus" */ +- 18, /* "organizationalUnitName" */ +- 475, /* "otherMailbox" */ +- 876, /* "owner" */ +- 935, /* "pSpecified" */ +- 489, /* "pagerTelephoneNumber" */ +- 782, /* "password based MAC" */ +- 374, /* "path" */ +- 621, /* "payment gateway capabilities" */ +- 9, /* "pbeWithMD2AndDES-CBC" */ +- 168, /* "pbeWithMD2AndRC2-CBC" */ +- 112, /* "pbeWithMD5AndCast5CBC" */ +- 10, /* "pbeWithMD5AndDES-CBC" */ +- 169, /* "pbeWithMD5AndRC2-CBC" */ +- 148, /* "pbeWithSHA1And128BitRC2-CBC" */ +- 144, /* "pbeWithSHA1And128BitRC4" */ +- 147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ +- 146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ +- 149, /* "pbeWithSHA1And40BitRC2-CBC" */ +- 145, /* "pbeWithSHA1And40BitRC4" */ +- 170, /* "pbeWithSHA1AndDES-CBC" */ +- 68, /* "pbeWithSHA1AndRC2-CBC" */ +- 499, /* "personalSignature" */ +- 487, /* "personalTitle" */ +- 464, /* "photo" */ +- 863, /* "physicalDeliveryOfficeName" */ +- 437, /* "pilot" */ +- 439, /* "pilotAttributeSyntax" */ +- 438, /* "pilotAttributeType" */ +- 479, /* "pilotAttributeType27" */ +- 456, /* "pilotDSA" */ +- 441, /* "pilotGroups" */ +- 444, /* "pilotObject" */ +- 440, /* "pilotObjectClass" */ +- 455, /* "pilotOrganization" */ +- 445, /* "pilotPerson" */ +- 186, /* "pkcs1" */ +- 27, /* "pkcs3" */ +- 187, /* "pkcs5" */ +- 20, /* "pkcs7" */ +- 21, /* "pkcs7-data" */ +- 25, /* "pkcs7-digestData" */ +- 26, /* "pkcs7-encryptedData" */ +- 23, /* "pkcs7-envelopedData" */ +- 24, /* "pkcs7-signedAndEnvelopedData" */ +- 22, /* "pkcs7-signedData" */ +- 151, /* "pkcs8ShroudedKeyBag" */ +- 47, /* "pkcs9" */ +- 862, /* "postOfficeBox" */ +- 861, /* "postalAddress" */ +- 661, /* "postalCode" */ +- 683, /* "ppBasis" */ +- 872, /* "preferredDeliveryMethod" */ +- 873, /* "presentationAddress" */ +- 406, /* "prime-field" */ +- 409, /* "prime192v1" */ +- 410, /* "prime192v2" */ +- 411, /* "prime192v3" */ +- 412, /* "prime239v1" */ +- 413, /* "prime239v2" */ +- 414, /* "prime239v3" */ +- 415, /* "prime256v1" */ +- 886, /* "protocolInformation" */ +- 510, /* "pseudonym" */ +- 435, /* "pss" */ +- 286, /* "qcStatements" */ +- 457, /* "qualityLabelledData" */ +- 450, /* "rFC822localPart" */ +- 98, /* "rc2-40-cbc" */ +- 166, /* "rc2-64-cbc" */ +- 37, /* "rc2-cbc" */ +- 39, /* "rc2-cfb" */ +- 38, /* "rc2-ecb" */ +- 40, /* "rc2-ofb" */ +- 5, /* "rc4" */ +- 97, /* "rc4-40" */ +- 915, /* "rc4-hmac-md5" */ +- 120, /* "rc5-cbc" */ +- 122, /* "rc5-cfb" */ +- 121, /* "rc5-ecb" */ +- 123, /* "rc5-ofb" */ +- 870, /* "registeredAddress" */ +- 460, /* "rfc822Mailbox" */ +- 117, /* "ripemd160" */ +- 119, /* "ripemd160WithRSA" */ +- 400, /* "role" */ +- 877, /* "roleOccupant" */ +- 448, /* "room" */ +- 463, /* "roomNumber" */ +- 19, /* "rsa" */ +- 6, /* "rsaEncryption" */ +- 644, /* "rsaOAEPEncryptionSET" */ +- 377, /* "rsaSignature" */ +- 919, /* "rsaesOaep" */ +- 912, /* "rsassaPss" */ +- 482, /* "sOARecord" */ +- 155, /* "safeContentsBag" */ +- 291, /* "sbgp-autonomousSysNum" */ +- 290, /* "sbgp-ipAddrBlock" */ +- 292, /* "sbgp-routerIdentifier" */ +- 159, /* "sdsiCertificate" */ +- 859, /* "searchGuide" */ +- 704, /* "secp112r1" */ +- 705, /* "secp112r2" */ +- 706, /* "secp128r1" */ +- 707, /* "secp128r2" */ +- 708, /* "secp160k1" */ +- 709, /* "secp160r1" */ +- 710, /* "secp160r2" */ +- 711, /* "secp192k1" */ +- 712, /* "secp224k1" */ +- 713, /* "secp224r1" */ +- 714, /* "secp256k1" */ +- 715, /* "secp384r1" */ +- 716, /* "secp521r1" */ +- 154, /* "secretBag" */ +- 474, /* "secretary" */ +- 717, /* "sect113r1" */ +- 718, /* "sect113r2" */ +- 719, /* "sect131r1" */ +- 720, /* "sect131r2" */ +- 721, /* "sect163k1" */ +- 722, /* "sect163r1" */ +- 723, /* "sect163r2" */ +- 724, /* "sect193r1" */ +- 725, /* "sect193r2" */ +- 726, /* "sect233k1" */ +- 727, /* "sect233r1" */ +- 728, /* "sect239k1" */ +- 729, /* "sect283k1" */ +- 730, /* "sect283r1" */ +- 731, /* "sect409k1" */ +- 732, /* "sect409r1" */ +- 733, /* "sect571k1" */ +- 734, /* "sect571r1" */ +- 635, /* "secure device signature" */ +- 878, /* "seeAlso" */ +- 777, /* "seed-cbc" */ +- 779, /* "seed-cfb" */ +- 776, /* "seed-ecb" */ +- 778, /* "seed-ofb" */ +- 105, /* "serialNumber" */ +- 625, /* "set-addPolicy" */ +- 515, /* "set-attr" */ +- 518, /* "set-brand" */ +- 638, /* "set-brand-AmericanExpress" */ +- 637, /* "set-brand-Diners" */ +- 636, /* "set-brand-IATA-ATA" */ +- 639, /* "set-brand-JCB" */ +- 641, /* "set-brand-MasterCard" */ +- 642, /* "set-brand-Novus" */ +- 640, /* "set-brand-Visa" */ +- 516, /* "set-policy" */ +- 607, /* "set-policy-root" */ +- 624, /* "set-rootKeyThumb" */ +- 620, /* "setAttr-Cert" */ +- 628, /* "setAttr-IssCap-CVM" */ +- 630, /* "setAttr-IssCap-Sig" */ +- 629, /* "setAttr-IssCap-T2" */ +- 627, /* "setAttr-Token-B0Prime" */ +- 626, /* "setAttr-Token-EMV" */ +- 622, /* "setAttr-TokenType" */ +- 619, /* "setCext-IssuerCapabilities" */ +- 615, /* "setCext-PGWYcapabilities" */ +- 616, /* "setCext-TokenIdentifier" */ +- 618, /* "setCext-TokenType" */ +- 617, /* "setCext-Track2Data" */ +- 611, /* "setCext-cCertRequired" */ +- 609, /* "setCext-certType" */ +- 608, /* "setCext-hashedRoot" */ +- 610, /* "setCext-merchData" */ +- 613, /* "setCext-setExt" */ +- 614, /* "setCext-setQualf" */ +- 612, /* "setCext-tunneling" */ +- 540, /* "setct-AcqCardCodeMsg" */ +- 576, /* "setct-AcqCardCodeMsgTBE" */ +- 570, /* "setct-AuthReqTBE" */ +- 534, /* "setct-AuthReqTBS" */ +- 527, /* "setct-AuthResBaggage" */ +- 571, /* "setct-AuthResTBE" */ +- 572, /* "setct-AuthResTBEX" */ +- 535, /* "setct-AuthResTBS" */ +- 536, /* "setct-AuthResTBSX" */ +- 528, /* "setct-AuthRevReqBaggage" */ +- 577, /* "setct-AuthRevReqTBE" */ +- 541, /* "setct-AuthRevReqTBS" */ +- 529, /* "setct-AuthRevResBaggage" */ +- 542, /* "setct-AuthRevResData" */ +- 578, /* "setct-AuthRevResTBE" */ +- 579, /* "setct-AuthRevResTBEB" */ +- 543, /* "setct-AuthRevResTBS" */ +- 573, /* "setct-AuthTokenTBE" */ +- 537, /* "setct-AuthTokenTBS" */ +- 600, /* "setct-BCIDistributionTBS" */ +- 558, /* "setct-BatchAdminReqData" */ +- 592, /* "setct-BatchAdminReqTBE" */ +- 559, /* "setct-BatchAdminResData" */ +- 593, /* "setct-BatchAdminResTBE" */ +- 599, /* "setct-CRLNotificationResTBS" */ +- 598, /* "setct-CRLNotificationTBS" */ +- 580, /* "setct-CapReqTBE" */ +- 581, /* "setct-CapReqTBEX" */ +- 544, /* "setct-CapReqTBS" */ +- 545, /* "setct-CapReqTBSX" */ +- 546, /* "setct-CapResData" */ +- 582, /* "setct-CapResTBE" */ +- 583, /* "setct-CapRevReqTBE" */ +- 584, /* "setct-CapRevReqTBEX" */ +- 547, /* "setct-CapRevReqTBS" */ +- 548, /* "setct-CapRevReqTBSX" */ +- 549, /* "setct-CapRevResData" */ +- 585, /* "setct-CapRevResTBE" */ +- 538, /* "setct-CapTokenData" */ +- 530, /* "setct-CapTokenSeq" */ +- 574, /* "setct-CapTokenTBE" */ +- 575, /* "setct-CapTokenTBEX" */ +- 539, /* "setct-CapTokenTBS" */ +- 560, /* "setct-CardCInitResTBS" */ +- 566, /* "setct-CertInqReqTBS" */ +- 563, /* "setct-CertReqData" */ +- 595, /* "setct-CertReqTBE" */ +- 596, /* "setct-CertReqTBEX" */ +- 564, /* "setct-CertReqTBS" */ +- 565, /* "setct-CertResData" */ +- 597, /* "setct-CertResTBE" */ +- 586, /* "setct-CredReqTBE" */ +- 587, /* "setct-CredReqTBEX" */ +- 550, /* "setct-CredReqTBS" */ +- 551, /* "setct-CredReqTBSX" */ +- 552, /* "setct-CredResData" */ +- 588, /* "setct-CredResTBE" */ +- 589, /* "setct-CredRevReqTBE" */ +- 590, /* "setct-CredRevReqTBEX" */ +- 553, /* "setct-CredRevReqTBS" */ +- 554, /* "setct-CredRevReqTBSX" */ +- 555, /* "setct-CredRevResData" */ +- 591, /* "setct-CredRevResTBE" */ +- 567, /* "setct-ErrorTBS" */ +- 526, /* "setct-HODInput" */ +- 561, /* "setct-MeAqCInitResTBS" */ +- 522, /* "setct-OIData" */ +- 519, /* "setct-PANData" */ +- 521, /* "setct-PANOnly" */ +- 520, /* "setct-PANToken" */ +- 556, /* "setct-PCertReqData" */ +- 557, /* "setct-PCertResTBS" */ +- 523, /* "setct-PI" */ +- 532, /* "setct-PI-TBS" */ +- 524, /* "setct-PIData" */ +- 525, /* "setct-PIDataUnsigned" */ +- 568, /* "setct-PIDualSignedTBE" */ +- 569, /* "setct-PIUnsignedTBE" */ +- 531, /* "setct-PInitResData" */ +- 533, /* "setct-PResData" */ +- 594, /* "setct-RegFormReqTBE" */ +- 562, /* "setct-RegFormResTBS" */ +- 604, /* "setext-pinAny" */ +- 603, /* "setext-pinSecure" */ +- 605, /* "setext-track2" */ +- 41, /* "sha" */ +- 64, /* "sha1" */ +- 115, /* "sha1WithRSA" */ +- 65, /* "sha1WithRSAEncryption" */ +- 675, /* "sha224" */ +- 671, /* "sha224WithRSAEncryption" */ +- 672, /* "sha256" */ +- 668, /* "sha256WithRSAEncryption" */ +- 673, /* "sha384" */ +- 669, /* "sha384WithRSAEncryption" */ +- 674, /* "sha512" */ +- 670, /* "sha512WithRSAEncryption" */ +- 42, /* "shaWithRSAEncryption" */ +- 52, /* "signingTime" */ +- 454, /* "simpleSecurityObject" */ +- 496, /* "singleLevelQuality" */ +- 16, /* "stateOrProvinceName" */ +- 660, /* "streetAddress" */ +- 498, /* "subtreeMaximumQuality" */ +- 497, /* "subtreeMinimumQuality" */ +- 890, /* "supportedAlgorithms" */ +- 874, /* "supportedApplicationContext" */ +- 100, /* "surname" */ +- 864, /* "telephoneNumber" */ +- 866, /* "teletexTerminalIdentifier" */ +- 865, /* "telexNumber" */ +- 459, /* "textEncodedORAddress" */ +- 293, /* "textNotice" */ +- 106, /* "title" */ +- 1021, /* "tls1-prf" */ +- 682, /* "tpBasis" */ +- 436, /* "ucl" */ +- 0, /* "undefined" */ +- 102, /* "uniqueIdentifier" */ +- 888, /* "uniqueMember" */ +- 55, /* "unstructuredAddress" */ +- 49, /* "unstructuredName" */ +- 880, /* "userCertificate" */ +- 465, /* "userClass" */ +- 458, /* "userId" */ +- 879, /* "userPassword" */ +- 373, /* "valid" */ +- 678, /* "wap" */ +- 679, /* "wap-wsg" */ +- 735, /* "wap-wsg-idm-ecid-wtls1" */ +- 743, /* "wap-wsg-idm-ecid-wtls10" */ +- 744, /* "wap-wsg-idm-ecid-wtls11" */ +- 745, /* "wap-wsg-idm-ecid-wtls12" */ +- 736, /* "wap-wsg-idm-ecid-wtls3" */ +- 737, /* "wap-wsg-idm-ecid-wtls4" */ +- 738, /* "wap-wsg-idm-ecid-wtls5" */ +- 739, /* "wap-wsg-idm-ecid-wtls6" */ +- 740, /* "wap-wsg-idm-ecid-wtls7" */ +- 741, /* "wap-wsg-idm-ecid-wtls8" */ +- 742, /* "wap-wsg-idm-ecid-wtls9" */ +- 804, /* "whirlpool" */ +- 868, /* "x121Address" */ +- 503, /* "x500UniqueIdentifier" */ +- 158, /* "x509Certificate" */ +- 160, /* "x509Crl" */ +- 125, /* "zlib compression" */ ++static const unsigned int ln_objs[NUM_LN]={ ++363, /* "AD Time Stamping" */ ++405, /* "ANSI X9.62" */ ++368, /* "Acceptable OCSP Responses" */ ++910, /* "Any Extended Key Usage" */ ++664, /* "Any language" */ ++177, /* "Authority Information Access" */ ++365, /* "Basic OCSP Response" */ ++285, /* "Biometric Info" */ ++179, /* "CA Issuers" */ ++785, /* "CA Repository" */ ++954, /* "CT Certificate SCTs" */ ++952, /* "CT Precertificate Poison" */ ++951, /* "CT Precertificate SCTs" */ ++953, /* "CT Precertificate Signer" */ ++131, /* "Code Signing" */ ++783, /* "Diffie-Hellman based MAC" */ ++382, /* "Directory" */ ++392, /* "Domain" */ ++132, /* "E-mail Protection" */ ++389, /* "Enterprises" */ ++384, /* "Experimental" */ ++372, /* "Extended OCSP Status" */ ++172, /* "Extension Request" */ ++813, /* "GOST 28147-89" */ ++849, /* "GOST 28147-89 Cryptocom ParamSet" */ ++815, /* "GOST 28147-89 MAC" */ ++851, /* "GOST 34.10-2001 Cryptocom" */ ++850, /* "GOST 34.10-94 Cryptocom" */ ++811, /* "GOST R 34.10-2001" */ ++817, /* "GOST R 34.10-2001 DH" */ ++812, /* "GOST R 34.10-94" */ ++818, /* "GOST R 34.10-94 DH" */ ++809, /* "GOST R 34.11-94" */ ++816, /* "GOST R 34.11-94 PRF" */ ++807, /* "GOST R 34.11-94 with GOST R 34.10-2001" */ ++853, /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */ ++808, /* "GOST R 34.11-94 with GOST R 34.10-94" */ ++852, /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */ ++854, /* "GOST R 3410-2001 Parameter Set Cryptocom" */ ++810, /* "HMAC GOST 34.11-94" */ ++432, /* "Hold Instruction Call Issuer" */ ++430, /* "Hold Instruction Code" */ ++431, /* "Hold Instruction None" */ ++433, /* "Hold Instruction Reject" */ ++634, /* "ICC or token signature" */ ++294, /* "IPSec End System" */ ++295, /* "IPSec Tunnel" */ ++296, /* "IPSec User" */ ++182, /* "ISO Member Body" */ ++183, /* "ISO US Member Body" */ ++667, /* "Independent" */ ++665, /* "Inherit all" */ ++647, /* "International Organizations" */ ++142, /* "Invalidity Date" */ ++504, /* "MIME MHS" */ ++388, /* "Mail" */ ++383, /* "Management" */ ++417, /* "Microsoft CSP Name" */ ++135, /* "Microsoft Commercial Code Signing" */ ++138, /* "Microsoft Encrypted File System" */ ++171, /* "Microsoft Extension Request" */ ++134, /* "Microsoft Individual Code Signing" */ ++856, /* "Microsoft Local Key set" */ ++137, /* "Microsoft Server Gated Crypto" */ ++648, /* "Microsoft Smartcardlogin" */ ++136, /* "Microsoft Trust List Signing" */ ++649, /* "Microsoft Universal Principal Name" */ ++393, /* "NULL" */ ++404, /* "NULL" */ ++72, /* "Netscape Base Url" */ ++76, /* "Netscape CA Policy Url" */ ++74, /* "Netscape CA Revocation Url" */ ++71, /* "Netscape Cert Type" */ ++58, /* "Netscape Certificate Extension" */ ++79, /* "Netscape Certificate Sequence" */ ++78, /* "Netscape Comment" */ ++57, /* "Netscape Communications Corp." */ ++59, /* "Netscape Data Type" */ ++75, /* "Netscape Renewal Url" */ ++73, /* "Netscape Revocation Url" */ ++77, /* "Netscape SSL Server Name" */ ++139, /* "Netscape Server Gated Crypto" */ ++178, /* "OCSP" */ ++370, /* "OCSP Archive Cutoff" */ ++367, /* "OCSP CRL ID" */ ++369, /* "OCSP No Check" */ ++366, /* "OCSP Nonce" */ ++371, /* "OCSP Service Locator" */ ++180, /* "OCSP Signing" */ ++161, /* "PBES2" */ ++69, /* "PBKDF2" */ ++162, /* "PBMAC1" */ ++127, /* "PKIX" */ ++858, /* "Permanent Identifier" */ ++164, /* "Policy Qualifier CPS" */ ++165, /* "Policy Qualifier User Notice" */ ++385, /* "Private" */ ++663, /* "Proxy Certificate Information" */ ++ 1, /* "RSA Data Security, Inc." */ ++ 2, /* "RSA Data Security, Inc. PKCS" */ ++188, /* "S/MIME" */ ++167, /* "S/MIME Capabilities" */ ++387, /* "SNMPv2" */ ++512, /* "Secure Electronic Transactions" */ ++386, /* "Security" */ ++394, /* "Selected Attribute Types" */ ++143, /* "Strong Extranet ID" */ ++398, /* "Subject Information Access" */ ++130, /* "TLS Web Client Authentication" */ ++129, /* "TLS Web Server Authentication" */ ++133, /* "Time Stamping" */ ++375, /* "Trust Root" */ ++12, /* "X509" */ ++402, /* "X509v3 AC Targeting" */ ++746, /* "X509v3 Any Policy" */ ++90, /* "X509v3 Authority Key Identifier" */ ++87, /* "X509v3 Basic Constraints" */ ++103, /* "X509v3 CRL Distribution Points" */ ++88, /* "X509v3 CRL Number" */ ++141, /* "X509v3 CRL Reason Code" */ ++771, /* "X509v3 Certificate Issuer" */ ++89, /* "X509v3 Certificate Policies" */ ++140, /* "X509v3 Delta CRL Indicator" */ ++126, /* "X509v3 Extended Key Usage" */ ++857, /* "X509v3 Freshest CRL" */ ++748, /* "X509v3 Inhibit Any Policy" */ ++86, /* "X509v3 Issuer Alternative Name" */ ++770, /* "X509v3 Issuing Distrubution Point" */ ++83, /* "X509v3 Key Usage" */ ++666, /* "X509v3 Name Constraints" */ ++403, /* "X509v3 No Revocation Available" */ ++401, /* "X509v3 Policy Constraints" */ ++747, /* "X509v3 Policy Mappings" */ ++84, /* "X509v3 Private Key Usage Period" */ ++85, /* "X509v3 Subject Alternative Name" */ ++769, /* "X509v3 Subject Directory Attributes" */ ++82, /* "X509v3 Subject Key Identifier" */ ++920, /* "X9.42 DH" */ ++184, /* "X9.57" */ ++185, /* "X9.57 CM ?" */ ++478, /* "aRecord" */ ++289, /* "aaControls" */ ++287, /* "ac-auditEntity" */ ++397, /* "ac-proxying" */ ++288, /* "ac-targeting" */ ++446, /* "account" */ ++364, /* "ad dvcs" */ ++606, /* "additional verification" */ ++419, /* "aes-128-cbc" */ ++916, /* "aes-128-cbc-hmac-sha1" */ ++948, /* "aes-128-cbc-hmac-sha256" */ ++896, /* "aes-128-ccm" */ ++421, /* "aes-128-cfb" */ ++650, /* "aes-128-cfb1" */ ++653, /* "aes-128-cfb8" */ ++904, /* "aes-128-ctr" */ ++418, /* "aes-128-ecb" */ ++895, /* "aes-128-gcm" */ ++420, /* "aes-128-ofb" */ ++913, /* "aes-128-xts" */ ++423, /* "aes-192-cbc" */ ++917, /* "aes-192-cbc-hmac-sha1" */ ++949, /* "aes-192-cbc-hmac-sha256" */ ++899, /* "aes-192-ccm" */ ++425, /* "aes-192-cfb" */ ++651, /* "aes-192-cfb1" */ ++654, /* "aes-192-cfb8" */ ++905, /* "aes-192-ctr" */ ++422, /* "aes-192-ecb" */ ++898, /* "aes-192-gcm" */ ++424, /* "aes-192-ofb" */ ++427, /* "aes-256-cbc" */ ++918, /* "aes-256-cbc-hmac-sha1" */ ++950, /* "aes-256-cbc-hmac-sha256" */ ++902, /* "aes-256-ccm" */ ++429, /* "aes-256-cfb" */ ++652, /* "aes-256-cfb1" */ ++655, /* "aes-256-cfb8" */ ++906, /* "aes-256-ctr" */ ++426, /* "aes-256-ecb" */ ++901, /* "aes-256-gcm" */ ++428, /* "aes-256-ofb" */ ++914, /* "aes-256-xts" */ ++376, /* "algorithm" */ ++484, /* "associatedDomain" */ ++485, /* "associatedName" */ ++501, /* "audio" */ ++882, /* "authorityRevocationList" */ ++91, /* "bf-cbc" */ ++93, /* "bf-cfb" */ ++92, /* "bf-ecb" */ ++94, /* "bf-ofb" */ ++921, /* "brainpoolP160r1" */ ++922, /* "brainpoolP160t1" */ ++923, /* "brainpoolP192r1" */ ++924, /* "brainpoolP192t1" */ ++925, /* "brainpoolP224r1" */ ++926, /* "brainpoolP224t1" */ ++927, /* "brainpoolP256r1" */ ++928, /* "brainpoolP256t1" */ ++929, /* "brainpoolP320r1" */ ++930, /* "brainpoolP320t1" */ ++931, /* "brainpoolP384r1" */ ++932, /* "brainpoolP384t1" */ ++933, /* "brainpoolP512r1" */ ++934, /* "brainpoolP512t1" */ ++494, /* "buildingName" */ ++860, /* "businessCategory" */ ++691, /* "c2onb191v4" */ ++692, /* "c2onb191v5" */ ++697, /* "c2onb239v4" */ ++698, /* "c2onb239v5" */ ++684, /* "c2pnb163v1" */ ++685, /* "c2pnb163v2" */ ++686, /* "c2pnb163v3" */ ++687, /* "c2pnb176v1" */ ++693, /* "c2pnb208w1" */ ++699, /* "c2pnb272w1" */ ++700, /* "c2pnb304w1" */ ++702, /* "c2pnb368w1" */ ++688, /* "c2tnb191v1" */ ++689, /* "c2tnb191v2" */ ++690, /* "c2tnb191v3" */ ++694, /* "c2tnb239v1" */ ++695, /* "c2tnb239v2" */ ++696, /* "c2tnb239v3" */ ++701, /* "c2tnb359v1" */ ++703, /* "c2tnb431r1" */ ++881, /* "cACertificate" */ ++483, /* "cNAMERecord" */ ++751, /* "camellia-128-cbc" */ ++757, /* "camellia-128-cfb" */ ++760, /* "camellia-128-cfb1" */ ++763, /* "camellia-128-cfb8" */ ++754, /* "camellia-128-ecb" */ ++766, /* "camellia-128-ofb" */ ++752, /* "camellia-192-cbc" */ ++758, /* "camellia-192-cfb" */ ++761, /* "camellia-192-cfb1" */ ++764, /* "camellia-192-cfb8" */ ++755, /* "camellia-192-ecb" */ ++767, /* "camellia-192-ofb" */ ++753, /* "camellia-256-cbc" */ ++759, /* "camellia-256-cfb" */ ++762, /* "camellia-256-cfb1" */ ++765, /* "camellia-256-cfb8" */ ++756, /* "camellia-256-ecb" */ ++768, /* "camellia-256-ofb" */ ++443, /* "caseIgnoreIA5StringSyntax" */ ++108, /* "cast5-cbc" */ ++110, /* "cast5-cfb" */ ++109, /* "cast5-ecb" */ ++111, /* "cast5-ofb" */ ++152, /* "certBag" */ ++677, /* "certicom-arc" */ ++517, /* "certificate extensions" */ ++883, /* "certificateRevocationList" */ ++54, /* "challengePassword" */ ++407, /* "characteristic-two-field" */ ++395, /* "clearance" */ ++633, /* "cleartext track 2" */ ++894, /* "cmac" */ ++13, /* "commonName" */ ++513, /* "content types" */ ++50, /* "contentType" */ ++53, /* "countersignature" */ ++14, /* "countryName" */ ++153, /* "crlBag" */ ++884, /* "crossCertificatePair" */ ++806, /* "cryptocom" */ ++805, /* "cryptopro" */ ++500, /* "dITRedirect" */ ++451, /* "dNSDomain" */ ++495, /* "dSAQuality" */ ++434, /* "data" */ ++390, /* "dcObject" */ ++891, /* "deltaRevocationList" */ ++31, /* "des-cbc" */ ++643, /* "des-cdmf" */ ++30, /* "des-cfb" */ ++656, /* "des-cfb1" */ ++657, /* "des-cfb8" */ ++29, /* "des-ecb" */ ++32, /* "des-ede" */ ++43, /* "des-ede-cbc" */ ++60, /* "des-ede-cfb" */ ++62, /* "des-ede-ofb" */ ++33, /* "des-ede3" */ ++44, /* "des-ede3-cbc" */ ++61, /* "des-ede3-cfb" */ ++658, /* "des-ede3-cfb1" */ ++659, /* "des-ede3-cfb8" */ ++63, /* "des-ede3-ofb" */ ++45, /* "des-ofb" */ ++107, /* "description" */ ++871, /* "destinationIndicator" */ ++80, /* "desx-cbc" */ ++947, /* "dh-cofactor-kdf" */ ++946, /* "dh-std-kdf" */ ++28, /* "dhKeyAgreement" */ ++941, /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */ ++942, /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */ ++943, /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */ ++944, /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */ ++945, /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */ ++936, /* "dhSinglePass-stdDH-sha1kdf-scheme" */ ++937, /* "dhSinglePass-stdDH-sha224kdf-scheme" */ ++938, /* "dhSinglePass-stdDH-sha256kdf-scheme" */ ++939, /* "dhSinglePass-stdDH-sha384kdf-scheme" */ ++940, /* "dhSinglePass-stdDH-sha512kdf-scheme" */ ++11, /* "directory services (X.500)" */ ++378, /* "directory services - algorithms" */ ++887, /* "distinguishedName" */ ++892, /* "dmdName" */ ++174, /* "dnQualifier" */ ++447, /* "document" */ ++471, /* "documentAuthor" */ ++468, /* "documentIdentifier" */ ++472, /* "documentLocation" */ ++502, /* "documentPublisher" */ ++449, /* "documentSeries" */ ++469, /* "documentTitle" */ ++470, /* "documentVersion" */ ++380, /* "dod" */ ++391, /* "domainComponent" */ ++452, /* "domainRelatedObject" */ ++116, /* "dsaEncryption" */ ++67, /* "dsaEncryption-old" */ ++66, /* "dsaWithSHA" */ ++113, /* "dsaWithSHA1" */ ++70, /* "dsaWithSHA1-old" */ ++802, /* "dsa_with_SHA224" */ ++803, /* "dsa_with_SHA256" */ ++297, /* "dvcs" */ ++791, /* "ecdsa-with-Recommended" */ ++416, /* "ecdsa-with-SHA1" */ ++793, /* "ecdsa-with-SHA224" */ ++794, /* "ecdsa-with-SHA256" */ ++795, /* "ecdsa-with-SHA384" */ ++796, /* "ecdsa-with-SHA512" */ ++792, /* "ecdsa-with-Specified" */ ++48, /* "emailAddress" */ ++632, /* "encrypted track 2" */ ++885, /* "enhancedSearchGuide" */ ++56, /* "extendedCertificateAttributes" */ ++867, /* "facsimileTelephoneNumber" */ ++462, /* "favouriteDrink" */ ++453, /* "friendlyCountry" */ ++490, /* "friendlyCountryName" */ ++156, /* "friendlyName" */ ++631, /* "generate cryptogram" */ ++509, /* "generationQualifier" */ ++601, /* "generic cryptogram" */ ++99, /* "givenName" */ ++814, /* "gost89-cnt" */ ++855, /* "hmac" */ ++780, /* "hmac-md5" */ ++781, /* "hmac-sha1" */ ++797, /* "hmacWithMD5" */ ++163, /* "hmacWithSHA1" */ ++798, /* "hmacWithSHA224" */ ++799, /* "hmacWithSHA256" */ ++800, /* "hmacWithSHA384" */ ++801, /* "hmacWithSHA512" */ ++486, /* "homePostalAddress" */ ++473, /* "homeTelephoneNumber" */ ++466, /* "host" */ ++889, /* "houseIdentifier" */ ++442, /* "iA5StringSyntax" */ ++381, /* "iana" */ ++824, /* "id-Gost28147-89-CryptoPro-A-ParamSet" */ ++825, /* "id-Gost28147-89-CryptoPro-B-ParamSet" */ ++826, /* "id-Gost28147-89-CryptoPro-C-ParamSet" */ ++827, /* "id-Gost28147-89-CryptoPro-D-ParamSet" */ ++819, /* "id-Gost28147-89-CryptoPro-KeyMeshing" */ ++829, /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */ ++828, /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */ ++830, /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */ ++820, /* "id-Gost28147-89-None-KeyMeshing" */ ++823, /* "id-Gost28147-89-TestParamSet" */ ++840, /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */ ++841, /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */ ++842, /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */ ++843, /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */ ++844, /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */ ++839, /* "id-GostR3410-2001-TestParamSet" */ ++832, /* "id-GostR3410-94-CryptoPro-A-ParamSet" */ ++833, /* "id-GostR3410-94-CryptoPro-B-ParamSet" */ ++834, /* "id-GostR3410-94-CryptoPro-C-ParamSet" */ ++835, /* "id-GostR3410-94-CryptoPro-D-ParamSet" */ ++836, /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */ ++837, /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */ ++838, /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */ ++831, /* "id-GostR3410-94-TestParamSet" */ ++845, /* "id-GostR3410-94-a" */ ++846, /* "id-GostR3410-94-aBis" */ ++847, /* "id-GostR3410-94-b" */ ++848, /* "id-GostR3410-94-bBis" */ ++822, /* "id-GostR3411-94-CryptoProParamSet" */ ++821, /* "id-GostR3411-94-TestParamSet" */ ++266, /* "id-aca" */ ++355, /* "id-aca-accessIdentity" */ ++354, /* "id-aca-authenticationInfo" */ ++356, /* "id-aca-chargingIdentity" */ ++399, /* "id-aca-encAttrs" */ ++357, /* "id-aca-group" */ ++358, /* "id-aca-role" */ ++176, /* "id-ad" */ ++788, /* "id-aes128-wrap" */ ++897, /* "id-aes128-wrap-pad" */ ++789, /* "id-aes192-wrap" */ ++900, /* "id-aes192-wrap-pad" */ ++790, /* "id-aes256-wrap" */ ++903, /* "id-aes256-wrap-pad" */ ++262, /* "id-alg" */ ++893, /* "id-alg-PWRI-KEK" */ ++323, /* "id-alg-des40" */ ++326, /* "id-alg-dh-pop" */ ++325, /* "id-alg-dh-sig-hmac-sha1" */ ++324, /* "id-alg-noSignature" */ ++907, /* "id-camellia128-wrap" */ ++908, /* "id-camellia192-wrap" */ ++909, /* "id-camellia256-wrap" */ ++268, /* "id-cct" */ ++361, /* "id-cct-PKIData" */ ++362, /* "id-cct-PKIResponse" */ ++360, /* "id-cct-crs" */ ++81, /* "id-ce" */ ++680, /* "id-characteristic-two-basis" */ ++263, /* "id-cmc" */ ++334, /* "id-cmc-addExtensions" */ ++346, /* "id-cmc-confirmCertAcceptance" */ ++330, /* "id-cmc-dataReturn" */ ++336, /* "id-cmc-decryptedPOP" */ ++335, /* "id-cmc-encryptedPOP" */ ++339, /* "id-cmc-getCRL" */ ++338, /* "id-cmc-getCert" */ ++328, /* "id-cmc-identification" */ ++329, /* "id-cmc-identityProof" */ ++337, /* "id-cmc-lraPOPWitness" */ ++344, /* "id-cmc-popLinkRandom" */ ++345, /* "id-cmc-popLinkWitness" */ ++343, /* "id-cmc-queryPending" */ ++333, /* "id-cmc-recipientNonce" */ ++341, /* "id-cmc-regInfo" */ ++342, /* "id-cmc-responseInfo" */ ++340, /* "id-cmc-revokeRequest" */ ++332, /* "id-cmc-senderNonce" */ ++327, /* "id-cmc-statusInfo" */ ++331, /* "id-cmc-transactionId" */ ++787, /* "id-ct-asciiTextWithCRLF" */ ++408, /* "id-ecPublicKey" */ ++508, /* "id-hex-multipart-message" */ ++507, /* "id-hex-partial-message" */ ++260, /* "id-it" */ ++302, /* "id-it-caKeyUpdateInfo" */ ++298, /* "id-it-caProtEncCert" */ ++311, /* "id-it-confirmWaitTime" */ ++303, /* "id-it-currentCRL" */ ++300, /* "id-it-encKeyPairTypes" */ ++310, /* "id-it-implicitConfirm" */ ++308, /* "id-it-keyPairParamRep" */ ++307, /* "id-it-keyPairParamReq" */ ++312, /* "id-it-origPKIMessage" */ ++301, /* "id-it-preferredSymmAlg" */ ++309, /* "id-it-revPassphrase" */ ++299, /* "id-it-signKeyPairTypes" */ ++305, /* "id-it-subscriptionRequest" */ ++306, /* "id-it-subscriptionResponse" */ ++784, /* "id-it-suppLangTags" */ ++304, /* "id-it-unsupportedOIDs" */ ++128, /* "id-kp" */ ++280, /* "id-mod-attribute-cert" */ ++274, /* "id-mod-cmc" */ ++277, /* "id-mod-cmp" */ ++284, /* "id-mod-cmp2000" */ ++273, /* "id-mod-crmf" */ ++283, /* "id-mod-dvcs" */ ++275, /* "id-mod-kea-profile-88" */ ++276, /* "id-mod-kea-profile-93" */ ++282, /* "id-mod-ocsp" */ ++278, /* "id-mod-qualified-cert-88" */ ++279, /* "id-mod-qualified-cert-93" */ ++281, /* "id-mod-timestamp-protocol" */ ++264, /* "id-on" */ ++347, /* "id-on-personalData" */ ++265, /* "id-pda" */ ++352, /* "id-pda-countryOfCitizenship" */ ++353, /* "id-pda-countryOfResidence" */ ++348, /* "id-pda-dateOfBirth" */ ++351, /* "id-pda-gender" */ ++349, /* "id-pda-placeOfBirth" */ ++175, /* "id-pe" */ ++261, /* "id-pkip" */ ++258, /* "id-pkix-mod" */ ++269, /* "id-pkix1-explicit-88" */ ++271, /* "id-pkix1-explicit-93" */ ++270, /* "id-pkix1-implicit-88" */ ++272, /* "id-pkix1-implicit-93" */ ++662, /* "id-ppl" */ ++267, /* "id-qcs" */ ++359, /* "id-qcs-pkixQCSyntax-v1" */ ++259, /* "id-qt" */ ++313, /* "id-regCtrl" */ ++316, /* "id-regCtrl-authenticator" */ ++319, /* "id-regCtrl-oldCertID" */ ++318, /* "id-regCtrl-pkiArchiveOptions" */ ++317, /* "id-regCtrl-pkiPublicationInfo" */ ++320, /* "id-regCtrl-protocolEncrKey" */ ++315, /* "id-regCtrl-regToken" */ ++314, /* "id-regInfo" */ ++322, /* "id-regInfo-certReq" */ ++321, /* "id-regInfo-utf8Pairs" */ ++191, /* "id-smime-aa" */ ++215, /* "id-smime-aa-contentHint" */ ++218, /* "id-smime-aa-contentIdentifier" */ ++221, /* "id-smime-aa-contentReference" */ ++240, /* "id-smime-aa-dvcs-dvc" */ ++217, /* "id-smime-aa-encapContentType" */ ++222, /* "id-smime-aa-encrypKeyPref" */ ++220, /* "id-smime-aa-equivalentLabels" */ ++232, /* "id-smime-aa-ets-CertificateRefs" */ ++233, /* "id-smime-aa-ets-RevocationRefs" */ ++238, /* "id-smime-aa-ets-archiveTimeStamp" */ ++237, /* "id-smime-aa-ets-certCRLTimestamp" */ ++234, /* "id-smime-aa-ets-certValues" */ ++227, /* "id-smime-aa-ets-commitmentType" */ ++231, /* "id-smime-aa-ets-contentTimestamp" */ ++236, /* "id-smime-aa-ets-escTimeStamp" */ ++230, /* "id-smime-aa-ets-otherSigCert" */ ++235, /* "id-smime-aa-ets-revocationValues" */ ++226, /* "id-smime-aa-ets-sigPolicyId" */ ++229, /* "id-smime-aa-ets-signerAttr" */ ++228, /* "id-smime-aa-ets-signerLocation" */ ++219, /* "id-smime-aa-macValue" */ ++214, /* "id-smime-aa-mlExpandHistory" */ ++216, /* "id-smime-aa-msgSigDigest" */ ++212, /* "id-smime-aa-receiptRequest" */ ++213, /* "id-smime-aa-securityLabel" */ ++239, /* "id-smime-aa-signatureType" */ ++223, /* "id-smime-aa-signingCertificate" */ ++224, /* "id-smime-aa-smimeEncryptCerts" */ ++225, /* "id-smime-aa-timeStampToken" */ ++192, /* "id-smime-alg" */ ++243, /* "id-smime-alg-3DESwrap" */ ++246, /* "id-smime-alg-CMS3DESwrap" */ ++247, /* "id-smime-alg-CMSRC2wrap" */ ++245, /* "id-smime-alg-ESDH" */ ++241, /* "id-smime-alg-ESDHwith3DES" */ ++242, /* "id-smime-alg-ESDHwithRC2" */ ++244, /* "id-smime-alg-RC2wrap" */ ++193, /* "id-smime-cd" */ ++248, /* "id-smime-cd-ldap" */ ++190, /* "id-smime-ct" */ ++210, /* "id-smime-ct-DVCSRequestData" */ ++211, /* "id-smime-ct-DVCSResponseData" */ ++208, /* "id-smime-ct-TDTInfo" */ ++207, /* "id-smime-ct-TSTInfo" */ ++205, /* "id-smime-ct-authData" */ ++786, /* "id-smime-ct-compressedData" */ ++209, /* "id-smime-ct-contentInfo" */ ++206, /* "id-smime-ct-publishCert" */ ++204, /* "id-smime-ct-receipt" */ ++195, /* "id-smime-cti" */ ++255, /* "id-smime-cti-ets-proofOfApproval" */ ++256, /* "id-smime-cti-ets-proofOfCreation" */ ++253, /* "id-smime-cti-ets-proofOfDelivery" */ ++251, /* "id-smime-cti-ets-proofOfOrigin" */ ++252, /* "id-smime-cti-ets-proofOfReceipt" */ ++254, /* "id-smime-cti-ets-proofOfSender" */ ++189, /* "id-smime-mod" */ ++196, /* "id-smime-mod-cms" */ ++197, /* "id-smime-mod-ess" */ ++202, /* "id-smime-mod-ets-eSigPolicy-88" */ ++203, /* "id-smime-mod-ets-eSigPolicy-97" */ ++200, /* "id-smime-mod-ets-eSignature-88" */ ++201, /* "id-smime-mod-ets-eSignature-97" */ ++199, /* "id-smime-mod-msg-v3" */ ++198, /* "id-smime-mod-oid" */ ++194, /* "id-smime-spq" */ ++250, /* "id-smime-spq-ets-sqt-unotice" */ ++249, /* "id-smime-spq-ets-sqt-uri" */ ++34, /* "idea-cbc" */ ++35, /* "idea-cfb" */ ++36, /* "idea-ecb" */ ++46, /* "idea-ofb" */ ++676, /* "identified-organization" */ ++461, /* "info" */ ++101, /* "initials" */ ++869, /* "internationaliSDNNumber" */ ++749, /* "ipsec3" */ ++750, /* "ipsec4" */ ++181, /* "iso" */ ++623, /* "issuer capabilities" */ ++645, /* "itu-t" */ ++492, /* "janetMailbox" */ ++646, /* "joint-iso-itu-t" */ ++957, /* "jurisdictionCountryName" */ ++955, /* "jurisdictionLocalityName" */ ++956, /* "jurisdictionStateOrProvinceName" */ ++150, /* "keyBag" */ ++773, /* "kisa" */ ++477, /* "lastModifiedBy" */ ++476, /* "lastModifiedTime" */ ++157, /* "localKeyID" */ ++15, /* "localityName" */ ++480, /* "mXRecord" */ ++493, /* "mailPreferenceOption" */ ++467, /* "manager" */ ++ 3, /* "md2" */ ++ 7, /* "md2WithRSAEncryption" */ ++257, /* "md4" */ ++396, /* "md4WithRSAEncryption" */ ++ 4, /* "md5" */ ++114, /* "md5-sha1" */ ++104, /* "md5WithRSA" */ ++ 8, /* "md5WithRSAEncryption" */ ++95, /* "mdc2" */ ++96, /* "mdc2WithRSA" */ ++875, /* "member" */ ++602, /* "merchant initiated auth" */ ++514, /* "message extensions" */ ++51, /* "messageDigest" */ ++911, /* "mgf1" */ ++506, /* "mime-mhs-bodies" */ ++505, /* "mime-mhs-headings" */ ++488, /* "mobileTelephoneNumber" */ ++481, /* "nSRecord" */ ++173, /* "name" */ ++681, /* "onBasis" */ ++379, /* "org" */ ++17, /* "organizationName" */ ++491, /* "organizationalStatus" */ ++18, /* "organizationalUnitName" */ ++475, /* "otherMailbox" */ ++876, /* "owner" */ ++935, /* "pSpecified" */ ++489, /* "pagerTelephoneNumber" */ ++782, /* "password based MAC" */ ++374, /* "path" */ ++621, /* "payment gateway capabilities" */ ++ 9, /* "pbeWithMD2AndDES-CBC" */ ++168, /* "pbeWithMD2AndRC2-CBC" */ ++112, /* "pbeWithMD5AndCast5CBC" */ ++10, /* "pbeWithMD5AndDES-CBC" */ ++169, /* "pbeWithMD5AndRC2-CBC" */ ++148, /* "pbeWithSHA1And128BitRC2-CBC" */ ++144, /* "pbeWithSHA1And128BitRC4" */ ++147, /* "pbeWithSHA1And2-KeyTripleDES-CBC" */ ++146, /* "pbeWithSHA1And3-KeyTripleDES-CBC" */ ++149, /* "pbeWithSHA1And40BitRC2-CBC" */ ++145, /* "pbeWithSHA1And40BitRC4" */ ++170, /* "pbeWithSHA1AndDES-CBC" */ ++68, /* "pbeWithSHA1AndRC2-CBC" */ ++499, /* "personalSignature" */ ++487, /* "personalTitle" */ ++464, /* "photo" */ ++863, /* "physicalDeliveryOfficeName" */ ++437, /* "pilot" */ ++439, /* "pilotAttributeSyntax" */ ++438, /* "pilotAttributeType" */ ++479, /* "pilotAttributeType27" */ ++456, /* "pilotDSA" */ ++441, /* "pilotGroups" */ ++444, /* "pilotObject" */ ++440, /* "pilotObjectClass" */ ++455, /* "pilotOrganization" */ ++445, /* "pilotPerson" */ ++186, /* "pkcs1" */ ++27, /* "pkcs3" */ ++187, /* "pkcs5" */ ++20, /* "pkcs7" */ ++21, /* "pkcs7-data" */ ++25, /* "pkcs7-digestData" */ ++26, /* "pkcs7-encryptedData" */ ++23, /* "pkcs7-envelopedData" */ ++24, /* "pkcs7-signedAndEnvelopedData" */ ++22, /* "pkcs7-signedData" */ ++151, /* "pkcs8ShroudedKeyBag" */ ++47, /* "pkcs9" */ ++862, /* "postOfficeBox" */ ++861, /* "postalAddress" */ ++661, /* "postalCode" */ ++683, /* "ppBasis" */ ++872, /* "preferredDeliveryMethod" */ ++873, /* "presentationAddress" */ ++406, /* "prime-field" */ ++409, /* "prime192v1" */ ++410, /* "prime192v2" */ ++411, /* "prime192v3" */ ++412, /* "prime239v1" */ ++413, /* "prime239v2" */ ++414, /* "prime239v3" */ ++415, /* "prime256v1" */ ++886, /* "protocolInformation" */ ++510, /* "pseudonym" */ ++435, /* "pss" */ ++286, /* "qcStatements" */ ++457, /* "qualityLabelledData" */ ++450, /* "rFC822localPart" */ ++98, /* "rc2-40-cbc" */ ++166, /* "rc2-64-cbc" */ ++37, /* "rc2-cbc" */ ++39, /* "rc2-cfb" */ ++38, /* "rc2-ecb" */ ++40, /* "rc2-ofb" */ ++ 5, /* "rc4" */ ++97, /* "rc4-40" */ ++915, /* "rc4-hmac-md5" */ ++120, /* "rc5-cbc" */ ++122, /* "rc5-cfb" */ ++121, /* "rc5-ecb" */ ++123, /* "rc5-ofb" */ ++870, /* "registeredAddress" */ ++460, /* "rfc822Mailbox" */ ++117, /* "ripemd160" */ ++119, /* "ripemd160WithRSA" */ ++400, /* "role" */ ++877, /* "roleOccupant" */ ++448, /* "room" */ ++463, /* "roomNumber" */ ++19, /* "rsa" */ ++ 6, /* "rsaEncryption" */ ++644, /* "rsaOAEPEncryptionSET" */ ++377, /* "rsaSignature" */ ++919, /* "rsaesOaep" */ ++912, /* "rsassaPss" */ ++124, /* "run length compression" */ ++482, /* "sOARecord" */ ++155, /* "safeContentsBag" */ ++291, /* "sbgp-autonomousSysNum" */ ++290, /* "sbgp-ipAddrBlock" */ ++292, /* "sbgp-routerIdentifier" */ ++159, /* "sdsiCertificate" */ ++859, /* "searchGuide" */ ++704, /* "secp112r1" */ ++705, /* "secp112r2" */ ++706, /* "secp128r1" */ ++707, /* "secp128r2" */ ++708, /* "secp160k1" */ ++709, /* "secp160r1" */ ++710, /* "secp160r2" */ ++711, /* "secp192k1" */ ++712, /* "secp224k1" */ ++713, /* "secp224r1" */ ++714, /* "secp256k1" */ ++715, /* "secp384r1" */ ++716, /* "secp521r1" */ ++154, /* "secretBag" */ ++474, /* "secretary" */ ++717, /* "sect113r1" */ ++718, /* "sect113r2" */ ++719, /* "sect131r1" */ ++720, /* "sect131r2" */ ++721, /* "sect163k1" */ ++722, /* "sect163r1" */ ++723, /* "sect163r2" */ ++724, /* "sect193r1" */ ++725, /* "sect193r2" */ ++726, /* "sect233k1" */ ++727, /* "sect233r1" */ ++728, /* "sect239k1" */ ++729, /* "sect283k1" */ ++730, /* "sect283r1" */ ++731, /* "sect409k1" */ ++732, /* "sect409r1" */ ++733, /* "sect571k1" */ ++734, /* "sect571r1" */ ++635, /* "secure device signature" */ ++878, /* "seeAlso" */ ++777, /* "seed-cbc" */ ++779, /* "seed-cfb" */ ++776, /* "seed-ecb" */ ++778, /* "seed-ofb" */ ++105, /* "serialNumber" */ ++625, /* "set-addPolicy" */ ++515, /* "set-attr" */ ++518, /* "set-brand" */ ++638, /* "set-brand-AmericanExpress" */ ++637, /* "set-brand-Diners" */ ++636, /* "set-brand-IATA-ATA" */ ++639, /* "set-brand-JCB" */ ++641, /* "set-brand-MasterCard" */ ++642, /* "set-brand-Novus" */ ++640, /* "set-brand-Visa" */ ++516, /* "set-policy" */ ++607, /* "set-policy-root" */ ++624, /* "set-rootKeyThumb" */ ++620, /* "setAttr-Cert" */ ++628, /* "setAttr-IssCap-CVM" */ ++630, /* "setAttr-IssCap-Sig" */ ++629, /* "setAttr-IssCap-T2" */ ++627, /* "setAttr-Token-B0Prime" */ ++626, /* "setAttr-Token-EMV" */ ++622, /* "setAttr-TokenType" */ ++619, /* "setCext-IssuerCapabilities" */ ++615, /* "setCext-PGWYcapabilities" */ ++616, /* "setCext-TokenIdentifier" */ ++618, /* "setCext-TokenType" */ ++617, /* "setCext-Track2Data" */ ++611, /* "setCext-cCertRequired" */ ++609, /* "setCext-certType" */ ++608, /* "setCext-hashedRoot" */ ++610, /* "setCext-merchData" */ ++613, /* "setCext-setExt" */ ++614, /* "setCext-setQualf" */ ++612, /* "setCext-tunneling" */ ++540, /* "setct-AcqCardCodeMsg" */ ++576, /* "setct-AcqCardCodeMsgTBE" */ ++570, /* "setct-AuthReqTBE" */ ++534, /* "setct-AuthReqTBS" */ ++527, /* "setct-AuthResBaggage" */ ++571, /* "setct-AuthResTBE" */ ++572, /* "setct-AuthResTBEX" */ ++535, /* "setct-AuthResTBS" */ ++536, /* "setct-AuthResTBSX" */ ++528, /* "setct-AuthRevReqBaggage" */ ++577, /* "setct-AuthRevReqTBE" */ ++541, /* "setct-AuthRevReqTBS" */ ++529, /* "setct-AuthRevResBaggage" */ ++542, /* "setct-AuthRevResData" */ ++578, /* "setct-AuthRevResTBE" */ ++579, /* "setct-AuthRevResTBEB" */ ++543, /* "setct-AuthRevResTBS" */ ++573, /* "setct-AuthTokenTBE" */ ++537, /* "setct-AuthTokenTBS" */ ++600, /* "setct-BCIDistributionTBS" */ ++558, /* "setct-BatchAdminReqData" */ ++592, /* "setct-BatchAdminReqTBE" */ ++559, /* "setct-BatchAdminResData" */ ++593, /* "setct-BatchAdminResTBE" */ ++599, /* "setct-CRLNotificationResTBS" */ ++598, /* "setct-CRLNotificationTBS" */ ++580, /* "setct-CapReqTBE" */ ++581, /* "setct-CapReqTBEX" */ ++544, /* "setct-CapReqTBS" */ ++545, /* "setct-CapReqTBSX" */ ++546, /* "setct-CapResData" */ ++582, /* "setct-CapResTBE" */ ++583, /* "setct-CapRevReqTBE" */ ++584, /* "setct-CapRevReqTBEX" */ ++547, /* "setct-CapRevReqTBS" */ ++548, /* "setct-CapRevReqTBSX" */ ++549, /* "setct-CapRevResData" */ ++585, /* "setct-CapRevResTBE" */ ++538, /* "setct-CapTokenData" */ ++530, /* "setct-CapTokenSeq" */ ++574, /* "setct-CapTokenTBE" */ ++575, /* "setct-CapTokenTBEX" */ ++539, /* "setct-CapTokenTBS" */ ++560, /* "setct-CardCInitResTBS" */ ++566, /* "setct-CertInqReqTBS" */ ++563, /* "setct-CertReqData" */ ++595, /* "setct-CertReqTBE" */ ++596, /* "setct-CertReqTBEX" */ ++564, /* "setct-CertReqTBS" */ ++565, /* "setct-CertResData" */ ++597, /* "setct-CertResTBE" */ ++586, /* "setct-CredReqTBE" */ ++587, /* "setct-CredReqTBEX" */ ++550, /* "setct-CredReqTBS" */ ++551, /* "setct-CredReqTBSX" */ ++552, /* "setct-CredResData" */ ++588, /* "setct-CredResTBE" */ ++589, /* "setct-CredRevReqTBE" */ ++590, /* "setct-CredRevReqTBEX" */ ++553, /* "setct-CredRevReqTBS" */ ++554, /* "setct-CredRevReqTBSX" */ ++555, /* "setct-CredRevResData" */ ++591, /* "setct-CredRevResTBE" */ ++567, /* "setct-ErrorTBS" */ ++526, /* "setct-HODInput" */ ++561, /* "setct-MeAqCInitResTBS" */ ++522, /* "setct-OIData" */ ++519, /* "setct-PANData" */ ++521, /* "setct-PANOnly" */ ++520, /* "setct-PANToken" */ ++556, /* "setct-PCertReqData" */ ++557, /* "setct-PCertResTBS" */ ++523, /* "setct-PI" */ ++532, /* "setct-PI-TBS" */ ++524, /* "setct-PIData" */ ++525, /* "setct-PIDataUnsigned" */ ++568, /* "setct-PIDualSignedTBE" */ ++569, /* "setct-PIUnsignedTBE" */ ++531, /* "setct-PInitResData" */ ++533, /* "setct-PResData" */ ++594, /* "setct-RegFormReqTBE" */ ++562, /* "setct-RegFormResTBS" */ ++604, /* "setext-pinAny" */ ++603, /* "setext-pinSecure" */ ++605, /* "setext-track2" */ ++41, /* "sha" */ ++64, /* "sha1" */ ++115, /* "sha1WithRSA" */ ++65, /* "sha1WithRSAEncryption" */ ++675, /* "sha224" */ ++671, /* "sha224WithRSAEncryption" */ ++672, /* "sha256" */ ++668, /* "sha256WithRSAEncryption" */ ++673, /* "sha384" */ ++669, /* "sha384WithRSAEncryption" */ ++674, /* "sha512" */ ++670, /* "sha512WithRSAEncryption" */ ++42, /* "shaWithRSAEncryption" */ ++52, /* "signingTime" */ ++454, /* "simpleSecurityObject" */ ++496, /* "singleLevelQuality" */ ++16, /* "stateOrProvinceName" */ ++660, /* "streetAddress" */ ++498, /* "subtreeMaximumQuality" */ ++497, /* "subtreeMinimumQuality" */ ++890, /* "supportedAlgorithms" */ ++874, /* "supportedApplicationContext" */ ++100, /* "surname" */ ++864, /* "telephoneNumber" */ ++866, /* "teletexTerminalIdentifier" */ ++865, /* "telexNumber" */ ++459, /* "textEncodedORAddress" */ ++293, /* "textNotice" */ ++106, /* "title" */ ++682, /* "tpBasis" */ ++436, /* "ucl" */ ++ 0, /* "undefined" */ ++888, /* "uniqueMember" */ ++55, /* "unstructuredAddress" */ ++49, /* "unstructuredName" */ ++880, /* "userCertificate" */ ++465, /* "userClass" */ ++458, /* "userId" */ ++879, /* "userPassword" */ ++373, /* "valid" */ ++678, /* "wap" */ ++679, /* "wap-wsg" */ ++735, /* "wap-wsg-idm-ecid-wtls1" */ ++743, /* "wap-wsg-idm-ecid-wtls10" */ ++744, /* "wap-wsg-idm-ecid-wtls11" */ ++745, /* "wap-wsg-idm-ecid-wtls12" */ ++736, /* "wap-wsg-idm-ecid-wtls3" */ ++737, /* "wap-wsg-idm-ecid-wtls4" */ ++738, /* "wap-wsg-idm-ecid-wtls5" */ ++739, /* "wap-wsg-idm-ecid-wtls6" */ ++740, /* "wap-wsg-idm-ecid-wtls7" */ ++741, /* "wap-wsg-idm-ecid-wtls8" */ ++742, /* "wap-wsg-idm-ecid-wtls9" */ ++804, /* "whirlpool" */ ++868, /* "x121Address" */ ++503, /* "x500UniqueIdentifier" */ ++158, /* "x509Certificate" */ ++160, /* "x509Crl" */ ++125, /* "zlib compression" */ + }; + +-#define NUM_OBJ 956 +-static const unsigned int obj_objs[NUM_OBJ] = { +- 0, /* OBJ_undef 0 */ +- 181, /* OBJ_iso 1 */ +- 393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ +- 404, /* OBJ_ccitt OBJ_itu_t */ +- 645, /* OBJ_itu_t 0 */ +- 646, /* OBJ_joint_iso_itu_t 2 */ +- 434, /* OBJ_data 0 9 */ +- 182, /* OBJ_member_body 1 2 */ +- 379, /* OBJ_org 1 3 */ +- 676, /* OBJ_identified_organization 1 3 */ +- 11, /* OBJ_X500 2 5 */ +- 647, /* OBJ_international_organizations 2 23 */ +- 380, /* OBJ_dod 1 3 6 */ +- 12, /* OBJ_X509 2 5 4 */ +- 378, /* OBJ_X500algorithms 2 5 8 */ +- 81, /* OBJ_id_ce 2 5 29 */ +- 512, /* OBJ_id_set 2 23 42 */ +- 678, /* OBJ_wap 2 23 43 */ +- 435, /* OBJ_pss 0 9 2342 */ +- 183, /* OBJ_ISO_US 1 2 840 */ +- 381, /* OBJ_iana 1 3 6 1 */ +- 1034, /* OBJ_X25519 1 3 101 110 */ +- 1035, /* OBJ_X448 1 3 101 111 */ +- 677, /* OBJ_certicom_arc 1 3 132 */ +- 394, /* OBJ_selected_attribute_types 2 5 1 5 */ +- 13, /* OBJ_commonName 2 5 4 3 */ +- 100, /* OBJ_surname 2 5 4 4 */ +- 105, /* OBJ_serialNumber 2 5 4 5 */ +- 14, /* OBJ_countryName 2 5 4 6 */ +- 15, /* OBJ_localityName 2 5 4 7 */ +- 16, /* OBJ_stateOrProvinceName 2 5 4 8 */ +- 660, /* OBJ_streetAddress 2 5 4 9 */ +- 17, /* OBJ_organizationName 2 5 4 10 */ +- 18, /* OBJ_organizationalUnitName 2 5 4 11 */ +- 106, /* OBJ_title 2 5 4 12 */ +- 107, /* OBJ_description 2 5 4 13 */ +- 859, /* OBJ_searchGuide 2 5 4 14 */ +- 860, /* OBJ_businessCategory 2 5 4 15 */ +- 861, /* OBJ_postalAddress 2 5 4 16 */ +- 661, /* OBJ_postalCode 2 5 4 17 */ +- 862, /* OBJ_postOfficeBox 2 5 4 18 */ +- 863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ +- 864, /* OBJ_telephoneNumber 2 5 4 20 */ +- 865, /* OBJ_telexNumber 2 5 4 21 */ +- 866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ +- 867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ +- 868, /* OBJ_x121Address 2 5 4 24 */ +- 869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ +- 870, /* OBJ_registeredAddress 2 5 4 26 */ +- 871, /* OBJ_destinationIndicator 2 5 4 27 */ +- 872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ +- 873, /* OBJ_presentationAddress 2 5 4 29 */ +- 874, /* OBJ_supportedApplicationContext 2 5 4 30 */ +- 875, /* OBJ_member 2 5 4 31 */ +- 876, /* OBJ_owner 2 5 4 32 */ +- 877, /* OBJ_roleOccupant 2 5 4 33 */ +- 878, /* OBJ_seeAlso 2 5 4 34 */ +- 879, /* OBJ_userPassword 2 5 4 35 */ +- 880, /* OBJ_userCertificate 2 5 4 36 */ +- 881, /* OBJ_cACertificate 2 5 4 37 */ +- 882, /* OBJ_authorityRevocationList 2 5 4 38 */ +- 883, /* OBJ_certificateRevocationList 2 5 4 39 */ +- 884, /* OBJ_crossCertificatePair 2 5 4 40 */ +- 173, /* OBJ_name 2 5 4 41 */ +- 99, /* OBJ_givenName 2 5 4 42 */ +- 101, /* OBJ_initials 2 5 4 43 */ +- 509, /* OBJ_generationQualifier 2 5 4 44 */ +- 503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ +- 174, /* OBJ_dnQualifier 2 5 4 46 */ +- 885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ +- 886, /* OBJ_protocolInformation 2 5 4 48 */ +- 887, /* OBJ_distinguishedName 2 5 4 49 */ +- 888, /* OBJ_uniqueMember 2 5 4 50 */ +- 889, /* OBJ_houseIdentifier 2 5 4 51 */ +- 890, /* OBJ_supportedAlgorithms 2 5 4 52 */ +- 891, /* OBJ_deltaRevocationList 2 5 4 53 */ +- 892, /* OBJ_dmdName 2 5 4 54 */ +- 510, /* OBJ_pseudonym 2 5 4 65 */ +- 400, /* OBJ_role 2 5 4 72 */ +- 769, /* OBJ_subject_directory_attributes 2 5 29 9 */ +- 82, /* OBJ_subject_key_identifier 2 5 29 14 */ +- 83, /* OBJ_key_usage 2 5 29 15 */ +- 84, /* OBJ_private_key_usage_period 2 5 29 16 */ +- 85, /* OBJ_subject_alt_name 2 5 29 17 */ +- 86, /* OBJ_issuer_alt_name 2 5 29 18 */ +- 87, /* OBJ_basic_constraints 2 5 29 19 */ +- 88, /* OBJ_crl_number 2 5 29 20 */ +- 141, /* OBJ_crl_reason 2 5 29 21 */ +- 430, /* OBJ_hold_instruction_code 2 5 29 23 */ +- 142, /* OBJ_invalidity_date 2 5 29 24 */ +- 140, /* OBJ_delta_crl 2 5 29 27 */ +- 770, /* OBJ_issuing_distribution_point 2 5 29 28 */ +- 771, /* OBJ_certificate_issuer 2 5 29 29 */ +- 666, /* OBJ_name_constraints 2 5 29 30 */ +- 103, /* OBJ_crl_distribution_points 2 5 29 31 */ +- 89, /* OBJ_certificate_policies 2 5 29 32 */ +- 747, /* OBJ_policy_mappings 2 5 29 33 */ +- 90, /* OBJ_authority_key_identifier 2 5 29 35 */ +- 401, /* OBJ_policy_constraints 2 5 29 36 */ +- 126, /* OBJ_ext_key_usage 2 5 29 37 */ +- 857, /* OBJ_freshest_crl 2 5 29 46 */ +- 748, /* OBJ_inhibit_any_policy 2 5 29 54 */ +- 402, /* OBJ_target_information 2 5 29 55 */ +- 403, /* OBJ_no_rev_avail 2 5 29 56 */ +- 513, /* OBJ_set_ctype 2 23 42 0 */ +- 514, /* OBJ_set_msgExt 2 23 42 1 */ +- 515, /* OBJ_set_attr 2 23 42 3 */ +- 516, /* OBJ_set_policy 2 23 42 5 */ +- 517, /* OBJ_set_certExt 2 23 42 7 */ +- 518, /* OBJ_set_brand 2 23 42 8 */ +- 679, /* OBJ_wap_wsg 2 23 43 1 */ +- 382, /* OBJ_Directory 1 3 6 1 1 */ +- 383, /* OBJ_Management 1 3 6 1 2 */ +- 384, /* OBJ_Experimental 1 3 6 1 3 */ +- 385, /* OBJ_Private 1 3 6 1 4 */ +- 386, /* OBJ_Security 1 3 6 1 5 */ +- 387, /* OBJ_SNMPv2 1 3 6 1 6 */ +- 388, /* OBJ_Mail 1 3 6 1 7 */ +- 376, /* OBJ_algorithm 1 3 14 3 2 */ +- 395, /* OBJ_clearance 2 5 1 5 55 */ +- 19, /* OBJ_rsa 2 5 8 1 1 */ +- 96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ +- 95, /* OBJ_mdc2 2 5 8 3 101 */ +- 746, /* OBJ_any_policy 2 5 29 32 0 */ +- 910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */ +- 519, /* OBJ_setct_PANData 2 23 42 0 0 */ +- 520, /* OBJ_setct_PANToken 2 23 42 0 1 */ +- 521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ +- 522, /* OBJ_setct_OIData 2 23 42 0 3 */ +- 523, /* OBJ_setct_PI 2 23 42 0 4 */ +- 524, /* OBJ_setct_PIData 2 23 42 0 5 */ +- 525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ +- 526, /* OBJ_setct_HODInput 2 23 42 0 7 */ +- 527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ +- 528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ +- 529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ +- 530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ +- 531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ +- 532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ +- 533, /* OBJ_setct_PResData 2 23 42 0 14 */ +- 534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ +- 535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ +- 536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ +- 537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ +- 538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ +- 539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ +- 540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ +- 541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ +- 542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ +- 543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ +- 544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ +- 545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ +- 546, /* OBJ_setct_CapResData 2 23 42 0 28 */ +- 547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ +- 548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ +- 549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ +- 550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ +- 551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ +- 552, /* OBJ_setct_CredResData 2 23 42 0 34 */ +- 553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ +- 554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ +- 555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ +- 556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ +- 557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ +- 558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ +- 559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ +- 560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ +- 561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ +- 562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ +- 563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ +- 564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ +- 565, /* OBJ_setct_CertResData 2 23 42 0 47 */ +- 566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ +- 567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ +- 568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ +- 569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ +- 570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ +- 571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ +- 572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ +- 573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ +- 574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ +- 575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ +- 576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ +- 577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ +- 578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ +- 579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ +- 580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ +- 581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ +- 582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ +- 583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ +- 584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ +- 585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ +- 586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ +- 587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ +- 588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ +- 589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ +- 590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ +- 591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ +- 592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ +- 593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ +- 594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ +- 595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ +- 596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ +- 597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ +- 598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ +- 599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ +- 600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ +- 601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ +- 602, /* OBJ_setext_miAuth 2 23 42 1 3 */ +- 603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ +- 604, /* OBJ_setext_pinAny 2 23 42 1 5 */ +- 605, /* OBJ_setext_track2 2 23 42 1 7 */ +- 606, /* OBJ_setext_cv 2 23 42 1 8 */ +- 620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ +- 621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ +- 622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ +- 623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ +- 607, /* OBJ_set_policy_root 2 23 42 5 0 */ +- 608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ +- 609, /* OBJ_setCext_certType 2 23 42 7 1 */ +- 610, /* OBJ_setCext_merchData 2 23 42 7 2 */ +- 611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ +- 612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ +- 613, /* OBJ_setCext_setExt 2 23 42 7 5 */ +- 614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ +- 615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ +- 616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ +- 617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ +- 618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ +- 619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ +- 636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ +- 640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ +- 641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ +- 637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ +- 638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ +- 639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ +- 805, /* OBJ_cryptopro 1 2 643 2 2 */ +- 806, /* OBJ_cryptocom 1 2 643 2 9 */ +- 974, /* OBJ_id_tc26 1 2 643 7 1 */ +- 1005, /* OBJ_OGRN 1 2 643 100 1 */ +- 1006, /* OBJ_SNILS 1 2 643 100 3 */ +- 1007, /* OBJ_subjectSignTool 1 2 643 100 111 */ +- 1008, /* OBJ_issuerSignTool 1 2 643 100 112 */ +- 184, /* OBJ_X9_57 1 2 840 10040 */ +- 405, /* OBJ_ansi_X9_62 1 2 840 10045 */ +- 389, /* OBJ_Enterprises 1 3 6 1 4 1 */ +- 504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ +- 104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ +- 29, /* OBJ_des_ecb 1 3 14 3 2 6 */ +- 31, /* OBJ_des_cbc 1 3 14 3 2 7 */ +- 45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ +- 30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ +- 377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ +- 67, /* OBJ_dsa_2 1 3 14 3 2 12 */ +- 66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ +- 42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ +- 32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ +- 41, /* OBJ_sha 1 3 14 3 2 18 */ +- 64, /* OBJ_sha1 1 3 14 3 2 26 */ +- 70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ +- 115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ +- 117, /* OBJ_ripemd160 1 3 36 3 2 1 */ +- 143, /* OBJ_sxnet 1 3 101 1 4 1 */ +- 721, /* OBJ_sect163k1 1 3 132 0 1 */ +- 722, /* OBJ_sect163r1 1 3 132 0 2 */ +- 728, /* OBJ_sect239k1 1 3 132 0 3 */ +- 717, /* OBJ_sect113r1 1 3 132 0 4 */ +- 718, /* OBJ_sect113r2 1 3 132 0 5 */ +- 704, /* OBJ_secp112r1 1 3 132 0 6 */ +- 705, /* OBJ_secp112r2 1 3 132 0 7 */ +- 709, /* OBJ_secp160r1 1 3 132 0 8 */ +- 708, /* OBJ_secp160k1 1 3 132 0 9 */ +- 714, /* OBJ_secp256k1 1 3 132 0 10 */ +- 723, /* OBJ_sect163r2 1 3 132 0 15 */ +- 729, /* OBJ_sect283k1 1 3 132 0 16 */ +- 730, /* OBJ_sect283r1 1 3 132 0 17 */ +- 719, /* OBJ_sect131r1 1 3 132 0 22 */ +- 720, /* OBJ_sect131r2 1 3 132 0 23 */ +- 724, /* OBJ_sect193r1 1 3 132 0 24 */ +- 725, /* OBJ_sect193r2 1 3 132 0 25 */ +- 726, /* OBJ_sect233k1 1 3 132 0 26 */ +- 727, /* OBJ_sect233r1 1 3 132 0 27 */ +- 706, /* OBJ_secp128r1 1 3 132 0 28 */ +- 707, /* OBJ_secp128r2 1 3 132 0 29 */ +- 710, /* OBJ_secp160r2 1 3 132 0 30 */ +- 711, /* OBJ_secp192k1 1 3 132 0 31 */ +- 712, /* OBJ_secp224k1 1 3 132 0 32 */ +- 713, /* OBJ_secp224r1 1 3 132 0 33 */ +- 715, /* OBJ_secp384r1 1 3 132 0 34 */ +- 716, /* OBJ_secp521r1 1 3 132 0 35 */ +- 731, /* OBJ_sect409k1 1 3 132 0 36 */ +- 732, /* OBJ_sect409r1 1 3 132 0 37 */ +- 733, /* OBJ_sect571k1 1 3 132 0 38 */ +- 734, /* OBJ_sect571r1 1 3 132 0 39 */ +- 624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ +- 625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ +- 626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ +- 627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ +- 628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ +- 629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ +- 630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ +- 642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ +- 735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ +- 736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ +- 737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ +- 738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ +- 739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ +- 740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ +- 741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ +- 742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ +- 743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ +- 744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ +- 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ +- 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ +- 773, /* OBJ_kisa 1 2 410 200004 */ +- 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ +- 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ +- 809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ +- 810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ +- 811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ +- 812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ +- 813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ +- 815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ +- 816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ +- 817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ +- 818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ +- 977, /* OBJ_id_tc26_algorithms 1 2 643 7 1 1 */ +- 994, /* OBJ_id_tc26_constants 1 2 643 7 1 2 */ +- 1, /* OBJ_rsadsi 1 2 840 113549 */ +- 185, /* OBJ_X9cm 1 2 840 10040 4 */ +- 1031, /* OBJ_id_pkinit 1 3 6 1 5 2 3 */ +- 127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ +- 505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ +- 506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ +- 119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ +- 937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ +- 938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ +- 939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ +- 940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ +- 942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ +- 943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ +- 944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ +- 945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ +- 631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ +- 632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ +- 633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ +- 634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ +- 635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ +- 436, /* OBJ_ucl 0 9 2342 19200300 */ +- 820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ +- 819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ +- 845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ +- 846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ +- 847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ +- 848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ +- 821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ +- 822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ +- 823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ +- 824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ +- 825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ +- 826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ +- 827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ +- 828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ +- 829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ +- 830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ +- 831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ +- 832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ +- 833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ +- 834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ +- 835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ +- 836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ +- 837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ +- 838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ +- 839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ +- 840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ +- 841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ +- 842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ +- 843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ +- 844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ +- 978, /* OBJ_id_tc26_sign 1 2 643 7 1 1 1 */ +- 981, /* OBJ_id_tc26_digest 1 2 643 7 1 1 2 */ +- 984, /* OBJ_id_tc26_signwithdigest 1 2 643 7 1 1 3 */ +- 987, /* OBJ_id_tc26_mac 1 2 643 7 1 1 4 */ +- 990, /* OBJ_id_tc26_cipher 1 2 643 7 1 1 5 */ +- 991, /* OBJ_id_tc26_agreement 1 2 643 7 1 1 6 */ +- 995, /* OBJ_id_tc26_sign_constants 1 2 643 7 1 2 1 */ +- 1000, /* OBJ_id_tc26_digest_constants 1 2 643 7 1 2 2 */ +- 1001, /* OBJ_id_tc26_cipher_constants 1 2 643 7 1 2 5 */ +- 2, /* OBJ_pkcs 1 2 840 113549 1 */ +- 431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ +- 432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ +- 433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ +- 116, /* OBJ_dsa 1 2 840 10040 4 1 */ +- 113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ +- 406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ +- 407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ +- 408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ +- 416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ +- 791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ +- 792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ +- 920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ +- 1032, /* OBJ_pkInitClientAuth 1 3 6 1 5 2 3 4 */ +- 1033, /* OBJ_pkInitKDC 1 3 6 1 5 2 3 5 */ +- 258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ +- 175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ +- 259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ +- 128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ +- 260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ +- 261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ +- 262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ +- 263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ +- 264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ +- 265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ +- 266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ +- 267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ +- 268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ +- 662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ +- 176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ +- 507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ +- 508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ +- 57, /* OBJ_netscape 2 16 840 1 113730 */ +- 754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ +- 766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ +- 757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ +- 961, /* OBJ_camellia_128_gcm 0 3 4401 5 3 1 9 6 */ +- 962, /* OBJ_camellia_128_ccm 0 3 4401 5 3 1 9 7 */ +- 963, /* OBJ_camellia_128_ctr 0 3 4401 5 3 1 9 9 */ +- 964, /* OBJ_camellia_128_cmac 0 3 4401 5 3 1 9 10 */ +- 755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ +- 767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ +- 758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ +- 965, /* OBJ_camellia_192_gcm 0 3 4401 5 3 1 9 26 */ +- 966, /* OBJ_camellia_192_ccm 0 3 4401 5 3 1 9 27 */ +- 967, /* OBJ_camellia_192_ctr 0 3 4401 5 3 1 9 29 */ +- 968, /* OBJ_camellia_192_cmac 0 3 4401 5 3 1 9 30 */ +- 756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ +- 768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ +- 759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ +- 969, /* OBJ_camellia_256_gcm 0 3 4401 5 3 1 9 46 */ +- 970, /* OBJ_camellia_256_ccm 0 3 4401 5 3 1 9 47 */ +- 971, /* OBJ_camellia_256_ctr 0 3 4401 5 3 1 9 49 */ +- 972, /* OBJ_camellia_256_cmac 0 3 4401 5 3 1 9 50 */ +- 437, /* OBJ_pilot 0 9 2342 19200300 100 */ +- 776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ +- 777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ +- 779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ +- 778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ +- 852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ +- 853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ +- 850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ +- 851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ +- 849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ +- 854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ +- 1004, /* OBJ_INN 1 2 643 3 131 1 1 */ +- 979, /* OBJ_id_GostR3410_2012_256 1 2 643 7 1 1 1 1 */ +- 980, /* OBJ_id_GostR3410_2012_512 1 2 643 7 1 1 1 2 */ +- 982, /* OBJ_id_GostR3411_2012_256 1 2 643 7 1 1 2 2 */ +- 983, /* OBJ_id_GostR3411_2012_512 1 2 643 7 1 1 2 3 */ +- 985, /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */ +- 986, /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */ +- 988, /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */ +- 989, /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */ +- 992, /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */ +- 993, /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */ +- 996, /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */ +- 1002, /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */ +- 186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ +- 27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ +- 187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ +- 20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ +- 47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ +- 3, /* OBJ_md2 1 2 840 113549 2 2 */ +- 257, /* OBJ_md4 1 2 840 113549 2 4 */ +- 4, /* OBJ_md5 1 2 840 113549 2 5 */ +- 797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ +- 163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ +- 798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ +- 799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ +- 800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ +- 801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ +- 37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ +- 5, /* OBJ_rc4 1 2 840 113549 3 4 */ +- 44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ +- 120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +- 643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ +- 680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ +- 684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ +- 685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ +- 686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ +- 687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ +- 688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ +- 689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ +- 690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ +- 691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ +- 692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ +- 693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ +- 694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ +- 695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ +- 696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ +- 697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ +- 698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ +- 699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ +- 700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ +- 701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ +- 702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ +- 703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ +- 409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ +- 410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ +- 411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ +- 412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ +- 413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ +- 414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ +- 415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ +- 793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ +- 794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ +- 795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ +- 796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ +- 269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ +- 270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ +- 271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ +- 272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ +- 273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ +- 274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ +- 275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ +- 276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ +- 277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ +- 278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ +- 279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ +- 280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ +- 281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ +- 282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ +- 283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ +- 284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ +- 177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ +- 285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ +- 286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ +- 287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ +- 288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ +- 289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ +- 290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ +- 291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ +- 292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ +- 397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ +- 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ +- 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ +- 1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ +- 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ +- 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ +- 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ +- 129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ +- 130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ +- 131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ +- 132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ +- 294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ +- 295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ +- 296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ +- 133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ +- 180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ +- 297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ +- 1022, /* OBJ_ipsec_IKE 1 3 6 1 5 5 7 3 17 */ +- 1023, /* OBJ_capwapAC 1 3 6 1 5 5 7 3 18 */ +- 1024, /* OBJ_capwapWTP 1 3 6 1 5 5 7 3 19 */ +- 1025, /* OBJ_sshClient 1 3 6 1 5 5 7 3 21 */ +- 1026, /* OBJ_sshServer 1 3 6 1 5 5 7 3 22 */ +- 1027, /* OBJ_sendRouter 1 3 6 1 5 5 7 3 23 */ +- 1028, /* OBJ_sendProxiedRouter 1 3 6 1 5 5 7 3 24 */ +- 1029, /* OBJ_sendOwner 1 3 6 1 5 5 7 3 25 */ +- 1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */ +- 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ +- 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ +- 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ +- 301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ +- 302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ +- 303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ +- 304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ +- 305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ +- 306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ +- 307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ +- 308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ +- 309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ +- 310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ +- 311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ +- 312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ +- 784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ +- 313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ +- 314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ +- 323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ +- 324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ +- 325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ +- 326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ +- 327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ +- 328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ +- 329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ +- 330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ +- 331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ +- 332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ +- 333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ +- 334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ +- 335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ +- 336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ +- 337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ +- 338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ +- 339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ +- 340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ +- 341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ +- 342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ +- 343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ +- 344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ +- 345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ +- 346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ +- 347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ +- 858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ +- 348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ +- 349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ +- 351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ +- 352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ +- 353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ +- 354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ +- 355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ +- 356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ +- 357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ +- 358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ +- 399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ +- 359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ +- 360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ +- 361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ +- 362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ +- 664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ +- 665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ +- 667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ +- 178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ +- 179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ +- 363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ +- 364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ +- 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ +- 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ +- 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ +- 58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ +- 59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ +- 438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ +- 439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ +- 440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ +- 441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ +- 997, /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */ +- 998, /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */ +- 999, /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */ +- 1003, /* OBJ_id_tc26_gost_28147_param_Z 1 2 643 7 1 2 5 1 1 */ +- 108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ +- 112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ +- 782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ +- 783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ +- 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ +- 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ +- 396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ +- 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ +- 65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ +- 644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ +- 919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ +- 911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ +- 935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ +- 912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ +- 668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ +- 669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ +- 670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ +- 671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ +- 28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ +- 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ +- 10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ +- 168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ +- 169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ +- 170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ +- 68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ +- 69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ +- 161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ +- 162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ +- 21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ +- 22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ +- 23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ +- 24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ +- 25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ +- 26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ +- 48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ +- 49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ +- 50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ +- 51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ +- 52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ +- 53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ +- 54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ +- 55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ +- 56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ +- 172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ +- 167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ +- 188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ +- 156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ +- 157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ +- 681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ +- 682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ +- 683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ +- 417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ +- 856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ +- 390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ +- 91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ +- 973, /* OBJ_id_scrypt 1 3 6 1 4 1 11591 4 11 */ +- 315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ +- 316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ +- 317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ +- 318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ +- 319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ +- 320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ +- 321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ +- 322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ +- 365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ +- 366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ +- 367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ +- 368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ +- 369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ +- 370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ +- 371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ +- 372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ +- 373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ +- 374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ +- 375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ +- 921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */ +- 922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */ +- 923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */ +- 924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */ +- 925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */ +- 926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */ +- 927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */ +- 928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */ +- 929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */ +- 930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */ +- 931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */ +- 932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ +- 933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ +- 934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ +- 936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ +- 941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ +- 418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ +- 419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ +- 420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ +- 421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ +- 788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ +- 895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */ +- 896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */ +- 897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */ +- 422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ +- 423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ +- 424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ +- 425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ +- 789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ +- 898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */ +- 899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */ +- 900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */ +- 426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ +- 427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ +- 428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ +- 429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ +- 790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ +- 901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */ +- 902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */ +- 903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */ +- 672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ +- 673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ +- 674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ +- 675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ +- 802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ +- 803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ +- 71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ +- 72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ +- 73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ +- 74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ +- 75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ +- 76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ +- 77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ +- 78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ +- 79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ +- 139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ +- 458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ +- 459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ +- 460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ +- 461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ +- 462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ +- 463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ +- 464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ +- 465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ +- 466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ +- 467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ +- 468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ +- 469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ +- 470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ +- 471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ +- 472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ +- 473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ +- 474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ +- 475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ +- 476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ +- 477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ +- 391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ +- 478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ +- 479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ +- 480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ +- 481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ +- 482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ +- 483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ +- 484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ +- 485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ +- 486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ +- 487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ +- 488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ +- 489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ +- 490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ +- 102, /* OBJ_uniqueIdentifier 0 9 2342 19200300 100 1 44 */ +- 491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ +- 492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ +- 493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ +- 494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ +- 495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ +- 496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ +- 497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ +- 498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ +- 499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ +- 500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ +- 501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ +- 502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ +- 442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ +- 443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ +- 444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ +- 445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ +- 446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ +- 447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ +- 448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ +- 449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ +- 392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ +- 450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ +- 451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ +- 452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ +- 453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ +- 454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ +- 455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ +- 456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ +- 457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ +- 189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ +- 190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ +- 191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ +- 192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ +- 193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ +- 194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ +- 195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ +- 158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ +- 159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ +- 160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ +- 144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ +- 145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ +- 146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ +- 147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ +- 148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ +- 149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ +- 171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ +- 134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ +- 135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ +- 136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ +- 137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ +- 138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ +- 648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ +- 649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ +- 951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ +- 952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ +- 953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ +- 954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ +- 751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ +- 752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ +- 753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ +- 907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ +- 908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ +- 909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ +- 196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ +- 197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ +- 198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ +- 199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ +- 200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ +- 201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ +- 202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ +- 203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ +- 204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ +- 205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ +- 206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ +- 207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ +- 208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ +- 209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ +- 210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ +- 211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ +- 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ +- 1058, /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */ +- 1059, /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */ +- 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ +- 1060, /* OBJ_id_ct_xml 1 2 840 113549 1 9 16 1 28 */ +- 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ +- 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ +- 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ +- 215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ +- 216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ +- 217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ +- 218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ +- 219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ +- 220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ +- 221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ +- 222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ +- 223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ +- 224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ +- 225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ +- 226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ +- 227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ +- 228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ +- 229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ +- 230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ +- 231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ +- 232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ +- 233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ +- 234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ +- 235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ +- 236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ +- 237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ +- 238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ +- 239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ +- 240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ +- 241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ +- 242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ +- 243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ +- 244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ +- 245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ +- 246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ +- 247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ +- 125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ +- 893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */ +- 248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ +- 249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ +- 250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ +- 251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ +- 252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ +- 253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ +- 254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ +- 255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ +- 256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ +- 150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ +- 151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ +- 152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ +- 153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ +- 154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ +- 155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ +- 34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ +- 955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ +- 956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ +- 957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ +- 1056, /* OBJ_blake2b512 1 3 6 1 4 1 1722 12 2 1 16 */ +- 1057, /* OBJ_blake2s256 1 3 6 1 4 1 1722 12 2 2 8 */ ++static const unsigned int obj_objs[NUM_OBJ]={ ++ 0, /* OBJ_undef 0 */ ++181, /* OBJ_iso 1 */ ++393, /* OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t */ ++404, /* OBJ_ccitt OBJ_itu_t */ ++645, /* OBJ_itu_t 0 */ ++646, /* OBJ_joint_iso_itu_t 2 */ ++434, /* OBJ_data 0 9 */ ++182, /* OBJ_member_body 1 2 */ ++379, /* OBJ_org 1 3 */ ++676, /* OBJ_identified_organization 1 3 */ ++11, /* OBJ_X500 2 5 */ ++647, /* OBJ_international_organizations 2 23 */ ++380, /* OBJ_dod 1 3 6 */ ++12, /* OBJ_X509 2 5 4 */ ++378, /* OBJ_X500algorithms 2 5 8 */ ++81, /* OBJ_id_ce 2 5 29 */ ++512, /* OBJ_id_set 2 23 42 */ ++678, /* OBJ_wap 2 23 43 */ ++435, /* OBJ_pss 0 9 2342 */ ++183, /* OBJ_ISO_US 1 2 840 */ ++381, /* OBJ_iana 1 3 6 1 */ ++677, /* OBJ_certicom_arc 1 3 132 */ ++394, /* OBJ_selected_attribute_types 2 5 1 5 */ ++13, /* OBJ_commonName 2 5 4 3 */ ++100, /* OBJ_surname 2 5 4 4 */ ++105, /* OBJ_serialNumber 2 5 4 5 */ ++14, /* OBJ_countryName 2 5 4 6 */ ++15, /* OBJ_localityName 2 5 4 7 */ ++16, /* OBJ_stateOrProvinceName 2 5 4 8 */ ++660, /* OBJ_streetAddress 2 5 4 9 */ ++17, /* OBJ_organizationName 2 5 4 10 */ ++18, /* OBJ_organizationalUnitName 2 5 4 11 */ ++106, /* OBJ_title 2 5 4 12 */ ++107, /* OBJ_description 2 5 4 13 */ ++859, /* OBJ_searchGuide 2 5 4 14 */ ++860, /* OBJ_businessCategory 2 5 4 15 */ ++861, /* OBJ_postalAddress 2 5 4 16 */ ++661, /* OBJ_postalCode 2 5 4 17 */ ++862, /* OBJ_postOfficeBox 2 5 4 18 */ ++863, /* OBJ_physicalDeliveryOfficeName 2 5 4 19 */ ++864, /* OBJ_telephoneNumber 2 5 4 20 */ ++865, /* OBJ_telexNumber 2 5 4 21 */ ++866, /* OBJ_teletexTerminalIdentifier 2 5 4 22 */ ++867, /* OBJ_facsimileTelephoneNumber 2 5 4 23 */ ++868, /* OBJ_x121Address 2 5 4 24 */ ++869, /* OBJ_internationaliSDNNumber 2 5 4 25 */ ++870, /* OBJ_registeredAddress 2 5 4 26 */ ++871, /* OBJ_destinationIndicator 2 5 4 27 */ ++872, /* OBJ_preferredDeliveryMethod 2 5 4 28 */ ++873, /* OBJ_presentationAddress 2 5 4 29 */ ++874, /* OBJ_supportedApplicationContext 2 5 4 30 */ ++875, /* OBJ_member 2 5 4 31 */ ++876, /* OBJ_owner 2 5 4 32 */ ++877, /* OBJ_roleOccupant 2 5 4 33 */ ++878, /* OBJ_seeAlso 2 5 4 34 */ ++879, /* OBJ_userPassword 2 5 4 35 */ ++880, /* OBJ_userCertificate 2 5 4 36 */ ++881, /* OBJ_cACertificate 2 5 4 37 */ ++882, /* OBJ_authorityRevocationList 2 5 4 38 */ ++883, /* OBJ_certificateRevocationList 2 5 4 39 */ ++884, /* OBJ_crossCertificatePair 2 5 4 40 */ ++173, /* OBJ_name 2 5 4 41 */ ++99, /* OBJ_givenName 2 5 4 42 */ ++101, /* OBJ_initials 2 5 4 43 */ ++509, /* OBJ_generationQualifier 2 5 4 44 */ ++503, /* OBJ_x500UniqueIdentifier 2 5 4 45 */ ++174, /* OBJ_dnQualifier 2 5 4 46 */ ++885, /* OBJ_enhancedSearchGuide 2 5 4 47 */ ++886, /* OBJ_protocolInformation 2 5 4 48 */ ++887, /* OBJ_distinguishedName 2 5 4 49 */ ++888, /* OBJ_uniqueMember 2 5 4 50 */ ++889, /* OBJ_houseIdentifier 2 5 4 51 */ ++890, /* OBJ_supportedAlgorithms 2 5 4 52 */ ++891, /* OBJ_deltaRevocationList 2 5 4 53 */ ++892, /* OBJ_dmdName 2 5 4 54 */ ++510, /* OBJ_pseudonym 2 5 4 65 */ ++400, /* OBJ_role 2 5 4 72 */ ++769, /* OBJ_subject_directory_attributes 2 5 29 9 */ ++82, /* OBJ_subject_key_identifier 2 5 29 14 */ ++83, /* OBJ_key_usage 2 5 29 15 */ ++84, /* OBJ_private_key_usage_period 2 5 29 16 */ ++85, /* OBJ_subject_alt_name 2 5 29 17 */ ++86, /* OBJ_issuer_alt_name 2 5 29 18 */ ++87, /* OBJ_basic_constraints 2 5 29 19 */ ++88, /* OBJ_crl_number 2 5 29 20 */ ++141, /* OBJ_crl_reason 2 5 29 21 */ ++430, /* OBJ_hold_instruction_code 2 5 29 23 */ ++142, /* OBJ_invalidity_date 2 5 29 24 */ ++140, /* OBJ_delta_crl 2 5 29 27 */ ++770, /* OBJ_issuing_distribution_point 2 5 29 28 */ ++771, /* OBJ_certificate_issuer 2 5 29 29 */ ++666, /* OBJ_name_constraints 2 5 29 30 */ ++103, /* OBJ_crl_distribution_points 2 5 29 31 */ ++89, /* OBJ_certificate_policies 2 5 29 32 */ ++747, /* OBJ_policy_mappings 2 5 29 33 */ ++90, /* OBJ_authority_key_identifier 2 5 29 35 */ ++401, /* OBJ_policy_constraints 2 5 29 36 */ ++126, /* OBJ_ext_key_usage 2 5 29 37 */ ++857, /* OBJ_freshest_crl 2 5 29 46 */ ++748, /* OBJ_inhibit_any_policy 2 5 29 54 */ ++402, /* OBJ_target_information 2 5 29 55 */ ++403, /* OBJ_no_rev_avail 2 5 29 56 */ ++513, /* OBJ_set_ctype 2 23 42 0 */ ++514, /* OBJ_set_msgExt 2 23 42 1 */ ++515, /* OBJ_set_attr 2 23 42 3 */ ++516, /* OBJ_set_policy 2 23 42 5 */ ++517, /* OBJ_set_certExt 2 23 42 7 */ ++518, /* OBJ_set_brand 2 23 42 8 */ ++679, /* OBJ_wap_wsg 2 23 43 1 */ ++382, /* OBJ_Directory 1 3 6 1 1 */ ++383, /* OBJ_Management 1 3 6 1 2 */ ++384, /* OBJ_Experimental 1 3 6 1 3 */ ++385, /* OBJ_Private 1 3 6 1 4 */ ++386, /* OBJ_Security 1 3 6 1 5 */ ++387, /* OBJ_SNMPv2 1 3 6 1 6 */ ++388, /* OBJ_Mail 1 3 6 1 7 */ ++376, /* OBJ_algorithm 1 3 14 3 2 */ ++395, /* OBJ_clearance 2 5 1 5 55 */ ++19, /* OBJ_rsa 2 5 8 1 1 */ ++96, /* OBJ_mdc2WithRSA 2 5 8 3 100 */ ++95, /* OBJ_mdc2 2 5 8 3 101 */ ++746, /* OBJ_any_policy 2 5 29 32 0 */ ++910, /* OBJ_anyExtendedKeyUsage 2 5 29 37 0 */ ++519, /* OBJ_setct_PANData 2 23 42 0 0 */ ++520, /* OBJ_setct_PANToken 2 23 42 0 1 */ ++521, /* OBJ_setct_PANOnly 2 23 42 0 2 */ ++522, /* OBJ_setct_OIData 2 23 42 0 3 */ ++523, /* OBJ_setct_PI 2 23 42 0 4 */ ++524, /* OBJ_setct_PIData 2 23 42 0 5 */ ++525, /* OBJ_setct_PIDataUnsigned 2 23 42 0 6 */ ++526, /* OBJ_setct_HODInput 2 23 42 0 7 */ ++527, /* OBJ_setct_AuthResBaggage 2 23 42 0 8 */ ++528, /* OBJ_setct_AuthRevReqBaggage 2 23 42 0 9 */ ++529, /* OBJ_setct_AuthRevResBaggage 2 23 42 0 10 */ ++530, /* OBJ_setct_CapTokenSeq 2 23 42 0 11 */ ++531, /* OBJ_setct_PInitResData 2 23 42 0 12 */ ++532, /* OBJ_setct_PI_TBS 2 23 42 0 13 */ ++533, /* OBJ_setct_PResData 2 23 42 0 14 */ ++534, /* OBJ_setct_AuthReqTBS 2 23 42 0 16 */ ++535, /* OBJ_setct_AuthResTBS 2 23 42 0 17 */ ++536, /* OBJ_setct_AuthResTBSX 2 23 42 0 18 */ ++537, /* OBJ_setct_AuthTokenTBS 2 23 42 0 19 */ ++538, /* OBJ_setct_CapTokenData 2 23 42 0 20 */ ++539, /* OBJ_setct_CapTokenTBS 2 23 42 0 21 */ ++540, /* OBJ_setct_AcqCardCodeMsg 2 23 42 0 22 */ ++541, /* OBJ_setct_AuthRevReqTBS 2 23 42 0 23 */ ++542, /* OBJ_setct_AuthRevResData 2 23 42 0 24 */ ++543, /* OBJ_setct_AuthRevResTBS 2 23 42 0 25 */ ++544, /* OBJ_setct_CapReqTBS 2 23 42 0 26 */ ++545, /* OBJ_setct_CapReqTBSX 2 23 42 0 27 */ ++546, /* OBJ_setct_CapResData 2 23 42 0 28 */ ++547, /* OBJ_setct_CapRevReqTBS 2 23 42 0 29 */ ++548, /* OBJ_setct_CapRevReqTBSX 2 23 42 0 30 */ ++549, /* OBJ_setct_CapRevResData 2 23 42 0 31 */ ++550, /* OBJ_setct_CredReqTBS 2 23 42 0 32 */ ++551, /* OBJ_setct_CredReqTBSX 2 23 42 0 33 */ ++552, /* OBJ_setct_CredResData 2 23 42 0 34 */ ++553, /* OBJ_setct_CredRevReqTBS 2 23 42 0 35 */ ++554, /* OBJ_setct_CredRevReqTBSX 2 23 42 0 36 */ ++555, /* OBJ_setct_CredRevResData 2 23 42 0 37 */ ++556, /* OBJ_setct_PCertReqData 2 23 42 0 38 */ ++557, /* OBJ_setct_PCertResTBS 2 23 42 0 39 */ ++558, /* OBJ_setct_BatchAdminReqData 2 23 42 0 40 */ ++559, /* OBJ_setct_BatchAdminResData 2 23 42 0 41 */ ++560, /* OBJ_setct_CardCInitResTBS 2 23 42 0 42 */ ++561, /* OBJ_setct_MeAqCInitResTBS 2 23 42 0 43 */ ++562, /* OBJ_setct_RegFormResTBS 2 23 42 0 44 */ ++563, /* OBJ_setct_CertReqData 2 23 42 0 45 */ ++564, /* OBJ_setct_CertReqTBS 2 23 42 0 46 */ ++565, /* OBJ_setct_CertResData 2 23 42 0 47 */ ++566, /* OBJ_setct_CertInqReqTBS 2 23 42 0 48 */ ++567, /* OBJ_setct_ErrorTBS 2 23 42 0 49 */ ++568, /* OBJ_setct_PIDualSignedTBE 2 23 42 0 50 */ ++569, /* OBJ_setct_PIUnsignedTBE 2 23 42 0 51 */ ++570, /* OBJ_setct_AuthReqTBE 2 23 42 0 52 */ ++571, /* OBJ_setct_AuthResTBE 2 23 42 0 53 */ ++572, /* OBJ_setct_AuthResTBEX 2 23 42 0 54 */ ++573, /* OBJ_setct_AuthTokenTBE 2 23 42 0 55 */ ++574, /* OBJ_setct_CapTokenTBE 2 23 42 0 56 */ ++575, /* OBJ_setct_CapTokenTBEX 2 23 42 0 57 */ ++576, /* OBJ_setct_AcqCardCodeMsgTBE 2 23 42 0 58 */ ++577, /* OBJ_setct_AuthRevReqTBE 2 23 42 0 59 */ ++578, /* OBJ_setct_AuthRevResTBE 2 23 42 0 60 */ ++579, /* OBJ_setct_AuthRevResTBEB 2 23 42 0 61 */ ++580, /* OBJ_setct_CapReqTBE 2 23 42 0 62 */ ++581, /* OBJ_setct_CapReqTBEX 2 23 42 0 63 */ ++582, /* OBJ_setct_CapResTBE 2 23 42 0 64 */ ++583, /* OBJ_setct_CapRevReqTBE 2 23 42 0 65 */ ++584, /* OBJ_setct_CapRevReqTBEX 2 23 42 0 66 */ ++585, /* OBJ_setct_CapRevResTBE 2 23 42 0 67 */ ++586, /* OBJ_setct_CredReqTBE 2 23 42 0 68 */ ++587, /* OBJ_setct_CredReqTBEX 2 23 42 0 69 */ ++588, /* OBJ_setct_CredResTBE 2 23 42 0 70 */ ++589, /* OBJ_setct_CredRevReqTBE 2 23 42 0 71 */ ++590, /* OBJ_setct_CredRevReqTBEX 2 23 42 0 72 */ ++591, /* OBJ_setct_CredRevResTBE 2 23 42 0 73 */ ++592, /* OBJ_setct_BatchAdminReqTBE 2 23 42 0 74 */ ++593, /* OBJ_setct_BatchAdminResTBE 2 23 42 0 75 */ ++594, /* OBJ_setct_RegFormReqTBE 2 23 42 0 76 */ ++595, /* OBJ_setct_CertReqTBE 2 23 42 0 77 */ ++596, /* OBJ_setct_CertReqTBEX 2 23 42 0 78 */ ++597, /* OBJ_setct_CertResTBE 2 23 42 0 79 */ ++598, /* OBJ_setct_CRLNotificationTBS 2 23 42 0 80 */ ++599, /* OBJ_setct_CRLNotificationResTBS 2 23 42 0 81 */ ++600, /* OBJ_setct_BCIDistributionTBS 2 23 42 0 82 */ ++601, /* OBJ_setext_genCrypt 2 23 42 1 1 */ ++602, /* OBJ_setext_miAuth 2 23 42 1 3 */ ++603, /* OBJ_setext_pinSecure 2 23 42 1 4 */ ++604, /* OBJ_setext_pinAny 2 23 42 1 5 */ ++605, /* OBJ_setext_track2 2 23 42 1 7 */ ++606, /* OBJ_setext_cv 2 23 42 1 8 */ ++620, /* OBJ_setAttr_Cert 2 23 42 3 0 */ ++621, /* OBJ_setAttr_PGWYcap 2 23 42 3 1 */ ++622, /* OBJ_setAttr_TokenType 2 23 42 3 2 */ ++623, /* OBJ_setAttr_IssCap 2 23 42 3 3 */ ++607, /* OBJ_set_policy_root 2 23 42 5 0 */ ++608, /* OBJ_setCext_hashedRoot 2 23 42 7 0 */ ++609, /* OBJ_setCext_certType 2 23 42 7 1 */ ++610, /* OBJ_setCext_merchData 2 23 42 7 2 */ ++611, /* OBJ_setCext_cCertRequired 2 23 42 7 3 */ ++612, /* OBJ_setCext_tunneling 2 23 42 7 4 */ ++613, /* OBJ_setCext_setExt 2 23 42 7 5 */ ++614, /* OBJ_setCext_setQualf 2 23 42 7 6 */ ++615, /* OBJ_setCext_PGWYcapabilities 2 23 42 7 7 */ ++616, /* OBJ_setCext_TokenIdentifier 2 23 42 7 8 */ ++617, /* OBJ_setCext_Track2Data 2 23 42 7 9 */ ++618, /* OBJ_setCext_TokenType 2 23 42 7 10 */ ++619, /* OBJ_setCext_IssuerCapabilities 2 23 42 7 11 */ ++636, /* OBJ_set_brand_IATA_ATA 2 23 42 8 1 */ ++640, /* OBJ_set_brand_Visa 2 23 42 8 4 */ ++641, /* OBJ_set_brand_MasterCard 2 23 42 8 5 */ ++637, /* OBJ_set_brand_Diners 2 23 42 8 30 */ ++638, /* OBJ_set_brand_AmericanExpress 2 23 42 8 34 */ ++639, /* OBJ_set_brand_JCB 2 23 42 8 35 */ ++805, /* OBJ_cryptopro 1 2 643 2 2 */ ++806, /* OBJ_cryptocom 1 2 643 2 9 */ ++184, /* OBJ_X9_57 1 2 840 10040 */ ++405, /* OBJ_ansi_X9_62 1 2 840 10045 */ ++389, /* OBJ_Enterprises 1 3 6 1 4 1 */ ++504, /* OBJ_mime_mhs 1 3 6 1 7 1 */ ++104, /* OBJ_md5WithRSA 1 3 14 3 2 3 */ ++29, /* OBJ_des_ecb 1 3 14 3 2 6 */ ++31, /* OBJ_des_cbc 1 3 14 3 2 7 */ ++45, /* OBJ_des_ofb64 1 3 14 3 2 8 */ ++30, /* OBJ_des_cfb64 1 3 14 3 2 9 */ ++377, /* OBJ_rsaSignature 1 3 14 3 2 11 */ ++67, /* OBJ_dsa_2 1 3 14 3 2 12 */ ++66, /* OBJ_dsaWithSHA 1 3 14 3 2 13 */ ++42, /* OBJ_shaWithRSAEncryption 1 3 14 3 2 15 */ ++32, /* OBJ_des_ede_ecb 1 3 14 3 2 17 */ ++41, /* OBJ_sha 1 3 14 3 2 18 */ ++64, /* OBJ_sha1 1 3 14 3 2 26 */ ++70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ ++115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */ ++117, /* OBJ_ripemd160 1 3 36 3 2 1 */ ++143, /* OBJ_sxnet 1 3 101 1 4 1 */ ++721, /* OBJ_sect163k1 1 3 132 0 1 */ ++722, /* OBJ_sect163r1 1 3 132 0 2 */ ++728, /* OBJ_sect239k1 1 3 132 0 3 */ ++717, /* OBJ_sect113r1 1 3 132 0 4 */ ++718, /* OBJ_sect113r2 1 3 132 0 5 */ ++704, /* OBJ_secp112r1 1 3 132 0 6 */ ++705, /* OBJ_secp112r2 1 3 132 0 7 */ ++709, /* OBJ_secp160r1 1 3 132 0 8 */ ++708, /* OBJ_secp160k1 1 3 132 0 9 */ ++714, /* OBJ_secp256k1 1 3 132 0 10 */ ++723, /* OBJ_sect163r2 1 3 132 0 15 */ ++729, /* OBJ_sect283k1 1 3 132 0 16 */ ++730, /* OBJ_sect283r1 1 3 132 0 17 */ ++719, /* OBJ_sect131r1 1 3 132 0 22 */ ++720, /* OBJ_sect131r2 1 3 132 0 23 */ ++724, /* OBJ_sect193r1 1 3 132 0 24 */ ++725, /* OBJ_sect193r2 1 3 132 0 25 */ ++726, /* OBJ_sect233k1 1 3 132 0 26 */ ++727, /* OBJ_sect233r1 1 3 132 0 27 */ ++706, /* OBJ_secp128r1 1 3 132 0 28 */ ++707, /* OBJ_secp128r2 1 3 132 0 29 */ ++710, /* OBJ_secp160r2 1 3 132 0 30 */ ++711, /* OBJ_secp192k1 1 3 132 0 31 */ ++712, /* OBJ_secp224k1 1 3 132 0 32 */ ++713, /* OBJ_secp224r1 1 3 132 0 33 */ ++715, /* OBJ_secp384r1 1 3 132 0 34 */ ++716, /* OBJ_secp521r1 1 3 132 0 35 */ ++731, /* OBJ_sect409k1 1 3 132 0 36 */ ++732, /* OBJ_sect409r1 1 3 132 0 37 */ ++733, /* OBJ_sect571k1 1 3 132 0 38 */ ++734, /* OBJ_sect571r1 1 3 132 0 39 */ ++624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ ++625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ ++626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ ++627, /* OBJ_setAttr_Token_B0Prime 2 23 42 3 2 2 */ ++628, /* OBJ_setAttr_IssCap_CVM 2 23 42 3 3 3 */ ++629, /* OBJ_setAttr_IssCap_T2 2 23 42 3 3 4 */ ++630, /* OBJ_setAttr_IssCap_Sig 2 23 42 3 3 5 */ ++642, /* OBJ_set_brand_Novus 2 23 42 8 6011 */ ++735, /* OBJ_wap_wsg_idm_ecid_wtls1 2 23 43 1 4 1 */ ++736, /* OBJ_wap_wsg_idm_ecid_wtls3 2 23 43 1 4 3 */ ++737, /* OBJ_wap_wsg_idm_ecid_wtls4 2 23 43 1 4 4 */ ++738, /* OBJ_wap_wsg_idm_ecid_wtls5 2 23 43 1 4 5 */ ++739, /* OBJ_wap_wsg_idm_ecid_wtls6 2 23 43 1 4 6 */ ++740, /* OBJ_wap_wsg_idm_ecid_wtls7 2 23 43 1 4 7 */ ++741, /* OBJ_wap_wsg_idm_ecid_wtls8 2 23 43 1 4 8 */ ++742, /* OBJ_wap_wsg_idm_ecid_wtls9 2 23 43 1 4 9 */ ++743, /* OBJ_wap_wsg_idm_ecid_wtls10 2 23 43 1 4 10 */ ++744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ ++745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ ++804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ ++124, /* OBJ_rle_compression 1 1 1 1 666 1 */ ++773, /* OBJ_kisa 1 2 410 200004 */ ++807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ ++808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ ++809, /* OBJ_id_GostR3411_94 1 2 643 2 2 9 */ ++810, /* OBJ_id_HMACGostR3411_94 1 2 643 2 2 10 */ ++811, /* OBJ_id_GostR3410_2001 1 2 643 2 2 19 */ ++812, /* OBJ_id_GostR3410_94 1 2 643 2 2 20 */ ++813, /* OBJ_id_Gost28147_89 1 2 643 2 2 21 */ ++815, /* OBJ_id_Gost28147_89_MAC 1 2 643 2 2 22 */ ++816, /* OBJ_id_GostR3411_94_prf 1 2 643 2 2 23 */ ++817, /* OBJ_id_GostR3410_2001DH 1 2 643 2 2 98 */ ++818, /* OBJ_id_GostR3410_94DH 1 2 643 2 2 99 */ ++ 1, /* OBJ_rsadsi 1 2 840 113549 */ ++185, /* OBJ_X9cm 1 2 840 10040 4 */ ++127, /* OBJ_id_pkix 1 3 6 1 5 5 7 */ ++505, /* OBJ_mime_mhs_headings 1 3 6 1 7 1 1 */ ++506, /* OBJ_mime_mhs_bodies 1 3 6 1 7 1 2 */ ++119, /* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ ++937, /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */ ++938, /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */ ++939, /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */ ++940, /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */ ++942, /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */ ++943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ ++944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ ++945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ ++631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ ++632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ ++633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ ++634, /* OBJ_setAttr_TokICCsig 2 23 42 3 3 5 1 */ ++635, /* OBJ_setAttr_SecDevSig 2 23 42 3 3 5 2 */ ++436, /* OBJ_ucl 0 9 2342 19200300 */ ++820, /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */ ++819, /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */ ++845, /* OBJ_id_GostR3410_94_a 1 2 643 2 2 20 1 */ ++846, /* OBJ_id_GostR3410_94_aBis 1 2 643 2 2 20 2 */ ++847, /* OBJ_id_GostR3410_94_b 1 2 643 2 2 20 3 */ ++848, /* OBJ_id_GostR3410_94_bBis 1 2 643 2 2 20 4 */ ++821, /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */ ++822, /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */ ++823, /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */ ++824, /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */ ++825, /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */ ++826, /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */ ++827, /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */ ++828, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */ ++829, /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */ ++830, /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */ ++831, /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */ ++832, /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */ ++833, /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */ ++834, /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */ ++835, /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */ ++836, /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */ ++837, /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */ ++838, /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */ ++839, /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */ ++840, /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */ ++841, /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */ ++842, /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */ ++843, /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */ ++844, /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */ ++ 2, /* OBJ_pkcs 1 2 840 113549 1 */ ++431, /* OBJ_hold_instruction_none 1 2 840 10040 2 1 */ ++432, /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */ ++433, /* OBJ_hold_instruction_reject 1 2 840 10040 2 3 */ ++116, /* OBJ_dsa 1 2 840 10040 4 1 */ ++113, /* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ ++406, /* OBJ_X9_62_prime_field 1 2 840 10045 1 1 */ ++407, /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ ++408, /* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ ++416, /* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ ++791, /* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ ++792, /* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ ++920, /* OBJ_dhpublicnumber 1 2 840 10046 2 1 */ ++258, /* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ ++175, /* OBJ_id_pe 1 3 6 1 5 5 7 1 */ ++259, /* OBJ_id_qt 1 3 6 1 5 5 7 2 */ ++128, /* OBJ_id_kp 1 3 6 1 5 5 7 3 */ ++260, /* OBJ_id_it 1 3 6 1 5 5 7 4 */ ++261, /* OBJ_id_pkip 1 3 6 1 5 5 7 5 */ ++262, /* OBJ_id_alg 1 3 6 1 5 5 7 6 */ ++263, /* OBJ_id_cmc 1 3 6 1 5 5 7 7 */ ++264, /* OBJ_id_on 1 3 6 1 5 5 7 8 */ ++265, /* OBJ_id_pda 1 3 6 1 5 5 7 9 */ ++266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ ++267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ ++268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ ++662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ ++176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ ++507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ ++508, /* OBJ_id_hex_multipart_message 1 3 6 1 7 1 1 2 */ ++57, /* OBJ_netscape 2 16 840 1 113730 */ ++754, /* OBJ_camellia_128_ecb 0 3 4401 5 3 1 9 1 */ ++766, /* OBJ_camellia_128_ofb128 0 3 4401 5 3 1 9 3 */ ++757, /* OBJ_camellia_128_cfb128 0 3 4401 5 3 1 9 4 */ ++755, /* OBJ_camellia_192_ecb 0 3 4401 5 3 1 9 21 */ ++767, /* OBJ_camellia_192_ofb128 0 3 4401 5 3 1 9 23 */ ++758, /* OBJ_camellia_192_cfb128 0 3 4401 5 3 1 9 24 */ ++756, /* OBJ_camellia_256_ecb 0 3 4401 5 3 1 9 41 */ ++768, /* OBJ_camellia_256_ofb128 0 3 4401 5 3 1 9 43 */ ++759, /* OBJ_camellia_256_cfb128 0 3 4401 5 3 1 9 44 */ ++437, /* OBJ_pilot 0 9 2342 19200300 100 */ ++776, /* OBJ_seed_ecb 1 2 410 200004 1 3 */ ++777, /* OBJ_seed_cbc 1 2 410 200004 1 4 */ ++779, /* OBJ_seed_cfb128 1 2 410 200004 1 5 */ ++778, /* OBJ_seed_ofb128 1 2 410 200004 1 6 */ ++852, /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */ ++853, /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */ ++850, /* OBJ_id_GostR3410_94_cc 1 2 643 2 9 1 5 3 */ ++851, /* OBJ_id_GostR3410_2001_cc 1 2 643 2 9 1 5 4 */ ++849, /* OBJ_id_Gost28147_89_cc 1 2 643 2 9 1 6 1 */ ++854, /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */ ++186, /* OBJ_pkcs1 1 2 840 113549 1 1 */ ++27, /* OBJ_pkcs3 1 2 840 113549 1 3 */ ++187, /* OBJ_pkcs5 1 2 840 113549 1 5 */ ++20, /* OBJ_pkcs7 1 2 840 113549 1 7 */ ++47, /* OBJ_pkcs9 1 2 840 113549 1 9 */ ++ 3, /* OBJ_md2 1 2 840 113549 2 2 */ ++257, /* OBJ_md4 1 2 840 113549 2 4 */ ++ 4, /* OBJ_md5 1 2 840 113549 2 5 */ ++797, /* OBJ_hmacWithMD5 1 2 840 113549 2 6 */ ++163, /* OBJ_hmacWithSHA1 1 2 840 113549 2 7 */ ++798, /* OBJ_hmacWithSHA224 1 2 840 113549 2 8 */ ++799, /* OBJ_hmacWithSHA256 1 2 840 113549 2 9 */ ++800, /* OBJ_hmacWithSHA384 1 2 840 113549 2 10 */ ++801, /* OBJ_hmacWithSHA512 1 2 840 113549 2 11 */ ++37, /* OBJ_rc2_cbc 1 2 840 113549 3 2 */ ++ 5, /* OBJ_rc4 1 2 840 113549 3 4 */ ++44, /* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ ++120, /* OBJ_rc5_cbc 1 2 840 113549 3 8 */ ++643, /* OBJ_des_cdmf 1 2 840 113549 3 10 */ ++680, /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */ ++684, /* OBJ_X9_62_c2pnb163v1 1 2 840 10045 3 0 1 */ ++685, /* OBJ_X9_62_c2pnb163v2 1 2 840 10045 3 0 2 */ ++686, /* OBJ_X9_62_c2pnb163v3 1 2 840 10045 3 0 3 */ ++687, /* OBJ_X9_62_c2pnb176v1 1 2 840 10045 3 0 4 */ ++688, /* OBJ_X9_62_c2tnb191v1 1 2 840 10045 3 0 5 */ ++689, /* OBJ_X9_62_c2tnb191v2 1 2 840 10045 3 0 6 */ ++690, /* OBJ_X9_62_c2tnb191v3 1 2 840 10045 3 0 7 */ ++691, /* OBJ_X9_62_c2onb191v4 1 2 840 10045 3 0 8 */ ++692, /* OBJ_X9_62_c2onb191v5 1 2 840 10045 3 0 9 */ ++693, /* OBJ_X9_62_c2pnb208w1 1 2 840 10045 3 0 10 */ ++694, /* OBJ_X9_62_c2tnb239v1 1 2 840 10045 3 0 11 */ ++695, /* OBJ_X9_62_c2tnb239v2 1 2 840 10045 3 0 12 */ ++696, /* OBJ_X9_62_c2tnb239v3 1 2 840 10045 3 0 13 */ ++697, /* OBJ_X9_62_c2onb239v4 1 2 840 10045 3 0 14 */ ++698, /* OBJ_X9_62_c2onb239v5 1 2 840 10045 3 0 15 */ ++699, /* OBJ_X9_62_c2pnb272w1 1 2 840 10045 3 0 16 */ ++700, /* OBJ_X9_62_c2pnb304w1 1 2 840 10045 3 0 17 */ ++701, /* OBJ_X9_62_c2tnb359v1 1 2 840 10045 3 0 18 */ ++702, /* OBJ_X9_62_c2pnb368w1 1 2 840 10045 3 0 19 */ ++703, /* OBJ_X9_62_c2tnb431r1 1 2 840 10045 3 0 20 */ ++409, /* OBJ_X9_62_prime192v1 1 2 840 10045 3 1 1 */ ++410, /* OBJ_X9_62_prime192v2 1 2 840 10045 3 1 2 */ ++411, /* OBJ_X9_62_prime192v3 1 2 840 10045 3 1 3 */ ++412, /* OBJ_X9_62_prime239v1 1 2 840 10045 3 1 4 */ ++413, /* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ ++414, /* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ ++415, /* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ ++793, /* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ ++794, /* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ ++795, /* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ ++796, /* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ ++269, /* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ ++270, /* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ ++271, /* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ ++272, /* OBJ_id_pkix1_implicit_93 1 3 6 1 5 5 7 0 4 */ ++273, /* OBJ_id_mod_crmf 1 3 6 1 5 5 7 0 5 */ ++274, /* OBJ_id_mod_cmc 1 3 6 1 5 5 7 0 6 */ ++275, /* OBJ_id_mod_kea_profile_88 1 3 6 1 5 5 7 0 7 */ ++276, /* OBJ_id_mod_kea_profile_93 1 3 6 1 5 5 7 0 8 */ ++277, /* OBJ_id_mod_cmp 1 3 6 1 5 5 7 0 9 */ ++278, /* OBJ_id_mod_qualified_cert_88 1 3 6 1 5 5 7 0 10 */ ++279, /* OBJ_id_mod_qualified_cert_93 1 3 6 1 5 5 7 0 11 */ ++280, /* OBJ_id_mod_attribute_cert 1 3 6 1 5 5 7 0 12 */ ++281, /* OBJ_id_mod_timestamp_protocol 1 3 6 1 5 5 7 0 13 */ ++282, /* OBJ_id_mod_ocsp 1 3 6 1 5 5 7 0 14 */ ++283, /* OBJ_id_mod_dvcs 1 3 6 1 5 5 7 0 15 */ ++284, /* OBJ_id_mod_cmp2000 1 3 6 1 5 5 7 0 16 */ ++177, /* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ ++285, /* OBJ_biometricInfo 1 3 6 1 5 5 7 1 2 */ ++286, /* OBJ_qcStatements 1 3 6 1 5 5 7 1 3 */ ++287, /* OBJ_ac_auditEntity 1 3 6 1 5 5 7 1 4 */ ++288, /* OBJ_ac_targeting 1 3 6 1 5 5 7 1 5 */ ++289, /* OBJ_aaControls 1 3 6 1 5 5 7 1 6 */ ++290, /* OBJ_sbgp_ipAddrBlock 1 3 6 1 5 5 7 1 7 */ ++291, /* OBJ_sbgp_autonomousSysNum 1 3 6 1 5 5 7 1 8 */ ++292, /* OBJ_sbgp_routerIdentifier 1 3 6 1 5 5 7 1 9 */ ++397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */ ++398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ ++663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ ++164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ ++165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ ++293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ ++129, /* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ ++130, /* OBJ_client_auth 1 3 6 1 5 5 7 3 2 */ ++131, /* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ ++132, /* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ ++294, /* OBJ_ipsecEndSystem 1 3 6 1 5 5 7 3 5 */ ++295, /* OBJ_ipsecTunnel 1 3 6 1 5 5 7 3 6 */ ++296, /* OBJ_ipsecUser 1 3 6 1 5 5 7 3 7 */ ++133, /* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ ++180, /* OBJ_OCSP_sign 1 3 6 1 5 5 7 3 9 */ ++297, /* OBJ_dvcs 1 3 6 1 5 5 7 3 10 */ ++298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ ++299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ ++300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ ++301, /* OBJ_id_it_preferredSymmAlg 1 3 6 1 5 5 7 4 4 */ ++302, /* OBJ_id_it_caKeyUpdateInfo 1 3 6 1 5 5 7 4 5 */ ++303, /* OBJ_id_it_currentCRL 1 3 6 1 5 5 7 4 6 */ ++304, /* OBJ_id_it_unsupportedOIDs 1 3 6 1 5 5 7 4 7 */ ++305, /* OBJ_id_it_subscriptionRequest 1 3 6 1 5 5 7 4 8 */ ++306, /* OBJ_id_it_subscriptionResponse 1 3 6 1 5 5 7 4 9 */ ++307, /* OBJ_id_it_keyPairParamReq 1 3 6 1 5 5 7 4 10 */ ++308, /* OBJ_id_it_keyPairParamRep 1 3 6 1 5 5 7 4 11 */ ++309, /* OBJ_id_it_revPassphrase 1 3 6 1 5 5 7 4 12 */ ++310, /* OBJ_id_it_implicitConfirm 1 3 6 1 5 5 7 4 13 */ ++311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ ++312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ ++784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ ++313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ ++314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ ++323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ ++324, /* OBJ_id_alg_noSignature 1 3 6 1 5 5 7 6 2 */ ++325, /* OBJ_id_alg_dh_sig_hmac_sha1 1 3 6 1 5 5 7 6 3 */ ++326, /* OBJ_id_alg_dh_pop 1 3 6 1 5 5 7 6 4 */ ++327, /* OBJ_id_cmc_statusInfo 1 3 6 1 5 5 7 7 1 */ ++328, /* OBJ_id_cmc_identification 1 3 6 1 5 5 7 7 2 */ ++329, /* OBJ_id_cmc_identityProof 1 3 6 1 5 5 7 7 3 */ ++330, /* OBJ_id_cmc_dataReturn 1 3 6 1 5 5 7 7 4 */ ++331, /* OBJ_id_cmc_transactionId 1 3 6 1 5 5 7 7 5 */ ++332, /* OBJ_id_cmc_senderNonce 1 3 6 1 5 5 7 7 6 */ ++333, /* OBJ_id_cmc_recipientNonce 1 3 6 1 5 5 7 7 7 */ ++334, /* OBJ_id_cmc_addExtensions 1 3 6 1 5 5 7 7 8 */ ++335, /* OBJ_id_cmc_encryptedPOP 1 3 6 1 5 5 7 7 9 */ ++336, /* OBJ_id_cmc_decryptedPOP 1 3 6 1 5 5 7 7 10 */ ++337, /* OBJ_id_cmc_lraPOPWitness 1 3 6 1 5 5 7 7 11 */ ++338, /* OBJ_id_cmc_getCert 1 3 6 1 5 5 7 7 15 */ ++339, /* OBJ_id_cmc_getCRL 1 3 6 1 5 5 7 7 16 */ ++340, /* OBJ_id_cmc_revokeRequest 1 3 6 1 5 5 7 7 17 */ ++341, /* OBJ_id_cmc_regInfo 1 3 6 1 5 5 7 7 18 */ ++342, /* OBJ_id_cmc_responseInfo 1 3 6 1 5 5 7 7 19 */ ++343, /* OBJ_id_cmc_queryPending 1 3 6 1 5 5 7 7 21 */ ++344, /* OBJ_id_cmc_popLinkRandom 1 3 6 1 5 5 7 7 22 */ ++345, /* OBJ_id_cmc_popLinkWitness 1 3 6 1 5 5 7 7 23 */ ++346, /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */ ++347, /* OBJ_id_on_personalData 1 3 6 1 5 5 7 8 1 */ ++858, /* OBJ_id_on_permanentIdentifier 1 3 6 1 5 5 7 8 3 */ ++348, /* OBJ_id_pda_dateOfBirth 1 3 6 1 5 5 7 9 1 */ ++349, /* OBJ_id_pda_placeOfBirth 1 3 6 1 5 5 7 9 2 */ ++351, /* OBJ_id_pda_gender 1 3 6 1 5 5 7 9 3 */ ++352, /* OBJ_id_pda_countryOfCitizenship 1 3 6 1 5 5 7 9 4 */ ++353, /* OBJ_id_pda_countryOfResidence 1 3 6 1 5 5 7 9 5 */ ++354, /* OBJ_id_aca_authenticationInfo 1 3 6 1 5 5 7 10 1 */ ++355, /* OBJ_id_aca_accessIdentity 1 3 6 1 5 5 7 10 2 */ ++356, /* OBJ_id_aca_chargingIdentity 1 3 6 1 5 5 7 10 3 */ ++357, /* OBJ_id_aca_group 1 3 6 1 5 5 7 10 4 */ ++358, /* OBJ_id_aca_role 1 3 6 1 5 5 7 10 5 */ ++399, /* OBJ_id_aca_encAttrs 1 3 6 1 5 5 7 10 6 */ ++359, /* OBJ_id_qcs_pkixQCSyntax_v1 1 3 6 1 5 5 7 11 1 */ ++360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ ++361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ ++362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ ++664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ ++665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ ++667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ ++178, /* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ ++179, /* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ ++363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ ++364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ ++785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ ++780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ ++781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ ++58, /* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ ++59, /* OBJ_netscape_data_type 2 16 840 1 113730 2 */ ++438, /* OBJ_pilotAttributeType 0 9 2342 19200300 100 1 */ ++439, /* OBJ_pilotAttributeSyntax 0 9 2342 19200300 100 3 */ ++440, /* OBJ_pilotObjectClass 0 9 2342 19200300 100 4 */ ++441, /* OBJ_pilotGroups 0 9 2342 19200300 100 10 */ ++108, /* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ ++112, /* OBJ_pbeWithMD5AndCast5_CBC 1 2 840 113533 7 66 12 */ ++782, /* OBJ_id_PasswordBasedMAC 1 2 840 113533 7 66 13 */ ++783, /* OBJ_id_DHBasedMac 1 2 840 113533 7 66 30 */ ++ 6, /* OBJ_rsaEncryption 1 2 840 113549 1 1 1 */ ++ 7, /* OBJ_md2WithRSAEncryption 1 2 840 113549 1 1 2 */ ++396, /* OBJ_md4WithRSAEncryption 1 2 840 113549 1 1 3 */ ++ 8, /* OBJ_md5WithRSAEncryption 1 2 840 113549 1 1 4 */ ++65, /* OBJ_sha1WithRSAEncryption 1 2 840 113549 1 1 5 */ ++644, /* OBJ_rsaOAEPEncryptionSET 1 2 840 113549 1 1 6 */ ++919, /* OBJ_rsaesOaep 1 2 840 113549 1 1 7 */ ++911, /* OBJ_mgf1 1 2 840 113549 1 1 8 */ ++935, /* OBJ_pSpecified 1 2 840 113549 1 1 9 */ ++912, /* OBJ_rsassaPss 1 2 840 113549 1 1 10 */ ++668, /* OBJ_sha256WithRSAEncryption 1 2 840 113549 1 1 11 */ ++669, /* OBJ_sha384WithRSAEncryption 1 2 840 113549 1 1 12 */ ++670, /* OBJ_sha512WithRSAEncryption 1 2 840 113549 1 1 13 */ ++671, /* OBJ_sha224WithRSAEncryption 1 2 840 113549 1 1 14 */ ++28, /* OBJ_dhKeyAgreement 1 2 840 113549 1 3 1 */ ++ 9, /* OBJ_pbeWithMD2AndDES_CBC 1 2 840 113549 1 5 1 */ ++10, /* OBJ_pbeWithMD5AndDES_CBC 1 2 840 113549 1 5 3 */ ++168, /* OBJ_pbeWithMD2AndRC2_CBC 1 2 840 113549 1 5 4 */ ++169, /* OBJ_pbeWithMD5AndRC2_CBC 1 2 840 113549 1 5 6 */ ++170, /* OBJ_pbeWithSHA1AndDES_CBC 1 2 840 113549 1 5 10 */ ++68, /* OBJ_pbeWithSHA1AndRC2_CBC 1 2 840 113549 1 5 11 */ ++69, /* OBJ_id_pbkdf2 1 2 840 113549 1 5 12 */ ++161, /* OBJ_pbes2 1 2 840 113549 1 5 13 */ ++162, /* OBJ_pbmac1 1 2 840 113549 1 5 14 */ ++21, /* OBJ_pkcs7_data 1 2 840 113549 1 7 1 */ ++22, /* OBJ_pkcs7_signed 1 2 840 113549 1 7 2 */ ++23, /* OBJ_pkcs7_enveloped 1 2 840 113549 1 7 3 */ ++24, /* OBJ_pkcs7_signedAndEnveloped 1 2 840 113549 1 7 4 */ ++25, /* OBJ_pkcs7_digest 1 2 840 113549 1 7 5 */ ++26, /* OBJ_pkcs7_encrypted 1 2 840 113549 1 7 6 */ ++48, /* OBJ_pkcs9_emailAddress 1 2 840 113549 1 9 1 */ ++49, /* OBJ_pkcs9_unstructuredName 1 2 840 113549 1 9 2 */ ++50, /* OBJ_pkcs9_contentType 1 2 840 113549 1 9 3 */ ++51, /* OBJ_pkcs9_messageDigest 1 2 840 113549 1 9 4 */ ++52, /* OBJ_pkcs9_signingTime 1 2 840 113549 1 9 5 */ ++53, /* OBJ_pkcs9_countersignature 1 2 840 113549 1 9 6 */ ++54, /* OBJ_pkcs9_challengePassword 1 2 840 113549 1 9 7 */ ++55, /* OBJ_pkcs9_unstructuredAddress 1 2 840 113549 1 9 8 */ ++56, /* OBJ_pkcs9_extCertAttributes 1 2 840 113549 1 9 9 */ ++172, /* OBJ_ext_req 1 2 840 113549 1 9 14 */ ++167, /* OBJ_SMIMECapabilities 1 2 840 113549 1 9 15 */ ++188, /* OBJ_SMIME 1 2 840 113549 1 9 16 */ ++156, /* OBJ_friendlyName 1 2 840 113549 1 9 20 */ ++157, /* OBJ_localKeyID 1 2 840 113549 1 9 21 */ ++681, /* OBJ_X9_62_onBasis 1 2 840 10045 1 2 3 1 */ ++682, /* OBJ_X9_62_tpBasis 1 2 840 10045 1 2 3 2 */ ++683, /* OBJ_X9_62_ppBasis 1 2 840 10045 1 2 3 3 */ ++417, /* OBJ_ms_csp_name 1 3 6 1 4 1 311 17 1 */ ++856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ ++390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ ++91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ ++315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ ++316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ ++317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ ++318, /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */ ++319, /* OBJ_id_regCtrl_oldCertID 1 3 6 1 5 5 7 5 1 5 */ ++320, /* OBJ_id_regCtrl_protocolEncrKey 1 3 6 1 5 5 7 5 1 6 */ ++321, /* OBJ_id_regInfo_utf8Pairs 1 3 6 1 5 5 7 5 2 1 */ ++322, /* OBJ_id_regInfo_certReq 1 3 6 1 5 5 7 5 2 2 */ ++365, /* OBJ_id_pkix_OCSP_basic 1 3 6 1 5 5 7 48 1 1 */ ++366, /* OBJ_id_pkix_OCSP_Nonce 1 3 6 1 5 5 7 48 1 2 */ ++367, /* OBJ_id_pkix_OCSP_CrlID 1 3 6 1 5 5 7 48 1 3 */ ++368, /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */ ++369, /* OBJ_id_pkix_OCSP_noCheck 1 3 6 1 5 5 7 48 1 5 */ ++370, /* OBJ_id_pkix_OCSP_archiveCutoff 1 3 6 1 5 5 7 48 1 6 */ ++371, /* OBJ_id_pkix_OCSP_serviceLocator 1 3 6 1 5 5 7 48 1 7 */ ++372, /* OBJ_id_pkix_OCSP_extendedStatus 1 3 6 1 5 5 7 48 1 8 */ ++373, /* OBJ_id_pkix_OCSP_valid 1 3 6 1 5 5 7 48 1 9 */ ++374, /* OBJ_id_pkix_OCSP_path 1 3 6 1 5 5 7 48 1 10 */ ++375, /* OBJ_id_pkix_OCSP_trustRoot 1 3 6 1 5 5 7 48 1 11 */ ++921, /* OBJ_brainpoolP160r1 1 3 36 3 3 2 8 1 1 1 */ ++922, /* OBJ_brainpoolP160t1 1 3 36 3 3 2 8 1 1 2 */ ++923, /* OBJ_brainpoolP192r1 1 3 36 3 3 2 8 1 1 3 */ ++924, /* OBJ_brainpoolP192t1 1 3 36 3 3 2 8 1 1 4 */ ++925, /* OBJ_brainpoolP224r1 1 3 36 3 3 2 8 1 1 5 */ ++926, /* OBJ_brainpoolP224t1 1 3 36 3 3 2 8 1 1 6 */ ++927, /* OBJ_brainpoolP256r1 1 3 36 3 3 2 8 1 1 7 */ ++928, /* OBJ_brainpoolP256t1 1 3 36 3 3 2 8 1 1 8 */ ++929, /* OBJ_brainpoolP320r1 1 3 36 3 3 2 8 1 1 9 */ ++930, /* OBJ_brainpoolP320t1 1 3 36 3 3 2 8 1 1 10 */ ++931, /* OBJ_brainpoolP384r1 1 3 36 3 3 2 8 1 1 11 */ ++932, /* OBJ_brainpoolP384t1 1 3 36 3 3 2 8 1 1 12 */ ++933, /* OBJ_brainpoolP512r1 1 3 36 3 3 2 8 1 1 13 */ ++934, /* OBJ_brainpoolP512t1 1 3 36 3 3 2 8 1 1 14 */ ++936, /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */ ++941, /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */ ++418, /* OBJ_aes_128_ecb 2 16 840 1 101 3 4 1 1 */ ++419, /* OBJ_aes_128_cbc 2 16 840 1 101 3 4 1 2 */ ++420, /* OBJ_aes_128_ofb128 2 16 840 1 101 3 4 1 3 */ ++421, /* OBJ_aes_128_cfb128 2 16 840 1 101 3 4 1 4 */ ++788, /* OBJ_id_aes128_wrap 2 16 840 1 101 3 4 1 5 */ ++895, /* OBJ_aes_128_gcm 2 16 840 1 101 3 4 1 6 */ ++896, /* OBJ_aes_128_ccm 2 16 840 1 101 3 4 1 7 */ ++897, /* OBJ_id_aes128_wrap_pad 2 16 840 1 101 3 4 1 8 */ ++422, /* OBJ_aes_192_ecb 2 16 840 1 101 3 4 1 21 */ ++423, /* OBJ_aes_192_cbc 2 16 840 1 101 3 4 1 22 */ ++424, /* OBJ_aes_192_ofb128 2 16 840 1 101 3 4 1 23 */ ++425, /* OBJ_aes_192_cfb128 2 16 840 1 101 3 4 1 24 */ ++789, /* OBJ_id_aes192_wrap 2 16 840 1 101 3 4 1 25 */ ++898, /* OBJ_aes_192_gcm 2 16 840 1 101 3 4 1 26 */ ++899, /* OBJ_aes_192_ccm 2 16 840 1 101 3 4 1 27 */ ++900, /* OBJ_id_aes192_wrap_pad 2 16 840 1 101 3 4 1 28 */ ++426, /* OBJ_aes_256_ecb 2 16 840 1 101 3 4 1 41 */ ++427, /* OBJ_aes_256_cbc 2 16 840 1 101 3 4 1 42 */ ++428, /* OBJ_aes_256_ofb128 2 16 840 1 101 3 4 1 43 */ ++429, /* OBJ_aes_256_cfb128 2 16 840 1 101 3 4 1 44 */ ++790, /* OBJ_id_aes256_wrap 2 16 840 1 101 3 4 1 45 */ ++901, /* OBJ_aes_256_gcm 2 16 840 1 101 3 4 1 46 */ ++902, /* OBJ_aes_256_ccm 2 16 840 1 101 3 4 1 47 */ ++903, /* OBJ_id_aes256_wrap_pad 2 16 840 1 101 3 4 1 48 */ ++672, /* OBJ_sha256 2 16 840 1 101 3 4 2 1 */ ++673, /* OBJ_sha384 2 16 840 1 101 3 4 2 2 */ ++674, /* OBJ_sha512 2 16 840 1 101 3 4 2 3 */ ++675, /* OBJ_sha224 2 16 840 1 101 3 4 2 4 */ ++802, /* OBJ_dsa_with_SHA224 2 16 840 1 101 3 4 3 1 */ ++803, /* OBJ_dsa_with_SHA256 2 16 840 1 101 3 4 3 2 */ ++71, /* OBJ_netscape_cert_type 2 16 840 1 113730 1 1 */ ++72, /* OBJ_netscape_base_url 2 16 840 1 113730 1 2 */ ++73, /* OBJ_netscape_revocation_url 2 16 840 1 113730 1 3 */ ++74, /* OBJ_netscape_ca_revocation_url 2 16 840 1 113730 1 4 */ ++75, /* OBJ_netscape_renewal_url 2 16 840 1 113730 1 7 */ ++76, /* OBJ_netscape_ca_policy_url 2 16 840 1 113730 1 8 */ ++77, /* OBJ_netscape_ssl_server_name 2 16 840 1 113730 1 12 */ ++78, /* OBJ_netscape_comment 2 16 840 1 113730 1 13 */ ++79, /* OBJ_netscape_cert_sequence 2 16 840 1 113730 2 5 */ ++139, /* OBJ_ns_sgc 2 16 840 1 113730 4 1 */ ++458, /* OBJ_userId 0 9 2342 19200300 100 1 1 */ ++459, /* OBJ_textEncodedORAddress 0 9 2342 19200300 100 1 2 */ ++460, /* OBJ_rfc822Mailbox 0 9 2342 19200300 100 1 3 */ ++461, /* OBJ_info 0 9 2342 19200300 100 1 4 */ ++462, /* OBJ_favouriteDrink 0 9 2342 19200300 100 1 5 */ ++463, /* OBJ_roomNumber 0 9 2342 19200300 100 1 6 */ ++464, /* OBJ_photo 0 9 2342 19200300 100 1 7 */ ++465, /* OBJ_userClass 0 9 2342 19200300 100 1 8 */ ++466, /* OBJ_host 0 9 2342 19200300 100 1 9 */ ++467, /* OBJ_manager 0 9 2342 19200300 100 1 10 */ ++468, /* OBJ_documentIdentifier 0 9 2342 19200300 100 1 11 */ ++469, /* OBJ_documentTitle 0 9 2342 19200300 100 1 12 */ ++470, /* OBJ_documentVersion 0 9 2342 19200300 100 1 13 */ ++471, /* OBJ_documentAuthor 0 9 2342 19200300 100 1 14 */ ++472, /* OBJ_documentLocation 0 9 2342 19200300 100 1 15 */ ++473, /* OBJ_homeTelephoneNumber 0 9 2342 19200300 100 1 20 */ ++474, /* OBJ_secretary 0 9 2342 19200300 100 1 21 */ ++475, /* OBJ_otherMailbox 0 9 2342 19200300 100 1 22 */ ++476, /* OBJ_lastModifiedTime 0 9 2342 19200300 100 1 23 */ ++477, /* OBJ_lastModifiedBy 0 9 2342 19200300 100 1 24 */ ++391, /* OBJ_domainComponent 0 9 2342 19200300 100 1 25 */ ++478, /* OBJ_aRecord 0 9 2342 19200300 100 1 26 */ ++479, /* OBJ_pilotAttributeType27 0 9 2342 19200300 100 1 27 */ ++480, /* OBJ_mXRecord 0 9 2342 19200300 100 1 28 */ ++481, /* OBJ_nSRecord 0 9 2342 19200300 100 1 29 */ ++482, /* OBJ_sOARecord 0 9 2342 19200300 100 1 30 */ ++483, /* OBJ_cNAMERecord 0 9 2342 19200300 100 1 31 */ ++484, /* OBJ_associatedDomain 0 9 2342 19200300 100 1 37 */ ++485, /* OBJ_associatedName 0 9 2342 19200300 100 1 38 */ ++486, /* OBJ_homePostalAddress 0 9 2342 19200300 100 1 39 */ ++487, /* OBJ_personalTitle 0 9 2342 19200300 100 1 40 */ ++488, /* OBJ_mobileTelephoneNumber 0 9 2342 19200300 100 1 41 */ ++489, /* OBJ_pagerTelephoneNumber 0 9 2342 19200300 100 1 42 */ ++490, /* OBJ_friendlyCountryName 0 9 2342 19200300 100 1 43 */ ++491, /* OBJ_organizationalStatus 0 9 2342 19200300 100 1 45 */ ++492, /* OBJ_janetMailbox 0 9 2342 19200300 100 1 46 */ ++493, /* OBJ_mailPreferenceOption 0 9 2342 19200300 100 1 47 */ ++494, /* OBJ_buildingName 0 9 2342 19200300 100 1 48 */ ++495, /* OBJ_dSAQuality 0 9 2342 19200300 100 1 49 */ ++496, /* OBJ_singleLevelQuality 0 9 2342 19200300 100 1 50 */ ++497, /* OBJ_subtreeMinimumQuality 0 9 2342 19200300 100 1 51 */ ++498, /* OBJ_subtreeMaximumQuality 0 9 2342 19200300 100 1 52 */ ++499, /* OBJ_personalSignature 0 9 2342 19200300 100 1 53 */ ++500, /* OBJ_dITRedirect 0 9 2342 19200300 100 1 54 */ ++501, /* OBJ_audio 0 9 2342 19200300 100 1 55 */ ++502, /* OBJ_documentPublisher 0 9 2342 19200300 100 1 56 */ ++442, /* OBJ_iA5StringSyntax 0 9 2342 19200300 100 3 4 */ ++443, /* OBJ_caseIgnoreIA5StringSyntax 0 9 2342 19200300 100 3 5 */ ++444, /* OBJ_pilotObject 0 9 2342 19200300 100 4 3 */ ++445, /* OBJ_pilotPerson 0 9 2342 19200300 100 4 4 */ ++446, /* OBJ_account 0 9 2342 19200300 100 4 5 */ ++447, /* OBJ_document 0 9 2342 19200300 100 4 6 */ ++448, /* OBJ_room 0 9 2342 19200300 100 4 7 */ ++449, /* OBJ_documentSeries 0 9 2342 19200300 100 4 9 */ ++392, /* OBJ_Domain 0 9 2342 19200300 100 4 13 */ ++450, /* OBJ_rFC822localPart 0 9 2342 19200300 100 4 14 */ ++451, /* OBJ_dNSDomain 0 9 2342 19200300 100 4 15 */ ++452, /* OBJ_domainRelatedObject 0 9 2342 19200300 100 4 17 */ ++453, /* OBJ_friendlyCountry 0 9 2342 19200300 100 4 18 */ ++454, /* OBJ_simpleSecurityObject 0 9 2342 19200300 100 4 19 */ ++455, /* OBJ_pilotOrganization 0 9 2342 19200300 100 4 20 */ ++456, /* OBJ_pilotDSA 0 9 2342 19200300 100 4 21 */ ++457, /* OBJ_qualityLabelledData 0 9 2342 19200300 100 4 22 */ ++189, /* OBJ_id_smime_mod 1 2 840 113549 1 9 16 0 */ ++190, /* OBJ_id_smime_ct 1 2 840 113549 1 9 16 1 */ ++191, /* OBJ_id_smime_aa 1 2 840 113549 1 9 16 2 */ ++192, /* OBJ_id_smime_alg 1 2 840 113549 1 9 16 3 */ ++193, /* OBJ_id_smime_cd 1 2 840 113549 1 9 16 4 */ ++194, /* OBJ_id_smime_spq 1 2 840 113549 1 9 16 5 */ ++195, /* OBJ_id_smime_cti 1 2 840 113549 1 9 16 6 */ ++158, /* OBJ_x509Certificate 1 2 840 113549 1 9 22 1 */ ++159, /* OBJ_sdsiCertificate 1 2 840 113549 1 9 22 2 */ ++160, /* OBJ_x509Crl 1 2 840 113549 1 9 23 1 */ ++144, /* OBJ_pbe_WithSHA1And128BitRC4 1 2 840 113549 1 12 1 1 */ ++145, /* OBJ_pbe_WithSHA1And40BitRC4 1 2 840 113549 1 12 1 2 */ ++146, /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */ ++147, /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */ ++148, /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */ ++149, /* OBJ_pbe_WithSHA1And40BitRC2_CBC 1 2 840 113549 1 12 1 6 */ ++171, /* OBJ_ms_ext_req 1 3 6 1 4 1 311 2 1 14 */ ++134, /* OBJ_ms_code_ind 1 3 6 1 4 1 311 2 1 21 */ ++135, /* OBJ_ms_code_com 1 3 6 1 4 1 311 2 1 22 */ ++136, /* OBJ_ms_ctl_sign 1 3 6 1 4 1 311 10 3 1 */ ++137, /* OBJ_ms_sgc 1 3 6 1 4 1 311 10 3 3 */ ++138, /* OBJ_ms_efs 1 3 6 1 4 1 311 10 3 4 */ ++648, /* OBJ_ms_smartcard_login 1 3 6 1 4 1 311 20 2 2 */ ++649, /* OBJ_ms_upn 1 3 6 1 4 1 311 20 2 3 */ ++951, /* OBJ_ct_precert_scts 1 3 6 1 4 1 11129 2 4 2 */ ++952, /* OBJ_ct_precert_poison 1 3 6 1 4 1 11129 2 4 3 */ ++953, /* OBJ_ct_precert_signer 1 3 6 1 4 1 11129 2 4 4 */ ++954, /* OBJ_ct_cert_scts 1 3 6 1 4 1 11129 2 4 5 */ ++751, /* OBJ_camellia_128_cbc 1 2 392 200011 61 1 1 1 2 */ ++752, /* OBJ_camellia_192_cbc 1 2 392 200011 61 1 1 1 3 */ ++753, /* OBJ_camellia_256_cbc 1 2 392 200011 61 1 1 1 4 */ ++907, /* OBJ_id_camellia128_wrap 1 2 392 200011 61 1 1 3 2 */ ++908, /* OBJ_id_camellia192_wrap 1 2 392 200011 61 1 1 3 3 */ ++909, /* OBJ_id_camellia256_wrap 1 2 392 200011 61 1 1 3 4 */ ++196, /* OBJ_id_smime_mod_cms 1 2 840 113549 1 9 16 0 1 */ ++197, /* OBJ_id_smime_mod_ess 1 2 840 113549 1 9 16 0 2 */ ++198, /* OBJ_id_smime_mod_oid 1 2 840 113549 1 9 16 0 3 */ ++199, /* OBJ_id_smime_mod_msg_v3 1 2 840 113549 1 9 16 0 4 */ ++200, /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */ ++201, /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */ ++202, /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */ ++203, /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */ ++204, /* OBJ_id_smime_ct_receipt 1 2 840 113549 1 9 16 1 1 */ ++205, /* OBJ_id_smime_ct_authData 1 2 840 113549 1 9 16 1 2 */ ++206, /* OBJ_id_smime_ct_publishCert 1 2 840 113549 1 9 16 1 3 */ ++207, /* OBJ_id_smime_ct_TSTInfo 1 2 840 113549 1 9 16 1 4 */ ++208, /* OBJ_id_smime_ct_TDTInfo 1 2 840 113549 1 9 16 1 5 */ ++209, /* OBJ_id_smime_ct_contentInfo 1 2 840 113549 1 9 16 1 6 */ ++210, /* OBJ_id_smime_ct_DVCSRequestData 1 2 840 113549 1 9 16 1 7 */ ++211, /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */ ++786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ ++787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ ++212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ ++213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ ++214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ ++215, /* OBJ_id_smime_aa_contentHint 1 2 840 113549 1 9 16 2 4 */ ++216, /* OBJ_id_smime_aa_msgSigDigest 1 2 840 113549 1 9 16 2 5 */ ++217, /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */ ++218, /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */ ++219, /* OBJ_id_smime_aa_macValue 1 2 840 113549 1 9 16 2 8 */ ++220, /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */ ++221, /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */ ++222, /* OBJ_id_smime_aa_encrypKeyPref 1 2 840 113549 1 9 16 2 11 */ ++223, /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */ ++224, /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */ ++225, /* OBJ_id_smime_aa_timeStampToken 1 2 840 113549 1 9 16 2 14 */ ++226, /* OBJ_id_smime_aa_ets_sigPolicyId 1 2 840 113549 1 9 16 2 15 */ ++227, /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */ ++228, /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */ ++229, /* OBJ_id_smime_aa_ets_signerAttr 1 2 840 113549 1 9 16 2 18 */ ++230, /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */ ++231, /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */ ++232, /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */ ++233, /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */ ++234, /* OBJ_id_smime_aa_ets_certValues 1 2 840 113549 1 9 16 2 23 */ ++235, /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */ ++236, /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */ ++237, /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */ ++238, /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */ ++239, /* OBJ_id_smime_aa_signatureType 1 2 840 113549 1 9 16 2 28 */ ++240, /* OBJ_id_smime_aa_dvcs_dvc 1 2 840 113549 1 9 16 2 29 */ ++241, /* OBJ_id_smime_alg_ESDHwith3DES 1 2 840 113549 1 9 16 3 1 */ ++242, /* OBJ_id_smime_alg_ESDHwithRC2 1 2 840 113549 1 9 16 3 2 */ ++243, /* OBJ_id_smime_alg_3DESwrap 1 2 840 113549 1 9 16 3 3 */ ++244, /* OBJ_id_smime_alg_RC2wrap 1 2 840 113549 1 9 16 3 4 */ ++245, /* OBJ_id_smime_alg_ESDH 1 2 840 113549 1 9 16 3 5 */ ++246, /* OBJ_id_smime_alg_CMS3DESwrap 1 2 840 113549 1 9 16 3 6 */ ++247, /* OBJ_id_smime_alg_CMSRC2wrap 1 2 840 113549 1 9 16 3 7 */ ++125, /* OBJ_zlib_compression 1 2 840 113549 1 9 16 3 8 */ ++893, /* OBJ_id_alg_PWRI_KEK 1 2 840 113549 1 9 16 3 9 */ ++248, /* OBJ_id_smime_cd_ldap 1 2 840 113549 1 9 16 4 1 */ ++249, /* OBJ_id_smime_spq_ets_sqt_uri 1 2 840 113549 1 9 16 5 1 */ ++250, /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */ ++251, /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */ ++252, /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */ ++253, /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */ ++254, /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */ ++255, /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */ ++256, /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */ ++150, /* OBJ_keyBag 1 2 840 113549 1 12 10 1 1 */ ++151, /* OBJ_pkcs8ShroudedKeyBag 1 2 840 113549 1 12 10 1 2 */ ++152, /* OBJ_certBag 1 2 840 113549 1 12 10 1 3 */ ++153, /* OBJ_crlBag 1 2 840 113549 1 12 10 1 4 */ ++154, /* OBJ_secretBag 1 2 840 113549 1 12 10 1 5 */ ++155, /* OBJ_safeContentsBag 1 2 840 113549 1 12 10 1 6 */ ++34, /* OBJ_idea_cbc 1 3 6 1 4 1 188 7 1 1 2 */ ++955, /* OBJ_jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 1 */ ++956, /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */ ++957, /* OBJ_jurisdictionCountryName 1 3 6 1 4 1 311 60 2 1 3 */ + }; ++ +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +index 4677b67..238aaa5 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_err.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/objects/obj_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -30,14 +81,14 @@ static ERR_STRING_DATA OBJ_str_functs[] = { + }; + + static ERR_STRING_DATA OBJ_str_reasons[] = { +- {ERR_REASON(OBJ_R_OID_EXISTS), "oid exists"}, ++ {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"}, + {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"}, + {0, NULL} + }; + + #endif + +-int ERR_load_OBJ_strings(void) ++void ERR_load_OBJ_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -46,5 +97,4 @@ int ERR_load_OBJ_strings(void) + ERR_load_strings(0, OBJ_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lcl.h b/Cryptlib/OpenSSL/crypto/objects/obj_lcl.h +deleted file mode 100644 +index a417f7c..0000000 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_lcl.h ++++ /dev/null +@@ -1,14 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-typedef struct name_funcs_st NAME_FUNCS; +-DEFINE_STACK_OF(NAME_FUNCS) +-DEFINE_LHASH_OF(OBJ_NAME); +-typedef struct added_obj_st ADDED_OBJ; +-DEFINE_LHASH_OF(ADDED_OBJ); +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +index 33075e6..8851baf 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c +@@ -1,58 +1,127 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/objects/obj_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "internal/asn1_int.h" + + ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) + { + ASN1_OBJECT *r; ++ int i; ++ char *ln = NULL, *sn = NULL; ++ unsigned char *data = NULL; + + if (o == NULL) +- return NULL; +- /* If object isn't dynamic it's an internal OID which is never freed */ ++ return (NULL); + if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) +- return ((ASN1_OBJECT *)o); ++ return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication ++ * is this??? */ + + r = ASN1_OBJECT_new(); + if (r == NULL) { + OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB); + return (NULL); + } +- +- /* Set dynamic flags so everything gets freed up on error */ +- +- r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | +- ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | +- ASN1_OBJECT_FLAG_DYNAMIC_DATA); +- +- if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL) ++ data = OPENSSL_malloc(o->length); ++ if (data == NULL) + goto err; +- ++ if (o->data != NULL) ++ memcpy(data, o->data, o->length); ++ /* once data attached to object it remains const */ ++ r->data = data; + r->length = o->length; + r->nid = o->nid; ++ r->ln = r->sn = NULL; ++ if (o->ln != NULL) { ++ i = strlen(o->ln) + 1; ++ ln = OPENSSL_malloc(i); ++ if (ln == NULL) ++ goto err; ++ memcpy(ln, o->ln, i); ++ r->ln = ln; ++ } + +- if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL) +- goto err; +- +- if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL) +- goto err; +- +- return r; ++ if (o->sn != NULL) { ++ i = strlen(o->sn) + 1; ++ sn = OPENSSL_malloc(i); ++ if (sn == NULL) ++ goto err; ++ memcpy(sn, o->sn, i); ++ r->sn = sn; ++ } ++ r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | ++ ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ++ ASN1_OBJECT_FLAG_DYNAMIC_DATA); ++ return (r); + err: +- ASN1_OBJECT_free(r); + OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE); +- return NULL; ++ if (ln != NULL) ++ OPENSSL_free(ln); ++ if (sn != NULL) ++ OPENSSL_free(sn); ++ if (data != NULL) ++ OPENSSL_free(data); ++ if (r != NULL) ++ OPENSSL_free(r); ++ return (NULL); + } + + int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_xref.c b/Cryptlib/OpenSSL/crypto/objects/obj_xref.c +index 627f5bc..97b305d 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_xref.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_xref.c +@@ -1,17 +1,67 @@ ++/* crypto/objects/obj_xref.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include "obj_xref.h" +-#include "e_os.h" + +-static STACK_OF(nid_triple) *sig_app, *sigx_app; ++DECLARE_STACK_OF(nid_triple) ++STACK_OF(nid_triple) *sig_app, *sigx_app; + + static int sig_cmp(const nid_triple *a, const nid_triple *b) + { +@@ -52,7 +102,8 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) + } + #ifndef OBJ_XREF_TEST2 + if (rv == NULL) { +- rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt)); ++ rv = OBJ_bsearch_sig(&tmp, sigoid_srt, ++ sizeof(sigoid_srt) / sizeof(nid_triple)); + } + #endif + if (rv == NULL) +@@ -82,7 +133,9 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) + } + #ifndef OBJ_XREF_TEST2 + if (rv == NULL) { +- rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref)); ++ rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, ++ sizeof(sigoid_srt_xref) / sizeof(nid_triple *) ++ ); + } + #endif + if (rv == NULL) +@@ -95,16 +148,16 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) + int OBJ_add_sigid(int signid, int dig_id, int pkey_id) + { + nid_triple *ntr; +- if (sig_app == NULL) ++ if (!sig_app) + sig_app = sk_nid_triple_new(sig_sk_cmp); +- if (sig_app == NULL) ++ if (!sig_app) + return 0; +- if (sigx_app == NULL) ++ if (!sigx_app) + sigx_app = sk_nid_triple_new(sigx_cmp); +- if (sigx_app == NULL) ++ if (!sigx_app) + return 0; +- ntr = OPENSSL_malloc(sizeof(*ntr)); +- if (ntr == NULL) ++ ntr = OPENSSL_malloc(sizeof(int) * 3); ++ if (!ntr) + return 0; + ntr->sign_id = signid; + ntr->hash_id = dig_id; +@@ -131,10 +184,14 @@ static void sid_free(nid_triple *tt) + + void OBJ_sigid_free(void) + { +- sk_nid_triple_pop_free(sig_app, sid_free); +- sig_app = NULL; +- sk_nid_triple_free(sigx_app); +- sigx_app = NULL; ++ if (sig_app) { ++ sk_nid_triple_pop_free(sig_app, sid_free); ++ sig_app = NULL; ++ } ++ if (sigx_app) { ++ sk_nid_triple_free(sigx_app); ++ sigx_app = NULL; ++ } + } + + #ifdef OBJ_XREF_TEST +@@ -145,12 +202,12 @@ main() + + int i, rv; + # ifdef OBJ_XREF_TEST2 +- for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { ++ for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { + OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]); + } + # endif + +- for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { ++ for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { + n1 = sigoid_srt[i][0]; + rv = OBJ_find_sigid_algs(n1, &n2, &n3); + printf("Forward: %d, %s %s %s\n", rv, +diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_xref.h b/Cryptlib/OpenSSL/crypto/objects/obj_xref.h +index d09aa71..e453e99 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_xref.h ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_xref.h +@@ -1,15 +1,4 @@ +-/* +- * WARNING: do not edit! +- * Generated by objxref.pl +- * +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- ++/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ + + typedef struct { + int sign_id; +@@ -17,8 +6,6 @@ typedef struct { + int pkey_id; + } nid_triple; + +-DEFINE_STACK_OF(nid_triple) +- + static const nid_triple sigoid_srt[] = { + {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, + {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, +@@ -69,10 +56,6 @@ static const nid_triple sigoid_srt[] = { + NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, + NID_dh_cofactor_kdf}, +- {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256, +- NID_id_GostR3410_2012_256}, +- {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512, +- NID_id_GostR3410_2012_512}, + }; + + static const nid_triple *const sigoid_srt_xref[] = { +@@ -113,6 +96,4 @@ static const nid_triple *const sigoid_srt_xref[] = { + &sigoid_srt[26], + &sigoid_srt[27], + &sigoid_srt[28], +- &sigoid_srt[40], +- &sigoid_srt[41], + }; +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c +index 1e0b827..e2e52e7 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c +@@ -1,19 +1,67 @@ ++/* ocsp_asn.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + #include + #include + #include +-#include "ocsp_lcl.h" + + ASN1_SEQUENCE(OCSP_SIGNATURE) = { +- ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), ++ ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) + } ASN1_SEQUENCE_END(OCSP_SIGNATURE) +@@ -21,10 +69,10 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = { + IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) + + ASN1_SEQUENCE(OCSP_CERTID) = { +- ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), +- ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), +- ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), +- ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER) ++ ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), ++ ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), ++ ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) + } ASN1_SEQUENCE_END(OCSP_CERTID) + + IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) +@@ -46,7 +94,7 @@ ASN1_SEQUENCE(OCSP_REQINFO) = { + IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) + + ASN1_SEQUENCE(OCSP_REQUEST) = { +- ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), ++ ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), + ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) + } ASN1_SEQUENCE_END(OCSP_REQUEST) + +@@ -102,7 +150,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) + + ASN1_SEQUENCE(OCSP_RESPDATA) = { + ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), +- ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID), ++ ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), + ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), + ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) +@@ -111,8 +159,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = { + IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) + + ASN1_SEQUENCE(OCSP_BASICRESP) = { +- ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), +- ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), ++ ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), ++ ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), + ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) + } ASN1_SEQUENCE_END(OCSP_BASICRESP) +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +index a42b80f..fca7db0 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c +@@ -1,21 +1,78 @@ ++/* ocsp_cl.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ ++ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include + #include ++#include + #include + #include + #include + #include +-#include "ocsp_lcl.h" + + /* + * Utility functions related to sending OCSP requests and extracting relevant +@@ -31,11 +88,12 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) + { + OCSP_ONEREQ *one = NULL; + +- if ((one = OCSP_ONEREQ_new()) == NULL) +- return NULL; +- OCSP_CERTID_free(one->reqCert); ++ if (!(one = OCSP_ONEREQ_new())) ++ goto err; ++ if (one->reqCert) ++ OCSP_CERTID_free(one->reqCert); + one->reqCert = cid; +- if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) { ++ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) { + one->reqCert = NULL; /* do not free on error */ + goto err; + } +@@ -50,7 +108,6 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) + int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) + { + GENERAL_NAME *gen; +- + gen = GENERAL_NAME_new(); + if (gen == NULL) + return 0; +@@ -59,8 +116,9 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) + return 0; + } + gen->type = GEN_DIRNAME; +- GENERAL_NAME_free(req->tbsRequest.requestorName); +- req->tbsRequest.requestorName = gen; ++ if (req->tbsRequest->requestorName) ++ GENERAL_NAME_free(req->tbsRequest->requestorName); ++ req->tbsRequest->requestorName = gen; + return 1; + } + +@@ -69,25 +127,24 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) + int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) + { + OCSP_SIGNATURE *sig; +- if (req->optionalSignature == NULL) ++ if (!req->optionalSignature) + req->optionalSignature = OCSP_SIGNATURE_new(); + sig = req->optionalSignature; +- if (sig == NULL) ++ if (!sig) + return 0; +- if (cert == NULL) ++ if (!cert) + return 1; +- if (sig->certs == NULL +- && (sig->certs = sk_X509_new_null()) == NULL) ++ if (!sig->certs && !(sig->certs = sk_X509_new_null())) + return 0; + + if (!sk_X509_push(sig->certs, cert)) + return 0; +- X509_up_ref(cert); ++ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + return 1; + } + + /* +- * Sign an OCSP request set the requestorName to the subject name of an ++ * Sign an OCSP request set the requestorName to the subjec name of an + * optional signers certificate and include one or more optional certificates + * in the request. Behaves like PKCS7_sign(). + */ +@@ -99,12 +156,13 @@ int OCSP_request_sign(OCSP_REQUEST *req, + STACK_OF(X509) *certs, unsigned long flags) + { + int i; ++ OCSP_SIGNATURE *sig; + X509 *x; + + if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) + goto err; + +- if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) ++ if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) + goto err; + if (key) { + if (!X509_check_private_key(signer, key)) { +@@ -161,20 +219,15 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) + return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); + } + +-const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) +-{ +- return bs->signature; +-} +- + /* +- * Return number of OCSP_SINGLERESP responses present in a basic response. ++ * Return number of OCSP_SINGLERESP reponses present in a basic response. + */ + + int OCSP_resp_count(OCSP_BASICRESP *bs) + { + if (!bs) + return -1; +- return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses); ++ return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); + } + + /* Extract an OCSP_SINGLERESP response with a given index */ +@@ -183,35 +236,7 @@ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) + { + if (!bs) + return NULL; +- return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx); +-} +- +-const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs) +-{ +- return bs->tbsResponseData.producedAt; +-} +- +-const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) +-{ +- return bs->certs; +-} +- +-int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, +- const ASN1_OCTET_STRING **pid, +- const X509_NAME **pname) +- +-{ +- const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; +- if (rid->type == V_OCSP_RESPID_NAME) { +- *pname = rid->value.byName; +- *pid = NULL; +- } else if (rid->type == V_OCSP_RESPID_KEY) { +- *pid = rid->value.byKey; +- *pname = NULL; +- } else { +- return 0; +- } +- return 1; ++ return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); + } + + /* Look single response matching a given certificate ID */ +@@ -227,7 +252,7 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) + last = 0; + else + last++; +- sresp = bs->tbsResponseData.responses; ++ sresp = bs->tbsResponseData->responses; + for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) { + single = sk_OCSP_SINGLERESP_value(sresp, i); + if (!OCSP_id_cmp(id, single->certId)) +@@ -297,7 +322,7 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + + /* + * Check validity of thisUpdate and nextUpdate fields. It is possible that +- * the request will take a few seconds to process and/or the time won't be ++ * the request will take a few seconds to process and/or the time wont be + * totally accurate. Therefore to avoid rejecting otherwise valid time we + * allow the times to be within 'nsec' of the current time. Also to avoid + * accepting very old responses without a nextUpdate field an optional maxage +@@ -358,8 +383,3 @@ int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + + return ret; + } +- +-const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) +-{ +- return single->certId; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +index a2d96e9..722043c 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/ocsp/ocsp_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,25 +70,30 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) + + static ERR_STRING_DATA OCSP_str_functs[] = { +- {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "d2i_ocsp_nonce"}, ++ {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, ++ {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, + {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, + {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, +- {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "ocsp_check_delegated"}, +- {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "ocsp_check_ids"}, +- {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "ocsp_check_issuer"}, ++ {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, ++ {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, ++ {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, + {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, +- {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "ocsp_match_issuerid"}, ++ {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, + {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, + {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, + {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, + {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, +- {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "parse_http_line1"}, ++ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, ++ {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, ++ {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, ++ {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, + {0, NULL} + }; + + static ERR_STRING_DATA OCSP_str_reasons[] = { ++ {ERR_REASON(OCSP_R_BAD_DATA), "bad data"}, + {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"}, + {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), +@@ -51,18 +107,21 @@ static ERR_STRING_DATA OCSP_str_reasons[] = { + "nextupdate before thisupdate"}, + {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"}, + {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, ++ {ERR_REASON(OCSP_R_NO_CONTENT), "no content"}, ++ {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"}, + {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"}, + {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"}, +- {ERR_REASON(OCSP_R_NO_SIGNER_KEY), "no signer key"}, + {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate"}, + {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"}, + {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), + "response contains no revocation data"}, + {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"}, ++ {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), + "server response parse error"}, ++ {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"}, + {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"}, + {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), + "signer certificate not found"}, +@@ -78,7 +137,7 @@ static ERR_STRING_DATA OCSP_str_reasons[] = { + + #endif + +-int ERR_load_OCSP_strings(void) ++void ERR_load_OCSP_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -87,5 +146,4 @@ int ERR_load_OCSP_strings(void) + ERR_load_strings(0, OCSP_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +index b829b2e..55af31b 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c +@@ -1,18 +1,74 @@ ++/* ocsp_ext.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ ++ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include + #include + #include + #include +-#include "ocsp_lcl.h" + #include + #include + +@@ -22,53 +78,53 @@ + + int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) + { +- return (X509v3_get_ext_count(x->tbsRequest.requestExtensions)); ++ return (X509v3_get_ext_count(x->tbsRequest->requestExtensions)); + } + + int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) + { + return (X509v3_get_ext_by_NID +- (x->tbsRequest.requestExtensions, nid, lastpos)); ++ (x->tbsRequest->requestExtensions, nid, lastpos)); + } + +-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, ++int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, + int lastpos) + { + return (X509v3_get_ext_by_OBJ +- (x->tbsRequest.requestExtensions, obj, lastpos)); ++ (x->tbsRequest->requestExtensions, obj, lastpos)); + } + + int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) + { + return (X509v3_get_ext_by_critical +- (x->tbsRequest.requestExtensions, crit, lastpos)); ++ (x->tbsRequest->requestExtensions, crit, lastpos)); + } + + X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) + { +- return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc)); ++ return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc)); + } + + X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) + { +- return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc)); ++ return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc)); + } + + void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) + { +- return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx); ++ return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); + } + + int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags) + { +- return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value, ++ return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, + crit, flags); + } + + int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) + { +- return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != ++ return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != + NULL); + } + +@@ -84,8 +140,7 @@ int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) + return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos)); + } + +-int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, +- int lastpos) ++int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos) + { + return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos)); + } +@@ -127,56 +182,56 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) + + int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) + { +- return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions)); ++ return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); + } + + int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) + { + return (X509v3_get_ext_by_NID +- (x->tbsResponseData.responseExtensions, nid, lastpos)); ++ (x->tbsResponseData->responseExtensions, nid, lastpos)); + } + +-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, ++int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, + int lastpos) + { + return (X509v3_get_ext_by_OBJ +- (x->tbsResponseData.responseExtensions, obj, lastpos)); ++ (x->tbsResponseData->responseExtensions, obj, lastpos)); + } + + int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos) + { + return (X509v3_get_ext_by_critical +- (x->tbsResponseData.responseExtensions, crit, lastpos)); ++ (x->tbsResponseData->responseExtensions, crit, lastpos)); + } + + X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) + { +- return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc)); ++ return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc)); + } + + X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) + { +- return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc)); ++ return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc)); + } + + void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx) + { +- return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit, ++ return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, + idx); + } + + int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags) + { +- return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid, ++ return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, + value, crit, flags); + } + + int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) + { +- return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc) ++ return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc) + != NULL); + } + +@@ -192,7 +247,7 @@ int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) + return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos)); + } + +-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, ++int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, + int lastpos) + { + return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos)); +@@ -232,11 +287,54 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) + } + + /* also CRL Entry Extensions */ ++#if 0 ++ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, ++ void *data, STACK_OF(ASN1_OBJECT) *sk) ++{ ++ int i; ++ unsigned char *p, *b = NULL; ++ ++ if (data) { ++ if ((i = i2d(data, NULL)) <= 0) ++ goto err; ++ if (!(b = p = OPENSSL_malloc((unsigned int)i))) ++ goto err; ++ if (i2d(data, &p) <= 0) ++ goto err; ++ } else if (sk) { ++ if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, ++ (I2D_OF(ASN1_OBJECT)) i2d, ++ V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL, ++ IS_SEQUENCE)) <= 0) ++ goto err; ++ if (!(b = p = OPENSSL_malloc((unsigned int)i))) ++ goto err; ++ if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d, ++ V_ASN1_SEQUENCE, ++ V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) ++ goto err; ++ } else { ++ OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); ++ goto err; ++ } ++ if (!s && !(s = ASN1_STRING_new())) ++ goto err; ++ if (!(ASN1_STRING_set(s, b, i))) ++ goto err; ++ OPENSSL_free(b); ++ return s; ++ err: ++ if (b) ++ OPENSSL_free(b); ++ return NULL; ++} ++#endif + + /* Nonce handling functions */ + + /* +- * Add a nonce to an extension stack. A nonce can be specified or if NULL a ++ * Add a nonce to an extension stack. A nonce can be specificed or if NULL a + * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an + * OCTET STRING containing the nonce, previous versions used the raw nonce. + */ +@@ -256,9 +354,6 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, + * relies on library internals. + */ + os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); +- if (os.length < 0) +- return 0; +- + os.data = OPENSSL_malloc(os.length); + if (os.data == NULL) + goto err; +@@ -273,7 +368,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, + goto err; + ret = 1; + err: +- OPENSSL_free(os.data); ++ if (os.data) ++ OPENSSL_free(os.data); + return ret; + } + +@@ -281,14 +377,14 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, + + int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) + { +- return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len); ++ return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); + } + + /* Same as above but for a response */ + + int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) + { +- return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val, ++ return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, + len); + } + +@@ -334,8 +430,7 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) + */ + req_ext = OCSP_REQUEST_get_ext(req, req_idx); + resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); +- if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext), +- X509_EXTENSION_get_data(resp_ext))) ++ if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) + return 0; + return 1; + } +@@ -357,34 +452,35 @@ int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) + return OCSP_BASICRESP_add_ext(resp, req_ext, -1); + } + +-X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim) ++X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) + { + X509_EXTENSION *x = NULL; + OCSP_CRLID *cid = NULL; + +- if ((cid = OCSP_CRLID_new()) == NULL) ++ if (!(cid = OCSP_CRLID_new())) + goto err; + if (url) { +- if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL) ++ if (!(cid->crlUrl = ASN1_IA5STRING_new())) + goto err; + if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) + goto err; + } + if (n) { +- if ((cid->crlNum = ASN1_INTEGER_new()) == NULL) ++ if (!(cid->crlNum = ASN1_INTEGER_new())) + goto err; + if (!(ASN1_INTEGER_set(cid->crlNum, *n))) + goto err; + } + if (tim) { +- if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL) ++ if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) + goto err; + if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) + goto err; + } + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); + err: +- OCSP_CRLID_free(cid); ++ if (cid) ++ OCSP_CRLID_free(cid); + return x; + } + +@@ -396,7 +492,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) + ASN1_OBJECT *o = NULL; + X509_EXTENSION *x = NULL; + +- if ((sk = sk_ASN1_OBJECT_new_null()) == NULL) ++ if (!(sk = sk_ASN1_OBJECT_new_null())) + goto err; + while (oids && *oids) { + if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid))) +@@ -405,7 +501,8 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) + } + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); + err: +- sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); ++ if (sk) ++ sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); + return x; + } + +@@ -415,13 +512,14 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) + X509_EXTENSION *x = NULL; + ASN1_GENERALIZEDTIME *gt = NULL; + +- if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL) ++ if (!(gt = ASN1_GENERALIZEDTIME_new())) + goto err; + if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) + goto err; + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); + err: +- ASN1_GENERALIZEDTIME_free(gt); ++ if (gt) ++ ASN1_GENERALIZEDTIME_free(gt); + return x; + } + +@@ -430,43 +528,39 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) + * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This method + * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. + */ +-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls) ++X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls) + { + X509_EXTENSION *x = NULL; + ASN1_IA5STRING *ia5 = NULL; + OCSP_SERVICELOC *sloc = NULL; + ACCESS_DESCRIPTION *ad = NULL; + +- if ((sloc = OCSP_SERVICELOC_new()) == NULL) ++ if (!(sloc = OCSP_SERVICELOC_new())) + goto err; +- if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL) ++ if (!(sloc->issuer = X509_NAME_dup(issuer))) + goto err; +- if (urls && *urls +- && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL) ++ if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) + goto err; + while (urls && *urls) { +- if ((ad = ACCESS_DESCRIPTION_new()) == NULL) ++ if (!(ad = ACCESS_DESCRIPTION_new())) + goto err; +- if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL) ++ if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP))) + goto err; +- if ((ad->location = GENERAL_NAME_new()) == NULL) ++ if (!(ad->location = GENERAL_NAME_new())) + goto err; +- if ((ia5 = ASN1_IA5STRING_new()) == NULL) ++ if (!(ia5 = ASN1_IA5STRING_new())) + goto err; + if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) + goto err; + ad->location->type = GEN_URI; + ad->location->d.ia5 = ia5; +- ia5 = NULL; + if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) + goto err; +- ad = NULL; + urls++; + } + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); + err: +- ASN1_IA5STRING_free(ia5); +- ACCESS_DESCRIPTION_free(ad); +- OCSP_SERVICELOC_free(sloc); ++ if (sloc) ++ OCSP_SERVICELOC_free(sloc); + return x; + } +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +index 680edfa..88b26b3 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c +@@ -1,10 +1,60 @@ ++/* ocsp_ht.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -16,6 +66,9 @@ + #include + #include + #include ++#ifdef OPENSSL_SYS_SUNOS ++# define strtoul (unsigned long)strtol ++#endif /* OPENSSL_SYS_SUNOS */ + + /* Stateful OCSP request code, supporting non-blocking I/O */ + +@@ -63,20 +116,21 @@ static int parse_http_line1(char *line); + + OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) + { +- OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx)); +- +- if (rctx == NULL) ++ OCSP_REQ_CTX *rctx; ++ rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); ++ if (!rctx) + return NULL; + rctx->state = OHS_ERROR; + rctx->max_resp_len = OCSP_MAX_RESP_LENGTH; + rctx->mem = BIO_new(BIO_s_mem()); + rctx->io = io; ++ rctx->asn1_len = 0; + if (maxline > 0) + rctx->iobuflen = maxline; + else + rctx->iobuflen = OCSP_MAX_LINE_LEN; + rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); +- if (rctx->iobuf == NULL || rctx->mem == NULL) { ++ if (!rctx->iobuf || !rctx->mem) { + OCSP_REQ_CTX_free(rctx); + return NULL; + } +@@ -85,10 +139,10 @@ OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) + + void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) + { +- if (!rctx) +- return; +- BIO_free(rctx->mem); +- OPENSSL_free(rctx->iobuf); ++ if (rctx->mem) ++ BIO_free(rctx->mem); ++ if (rctx->iobuf) ++ OPENSSL_free(rctx->iobuf); + OPENSSL_free(rctx); + } + +@@ -182,7 +236,7 @@ OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + + OCSP_REQ_CTX *rctx = NULL; + rctx = OCSP_REQ_CTX_new(io, maxline); +- if (rctx == NULL) ++ if (!rctx) + return NULL; + + if (!OCSP_REQ_CTX_http(rctx, "POST", path)) +@@ -457,6 +511,8 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) + rctx->state = OHS_DONE; + return 1; + ++ break; ++ + case OHS_DONE: + return 1; + +@@ -483,7 +539,7 @@ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) + + ctx = OCSP_sendreq_new(b, path, req, -1); + +- if (ctx == NULL) ++ if (!ctx) + return NULL; + + do { +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h +deleted file mode 100644 +index f93a268..0000000 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lcl.h ++++ /dev/null +@@ -1,216 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/*- CertID ::= SEQUENCE { +- * hashAlgorithm AlgorithmIdentifier, +- * issuerNameHash OCTET STRING, -- Hash of Issuer's DN +- * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) +- * serialNumber CertificateSerialNumber } +- */ +-struct ocsp_cert_id_st { +- X509_ALGOR hashAlgorithm; +- ASN1_OCTET_STRING issuerNameHash; +- ASN1_OCTET_STRING issuerKeyHash; +- ASN1_INTEGER serialNumber; +-}; +- +-/*- Request ::= SEQUENCE { +- * reqCert CertID, +- * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } +- */ +-struct ocsp_one_request_st { +- OCSP_CERTID *reqCert; +- STACK_OF(X509_EXTENSION) *singleRequestExtensions; +-}; +- +-/*- TBSRequest ::= SEQUENCE { +- * version [0] EXPLICIT Version DEFAULT v1, +- * requestorName [1] EXPLICIT GeneralName OPTIONAL, +- * requestList SEQUENCE OF Request, +- * requestExtensions [2] EXPLICIT Extensions OPTIONAL } +- */ +-struct ocsp_req_info_st { +- ASN1_INTEGER *version; +- GENERAL_NAME *requestorName; +- STACK_OF(OCSP_ONEREQ) *requestList; +- STACK_OF(X509_EXTENSION) *requestExtensions; +-}; +- +-/*- Signature ::= SEQUENCE { +- * signatureAlgorithm AlgorithmIdentifier, +- * signature BIT STRING, +- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } +- */ +-struct ocsp_signature_st { +- X509_ALGOR signatureAlgorithm; +- ASN1_BIT_STRING *signature; +- STACK_OF(X509) *certs; +-}; +- +-/*- OCSPRequest ::= SEQUENCE { +- * tbsRequest TBSRequest, +- * optionalSignature [0] EXPLICIT Signature OPTIONAL } +- */ +-struct ocsp_request_st { +- OCSP_REQINFO tbsRequest; +- OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ +-}; +- +-/*- OCSPResponseStatus ::= ENUMERATED { +- * successful (0), --Response has valid confirmations +- * malformedRequest (1), --Illegal confirmation request +- * internalError (2), --Internal error in issuer +- * tryLater (3), --Try again later +- * --(4) is not used +- * sigRequired (5), --Must sign the request +- * unauthorized (6) --Request unauthorized +- * } +- */ +- +-/*- ResponseBytes ::= SEQUENCE { +- * responseType OBJECT IDENTIFIER, +- * response OCTET STRING } +- */ +-struct ocsp_resp_bytes_st { +- ASN1_OBJECT *responseType; +- ASN1_OCTET_STRING *response; +-}; +- +-/*- OCSPResponse ::= SEQUENCE { +- * responseStatus OCSPResponseStatus, +- * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } +- */ +-struct ocsp_response_st { +- ASN1_ENUMERATED *responseStatus; +- OCSP_RESPBYTES *responseBytes; +-}; +- +-/*- ResponderID ::= CHOICE { +- * byName [1] Name, +- * byKey [2] KeyHash } +- */ +-struct ocsp_responder_id_st { +- int type; +- union { +- X509_NAME *byName; +- ASN1_OCTET_STRING *byKey; +- } value; +-}; +- +-/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key +- * --(excluding the tag and length fields) +- */ +- +-/*- RevokedInfo ::= SEQUENCE { +- * revocationTime GeneralizedTime, +- * revocationReason [0] EXPLICIT CRLReason OPTIONAL } +- */ +-struct ocsp_revoked_info_st { +- ASN1_GENERALIZEDTIME *revocationTime; +- ASN1_ENUMERATED *revocationReason; +-}; +- +-/*- CertStatus ::= CHOICE { +- * good [0] IMPLICIT NULL, +- * revoked [1] IMPLICIT RevokedInfo, +- * unknown [2] IMPLICIT UnknownInfo } +- */ +-struct ocsp_cert_status_st { +- int type; +- union { +- ASN1_NULL *good; +- OCSP_REVOKEDINFO *revoked; +- ASN1_NULL *unknown; +- } value; +-}; +- +-/*- SingleResponse ::= SEQUENCE { +- * certID CertID, +- * certStatus CertStatus, +- * thisUpdate GeneralizedTime, +- * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, +- * singleExtensions [1] EXPLICIT Extensions OPTIONAL } +- */ +-struct ocsp_single_response_st { +- OCSP_CERTID *certId; +- OCSP_CERTSTATUS *certStatus; +- ASN1_GENERALIZEDTIME *thisUpdate; +- ASN1_GENERALIZEDTIME *nextUpdate; +- STACK_OF(X509_EXTENSION) *singleExtensions; +-}; +- +-/*- ResponseData ::= SEQUENCE { +- * version [0] EXPLICIT Version DEFAULT v1, +- * responderID ResponderID, +- * producedAt GeneralizedTime, +- * responses SEQUENCE OF SingleResponse, +- * responseExtensions [1] EXPLICIT Extensions OPTIONAL } +- */ +-struct ocsp_response_data_st { +- ASN1_INTEGER *version; +- OCSP_RESPID responderId; +- ASN1_GENERALIZEDTIME *producedAt; +- STACK_OF(OCSP_SINGLERESP) *responses; +- STACK_OF(X509_EXTENSION) *responseExtensions; +-}; +- +-/*- BasicOCSPResponse ::= SEQUENCE { +- * tbsResponseData ResponseData, +- * signatureAlgorithm AlgorithmIdentifier, +- * signature BIT STRING, +- * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } +- */ +- /* +- * Note 1: The value for "signature" is specified in the OCSP rfc2560 as +- * follows: "The value for the signature SHALL be computed on the hash of +- * the DER encoding ResponseData." This means that you must hash the +- * DER-encoded tbsResponseData, and then run it through a crypto-signing +- * function, which will (at least w/RSA) do a hash-'n'-private-encrypt +- * operation. This seems a bit odd, but that's the spec. Also note that +- * the data structures do not leave anywhere to independently specify the +- * algorithm used for the initial hash. So, we look at the +- * signature-specification algorithm, and try to do something intelligent. +- * -- Kathy Weinhold, CertCo +- */ +- /* +- * Note 2: It seems that the mentioned passage from RFC 2560 (section +- * 4.2.1) is open for interpretation. I've done tests against another +- * responder, and found that it doesn't do the double hashing that the RFC +- * seems to say one should. Therefore, all relevant functions take a flag +- * saying which variant should be used. -- Richard Levitte, OpenSSL team +- * and CeloCom +- */ +-struct ocsp_basic_response_st { +- OCSP_RESPDATA tbsResponseData; +- X509_ALGOR signatureAlgorithm; +- ASN1_BIT_STRING *signature; +- STACK_OF(X509) *certs; +-}; +- +-/*- +- * CrlID ::= SEQUENCE { +- * crlUrl [0] EXPLICIT IA5String OPTIONAL, +- * crlNum [1] EXPLICIT INTEGER OPTIONAL, +- * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } +- */ +-struct ocsp_crl_id_st { +- ASN1_IA5STRING *crlUrl; +- ASN1_INTEGER *crlNum; +- ASN1_GENERALIZEDTIME *crlTime; +-}; +- +-/*- +- * ServiceLocator ::= SEQUENCE { +- * issuer Name, +- * locator AuthorityInfoAccessSyntax OPTIONAL } +- */ +-struct ocsp_service_locator_st { +- X509_NAME *issuer; +- STACK_OF(ACCESS_DESCRIPTION) *locator; +-}; +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +index 8edd70a..ff781e5 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c +@@ -1,35 +1,93 @@ ++/* ocsp_lib.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ ++ ++/* ++ * History: This file was transfered to Richard Levitte from CertCo by Kathy ++ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a ++ * patch kit. ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include + #include ++#include + #include + #include + #include + #include +-#include "ocsp_lcl.h" + #include + + /* Convert a certificate and its issuer to an OCSP_CERTID */ + +-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, +- const X509 *issuer) ++OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) + { + X509_NAME *iname; +- const ASN1_INTEGER *serial; ++ ASN1_INTEGER *serial; + ASN1_BIT_STRING *ikey; ++#ifndef OPENSSL_NO_SHA1 + if (!dgst) + dgst = EVP_sha1(); ++#endif + if (subject) { + iname = X509_get_issuer_name(subject); +- serial = X509_get0_serialNumber(subject); ++ serial = X509_get_serialNumber(subject); + } else { + iname = X509_get_subject_name(issuer); + serial = NULL; +@@ -39,9 +97,9 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + } + + OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, +- const X509_NAME *issuerName, +- const ASN1_BIT_STRING *issuerKey, +- const ASN1_INTEGER *serialNumber) ++ X509_NAME *issuerName, ++ ASN1_BIT_STRING *issuerKey, ++ ASN1_INTEGER *serialNumber) + { + int nid; + unsigned int i; +@@ -49,16 +107,17 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + OCSP_CERTID *cid = NULL; + unsigned char md[EVP_MAX_MD_SIZE]; + +- if ((cid = OCSP_CERTID_new()) == NULL) ++ if (!(cid = OCSP_CERTID_new())) + goto err; + +- alg = &cid->hashAlgorithm; +- ASN1_OBJECT_free(alg->algorithm); ++ alg = cid->hashAlgorithm; ++ if (alg->algorithm != NULL) ++ ASN1_OBJECT_free(alg->algorithm); + if ((nid = EVP_MD_type(dgst)) == NID_undef) { + OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); + goto err; + } +- if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) ++ if (!(alg->algorithm = OBJ_nid2obj(nid))) + goto err; + if ((alg->parameter = ASN1_TYPE_new()) == NULL) + goto err; +@@ -66,38 +125,40 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, + + if (!X509_NAME_digest(issuerName, dgst, md, &i)) + goto digerr; +- if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) ++ if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) + goto err; + + /* Calculate the issuerKey hash, excluding tag and length */ + if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) + goto err; + +- if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) ++ if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) + goto err; + + if (serialNumber) { +- if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) ++ ASN1_INTEGER_free(cid->serialNumber); ++ if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) + goto err; + } + return cid; + digerr: + OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); + err: +- OCSP_CERTID_free(cid); ++ if (cid) ++ OCSP_CERTID_free(cid); + return NULL; + } + + int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) + { + int ret; +- ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); ++ ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); + if (ret) + return ret; +- ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); ++ ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); + if (ret) + return ret; +- return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); ++ return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); + } + + int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) +@@ -106,7 +167,7 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) + ret = OCSP_id_issuer_cmp(a, b); + if (ret) + return ret; +- return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); ++ return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); + } + + /* +@@ -126,7 +187,7 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + *ppath = NULL; + + /* dup the buffer since we are going to mess with it */ +- buf = OPENSSL_strdup(url); ++ buf = BUF_strdup(url); + if (!buf) + goto mem_err; + +@@ -138,10 +199,10 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + + *(p++) = '\0'; + +- if (strcmp(buf, "http") == 0) { ++ if (!strcmp(buf, "http")) { + *pssl = 0; + port = "80"; +- } else if (strcmp(buf, "https") == 0) { ++ } else if (!strcmp(buf, "https")) { + *pssl = 1; + port = "443"; + } else +@@ -160,9 +221,9 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + p = strchr(p, '/'); + + if (!p) +- *ppath = OPENSSL_strdup("/"); ++ *ppath = BUF_strdup("/"); + else { +- *ppath = OPENSSL_strdup(p); ++ *ppath = BUF_strdup(p); + /* Set start of path to 0 so hostname is valid */ + *p = '\0'; + } +@@ -187,11 +248,11 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + port = p + 1; + } + +- *pport = OPENSSL_strdup(port); ++ *pport = BUF_strdup(port); + if (!*pport) + goto mem_err; + +- *phost = OPENSSL_strdup(host); ++ *phost = BUF_strdup(host); + + if (!*phost) + goto mem_err; +@@ -208,13 +269,20 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); + + err: +- OPENSSL_free(buf); +- OPENSSL_free(*ppath); +- *ppath = NULL; +- OPENSSL_free(*pport); +- *pport = NULL; +- OPENSSL_free(*phost); +- *phost = NULL; ++ if (buf) ++ OPENSSL_free(buf); ++ if (*ppath) { ++ OPENSSL_free(*ppath); ++ *ppath = NULL; ++ } ++ if (*pport) { ++ OPENSSL_free(*pport); ++ *pport = NULL; ++ } ++ if (*phost) { ++ OPENSSL_free(*phost); ++ *phost = NULL; ++ } + return 0; + + } +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +index 5605812..47d5f83 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c +@@ -1,17 +1,72 @@ ++/* ocsp_prn.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Tom Titchener for the OpenSSL ++ * project. ++ */ ++ ++/* ++ * History: This file was originally part of ocsp.c and was transfered to ++ * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be ++ * included in OpenSSL or released as a patch kit. ++ */ ++ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include +-#include "ocsp_lcl.h" +-#include "internal/cryptlib.h" + #include + + static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) +@@ -19,13 +74,13 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) + BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); + indent += 2; + BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); +- i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); ++ i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); + BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); +- i2a_ASN1_STRING(bp, &a->issuerNameHash, 0); ++ i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); + BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); +- i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0); ++ i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); + BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); +- i2a_ASN1_INTEGER(bp, &a->serialNumber); ++ i2a_ASN1_INTEGER(bp, a->serialNumber); + BIO_printf(bp, "\n"); + return 1; + } +@@ -35,17 +90,15 @@ typedef struct { + const char *m; + } OCSP_TBLSTR; + +-static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len) ++static const char *table2string(long s, const OCSP_TBLSTR *ts, int len) + { +- size_t i; +- for (i = 0; i < len; i++, ts++) +- if (ts->t == s) +- return ts->m; ++ const OCSP_TBLSTR *p; ++ for (p = ts; p < ts + len; p++) ++ if (p->t == s) ++ return p->m; + return "(UNKNOWN)"; + } + +-#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl)) +- + const char *OCSP_response_status_str(long s) + { + static const OCSP_TBLSTR rstat_tbl[] = { +@@ -56,7 +109,7 @@ const char *OCSP_response_status_str(long s) + {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"}, + {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"} + }; +- return table2string(s, rstat_tbl); ++ return table2string(s, rstat_tbl, 6); + } + + const char *OCSP_cert_status_str(long s) +@@ -66,7 +119,7 @@ const char *OCSP_cert_status_str(long s) + {V_OCSP_CERTSTATUS_REVOKED, "revoked"}, + {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"} + }; +- return table2string(s, cstat_tbl); ++ return table2string(s, cstat_tbl, 3); + } + + const char *OCSP_crl_reason_str(long s) +@@ -81,7 +134,7 @@ const char *OCSP_crl_reason_str(long s) + {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"}, + {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"} + }; +- return table2string(s, reason_tbl); ++ return table2string(s, reason_tbl, 8); + } + + int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) +@@ -90,7 +143,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) + long l; + OCSP_CERTID *cid = NULL; + OCSP_ONEREQ *one = NULL; +- OCSP_REQINFO *inf = &o->tbsRequest; ++ OCSP_REQINFO *inf = o->tbsRequest; + OCSP_SIGNATURE *sig = o->optionalSignature; + + if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) +@@ -118,7 +171,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) + inf->requestExtensions, flags, 4)) + goto err; + if (sig) { +- X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature); ++ X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); + for (i = 0; i < sk_X509_num(sig->certs); i++) { + X509_print(bp, sk_X509_value(sig->certs, i)); + PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); +@@ -161,20 +214,20 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) + + if ((br = OCSP_response_get1_basic(o)) == NULL) + goto err; +- rd = &br->tbsResponseData; ++ rd = br->tbsResponseData; + l = ASN1_INTEGER_get(rd->version); + if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0) + goto err; + if (BIO_puts(bp, " Responder Id: ") <= 0) + goto err; + +- rid = &rd->responderId; ++ rid = rd->responderId; + switch (rid->type) { + case V_OCSP_RESPID_NAME: + X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); + break; + case V_OCSP_RESPID_KEY: +- i2a_ASN1_STRING(bp, rid->value.byKey, 0); ++ i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); + break; + } + +@@ -231,7 +284,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) + if (!X509V3_extensions_print(bp, "Response Extensions", + rd->responseExtensions, flags, 4)) + goto err; +- if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0) ++ if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) + goto err; + + for (i = 0; i < sk_X509_num(br->certs); i++) { +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c +index 46a4bf7..2ec2c63 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c +@@ -1,20 +1,70 @@ ++/* ocsp_srv.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include + #include ++#include + #include + #include + #include + #include +-#include "ocsp_lcl.h" + + /* + * Utility functions related to sending OCSP responses and extracting +@@ -23,12 +73,12 @@ + + int OCSP_request_onereq_count(OCSP_REQUEST *req) + { +- return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList); ++ return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); + } + + OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) + { +- return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i); ++ return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); + } + + OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one) +@@ -43,13 +93,13 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + if (!cid) + return 0; + if (pmd) +- *pmd = cid->hashAlgorithm.algorithm; ++ *pmd = cid->hashAlgorithm->algorithm; + if (piNameHash) +- *piNameHash = &cid->issuerNameHash; ++ *piNameHash = cid->issuerNameHash; + if (pikeyHash) +- *pikeyHash = &cid->issuerKeyHash; ++ *pikeyHash = cid->issuerKeyHash; + if (pserial) +- *pserial = &cid->serialNumber; ++ *pserial = cid->serialNumber; + return 1; + } + +@@ -65,13 +115,13 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) + { + OCSP_RESPONSE *rsp = NULL; + +- if ((rsp = OCSP_RESPONSE_new()) == NULL) ++ if (!(rsp = OCSP_RESPONSE_new())) + goto err; + if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) + goto err; + if (!bs) + return rsp; +- if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL) ++ if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) + goto err; + rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); + if (!ASN1_item_pack +@@ -79,7 +129,8 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) + goto err; + return rsp; + err: +- OCSP_RESPONSE_free(rsp); ++ if (rsp) ++ OCSP_RESPONSE_free(rsp); + return NULL; + } + +@@ -94,12 +145,11 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSP_CERTSTATUS *cs; + OCSP_REVOKEDINFO *ri; + +- if (rsp->tbsResponseData.responses == NULL +- && (rsp->tbsResponseData.responses +- = sk_OCSP_SINGLERESP_new_null()) == NULL) ++ if (!rsp->tbsResponseData->responses && ++ !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) + goto err; + +- if ((single = OCSP_SINGLERESP_new()) == NULL) ++ if (!(single = OCSP_SINGLERESP_new())) + goto err; + + if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) +@@ -110,7 +160,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + + OCSP_CERTID_free(single->certId); + +- if ((single->certId = OCSP_CERTID_dup(cid)) == NULL) ++ if (!(single->certId = OCSP_CERTID_dup(cid))) + goto err; + + cs = single->certStatus; +@@ -120,12 +170,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME); + goto err; + } +- if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL) ++ if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) + goto err; + if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) + goto err; + if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { +- if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL) ++ if (!(ri->revocationReason = ASN1_ENUMERATED_new())) + goto err; + if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) + goto err; +@@ -133,20 +183,18 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + break; + + case V_OCSP_CERTSTATUS_GOOD: +- if ((cs->value.good = ASN1_NULL_new()) == NULL) +- goto err; ++ cs->value.good = ASN1_NULL_new(); + break; + + case V_OCSP_CERTSTATUS_UNKNOWN: +- if ((cs->value.unknown = ASN1_NULL_new()) == NULL) +- goto err; ++ cs->value.unknown = ASN1_NULL_new(); + break; + + default: + goto err; + + } +- if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single))) ++ if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) + goto err; + return single; + err: +@@ -158,13 +206,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, + + int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) + { +- if (resp->certs == NULL +- && (resp->certs = sk_X509_new_null()) == NULL) ++ if (!resp->certs && !(resp->certs = sk_X509_new_null())) + return 0; + + if (!sk_X509_push(resp->certs, cert)) + return 0; +- X509_up_ref(cert); ++ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + return 1; + } + +@@ -191,16 +238,23 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, + } + } + +- rid = &brsp->tbsResponseData.responderId; ++ rid = brsp->tbsResponseData->responderId; + if (flags & OCSP_RESPID_KEY) { +- if (!OCSP_RESPID_set_by_key(rid, signer)) ++ unsigned char md[SHA_DIGEST_LENGTH]; ++ X509_pubkey_digest(signer, EVP_sha1(), md, NULL); ++ if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) + goto err; +- } else if (!OCSP_RESPID_set_by_name(rid, signer)) { +- goto err; ++ if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) ++ goto err; ++ rid->type = V_OCSP_RESPID_KEY; ++ } else { ++ if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer))) ++ goto err; ++ rid->type = V_OCSP_RESPID_NAME; + } + + if (!(flags & OCSP_NOTIME) && +- !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0)) ++ !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + goto err; + + /* +@@ -215,63 +269,3 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, + err: + return 0; + } +- +-int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert) +-{ +- if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert))) +- return 0; +- +- respid->type = V_OCSP_RESPID_NAME; +- +- return 1; +-} +- +-int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert) +-{ +- ASN1_OCTET_STRING *byKey = NULL; +- unsigned char md[SHA_DIGEST_LENGTH]; +- +- /* RFC2560 requires SHA1 */ +- if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL)) +- return 0; +- +- byKey = ASN1_OCTET_STRING_new(); +- if (byKey == NULL) +- return 0; +- +- if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) { +- ASN1_OCTET_STRING_free(byKey); +- return 0; +- } +- +- respid->type = V_OCSP_RESPID_KEY; +- respid->value.byKey = byKey; +- +- return 1; +-} +- +-int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert) +-{ +- if (respid->type == V_OCSP_RESPID_KEY) { +- unsigned char md[SHA_DIGEST_LENGTH]; +- +- if (respid->value.byKey == NULL) +- return 0; +- +- /* RFC2560 requires SHA1 */ +- if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL)) +- return 0; +- +- return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH) +- && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md, +- SHA_DIGEST_LENGTH) == 0); +- } else if(respid->type == V_OCSP_RESPID_NAME) { +- if (respid->value.byName == NULL) +- return 0; +- +- return X509_NAME_cmp(respid->value.byName, +- X509_get_subject_name(cert)) == 0; +- } +- +- return 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +index e2cfa6d..d4a257c 100644 +--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c +@@ -1,29 +1,80 @@ ++/* ocsp_vfy.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "ocsp_lcl.h" + #include + #include + + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, +- STACK_OF(X509) *certs, unsigned long flags); ++ STACK_OF(X509) *certs, X509_STORE *st, ++ unsigned long flags); + static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); +-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain); ++static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, ++ unsigned long flags); + static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, + OCSP_CERTID **ret); + static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + STACK_OF(OCSP_SINGLERESP) *sresp); +-static int ocsp_check_delegated(X509 *x); ++static int ocsp_check_delegated(X509 *x, int flags); + static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, + X509_NAME *nm, STACK_OF(X509) *certs, +- unsigned long flags); ++ X509_STORE *st, unsigned long flags); + + /* Verify a basic response message */ + +@@ -33,30 +84,24 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509 *signer, *x; + STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; +- X509_STORE_CTX *ctx = NULL; +- int i, ret = ocsp_find_signer(&signer, bs, certs, flags); +- ++ X509_STORE_CTX ctx; ++ int i, ret = 0; ++ ret = ocsp_find_signer(&signer, bs, certs, st, flags); + if (!ret) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, + OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + goto end; + } +- ctx = X509_STORE_CTX_new(); +- if (ctx == NULL) { +- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); +- goto f_err; +- } + if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) + flags |= OCSP_NOVERIFY; + if (!(flags & OCSP_NOSIGS)) { + EVP_PKEY *skey; +- skey = X509_get0_pubkey(signer); +- if (skey == NULL) { +- OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY); +- goto err; ++ skey = X509_get_pubkey(signer); ++ if (skey) { ++ ret = OCSP_BASICRESP_verify(bs, skey, 0); ++ EVP_PKEY_free(skey); + } +- ret = OCSP_BASICRESP_verify(bs, skey, 0); +- if (ret <= 0) { ++ if (!skey || ret <= 0) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); + goto end; + } +@@ -70,23 +115,25 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE); +- goto f_err; ++ goto end; + } + } + } else { + untrusted = bs->certs; + } +- init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted); ++ init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); + if (!init_res) { ++ ret = -1; + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); +- goto f_err; ++ goto end; + } + +- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); +- ret = X509_verify_cert(ctx); +- chain = X509_STORE_CTX_get1_chain(ctx); ++ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); ++ ret = X509_verify_cert(&ctx); ++ chain = X509_STORE_CTX_get1_chain(&ctx); ++ X509_STORE_CTX_cleanup(&ctx); + if (ret <= 0) { +- i = X509_STORE_CTX_get_error(ctx); ++ i = X509_STORE_CTX_get_error(&ctx); + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, + OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", +@@ -101,7 +148,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + * At this point we have a valid certificate chain need to verify it + * against the OCSP issuer criteria. + */ +- ret = ocsp_check_issuer(bs, chain); ++ ret = ocsp_check_issuer(bs, chain, flags); + + /* If fatal error or valid match then finish */ + if (ret != 0) +@@ -117,30 +164,25 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + x = sk_X509_value(chain, sk_X509_num(chain) - 1); + if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) { + OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED); +- goto err; ++ goto end; + } + ret = 1; + } ++ + end: +- X509_STORE_CTX_free(ctx); +- sk_X509_pop_free(chain, X509_free); ++ if (chain) ++ sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); + return ret; +- +- err: +- ret = 0; +- goto end; +- f_err: +- ret = -1; +- goto end; + } + + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, +- STACK_OF(X509) *certs, unsigned long flags) ++ STACK_OF(X509) *certs, X509_STORE *st, ++ unsigned long flags) + { + X509 *signer; +- OCSP_RESPID *rid = &bs->tbsResponseData.responderId; ++ OCSP_RESPID *rid = bs->tbsResponseData->responderId; + if ((signer = ocsp_find_signer_sk(certs, rid))) { + *psigner = signer; + return 2; +@@ -182,13 +224,14 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) + return NULL; + } + +-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) ++static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, ++ unsigned long flags) + { + STACK_OF(OCSP_SINGLERESP) *sresp; + X509 *signer, *sca; + OCSP_CERTID *caid = NULL; + int i; +- sresp = bs->tbsResponseData.responses; ++ sresp = bs->tbsResponseData->responses; + + if (sk_X509_num(chain) <= 0) { + OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); +@@ -211,7 +254,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain) + return i; + if (i) { + /* We have a match, if extensions OK then success */ +- if (ocsp_check_delegated(signer)) ++ if (ocsp_check_delegated(signer, flags)) + return 1; + return 0; + } +@@ -248,9 +291,9 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) + tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; + /* Check to see if IDs match */ + if (OCSP_id_issuer_cmp(cid, tmpid)) { +- /* If algorithm mismatch let caller deal with it */ +- if (OBJ_cmp(tmpid->hashAlgorithm.algorithm, +- cid->hashAlgorithm.algorithm)) ++ /* If algoritm mismatch let caller deal with it */ ++ if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, ++ cid->hashAlgorithm->algorithm)) + return 2; + /* Else mismatch */ + return 0; +@@ -271,8 +314,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + X509_NAME *iname; + int mdlen; + unsigned char md[EVP_MAX_MD_SIZE]; +- if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm)) +- == NULL) { ++ if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) { + OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, + OCSP_R_UNKNOWN_MESSAGE_DIGEST); + return -1; +@@ -281,16 +323,16 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + mdlen = EVP_MD_size(dgst); + if (mdlen < 0) + return -1; +- if ((cid->issuerNameHash.length != mdlen) || +- (cid->issuerKeyHash.length != mdlen)) ++ if ((cid->issuerNameHash->length != mdlen) || ++ (cid->issuerKeyHash->length != mdlen)) + return 0; + iname = X509_get_subject_name(cert); + if (!X509_NAME_digest(iname, dgst, md, NULL)) + return -1; +- if (memcmp(md, cid->issuerNameHash.data, mdlen)) ++ if (memcmp(md, cid->issuerNameHash->data, mdlen)) + return 0; + X509_pubkey_digest(cert, dgst, md, NULL); +- if (memcmp(md, cid->issuerKeyHash.data, mdlen)) ++ if (memcmp(md, cid->issuerKeyHash->data, mdlen)) + return 0; + + return 1; +@@ -310,10 +352,10 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + + } + +-static int ocsp_check_delegated(X509 *x) ++static int ocsp_check_delegated(X509 *x, int flags) + { +- if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE) +- && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN)) ++ X509_check_purpose(x, -1, 0); ++ if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN)) + return 1; + OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); + return 0; +@@ -331,80 +373,68 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509 *signer; + X509_NAME *nm; + GENERAL_NAME *gen; +- int ret = 0; +- X509_STORE_CTX *ctx = X509_STORE_CTX_new(); +- +- if (ctx == NULL) { +- OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ++ int ret; ++ X509_STORE_CTX ctx; + if (!req->optionalSignature) { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); +- goto err; ++ return 0; + } +- gen = req->tbsRequest.requestorName; ++ gen = req->tbsRequest->requestorName; + if (!gen || gen->type != GEN_DIRNAME) { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, + OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); +- goto err; ++ return 0; + } + nm = gen->d.directoryName; +- ret = ocsp_req_find_signer(&signer, req, nm, certs, flags); ++ ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); + if (ret <= 0) { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, + OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); +- goto err; ++ return 0; + } + if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) + flags |= OCSP_NOVERIFY; + if (!(flags & OCSP_NOSIGS)) { + EVP_PKEY *skey; +- skey = X509_get0_pubkey(signer); ++ skey = X509_get_pubkey(signer); + ret = OCSP_REQUEST_verify(req, skey); ++ EVP_PKEY_free(skey); + if (ret <= 0) { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); +- goto err; ++ return 0; + } + } + if (!(flags & OCSP_NOVERIFY)) { + int init_res; + if (flags & OCSP_NOCHAIN) +- init_res = X509_STORE_CTX_init(ctx, store, signer, NULL); ++ init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); + else +- init_res = X509_STORE_CTX_init(ctx, store, signer, ++ init_res = X509_STORE_CTX_init(&ctx, store, signer, + req->optionalSignature->certs); + if (!init_res) { + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); +- goto err; ++ return 0; + } + +- X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER); +- X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST); +- ret = X509_verify_cert(ctx); ++ X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); ++ X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); ++ ret = X509_verify_cert(&ctx); ++ X509_STORE_CTX_cleanup(&ctx); + if (ret <= 0) { +- ret = X509_STORE_CTX_get_error(ctx); ++ ret = X509_STORE_CTX_get_error(&ctx); + OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, + OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(ret)); +- goto err; ++ return 0; + } + } +- ret = 1; +- goto end; +- +-err: +- ret = 0; +-end: +- X509_STORE_CTX_free(ctx); +- return ret; +- ++ return 1; + } + + static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, + X509_NAME *nm, STACK_OF(X509) *certs, +- unsigned long flags) ++ X509_STORE *st, unsigned long flags) + { + X509 *signer; + if (!(flags & OCSP_NOINTERN)) { +diff --git a/Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c +deleted file mode 100644 +index 2d425a8..0000000 +--- a/Cryptlib/OpenSSL/crypto/ocsp/v3_ocsp.c ++++ /dev/null +@@ -1,264 +0,0 @@ +-/* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-# include +-# include "internal/cryptlib.h" +-# include +-# include +-# include +-# include "ocsp_lcl.h" +-# include +-# include "../x509v3/ext_dat.h" +- +-/* +- * OCSP extensions and a couple of CRL entry extensions +- */ +- +-static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, +- BIO *out, int indent); +-static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, +- BIO *out, int indent); +-static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, +- int indent); +- +-static void *ocsp_nonce_new(void); +-static int i2d_ocsp_nonce(void *a, unsigned char **pp); +-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); +-static void ocsp_nonce_free(void *a); +-static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, +- BIO *out, int indent); +- +-static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, +- void *nocheck, BIO *out, int indent); +-static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *str); +-static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, +- BIO *bp, int ind); +- +-const X509V3_EXT_METHOD v3_ocsp_crlid = { +- NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), +- 0, 0, 0, 0, +- 0, 0, +- 0, 0, +- i2r_ocsp_crlid, 0, +- NULL +-}; +- +-const X509V3_EXT_METHOD v3_ocsp_acutoff = { +- NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), +- 0, 0, 0, 0, +- 0, 0, +- 0, 0, +- i2r_ocsp_acutoff, 0, +- NULL +-}; +- +-const X509V3_EXT_METHOD v3_crl_invdate = { +- NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), +- 0, 0, 0, 0, +- 0, 0, +- 0, 0, +- i2r_ocsp_acutoff, 0, +- NULL +-}; +- +-const X509V3_EXT_METHOD v3_crl_hold = { +- NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), +- 0, 0, 0, 0, +- 0, 0, +- 0, 0, +- i2r_object, 0, +- NULL +-}; +- +-const X509V3_EXT_METHOD v3_ocsp_nonce = { +- NID_id_pkix_OCSP_Nonce, 0, NULL, +- ocsp_nonce_new, +- ocsp_nonce_free, +- d2i_ocsp_nonce, +- i2d_ocsp_nonce, +- 0, 0, +- 0, 0, +- i2r_ocsp_nonce, 0, +- NULL +-}; +- +-const X509V3_EXT_METHOD v3_ocsp_nocheck = { +- NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), +- 0, 0, 0, 0, +- 0, s2i_ocsp_nocheck, +- 0, 0, +- i2r_ocsp_nocheck, 0, +- NULL +-}; +- +-const X509V3_EXT_METHOD v3_ocsp_serviceloc = { +- NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), +- 0, 0, 0, 0, +- 0, 0, +- 0, 0, +- i2r_ocsp_serviceloc, 0, +- NULL +-}; +- +-static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, +- int ind) +-{ +- OCSP_CRLID *a = in; +- if (a->crlUrl) { +- if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) +- goto err; +- if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) +- goto err; +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- if (a->crlNum) { +- if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) +- goto err; +- if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) +- goto err; +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- if (a->crlTime) { +- if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) +- goto err; +- if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) +- goto err; +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- return 1; +- err: +- return 0; +-} +- +-static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, +- BIO *bp, int ind) +-{ +- if (BIO_printf(bp, "%*s", ind, "") <= 0) +- return 0; +- if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) +- return 0; +- return 1; +-} +- +-static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, +- int ind) +-{ +- if (BIO_printf(bp, "%*s", ind, "") <= 0) +- return 0; +- if (i2a_ASN1_OBJECT(bp, oid) <= 0) +- return 0; +- return 1; +-} +- +-/* +- * OCSP nonce. This is needs special treatment because it doesn't have an +- * ASN1 encoding at all: it just contains arbitrary data. +- */ +- +-static void *ocsp_nonce_new(void) +-{ +- return ASN1_OCTET_STRING_new(); +-} +- +-static int i2d_ocsp_nonce(void *a, unsigned char **pp) +-{ +- ASN1_OCTET_STRING *os = a; +- if (pp) { +- memcpy(*pp, os->data, os->length); +- *pp += os->length; +- } +- return os->length; +-} +- +-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) +-{ +- ASN1_OCTET_STRING *os, **pos; +- pos = a; +- if (pos == NULL || *pos == NULL) { +- os = ASN1_OCTET_STRING_new(); +- if (os == NULL) +- goto err; +- } else { +- os = *pos; +- } +- if (!ASN1_OCTET_STRING_set(os, *pp, length)) +- goto err; +- +- *pp += length; +- +- if (pos) +- *pos = os; +- return os; +- +- err: +- if ((pos == NULL) || (*pos != os)) +- ASN1_OCTET_STRING_free(os); +- OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); +- return NULL; +-} +- +-static void ocsp_nonce_free(void *a) +-{ +- ASN1_OCTET_STRING_free(a); +-} +- +-static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, +- BIO *out, int indent) +-{ +- if (BIO_printf(out, "%*s", indent, "") <= 0) +- return 0; +- if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) +- return 0; +- return 1; +-} +- +-/* Nocheck is just a single NULL. Don't print anything and always set it */ +- +-static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, +- BIO *out, int indent) +-{ +- return 1; +-} +- +-static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *str) +-{ +- return ASN1_NULL_new(); +-} +- +-static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, +- BIO *bp, int ind) +-{ +- int i; +- OCSP_SERVICELOC *a = in; +- ACCESS_DESCRIPTION *ad; +- +- if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) +- goto err; +- if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) +- goto err; +- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { +- ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); +- if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) +- goto err; +- if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) +- goto err; +- if (BIO_puts(bp, " - ") <= 0) +- goto err; +- if (GENERAL_NAME_print(bp, ad->location) <= 0) +- goto err; +- } +- return 1; +- err: +- return 0; +-} +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +index 0e71813..0e5be63 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_all.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_all.c +@@ -1,22 +1,130 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_all.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include +-#include +-#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif ++#ifndef OPENSSL_NO_DH ++# include ++#endif + + #ifndef OPENSSL_NO_RSA + static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); +@@ -68,7 +176,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, + return pkey_get_rsa(pktmp, rsa); + } + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + + RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) + { +@@ -79,10 +187,57 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) + + # endif + +-IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, +- RSAPrivateKey) ++# ifdef OPENSSL_FIPS + ++int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_RSA(k, x); + ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey, ++ PEM_STRING_RSA, bp, x, enc, kstr, klen, cb, ++ u); ++} ++ ++# ifndef OPENSSL_NO_FP_API ++int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ ++ EVP_PKEY_set1_RSA(k, x); ++ ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey, ++ PEM_STRING_RSA, fp, x, enc, kstr, klen, cb, u); ++} ++# endif ++ ++# else ++ ++IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, ++ RSAPrivateKey) ++# endif + IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, + RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, + PEM_STRING_PUBLIC, +@@ -113,10 +268,57 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, + return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ + } + ++# ifdef OPENSSL_FIPS ++ ++int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_DSA(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey, ++ PEM_STRING_DSA, bp, x, enc, kstr, klen, cb, ++ u); ++} ++ ++# ifndef OPENSSL_NO_FP_API ++int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_DSA(k, x); ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey, ++ PEM_STRING_DSA, fp, x, enc, kstr, klen, cb, u); ++} ++# endif ++ ++# else ++ + IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, + DSAPrivateKey) ++# endif + IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) + { + EVP_PKEY *pktmp; +@@ -155,12 +357,56 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, + + IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, + ECPKParameters) ++# ifdef OPENSSL_FIPS ++int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_EC_KEY(k, x); ++ ++ ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey, ++ PEM_STRING_ECPRIVATEKEY, ++ bp, x, enc, kstr, klen, cb, u); ++} + ++# ifndef OPENSSL_NO_FP_API ++int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, ++ unsigned char *kstr, int klen, ++ pem_password_cb *cb, void *u) ++{ ++ if (FIPS_mode()) { ++ EVP_PKEY *k; ++ int ret; ++ k = EVP_PKEY_new(); ++ if (!k) ++ return 0; ++ EVP_PKEY_set1_EC_KEY(k, x); ++ ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u); ++ EVP_PKEY_free(k); ++ return ret; ++ } else ++ return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey, ++ PEM_STRING_ECPRIVATEKEY, ++ fp, x, enc, kstr, klen, cb, u); ++} ++# endif + +-IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ++# else ++ IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, + ECPrivateKey) ++# endif + IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, + void *u) + { +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +index f36d893..4e5f8e9 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_err.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,41 +70,46 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) + + static ERR_STRING_DATA PEM_str_functs[] = { +- {ERR_FUNC(PEM_F_B2I_DSS), "b2i_dss"}, ++ {ERR_FUNC(PEM_F_B2I_DSS), "B2I_DSS"}, + {ERR_FUNC(PEM_F_B2I_PVK_BIO), "b2i_PVK_bio"}, +- {ERR_FUNC(PEM_F_B2I_RSA), "b2i_rsa"}, +- {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "check_bitlen_dsa"}, +- {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "check_bitlen_rsa"}, ++ {ERR_FUNC(PEM_F_B2I_RSA), "B2I_RSA"}, ++ {ERR_FUNC(PEM_F_CHECK_BITLEN_DSA), "CHECK_BITLEN_DSA"}, ++ {ERR_FUNC(PEM_F_CHECK_BITLEN_RSA), "CHECK_BITLEN_RSA"}, + {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"}, + {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"}, +- {ERR_FUNC(PEM_F_DO_B2I), "do_b2i"}, +- {ERR_FUNC(PEM_F_DO_B2I_BIO), "do_b2i_bio"}, +- {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "do_blob_header"}, +- {ERR_FUNC(PEM_F_DO_PK8PKEY), "do_pk8pkey"}, +- {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "do_pk8pkey_fp"}, +- {ERR_FUNC(PEM_F_DO_PVK_BODY), "do_PVK_body"}, +- {ERR_FUNC(PEM_F_DO_PVK_HEADER), "do_PVK_header"}, +- {ERR_FUNC(PEM_F_I2B_PVK), "i2b_PVK"}, ++ {ERR_FUNC(PEM_F_DO_B2I), "DO_B2I"}, ++ {ERR_FUNC(PEM_F_DO_B2I_BIO), "DO_B2I_BIO"}, ++ {ERR_FUNC(PEM_F_DO_BLOB_HEADER), "DO_BLOB_HEADER"}, ++ {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"}, ++ {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"}, ++ {ERR_FUNC(PEM_F_DO_PVK_BODY), "DO_PVK_BODY"}, ++ {ERR_FUNC(PEM_F_DO_PVK_HEADER), "DO_PVK_HEADER"}, ++ {ERR_FUNC(PEM_F_I2B_PVK), "I2B_PVK"}, + {ERR_FUNC(PEM_F_I2B_PVK_BIO), "i2b_PVK_bio"}, +- {ERR_FUNC(PEM_F_LOAD_IV), "load_iv"}, ++ {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"}, + {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"}, + {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"}, + {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"}, + {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"}, + {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"}, + {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"}, ++ {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY), ++ "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, + {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"}, ++ {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"}, + {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"}, + {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"}, +- {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_read_bio_DHparams"}, ++ {ERR_FUNC(PEM_F_PEM_READ_BIO_DHPARAMS), "PEM_READ_BIO_DHPARAMS"}, + {ERR_FUNC(PEM_F_PEM_READ_BIO_PARAMETERS), "PEM_read_bio_Parameters"}, +- {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_read_bio_PrivateKey"}, +- {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_read_DHparams"}, +- {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_read_PrivateKey"}, ++ {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"}, ++ {ERR_FUNC(PEM_F_PEM_READ_DHPARAMS), "PEM_READ_DHPARAMS"}, ++ {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"}, ++ {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"}, ++ {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"}, + {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"}, + {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"}, + {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"}, +- {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_write_PrivateKey"}, ++ {ERR_FUNC(PEM_F_PEM_WRITE_PRIVATEKEY), "PEM_WRITE_PRIVATEKEY"}, + {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"}, + {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"}, + {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"}, +@@ -81,18 +137,17 @@ static ERR_STRING_DATA PEM_str_reasons[] = { + {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), + "keyblob header parse error"}, + {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"}, +- {ERR_REASON(PEM_R_MISSING_DEK_IV), "missing dek iv"}, + {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"}, + {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"}, + {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"}, + {ERR_REASON(PEM_R_NO_START_LINE), "no start line"}, + {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), + "problems getting password"}, ++ {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"}, + {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"}, + {ERR_REASON(PEM_R_PVK_TOO_SHORT), "pvk too short"}, + {ERR_REASON(PEM_R_READ_KEY), "read key"}, + {ERR_REASON(PEM_R_SHORT_HEADER), "short header"}, +- {ERR_REASON(PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"}, + {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, + {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, + {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), +@@ -102,7 +157,7 @@ static ERR_STRING_DATA PEM_str_reasons[] = { + + #endif + +-int ERR_load_PEM_strings(void) ++void ERR_load_PEM_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -111,5 +166,4 @@ int ERR_load_PEM_strings(void) + ERR_load_strings(0, PEM_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +index dd493c8..4d736a1 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_info.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_info.c +@@ -1,23 +1,76 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_info.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include +-#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u) + { +@@ -206,11 +259,14 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + } else { + /* unknown */ + } +- OPENSSL_free(name); ++ if (name != NULL) ++ OPENSSL_free(name); ++ if (header != NULL) ++ OPENSSL_free(header); ++ if (data != NULL) ++ OPENSSL_free(data); + name = NULL; +- OPENSSL_free(header); + header = NULL; +- OPENSSL_free(data); + data = NULL; + } + +@@ -226,7 +282,8 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + } + ok = 1; + err: +- X509_INFO_free(xi); ++ if (xi != NULL) ++ X509_INFO_free(xi); + if (!ok) { + for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) { + xi = sk_X509_INFO_value(ret, i); +@@ -237,9 +294,12 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, + ret = NULL; + } + +- OPENSSL_free(name); +- OPENSSL_free(header); +- OPENSSL_free(data); ++ if (name != NULL) ++ OPENSSL_free(name); ++ if (header != NULL) ++ OPENSSL_free(header); ++ if (data != NULL) ++ OPENSSL_free(data); + return (ret); + } + +@@ -248,6 +308,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { ++ EVP_CIPHER_CTX ctx; + int i, ret = 0; + unsigned char *data = NULL; + const char *objstr = NULL; +@@ -292,13 +353,11 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + } + + /* create the right magic header stuff */ +- OPENSSL_assert(strlen(objstr) + 23 +- + 2 * EVP_CIPHER_iv_length(enc) + 13 <= ++ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= + sizeof buf); + buf[0] = '\0'; + PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); +- PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), +- (char *)iv); ++ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); + + /* use the normal code to write things out */ + i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); +@@ -309,7 +368,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + #ifndef OPENSSL_NO_RSA + /* normal optionally encrypted stuff */ + if (PEM_write_bio_RSAPrivateKey(bp, +- EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey), ++ xi->x_pkey->dec_pkey->pkey.rsa, + enc, kstr, klen, cb, u) <= 0) + goto err; + #endif +@@ -329,6 +388,7 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + ret = 1; + + err: ++ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); + OPENSSL_cleanse(buf, PEM_BUFSIZE); + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +index 2792593..56c77b1 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c +@@ -1,16 +1,64 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -18,9 +66,15 @@ + #include + #include + #include +-#include "internal/asn1_int.h" +-#include +-#include ++#include "asn1_locl.h" ++#ifndef OPENSSL_NO_DES ++# include ++#endif ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++ ++const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT; + + #define MIN_LENGTH 4 + +@@ -30,24 +84,22 @@ int pem_check_suffix(const char *pem_str, const char *suffix); + + int PEM_def_callback(char *buf, int num, int w, void *key) + { +-#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) +- int i; ++#if defined(OPENSSL_NO_FP_API) || defined(OPENSSL_NO_UI) ++ /* ++ * We should not ever call the default callback routine from windows. ++ */ ++ PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return (-1); + #else + int i, j; + const char *prompt; +-#endif +- + if (key) { + i = strlen(key); + i = (i > num) ? num : i; + memcpy(buf, key, i); +- return i; ++ return (i); + } + +-#if defined(OPENSSL_NO_STDIO) || defined(OPENSSL_NO_UI) +- PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +- return -1; +-#else + prompt = EVP_get_pw_prompt(); + if (prompt == NULL) + prompt = "Enter PEM pass phrase:"; +@@ -63,7 +115,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) + if (i != 0) { + PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, (unsigned int)num); +- return -1; ++ return (-1); + } + j = strlen(buf); + if (min_len && j < min_len) { +@@ -73,7 +125,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key) + } else + break; + } +- return j; ++ return (j); + #endif + } + +@@ -90,9 +142,9 @@ void PEM_proc_type(char *buf, int type) + else + str = "BAD-TYPE"; + +- OPENSSL_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); +- OPENSSL_strlcat(buf, str, PEM_BUFSIZE); +- OPENSSL_strlcat(buf, "\n", PEM_BUFSIZE); ++ BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); ++ BUF_strlcat(buf, str, PEM_BUFSIZE); ++ BUF_strlcat(buf, "\n", PEM_BUFSIZE); + } + + void PEM_dek_info(char *buf, const char *type, int len, char *str) +@@ -101,9 +153,9 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) + long i; + int j; + +- OPENSSL_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); +- OPENSSL_strlcat(buf, type, PEM_BUFSIZE); +- OPENSSL_strlcat(buf, ",", PEM_BUFSIZE); ++ BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); ++ BUF_strlcat(buf, type, PEM_BUFSIZE); ++ BUF_strlcat(buf, ",", PEM_BUFSIZE); + j = strlen(buf); + if (j + (len * 2) + 1 > PEM_BUFSIZE) + return; +@@ -115,7 +167,7 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) + buf[j + i * 2 + 1] = '\0'; + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u) + { +@@ -136,22 +188,22 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + static int check_pem(const char *nm, const char *name) + { + /* Normal matching nm and name */ +- if (strcmp(nm, name) == 0) ++ if (!strcmp(nm, name)) + return 1; + + /* Make PEM_STRING_EVP_PKEY match any private key */ + +- if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) { ++ if (!strcmp(name, PEM_STRING_EVP_PKEY)) { + int slen; + const EVP_PKEY_ASN1_METHOD *ameth; +- if (strcmp(nm, PEM_STRING_PKCS8) == 0) ++ if (!strcmp(nm, PEM_STRING_PKCS8)) + return 1; +- if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) ++ if (!strcmp(nm, PEM_STRING_PKCS8INF)) + return 1; + slen = pem_check_suffix(nm, "PRIVATE KEY"); + if (slen > 0) { + /* +- * NB: ENGINE implementations won't contain a deprecated old ++ * NB: ENGINE implementations wont contain a deprecated old + * private key decode function so don't look for them. + */ + ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); +@@ -161,7 +213,7 @@ static int check_pem(const char *nm, const char *name) + return 0; + } + +- if (strcmp(name, PEM_STRING_PARAMETERS) == 0) { ++ if (!strcmp(name, PEM_STRING_PARAMETERS)) { + int slen; + const EVP_PKEY_ASN1_METHOD *ameth; + slen = pem_check_suffix(nm, "PARAMETERS"); +@@ -175,7 +227,8 @@ static int check_pem(const char *nm, const char *name) + else + r = 0; + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(e); ++ if (e) ++ ENGINE_finish(e); + #endif + return r; + } +@@ -183,45 +236,41 @@ static int check_pem(const char *nm, const char *name) + return 0; + } + /* If reading DH parameters handle X9.42 DH format too */ +- if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0 +- && strcmp(name, PEM_STRING_DHPARAMS) == 0) ++ if (!strcmp(nm, PEM_STRING_DHXPARAMS) && ++ !strcmp(name, PEM_STRING_DHPARAMS)) + return 1; + + /* Permit older strings */ + +- if (strcmp(nm, PEM_STRING_X509_OLD) == 0 +- && strcmp(name, PEM_STRING_X509) == 0) ++ if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509)) + return 1; + +- if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0 +- && strcmp(name, PEM_STRING_X509_REQ) == 0) ++ if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) && ++ !strcmp(name, PEM_STRING_X509_REQ)) + return 1; + + /* Allow normal certs to be read as trusted certs */ +- if (strcmp(nm, PEM_STRING_X509) == 0 +- && strcmp(name, PEM_STRING_X509_TRUSTED) == 0) ++ if (!strcmp(nm, PEM_STRING_X509) && ++ !strcmp(name, PEM_STRING_X509_TRUSTED)) + return 1; + +- if (strcmp(nm, PEM_STRING_X509_OLD) == 0 +- && strcmp(name, PEM_STRING_X509_TRUSTED) == 0) ++ if (!strcmp(nm, PEM_STRING_X509_OLD) && ++ !strcmp(name, PEM_STRING_X509_TRUSTED)) + return 1; + + /* Some CAs use PKCS#7 with CERTIFICATE headers */ +- if (strcmp(nm, PEM_STRING_X509) == 0 +- && strcmp(name, PEM_STRING_PKCS7) == 0) ++ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) + return 1; + +- if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0 +- && strcmp(name, PEM_STRING_PKCS7) == 0) ++ if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && ++ !strcmp(name, PEM_STRING_PKCS7)) + return 1; + + #ifndef OPENSSL_NO_CMS +- if (strcmp(nm, PEM_STRING_X509) == 0 +- && strcmp(name, PEM_STRING_CMS) == 0) ++ if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS)) + return 1; + /* Allow CMS to be read from PKCS#7 headers */ +- if (strcmp(nm, PEM_STRING_PKCS7) == 0 +- && strcmp(name, PEM_STRING_CMS) == 0) ++ if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS)) + return 1; + #endif + +@@ -272,7 +321,7 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + return ret; + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) +@@ -295,8 +344,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u) + { +- EVP_CIPHER_CTX *ctx = NULL; +- int dsize = 0, i = 0, j = 0, ret = 0; ++ EVP_CIPHER_CTX ctx; ++ int dsize = 0, i, j, ret = 0; + unsigned char *p, *data = NULL; + const char *objstr = NULL; + char buf[PEM_BUFSIZE]; +@@ -318,7 +367,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + } + /* dzise + 8 bytes are needed */ + /* actually it needs the cipher block size extra... */ +- data = OPENSSL_malloc((unsigned int)dsize + 20); ++ data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20); + if (data == NULL) { + PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE); + goto err; +@@ -343,8 +392,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + kstr = (unsigned char *)buf; + } + RAND_add(data, i, 0); /* put in the RSA key. */ +- OPENSSL_assert(EVP_CIPHER_iv_length(enc) <= (int)sizeof(iv)); +- if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */ ++ OPENSSL_assert(enc->iv_len <= (int)sizeof(iv)); ++ if (RAND_bytes(iv, enc->iv_len) <= 0) /* Generate a salt */ + goto err; + /* + * The 'iv' is used as the iv and as a salt. It is NOT taken from +@@ -356,20 +405,21 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + if (kstr == (unsigned char *)buf) + OPENSSL_cleanse(buf, PEM_BUFSIZE); + +- OPENSSL_assert(strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13 +- <= sizeof buf); ++ OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <= ++ sizeof buf); + + buf[0] = '\0'; + PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); +- PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv); ++ PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); + /* k=strlen(buf); */ + ++ EVP_CIPHER_CTX_init(&ctx); + ret = 1; +- if ((ctx = EVP_CIPHER_CTX_new()) == NULL +- || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv) +- || !EVP_EncryptUpdate(ctx, data, &j, data, i) +- || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i)) ++ if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) ++ || !EVP_EncryptUpdate(&ctx, data, &j, data, i) ++ || !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i)) + ret = 0; ++ EVP_CIPHER_CTX_cleanup(&ctx); + if (ret == 0) + goto err; + i += j; +@@ -383,162 +433,127 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, + err: + OPENSSL_cleanse(key, sizeof(key)); + OPENSSL_cleanse(iv, sizeof(iv)); +- EVP_CIPHER_CTX_free(ctx); ++ OPENSSL_cleanse((char *)&ctx, sizeof(ctx)); + OPENSSL_cleanse(buf, PEM_BUFSIZE); +- OPENSSL_clear_free(data, (unsigned int)dsize); ++ if (data != NULL) { ++ OPENSSL_cleanse(data, (unsigned int)dsize); ++ OPENSSL_free(data); ++ } + return (ret); + } + + int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, + pem_password_cb *callback, void *u) + { +- int ok; +- int keylen; +- long len = *plen; +- int ilen = (int) len; /* EVP_DecryptUpdate etc. take int lengths */ +- EVP_CIPHER_CTX *ctx; ++ int i = 0, j, o, klen; ++ long len; ++ EVP_CIPHER_CTX ctx; + unsigned char key[EVP_MAX_KEY_LENGTH]; + char buf[PEM_BUFSIZE]; + +-#if LONG_MAX > INT_MAX +- /* Check that we did not truncate the length */ +- if (len > INT_MAX) { +- PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG); +- return 0; +- } +-#endif ++ len = *plen; + + if (cipher->cipher == NULL) +- return 1; ++ return (1); + if (callback == NULL) +- keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); ++ klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); + else +- keylen = callback(buf, PEM_BUFSIZE, 0, u); +- if (keylen <= 0) { ++ klen = callback(buf, PEM_BUFSIZE, 0, u); ++ if (klen <= 0) { + PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ); +- return 0; ++ return (0); + } + #ifdef CHARSET_EBCDIC + /* Convert the pass phrase from EBCDIC */ +- ebcdic2ascii(buf, buf, keylen); ++ ebcdic2ascii(buf, buf, klen); + #endif + + if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), +- (unsigned char *)buf, keylen, 1, key, NULL)) +- return 0; +- +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) ++ (unsigned char *)buf, klen, 1, key, NULL)) + return 0; + +- ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); +- if (ok) +- ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen); +- if (ok) { +- /* Squirrel away the length of data decrypted so far. */ +- *plen = ilen; +- ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen); +- } +- if (ok) +- *plen += ilen; +- else +- PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); +- +- EVP_CIPHER_CTX_free(ctx); ++ j = (int)len; ++ EVP_CIPHER_CTX_init(&ctx); ++ o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0])); ++ if (o) ++ o = EVP_DecryptUpdate(&ctx, data, &i, data, j); ++ if (o) ++ o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); ++ EVP_CIPHER_CTX_cleanup(&ctx); + OPENSSL_cleanse((char *)buf, sizeof(buf)); + OPENSSL_cleanse((char *)key, sizeof(key)); +- return ok; ++ if (o) ++ j += i; ++ else { ++ PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT); ++ return (0); ++ } ++ *plen = j; ++ return (1); + } + +-/* +- * This implements a very limited PEM header parser that does not support the +- * full grammar of rfc1421. In particular, folded headers are not supported, +- * nor is additional whitespace. +- * +- * A robust implementation would make use of a library that turns the headers +- * into a BIO from which one folded line is read at a time, and is then split +- * into a header label and content. We would then parse the content of the +- * headers we care about. This is overkill for just this limited use-case, but +- * presumably we also parse rfc822-style headers for S/MIME, so a common +- * abstraction might well be more generally useful. +- */ + int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) + { +- static const char ProcType[] = "Proc-Type:"; +- static const char ENCRYPTED[] = "ENCRYPTED"; +- static const char DEKInfo[] = "DEK-Info:"; + const EVP_CIPHER *enc = NULL; +- int ivlen; +- char *dekinfostart, c; ++ char *p, c; ++ char **header_pp = &header; + + cipher->cipher = NULL; + if ((header == NULL) || (*header == '\0') || (*header == '\n')) +- return 1; +- +- if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) { ++ return (1); ++ if (strncmp(header, "Proc-Type: ", 11) != 0) { + PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE); +- return 0; ++ return (0); + } +- header += sizeof(ProcType)-1; +- header += strspn(header, " \t"); +- +- if (*header++ != '4' || *header++ != ',') +- return 0; +- header += strspn(header, " \t"); +- +- /* We expect "ENCRYPTED" followed by optional white-space + line break */ +- if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 || +- strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) { ++ header += 11; ++ if (*header != '4') ++ return (0); ++ header++; ++ if (*header != ',') ++ return (0); ++ header++; ++ if (strncmp(header, "ENCRYPTED", 9) != 0) { + PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED); +- return 0; ++ return (0); + } +- header += sizeof(ENCRYPTED)-1; +- header += strspn(header, " \t\r"); +- if (*header++ != '\n') { ++ for (; (*header != '\n') && (*header != '\0'); header++) ; ++ if (*header == '\0') { + PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER); +- return 0; ++ return (0); + } +- +- /*- +- * https://tools.ietf.org/html/rfc1421#section-4.6.1.3 +- * We expect "DEK-Info: algo[,hex-parameters]" +- */ +- if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) { ++ header++; ++ if (strncmp(header, "DEK-Info: ", 10) != 0) { + PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO); +- return 0; ++ return (0); + } +- header += sizeof(DEKInfo)-1; +- header += strspn(header, " \t"); ++ header += 10; + +- /* +- * DEK-INFO is a comma-separated combination of algorithm name and optional +- * parameters. +- */ +- dekinfostart = header; +- header += strcspn(header, " \t,"); +- c = *header; ++ p = header; ++ for (;;) { ++ c = *header; ++#ifndef CHARSET_EBCDIC ++ if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') || ++ ((c >= '0') && (c <= '9')))) ++ break; ++#else ++ if (!(isupper(c) || (c == '-') || isdigit(c))) ++ break; ++#endif ++ header++; ++ } + *header = '\0'; +- cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart); ++ cipher->cipher = enc = EVP_get_cipherbyname(p); + *header = c; +- header += strspn(header, " \t"); ++ header++; + + if (enc == NULL) { + PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION); +- return 0; +- } +- ivlen = EVP_CIPHER_iv_length(enc); +- if (ivlen > 0 && *header++ != ',') { +- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV); +- return 0; +- } else if (ivlen == 0 && *header == ',') { +- PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV); +- return 0; ++ return (0); + } ++ if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len)) ++ return (0); + +- if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc))) +- return 0; +- +- return 1; ++ return (1); + } + + static int load_iv(char **fromp, unsigned char *to, int num) +@@ -551,8 +566,13 @@ static int load_iv(char **fromp, unsigned char *to, int num) + to[i] = 0; + num *= 2; + for (i = 0; i < num; i++) { +- v = OPENSSL_hexchar2int(*from); +- if (v < 0) { ++ if ((*from >= '0') && (*from <= '9')) ++ v = *from - '0'; ++ else if ((*from >= 'A') && (*from <= 'F')) ++ v = *from - 'A' + 10; ++ else if ((*from >= 'a') && (*from <= 'f')) ++ v = *from - 'a' + 10; ++ else { + PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS); + return (0); + } +@@ -564,7 +584,7 @@ static int load_iv(char **fromp, unsigned char *to, int num) + return (1); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int PEM_write(FILE *fp, const char *name, const char *header, + const unsigned char *data, long len) + { +@@ -587,15 +607,10 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, + { + int nlen, n, i, j, outl; + unsigned char *buf = NULL; +- EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); ++ EVP_ENCODE_CTX ctx; + int reason = ERR_R_BUF_LIB; + +- if (ctx == NULL) { +- reason = ERR_R_MALLOC_FAILURE; +- goto err; +- } +- +- EVP_EncodeInit(ctx); ++ EVP_EncodeInit(&ctx); + nlen = strlen(name); + + if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || +@@ -618,32 +633,34 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, + i = j = 0; + while (len > 0) { + n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len); +- if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n)) +- goto err; ++ EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n); + if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl)) + goto err; + i += outl; + len -= n; + j += n; + } +- EVP_EncodeFinal(ctx, buf, &outl); ++ EVP_EncodeFinal(&ctx, buf, &outl); + if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) + goto err; ++ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); ++ OPENSSL_free(buf); ++ buf = NULL; + if ((BIO_write(bp, "-----END ", 9) != 9) || + (BIO_write(bp, name, nlen) != nlen) || + (BIO_write(bp, "-----\n", 6) != 6)) + goto err; +- OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); +- EVP_ENCODE_CTX_free(ctx); + return (i + outl); + err: +- OPENSSL_clear_free(buf, PEM_BUFSIZE * 8); +- EVP_ENCODE_CTX_free(ctx); ++ if (buf) { ++ OPENSSL_cleanse(buf, PEM_BUFSIZE * 8); ++ OPENSSL_free(buf); ++ } + PEMerr(PEM_F_PEM_WRITE_BIO, reason); + return (0); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, + long *len) + { +@@ -664,23 +681,22 @@ int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, + int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, + long *len) + { +- EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new(); ++ EVP_ENCODE_CTX ctx; + int end = 0, i, k, bl = 0, hl = 0, nohead = 0; + char buf[256]; + BUF_MEM *nameB; + BUF_MEM *headerB; + BUF_MEM *dataB, *tmpB; + +- if (ctx == NULL) { +- PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- + nameB = BUF_MEM_new(); + headerB = BUF_MEM_new(); + dataB = BUF_MEM_new(); + if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) { +- goto err; ++ BUF_MEM_free(nameB); ++ BUF_MEM_free(headerB); ++ BUF_MEM_free(dataB); ++ PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE); ++ return (0); + } + + buf[254] = '\0'; +@@ -800,15 +816,15 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, + goto err; + } + +- EVP_DecodeInit(ctx); +- i = EVP_DecodeUpdate(ctx, ++ EVP_DecodeInit(&ctx); ++ i = EVP_DecodeUpdate(&ctx, + (unsigned char *)dataB->data, &bl, + (unsigned char *)dataB->data, bl); + if (i < 0) { + PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); + goto err; + } +- i = EVP_DecodeFinal(ctx, (unsigned char *)&(dataB->data[bl]), &k); ++ i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k); + if (i < 0) { + PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE); + goto err; +@@ -824,13 +840,11 @@ int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, + OPENSSL_free(nameB); + OPENSSL_free(headerB); + OPENSSL_free(dataB); +- EVP_ENCODE_CTX_free(ctx); + return (1); + err: + BUF_MEM_free(nameB); + BUF_MEM_free(headerB); + BUF_MEM_free(dataB); +- EVP_ENCODE_CTX_free(ctx); + return (0); + } + +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c +index cc7a8db..1dd3bd7 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c +@@ -1,17 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_oth.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include ++#include + #include + #include + +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +index 993c595..9edca4d 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c +@@ -1,17 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_pkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include ++#include + #include + #include + #include +@@ -19,12 +69,12 @@ + static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, + int nid, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u); +- +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, + int nid, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u); + #endif ++ + /* + * These functions write a private key in PKCS#8 format: it is a "drop in" + * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' +@@ -68,8 +118,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, + PKCS8_PRIV_KEY_INFO *p8inf; + char buf[PEM_BUFSIZE]; + int ret; +- +- if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) { ++ if (!(p8inf = EVP_PKEY2PKCS8(x))) { + PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); + return 0; + } +@@ -138,13 +187,14 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + if (!ret) + return NULL; + if (x) { +- EVP_PKEY_free(*x); ++ if (*x) ++ EVP_PKEY_free(*x); + *x = ret; + } + return ret; + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + + int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u) +@@ -179,8 +229,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, + { + BIO *bp; + int ret; +- +- if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { ++ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { + PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB); + return (0); + } +@@ -194,8 +243,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + { + BIO *bp; + EVP_PKEY *ret; +- +- if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { ++ if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { + PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +index 6308622..04d6319 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c +@@ -1,24 +1,77 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_pkey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include ++#include + #include + #include + #include +-#include +-#include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++#ifndef OPENSSL_NO_DH ++# include ++#endif ++#include "asn1_locl.h" + + int pem_check_suffix(const char *pem_str, const char *suffix); + +@@ -43,7 +96,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + goto p8err; + ret = EVP_PKCS82PKEY(p8inf); + if (x) { +- EVP_PKEY_free((EVP_PKEY *)*x); ++ if (*x) ++ EVP_PKEY_free((EVP_PKEY *)*x); + *x = ret; + } + PKCS8_PRIV_KEY_INFO_free(p8inf); +@@ -70,7 +124,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + goto p8err; + ret = EVP_PKCS82PKEY(p8inf); + if (x) { +- EVP_PKEY_free((EVP_PKEY *)*x); ++ if (*x) ++ EVP_PKEY_free((EVP_PKEY *)*x); + *x = ret; + } + PKCS8_PRIV_KEY_INFO_free(p8inf); +@@ -86,7 +141,8 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); + err: + OPENSSL_free(nm); +- OPENSSL_clear_free(data, len); ++ OPENSSL_cleanse(data, len); ++ OPENSSL_free(data); + return (ret); + } + +@@ -94,18 +150,11 @@ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) + { +- if (x->ameth == NULL || x->ameth->priv_encode != NULL) ++ char pem_str[80]; ++ if (!x->ameth || x->ameth->priv_encode) + return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, + (char *)kstr, klen, cb, u); +- return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u); +-} + +-int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, +- const EVP_CIPHER *enc, +- unsigned char *kstr, int klen, +- pem_password_cb *cb, void *u) +-{ +- char pem_str[80]; + BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, + pem_str, bp, x, enc, kstr, klen, cb, u); +@@ -127,7 +176,7 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) + + if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) { + ret = EVP_PKEY_new(); +- if (ret == NULL) ++ if (!ret) + goto err; + if (!EVP_PKEY_set_type_str(ret, nm, slen) + || !ret->ameth->param_decode +@@ -137,7 +186,8 @@ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) + goto err; + } + if (x) { +- EVP_PKEY_free((EVP_PKEY *)*x); ++ if (*x) ++ EVP_PKEY_free((EVP_PKEY *)*x); + *x = ret; + } + } +@@ -160,7 +210,7 @@ int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) + pem_str, bp, x, NULL, NULL, 0, 0, NULL); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u) + { +@@ -211,7 +261,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) + return NULL; + p = data; + +- if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0) ++ if (!strcmp(nm, PEM_STRING_DHXPARAMS)) + ret = d2i_DHxparams(x, &p, len); + else + ret = d2i_DHparams(x, &p, len); +@@ -223,7 +273,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) + return ret; + } + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) + { + BIO *b; +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +new file mode 100644 +index 0000000..a5c1812 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c +@@ -0,0 +1,191 @@ ++/* crypto/pem/pem_seal.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include /* for OPENSSL_NO_RSA */ ++#ifndef OPENSSL_NO_RSA ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include ++# include ++# include ++ ++int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, ++ unsigned char **ek, int *ekl, unsigned char *iv, ++ EVP_PKEY **pubk, int npubk) ++{ ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ int ret = -1; ++ int i, j, max = 0; ++ char *s = NULL; ++ ++ for (i = 0; i < npubk; i++) { ++ if (pubk[i]->type != EVP_PKEY_RSA) { ++ PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA); ++ goto err; ++ } ++ j = RSA_size(pubk[i]->pkey.rsa); ++ if (j > max) ++ max = j; ++ } ++ s = (char *)OPENSSL_malloc(max * 2); ++ if (s == NULL) { ++ PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ EVP_EncodeInit(&ctx->encode); ++ ++ EVP_MD_CTX_init(&ctx->md); ++ if (!EVP_SignInit(&ctx->md, md_type)) ++ goto err; ++ ++ EVP_CIPHER_CTX_init(&ctx->cipher); ++ ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); ++ if (ret <= 0) ++ goto err; ++ ++ /* base64 encode the keys */ ++ for (i = 0; i < npubk; i++) { ++ j = EVP_EncodeBlock((unsigned char *)s, ek[i], ++ RSA_size(pubk[i]->pkey.rsa)); ++ ekl[i] = j; ++ memcpy(ek[i], s, j + 1); ++ } ++ ++ ret = npubk; ++ err: ++ if (s != NULL) ++ OPENSSL_free(s); ++ OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); ++ return (ret); ++} ++ ++void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, ++ unsigned char *in, int inl) ++{ ++ unsigned char buffer[1600]; ++ int i, j; ++ ++ *outl = 0; ++ EVP_SignUpdate(&ctx->md, in, inl); ++ for (;;) { ++ if (inl <= 0) ++ break; ++ if (inl > 1200) ++ i = 1200; ++ else ++ i = inl; ++ EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i); ++ EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j); ++ *outl += j; ++ out += j; ++ in += i; ++ inl -= i; ++ } ++} ++ ++int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, ++ unsigned char *out, int *outl, EVP_PKEY *priv) ++{ ++ unsigned char *s = NULL; ++ int ret = 0, j; ++ unsigned int i; ++ ++ if (priv->type != EVP_PKEY_RSA) { ++ PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA); ++ goto err; ++ } ++ i = RSA_size(priv->pkey.rsa); ++ if (i < 100) ++ i = 100; ++ s = (unsigned char *)OPENSSL_malloc(i * 2); ++ if (s == NULL) { ++ PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i)) ++ goto err; ++ EVP_EncodeUpdate(&ctx->encode, out, &j, s, i); ++ *outl = j; ++ out += j; ++ EVP_EncodeFinal(&ctx->encode, out, &j); ++ *outl += j; ++ ++ if (!EVP_SignFinal(&ctx->md, s, &i, priv)) ++ goto err; ++ *sigl = EVP_EncodeBlock(sig, s, i); ++ ++ ret = 1; ++ err: ++ EVP_MD_CTX_cleanup(&ctx->md); ++ EVP_CIPHER_CTX_cleanup(&ctx->cipher); ++ if (s != NULL) ++ OPENSSL_free(s); ++ return (ret); ++} ++#else /* !OPENSSL_NO_RSA */ ++ ++# if PEDANTIC ++static void *dummy = &dummy; ++# endif ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c +index 12ad974..b5e5c29 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c +@@ -1,27 +1,77 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pem/pem_sign.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include + #include + #include + #include + #include + +-int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) ++void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) + { +- return EVP_DigestInit_ex(ctx, type, NULL); ++ EVP_DigestInit_ex(ctx, type, NULL); + } + +-int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) ++void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) + { +- return EVP_DigestUpdate(ctx, data, count); ++ EVP_DigestUpdate(ctx, data, count); + } + + int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, +@@ -31,7 +81,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + int i, ret = 0; + unsigned int m_len; + +- m = OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); ++ m = (unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey) + 2); + if (m == NULL) { + PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE); + goto err; +@@ -45,6 +95,7 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + ret = 1; + err: + /* ctx has been zeroed by EVP_SignFinal() */ +- OPENSSL_free(m); ++ if (m != NULL) ++ OPENSSL_free(m); + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +index 3a99756..3c20ff2 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c +@@ -1,14 +1,64 @@ ++/* pem_x509.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +index 6d7e1db..c523430 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c +@@ -1,14 +1,64 @@ ++/* pem_xaux.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -16,3 +66,5 @@ + #include + + IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) ++IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, ++ X509_CERT_PAIR) +diff --git a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c +index 248704e..1ce5a1e 100644 +--- a/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c ++++ b/Cryptlib/OpenSSL/crypto/pem/pvkfmt.c +@@ -1,10 +1,59 @@ + /* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -12,7 +61,7 @@ + * and PRIVATEKEYBLOB). + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -44,11 +93,23 @@ static unsigned int read_ledword(const unsigned char **in) + + static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) + { +- *r = BN_lebin2bn(*in, nbyte, NULL); +- if (*r == NULL) ++ const unsigned char *p; ++ unsigned char *tmpbuf, *q; ++ unsigned int i; ++ p = *in + nbyte - 1; ++ tmpbuf = OPENSSL_malloc(nbyte); ++ if (!tmpbuf) ++ return 0; ++ q = tmpbuf; ++ for (i = 0; i < nbyte; i++) ++ *q++ = *p--; ++ *r = BN_bin2bn(tmpbuf, nbyte, NULL); ++ OPENSSL_free(tmpbuf); ++ if (*r) { ++ *in += nbyte; ++ return 1; ++ } else + return 0; +- *in += nbyte; +- return 1; + } + + /* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ +@@ -78,9 +139,9 @@ static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) + /* Maximum salt length */ + # define PVK_MAX_SALTLEN 10240 + +-static EVP_PKEY *b2i_rsa(const unsigned char **in, ++static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); +-static EVP_PKEY *b2i_dss(const unsigned char **in, ++static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); + + static int do_blob_header(const unsigned char **in, unsigned int length, +@@ -193,9 +254,9 @@ static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length, + return NULL; + } + if (isdss) +- return b2i_dss(&p, bitlen, ispub); ++ return b2i_dss(&p, length, bitlen, ispub); + else +- return b2i_rsa(&p, bitlen, ispub); ++ return b2i_rsa(&p, length, bitlen, ispub); + } + + static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) +@@ -219,7 +280,7 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) + return NULL; + } + buf = OPENSSL_malloc(length); +- if (buf == NULL) { ++ if (!buf) { + PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -230,16 +291,17 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) + } + + if (isdss) +- ret = b2i_dss(&p, bitlen, ispub); ++ ret = b2i_dss(&p, length, bitlen, ispub); + else +- ret = b2i_rsa(&p, bitlen, ispub); ++ ret = b2i_rsa(&p, length, bitlen, ispub); + + err: +- OPENSSL_free(buf); ++ if (buf) ++ OPENSSL_free(buf); + return ret; + } + +-static EVP_PKEY *b2i_dss(const unsigned char **in, ++static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub) + { + const unsigned char *p = *in; +@@ -247,48 +309,35 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, + DSA *dsa = NULL; + BN_CTX *ctx = NULL; + unsigned int nbyte; +- BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL; +- BIGNUM *pub_key = NULL; +- + nbyte = (bitlen + 7) >> 3; + + dsa = DSA_new(); + ret = EVP_PKEY_new(); +- if (dsa == NULL || ret == NULL) ++ if (!dsa || !ret) + goto memerr; +- if (!read_lebn(&p, nbyte, &pbn)) ++ if (!read_lebn(&p, nbyte, &dsa->p)) + goto memerr; +- +- if (!read_lebn(&p, 20, &qbn)) ++ if (!read_lebn(&p, 20, &dsa->q)) + goto memerr; +- +- if (!read_lebn(&p, nbyte, &gbn)) ++ if (!read_lebn(&p, nbyte, &dsa->g)) + goto memerr; +- + if (ispub) { +- if (!read_lebn(&p, nbyte, &pub_key)) ++ if (!read_lebn(&p, nbyte, &dsa->pub_key)) + goto memerr; + } else { +- if (!read_lebn(&p, 20, &priv_key)) ++ if (!read_lebn(&p, 20, &dsa->priv_key)) + goto memerr; +- + /* Calculate public key */ +- pub_key = BN_new(); +- if (pub_key == NULL) ++ if (!(dsa->pub_key = BN_new())) + goto memerr; +- if ((ctx = BN_CTX_new()) == NULL) ++ if (!(ctx = BN_CTX_new())) + goto memerr; + +- if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx)) +- goto memerr; ++ if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) + ++ goto memerr; + BN_CTX_free(ctx); + } +- if (!DSA_set0_pqg(dsa, pbn, qbn, gbn)) +- goto memerr; +- pbn = qbn = gbn = NULL; +- if (!DSA_set0_key(dsa, pub_key, priv_key)) +- goto memerr; + + EVP_PKEY_set1_DSA(ret, dsa); + DSA_free(dsa); +@@ -297,73 +346,60 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, + + memerr: + PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); +- DSA_free(dsa); +- BN_free(pbn); +- BN_free(qbn); +- BN_free(gbn); +- BN_free(pub_key); +- BN_free(priv_key); +- EVP_PKEY_free(ret); +- BN_CTX_free(ctx); ++ if (dsa) ++ DSA_free(dsa); ++ if (ret) ++ EVP_PKEY_free(ret); ++ if (ctx) ++ BN_CTX_free(ctx); + return NULL; + } + +-static EVP_PKEY *b2i_rsa(const unsigned char **in, ++static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub) + { +- const unsigned char *pin = *in; ++ const unsigned char *p = *in; + EVP_PKEY *ret = NULL; +- BIGNUM *e = NULL, *n = NULL, *d = NULL; +- BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + RSA *rsa = NULL; + unsigned int nbyte, hnbyte; + nbyte = (bitlen + 7) >> 3; + hnbyte = (bitlen + 15) >> 4; + rsa = RSA_new(); + ret = EVP_PKEY_new(); +- if (rsa == NULL || ret == NULL) ++ if (!rsa || !ret) + goto memerr; +- e = BN_new(); +- if (e == NULL) ++ rsa->e = BN_new(); ++ if (!rsa->e) + goto memerr; +- if (!BN_set_word(e, read_ledword(&pin))) ++ if (!BN_set_word(rsa->e, read_ledword(&p))) + goto memerr; +- if (!read_lebn(&pin, nbyte, &n)) ++ if (!read_lebn(&p, nbyte, &rsa->n)) + goto memerr; + if (!ispub) { +- if (!read_lebn(&pin, hnbyte, &p)) ++ if (!read_lebn(&p, hnbyte, &rsa->p)) + goto memerr; +- if (!read_lebn(&pin, hnbyte, &q)) ++ if (!read_lebn(&p, hnbyte, &rsa->q)) + goto memerr; +- if (!read_lebn(&pin, hnbyte, &dmp1)) ++ if (!read_lebn(&p, hnbyte, &rsa->dmp1)) + goto memerr; +- if (!read_lebn(&pin, hnbyte, &dmq1)) ++ if (!read_lebn(&p, hnbyte, &rsa->dmq1)) + goto memerr; +- if (!read_lebn(&pin, hnbyte, &iqmp)) ++ if (!read_lebn(&p, hnbyte, &rsa->iqmp)) + goto memerr; +- if (!read_lebn(&pin, nbyte, &d)) ++ if (!read_lebn(&p, nbyte, &rsa->d)) + goto memerr; +- RSA_set0_factors(rsa, p, q); +- RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); + } +- RSA_set0_key(rsa, n, e, d); + + EVP_PKEY_set1_RSA(ret, rsa); + RSA_free(rsa); +- *in = pin; ++ *in = p; + return ret; + memerr: + PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE); +- BN_free(e); +- BN_free(n); +- BN_free(p); +- BN_free(q); +- BN_free(dmp1); +- BN_free(dmq1); +- BN_free(iqmp); +- BN_free(d); +- RSA_free(rsa); +- EVP_PKEY_free(ret); ++ if (rsa) ++ RSA_free(rsa); ++ if (ret) ++ EVP_PKEY_free(ret); + return NULL; + } + +@@ -399,8 +435,26 @@ static void write_ledword(unsigned char **out, unsigned int dw) + + static void write_lebn(unsigned char **out, const BIGNUM *bn, int len) + { +- BN_bn2lebinpad(bn, *out, len); +- *out += len; ++ int nb, i; ++ unsigned char *p = *out, *q, c; ++ nb = BN_num_bytes(bn); ++ BN_bn2bin(bn, p); ++ q = p + nb - 1; ++ /* In place byte order reversal */ ++ for (i = 0; i < nb / 2; i++) { ++ c = *p; ++ *p++ = *q; ++ *q-- = c; ++ } ++ *out += nb; ++ /* Pad with zeroes if we have to */ ++ if (len > 0) { ++ len -= nb; ++ if (len > 0) { ++ memset(*out, 0, len); ++ *out += len; ++ } ++ } + } + + static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); +@@ -414,12 +468,11 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) + unsigned char *p; + unsigned int bitlen, magic = 0, keyalg; + int outlen, noinc = 0; +- int pktype = EVP_PKEY_id(pk); +- if (pktype == EVP_PKEY_DSA) { +- bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic); ++ if (pk->type == EVP_PKEY_DSA) { ++ bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); + keyalg = MS_KEYALG_DSS_SIGN; +- } else if (pktype == EVP_PKEY_RSA) { +- bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic); ++ } else if (pk->type == EVP_PKEY_RSA) { ++ bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); + keyalg = MS_KEYALG_RSA_KEYX; + } else + return -1; +@@ -433,7 +486,7 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) + p = *out; + else { + p = OPENSSL_malloc(outlen); +- if (p == NULL) ++ if (!p) + return -1; + *out = p; + noinc = 1; +@@ -449,9 +502,9 @@ static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) + write_ledword(&p, magic); + write_ledword(&p, bitlen); + if (keyalg == MS_KEYALG_DSS_SIGN) +- write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub); ++ write_dsa(&p, pk->pkey.dsa, ispub); + else +- write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub); ++ write_rsa(&p, pk->pkey.rsa, ispub); + if (!noinc) + *out += outlen; + return outlen; +@@ -474,21 +527,16 @@ static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) + static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) + { + int bitlen; +- const BIGNUM *p = NULL, *q = NULL, *g = NULL; +- const BIGNUM *pub_key = NULL, *priv_key = NULL; +- +- DSA_get0_pqg(dsa, &p, &q, &g); +- DSA_get0_key(dsa, &pub_key, &priv_key); +- bitlen = BN_num_bits(p); +- if ((bitlen & 7) || (BN_num_bits(q) != 160) +- || (BN_num_bits(g) > bitlen)) ++ bitlen = BN_num_bits(dsa->p); ++ if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) ++ || (BN_num_bits(dsa->g) > bitlen)) + goto badkey; + if (ispub) { +- if (BN_num_bits(pub_key) > bitlen) ++ if (BN_num_bits(dsa->pub_key) > bitlen) + goto badkey; + *pmagic = MS_DSS1MAGIC; + } else { +- if (BN_num_bits(priv_key) > 160) ++ if (BN_num_bits(dsa->priv_key) > 160) + goto badkey; + *pmagic = MS_DSS2MAGIC; + } +@@ -502,35 +550,26 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) + static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) + { + int nbyte, hnbyte, bitlen; +- const BIGNUM *e; +- +- RSA_get0_key(rsa, NULL, &e, NULL); +- if (BN_num_bits(e) > 32) ++ if (BN_num_bits(rsa->e) > 32) + goto badkey; +- bitlen = RSA_bits(rsa); +- nbyte = RSA_size(rsa); +- hnbyte = (bitlen + 15) >> 4; ++ bitlen = BN_num_bits(rsa->n); ++ nbyte = BN_num_bytes(rsa->n); ++ hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; + if (ispub) { + *pmagic = MS_RSA1MAGIC; + return bitlen; + } else { +- const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1; +- + *pmagic = MS_RSA2MAGIC; +- + /* + * For private key each component must fit within nbyte or hnbyte. + */ +- RSA_get0_key(rsa, NULL, NULL, &d); +- if (BN_num_bytes(d) > nbyte) ++ if (BN_num_bytes(rsa->d) > nbyte) + goto badkey; +- RSA_get0_factors(rsa, &p, &q); +- RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); +- if ((BN_num_bytes(iqmp) > hnbyte) +- || (BN_num_bytes(p) > hnbyte) +- || (BN_num_bytes(q) > hnbyte) +- || (BN_num_bytes(dmp1) > hnbyte) +- || (BN_num_bytes(dmq1) > hnbyte)) ++ if ((BN_num_bytes(rsa->iqmp) > hnbyte) ++ || (BN_num_bytes(rsa->p) > hnbyte) ++ || (BN_num_bytes(rsa->q) > hnbyte) ++ || (BN_num_bytes(rsa->dmp1) > hnbyte) ++ || (BN_num_bytes(rsa->dmq1) > hnbyte)) + goto badkey; + } + return bitlen; +@@ -542,41 +581,31 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) + static void write_rsa(unsigned char **out, RSA *rsa, int ispub) + { + int nbyte, hnbyte; +- const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1; +- +- nbyte = RSA_size(rsa); +- hnbyte = (RSA_bits(rsa) + 15) >> 4; +- RSA_get0_key(rsa, &n, &e, &d); +- write_lebn(out, e, 4); +- write_lebn(out, n, nbyte); ++ nbyte = BN_num_bytes(rsa->n); ++ hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; ++ write_lebn(out, rsa->e, 4); ++ write_lebn(out, rsa->n, -1); + if (ispub) + return; +- RSA_get0_factors(rsa, &p, &q); +- RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); +- write_lebn(out, p, hnbyte); +- write_lebn(out, q, hnbyte); +- write_lebn(out, dmp1, hnbyte); +- write_lebn(out, dmq1, hnbyte); +- write_lebn(out, iqmp, hnbyte); +- write_lebn(out, d, nbyte); ++ write_lebn(out, rsa->p, hnbyte); ++ write_lebn(out, rsa->q, hnbyte); ++ write_lebn(out, rsa->dmp1, hnbyte); ++ write_lebn(out, rsa->dmq1, hnbyte); ++ write_lebn(out, rsa->iqmp, hnbyte); ++ write_lebn(out, rsa->d, nbyte); + } + + static void write_dsa(unsigned char **out, DSA *dsa, int ispub) + { + int nbyte; +- const BIGNUM *p = NULL, *q = NULL, *g = NULL; +- const BIGNUM *pub_key = NULL, *priv_key = NULL; +- +- DSA_get0_pqg(dsa, &p, &q, &g); +- DSA_get0_key(dsa, &pub_key, &priv_key); +- nbyte = BN_num_bytes(p); +- write_lebn(out, p, nbyte); +- write_lebn(out, q, 20); +- write_lebn(out, g, nbyte); ++ nbyte = BN_num_bytes(dsa->p); ++ write_lebn(out, dsa->p, nbyte); ++ write_lebn(out, dsa->q, 20); ++ write_lebn(out, dsa->g, nbyte); + if (ispub) +- write_lebn(out, pub_key, nbyte); ++ write_lebn(out, dsa->pub_key, nbyte); + else +- write_lebn(out, priv_key, 20); ++ write_lebn(out, dsa->priv_key, 20); + /* Set "invalid" for seed structure values */ + memset(*out, 0xff, 24); + *out += 24; +@@ -642,16 +671,16 @@ static int derive_pvk_key(unsigned char *key, + const unsigned char *salt, unsigned int saltlen, + const unsigned char *pass, int passlen) + { +- EVP_MD_CTX *mctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX mctx; + int rv = 1; +- if (mctx == NULL +- || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL) +- || !EVP_DigestUpdate(mctx, salt, saltlen) +- || !EVP_DigestUpdate(mctx, pass, passlen) +- || !EVP_DigestFinal_ex(mctx, key, NULL)) ++ EVP_MD_CTX_init(&mctx); ++ if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) ++ || !EVP_DigestUpdate(&mctx, salt, saltlen) ++ || !EVP_DigestUpdate(&mctx, pass, passlen) ++ || !EVP_DigestFinal_ex(&mctx, key, NULL)) + rv = 0; + +- EVP_MD_CTX_free(mctx); ++ EVP_MD_CTX_cleanup(&mctx); + return rv; + } + +@@ -663,8 +692,8 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, + const unsigned char *p = *in; + unsigned int magic; + unsigned char *enctmp = NULL, *q; +- +- EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX cctx; ++ EVP_CIPHER_CTX_init(&cctx); + if (saltlen) { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; +@@ -678,7 +707,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, + goto err; + } + enctmp = OPENSSL_malloc(keylen + 8); +- if (enctmp == NULL) { ++ if (!enctmp) { + PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -695,22 +724,22 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, + } + inlen = keylen - 8; + q = enctmp + 8; +- if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) ++ if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) + goto err; +- if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) ++ if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) + goto err; +- if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen)) ++ if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) + goto err; + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { + q = enctmp + 8; + memset(keybuf + 5, 0, 11); +- if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) ++ if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) + goto err; + OPENSSL_cleanse(keybuf, 20); +- if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen)) ++ if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) + goto err; +- if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen)) ++ if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) + goto err; + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { +@@ -724,8 +753,9 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, + + ret = b2i_PrivateKey(&p, keylen); + err: +- EVP_CIPHER_CTX_free(cctx); +- OPENSSL_free(enctmp); ++ EVP_CIPHER_CTX_cleanup(&cctx); ++ if (enctmp && saltlen) ++ OPENSSL_free(enctmp); + return ret; + } + +@@ -746,7 +776,7 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) + return 0; + buflen = (int)keylen + saltlen; + buf = OPENSSL_malloc(buflen); +- if (buf == NULL) { ++ if (!buf) { + PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -758,7 +788,10 @@ EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) + ret = do_PVK_body(&p, saltlen, keylen, cb, u); + + err: +- OPENSSL_clear_free(buf, buflen); ++ if (buf) { ++ OPENSSL_cleanse(buf, buflen); ++ OPENSSL_free(buf); ++ } + return ret; + } + +@@ -766,33 +799,31 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, + pem_password_cb *cb, void *u) + { + int outlen = 24, pklen; +- unsigned char *p = NULL, *start = NULL, *salt = NULL; +- EVP_CIPHER_CTX *cctx = NULL; ++ unsigned char *p, *salt = NULL; ++ EVP_CIPHER_CTX cctx; ++ EVP_CIPHER_CTX_init(&cctx); + if (enclevel) + outlen += PVK_SALTLEN; + pklen = do_i2b(NULL, pk, 0); + if (pklen < 0) + return -1; + outlen += pklen; +- if (out == NULL) ++ if (!out) + return outlen; +- if (*out != NULL) { ++ if (*out) + p = *out; +- } else { +- start = p = OPENSSL_malloc(outlen); +- if (p == NULL) { ++ else { ++ p = OPENSSL_malloc(outlen); ++ if (!p) { + PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE); + return -1; + } ++ *out = p; + } + +- cctx = EVP_CIPHER_CTX_new(); +- if (cctx == NULL) +- goto error; +- + write_ledword(&p, MS_PVKMAGIC); + write_ledword(&p, 0); +- if (EVP_PKEY_id(pk) == EVP_PKEY_DSA) ++ if (pk->type == EVP_PKEY_DSA) + write_ledword(&p, MS_KEYTYPE_SIGN); + else + write_ledword(&p, MS_KEYTYPE_KEYX); +@@ -806,7 +837,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, + p += PVK_SALTLEN; + } + do_i2b(&p, pk, 0); +- if (enclevel != 0) { ++ if (enclevel == 0) ++ return outlen; ++ else { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; + int enctmplen, inlen; +@@ -824,26 +857,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel, + if (enclevel == 1) + memset(keybuf + 5, 0, 11); + p = salt + PVK_SALTLEN + 8; +- if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL)) ++ if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) + goto error; + OPENSSL_cleanse(keybuf, 20); +- if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8)) ++ if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) + goto error; +- if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen)) ++ if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) + goto error; + } +- +- EVP_CIPHER_CTX_free(cctx); +- +- if (*out == NULL) +- *out = start; +- ++ EVP_CIPHER_CTX_cleanup(&cctx); + return outlen; + + error: +- EVP_CIPHER_CTX_free(cctx); +- if (*out == NULL) +- OPENSSL_free(start); ++ EVP_CIPHER_CTX_cleanup(&cctx); + return -1; + } + +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +index 193ed80..d9f03a3 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +@@ -1,16 +1,65 @@ ++/* p12_add.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "p12_lcl.h" + + /* Pack an object into an OCTET STRING and turn into a safebag */ + +@@ -19,8 +68,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + { + PKCS12_BAGS *bag; + PKCS12_SAFEBAG *safebag; +- +- if ((bag = PKCS12_BAGS_new()) == NULL) { ++ if (!(bag = PKCS12_BAGS_new())) { + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -29,7 +77,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + goto err; + } +- if ((safebag = PKCS12_SAFEBAG_new()) == NULL) { ++ if (!(safebag = PKCS12_SAFEBAG_new())) { + PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -42,17 +90,64 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + return NULL; + } + ++/* Turn PKCS8 object into a keybag */ ++ ++PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) ++{ ++ PKCS12_SAFEBAG *bag; ++ if (!(bag = PKCS12_SAFEBAG_new())) { ++ PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ bag->type = OBJ_nid2obj(NID_keyBag); ++ bag->value.keybag = p8; ++ return bag; ++} ++ ++/* Turn PKCS8 object into a shrouded keybag */ ++ ++PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, ++ int passlen, unsigned char *salt, ++ int saltlen, int iter, ++ PKCS8_PRIV_KEY_INFO *p8) ++{ ++ PKCS12_SAFEBAG *bag; ++ const EVP_CIPHER *pbe_ciph; ++ ++ /* Set up the safe bag */ ++ if (!(bag = PKCS12_SAFEBAG_new())) { ++ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ ++ bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); ++ ++ pbe_ciph = EVP_get_cipherbynid(pbe_nid); ++ ++ if (pbe_ciph) ++ pbe_nid = -1; ++ ++ if (!(bag->value.shkeybag = ++ PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, ++ p8))) { ++ PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); ++ PKCS12_SAFEBAG_free(bag); ++ return NULL; ++ } ++ ++ return bag; ++} ++ + /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ + PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) + { + PKCS7 *p7; +- +- if ((p7 = PKCS7_new()) == NULL) { ++ if (!(p7 = PKCS7_new())) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); + return NULL; + } + p7->type = OBJ_nid2obj(NID_pkcs7_data); +- if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) { ++ if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -88,8 +183,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + PKCS7 *p7; + X509_ALGOR *pbe; + const EVP_CIPHER *pbe_ciph; +- +- if ((p7 = PKCS7_new()) == NULL) { ++ if (!(p7 = PKCS7_new())) { + PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -112,7 +206,7 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + } + X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); + p7->d.encrypted->enc_data->algorithm = pbe; +- ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); ++ M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); + if (!(p7->d.encrypted->enc_data->enc_data = + PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, + passlen, bags, 1))) { +@@ -138,7 +232,7 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + p7->d.encrypted->enc_data->enc_data, 1); + } + +-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, ++PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, + const char *pass, int passlen) + { + return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); +@@ -152,7 +246,7 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) + return 0; + } + +-STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12) ++STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) + { + if (!PKCS7_type_is_data(p12->authsafes)) { + PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c +index f2bfe32..370ddbd 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c +@@ -1,17 +1,66 @@ ++/* p12_asn.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "p12_lcl.h" + + /* PKCS#12 ASN1 module */ + +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +index c324f50..fff3ba1 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c +@@ -1,16 +1,65 @@ ++/* p12_attr.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "p12_lcl.h" + + /* Add a local keyid to a safebag */ + +@@ -28,9 +77,13 @@ int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + + int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) + { +- unsigned char us_val = (unsigned char)usage; +- return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, +- V_ASN1_BIT_STRING, &us_val, 1); ++ unsigned char us_val; ++ us_val = (unsigned char)usage; ++ if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, ++ V_ASN1_BIT_STRING, &us_val, 1)) ++ return 1; ++ else ++ return 0; + } + + /* Add a friendlyname to a safebag */ +@@ -45,16 +98,6 @@ int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, + return 0; + } + +-int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, +- int namelen) +-{ +- if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, +- MBSTRING_UTF8, (unsigned char *)name, namelen)) +- return 1; +- else +- return 0; +-} +- + int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, + const unsigned char *name, int namelen) + { +@@ -74,30 +117,31 @@ int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) + return 0; + } + +-ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, +- int attr_nid) ++ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) + { + X509_ATTRIBUTE *attrib; + int i; +- i = X509at_get_attr_by_NID(attrs, attr_nid, -1); +- attrib = X509at_get_attr(attrs, i); +- return X509_ATTRIBUTE_get0_type(attrib, 0); ++ if (!attrs) ++ return NULL; ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { ++ attrib = sk_X509_ATTRIBUTE_value(attrs, i); ++ if (OBJ_obj2nid(attrib->object) == attr_nid) { ++ if (sk_ASN1_TYPE_num(attrib->value.set)) ++ return sk_ASN1_TYPE_value(attrib->value.set, 0); ++ else ++ return NULL; ++ } ++ } ++ return NULL; + } + + char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) + { +- const ASN1_TYPE *atype; +- +- if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL) ++ ASN1_TYPE *atype; ++ if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) + return NULL; + if (atype->type != V_ASN1_BMPSTRING) + return NULL; +- return OPENSSL_uni2utf8(atype->value.bmpstring->data, +- atype->value.bmpstring->length); +-} +- +-const STACK_OF(X509_ATTRIBUTE) * +-PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag) +-{ +- return bag->attrib; ++ return OPENSSL_uni2asc(atype->value.bmpstring->data, ++ atype->value.bmpstring->length); + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +index feef9d1..9c2dcab 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c +@@ -1,14 +1,64 @@ ++/* p12_crpt.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + /* PKCS#12 PBE algorithms now in static table */ +@@ -24,22 +74,21 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + PBEPARAM *pbe; + int saltlen, iter, ret; + unsigned char *salt; ++ const unsigned char *pbuf; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; +- int (*pkcs12_key_gen)(const char *pass, int passlen, +- unsigned char *salt, int slen, +- int id, int iter, int n, +- unsigned char *out, +- const EVP_MD *md_type); +- +- pkcs12_key_gen = PKCS12_key_gen_utf8; + + if (cipher == NULL) + return 0; + + /* Extract useful info from parameter */ ++ if (param == NULL || param->type != V_ASN1_SEQUENCE || ++ param->value.sequence == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); ++ return 0; ++ } + +- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param); +- if (pbe == NULL) { ++ pbuf = param->value.sequence->data; ++ if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR); + return 0; + } +@@ -50,14 +99,14 @@ int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + iter = ASN1_INTEGER_get(pbe->iter); + salt = pbe->salt->data; + saltlen = pbe->salt->length; +- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID, +- iter, EVP_CIPHER_key_length(cipher), key, md)) { ++ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID, ++ iter, EVP_CIPHER_key_length(cipher), key, md)) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR); + PBEPARAM_free(pbe); + return 0; + } +- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID, +- iter, EVP_CIPHER_iv_length(cipher), iv, md)) { ++ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID, ++ iter, EVP_CIPHER_iv_length(cipher), iv, md)) { + PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR); + PBEPARAM_free(pbe); + return 0; +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +index 10cf8dd..7d2aeef 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c +@@ -1,16 +1,65 @@ ++/* p12_crt.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "p12_lcl.h" + + static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, + PKCS12_SAFEBAG *bag); +@@ -28,7 +77,7 @@ static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) + return 1; + } + +-PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, ++PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, + STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, + int mac_iter, int keytype) + { +@@ -41,12 +90,18 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 * + unsigned int keyidlen = 0; + + /* Set defaults */ +- if (!nid_cert) ++ if (!nid_cert) { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++ else ++#endif + #ifdef OPENSSL_NO_RC2 +- nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; ++ nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + #else +- nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; ++ nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; + #endif ++ } + if (!nid_key) + nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + if (!iter) +@@ -124,9 +179,13 @@ PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 * + return p12; + + err: +- PKCS12_free(p12); +- sk_PKCS7_pop_free(safes, PKCS7_free); +- sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); ++ ++ if (p12) ++ PKCS12_free(p12); ++ if (safes) ++ sk_PKCS7_pop_free(safes, PKCS7_free); ++ if (bags) ++ sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + return NULL; + + } +@@ -140,7 +199,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) + int keyidlen = -1; + + /* Add user certificate */ +- if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL) ++ if (!(bag = PKCS12_x5092certbag(cert))) + goto err; + + /* +@@ -163,30 +222,32 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) + return bag; + + err: +- PKCS12_SAFEBAG_free(bag); ++ ++ if (bag) ++ PKCS12_SAFEBAG_free(bag); ++ + return NULL; + + } + + PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + EVP_PKEY *key, int key_usage, int iter, +- int nid_key, const char *pass) ++ int nid_key, char *pass) + { + + PKCS12_SAFEBAG *bag = NULL; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + + /* Make a PKCS#8 structure */ +- if ((p8 = EVP_PKEY2PKCS8(key)) == NULL) ++ if (!(p8 = EVP_PKEY2PKCS8(key))) + goto err; + if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) + goto err; + if (nid_key != -1) { +- bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0, +- iter, p8); ++ bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8); + PKCS8_PRIV_KEY_INFO_free(p8); + } else +- bag = PKCS12_SAFEBAG_create0_p8inf(p8); ++ bag = PKCS12_MAKE_KEYBAG(p8); + + if (!bag) + goto err; +@@ -197,13 +258,16 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, + return bag; + + err: +- PKCS12_SAFEBAG_free(bag); ++ ++ if (bag) ++ PKCS12_SAFEBAG_free(bag); ++ + return NULL; + + } + + int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, +- int nid_safe, int iter, const char *pass) ++ int nid_safe, int iter, char *pass) + { + PKCS7 *p7 = NULL; + int free_safes = 0; +@@ -240,7 +304,10 @@ int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + sk_PKCS7_free(*psafes); + *psafes = NULL; + } +- PKCS7_free(p7); ++ ++ if (p7) ++ PKCS7_free(p7); ++ + return 0; + + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +index 3c86058..b40ea10 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c +@@ -1,54 +1,99 @@ ++/* p12_decr.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + /* Define this to dump decrypted output to files called DERnnn */ + /* +- * #define OPENSSL_DEBUG_DECRYPT ++ * #define DEBUG_DECRYPT + */ + + /* + * Encrypt/Decrypt a buffer based on password and algor, result in a + * OPENSSL_malloc'ed buffer + */ +-unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, +- const char *pass, int passlen, +- const unsigned char *in, int inlen, ++ ++unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, ++ int passlen, unsigned char *in, int inlen, + unsigned char **data, int *datalen, int en_de) + { +- unsigned char *out = NULL; ++ unsigned char *out; + int outlen, i; +- EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); +- +- if (ctx == NULL) { +- PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ EVP_CIPHER_CTX ctx; + ++ EVP_CIPHER_CTX_init(&ctx); + /* Decrypt data */ + if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, +- algor->parameter, ctx, en_de)) { ++ algor->parameter, &ctx, en_de)) { + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, + PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); +- goto err; ++ return NULL; + } + +- if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx))) +- == NULL) { ++ if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + +- if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) { ++ if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) { + OPENSSL_free(out); + out = NULL; + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB); +@@ -56,7 +101,7 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + } + + outlen = i; +- if (!EVP_CipherFinal_ex(ctx, out + i, &i)) { ++ if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { + OPENSSL_free(out); + out = NULL; + PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, +@@ -69,7 +114,7 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + if (data) + *data = out; + err: +- EVP_CIPHER_CTX_free(ctx); ++ EVP_CIPHER_CTX_cleanup(&ctx); + return out; + + } +@@ -79,9 +124,9 @@ unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, + * after use. + */ + +-void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, ++void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, +- const ASN1_OCTET_STRING *oct, int zbuf) ++ ASN1_OCTET_STRING *oct, int zbuf) + { + unsigned char *out; + const unsigned char *p; +@@ -95,7 +140,7 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + return NULL; + } + p = out; +-#ifdef OPENSSL_DEBUG_DECRYPT ++#ifdef DEBUG_DECRYPT + { + FILE *op; + +@@ -129,8 +174,7 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + ASN1_OCTET_STRING *oct = NULL; + unsigned char *in = NULL; + int inlen; +- +- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { + PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -150,6 +194,9 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + OPENSSL_free(in); + return oct; + err: +- ASN1_OCTET_STRING_free(oct); ++ if (oct) ++ ASN1_OCTET_STRING_free(oct); + return NULL; + } ++ ++IMPLEMENT_PKCS12_STACK_OF(PKCS7) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c +index a78e183..0322df9 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c +@@ -1,24 +1,72 @@ ++/* p12_init.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "p12_lcl.h" + + /* Initialise a PKCS12 structure to take data */ + + PKCS12 *PKCS12_init(int mode) + { + PKCS12 *pkcs12; +- +- if ((pkcs12 = PKCS12_new()) == NULL) { ++ if (!(pkcs12 = PKCS12_new())) { + PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -26,7 +74,7 @@ PKCS12 *PKCS12_init(int mode) + pkcs12->authsafes->type = OBJ_nid2obj(mode); + switch (mode) { + case NID_pkcs7_data: +- if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) { ++ if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) { + PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -35,9 +83,10 @@ PKCS12 *PKCS12_init(int mode) + PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE); + goto err; + } +- return pkcs12; + ++ return pkcs12; + err: +- PKCS12_free(pkcs12); ++ if (pkcs12 != NULL) ++ PKCS12_free(pkcs12); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +index 9c13a45..99b8260 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c +@@ -1,22 +1,72 @@ ++/* p12_key.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + + /* Uncomment out this line to get debugging info about key generation */ + /* +- * #define OPENSSL_DEBUG_KEYGEN ++ * #define DEBUG_KEYGEN + */ +-#ifdef OPENSSL_DEBUG_KEYGEN ++#ifdef DEBUG_KEYGEN + # include + extern BIO *bio_err; + void h__dump(unsigned char *p, int len); +@@ -46,30 +96,10 @@ int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + id, iter, n, out, md_type); + if (ret <= 0) + return 0; +- OPENSSL_clear_free(unipass, uniplen); +- return ret; +-} +- +-int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, +- int saltlen, int id, int iter, int n, +- unsigned char *out, const EVP_MD *md_type) +-{ +- int ret; +- unsigned char *unipass; +- int uniplen; +- +- if (!pass) { +- unipass = NULL; +- uniplen = 0; +- } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) { +- PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE); +- return 0; ++ if (unipass) { ++ OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */ ++ OPENSSL_free(unipass); + } +- ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, +- id, iter, n, out, md_type); +- if (ret <= 0) +- return 0; +- OPENSSL_clear_free(unipass, uniplen); + return ret; + } + +@@ -77,22 +107,26 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, + unsigned char *out, const EVP_MD *md_type) + { +- unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL; ++ unsigned char *B, *D, *I, *p, *Ai; + int Slen, Plen, Ilen, Ijlen; + int i, j, u, v; + int ret = 0; +- BIGNUM *Ij = NULL, *Bpl1 = NULL; /* These hold Ij and B + 1 */ +- EVP_MD_CTX *ctx = NULL; +-#ifdef OPENSSL_DEBUG_KEYGEN ++ BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ ++ EVP_MD_CTX ctx; ++#ifdef DEBUG_KEYGEN + unsigned char *tmpout = out; + int tmpn = n; + #endif + +- ctx = EVP_MD_CTX_new(); +- if (ctx == NULL) +- goto err; ++#if 0 ++ if (!pass) { ++ PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER); ++ return 0; ++ } ++#endif + +-#ifdef OPENSSL_DEBUG_KEYGEN ++ EVP_MD_CTX_init(&ctx); ++#ifdef DEBUG_KEYGEN + fprintf(stderr, "KEYGEN DEBUG\n"); + fprintf(stderr, "ID %d, ITER %d\n", id, iter); + fprintf(stderr, "Password (length %d):\n", passlen); +@@ -102,8 +136,8 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + #endif + v = EVP_MD_block_size(md_type); + u = EVP_MD_size(md_type); +- if (u < 0 || v <= 0) +- goto err; ++ if (u < 0) ++ return 0; + D = OPENSSL_malloc(v); + Ai = OPENSSL_malloc(u); + B = OPENSSL_malloc(v + 1); +@@ -116,8 +150,7 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + I = OPENSSL_malloc(Ilen); + Ij = BN_new(); + Bpl1 = BN_new(); +- if (D == NULL || Ai == NULL || B == NULL || I == NULL || Ij == NULL +- || Bpl1 == NULL) ++ if (!D || !Ai || !B || !I || !Ij || !Bpl1) + goto err; + for (i = 0; i < v; i++) + D[i] = id; +@@ -127,20 +160,20 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + for (i = 0; i < Plen; i++) + *p++ = pass[i % passlen]; + for (;;) { +- if (!EVP_DigestInit_ex(ctx, md_type, NULL) +- || !EVP_DigestUpdate(ctx, D, v) +- || !EVP_DigestUpdate(ctx, I, Ilen) +- || !EVP_DigestFinal_ex(ctx, Ai, NULL)) ++ if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ++ || !EVP_DigestUpdate(&ctx, D, v) ++ || !EVP_DigestUpdate(&ctx, I, Ilen) ++ || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + goto err; + for (j = 1; j < iter; j++) { +- if (!EVP_DigestInit_ex(ctx, md_type, NULL) +- || !EVP_DigestUpdate(ctx, Ai, u) +- || !EVP_DigestFinal_ex(ctx, Ai, NULL)) ++ if (!EVP_DigestInit_ex(&ctx, md_type, NULL) ++ || !EVP_DigestUpdate(&ctx, Ai, u) ++ || !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + goto err; + } + memcpy(out, Ai, min(n, u)); + if (u >= n) { +-#ifdef OPENSSL_DEBUG_KEYGEN ++#ifdef DEBUG_KEYGEN + fprintf(stderr, "Output KEY (length %d)\n", tmpn); + h__dump(tmpout, tmpn); + #endif +@@ -191,11 +224,11 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + OPENSSL_free(I); + BN_free(Ij); + BN_free(Bpl1); +- EVP_MD_CTX_free(ctx); ++ EVP_MD_CTX_cleanup(&ctx); + return ret; + } + +-#ifdef OPENSSL_DEBUG_KEYGEN ++#ifdef DEBUG_KEYGEN + void h__dump(unsigned char *p, int len) + { + for (; len--; p++) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +index 62f5d1e..9aa3c90 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c +@@ -1,14 +1,64 @@ ++/* p12_kiss.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + /* Simplified PKCS#12 routines */ +@@ -16,7 +66,7 @@ + static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + +-static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, ++static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); + + static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, +@@ -26,7 +76,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + * Parse and decrypt a PKCS#12 structure returning user key, user cert and + * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it + * should point to a valid STACK structure. pkey and cert can be passed +- * uninitialised. ++ * unitialised. + */ + + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, +@@ -102,21 +152,25 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + goto err; + x = NULL; + } +- X509_free(x); ++ if (x) ++ X509_free(x); + } + +- sk_X509_pop_free(ocerts, X509_free); ++ if (ocerts) ++ sk_X509_pop_free(ocerts, X509_free); + + return 1; + + err: + +- if (pkey) ++ if (pkey && *pkey) + EVP_PKEY_free(*pkey); +- if (cert) ++ if (cert && *cert) + X509_free(*cert); +- X509_free(x); +- sk_X509_pop_free(ocerts, X509_free); ++ if (x) ++ X509_free(x); ++ if (ocerts) ++ sk_X509_pop_free(ocerts, X509_free); + return 0; + + } +@@ -131,7 +185,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, + int i, bagnid; + PKCS7 *p7; + +- if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) ++ if (!(asafes = PKCS12_unpack_authsafes(p12))) + return 0; + for (i = 0; i < sk_PKCS7_num(asafes); i++) { + p7 = sk_PKCS7_value(asafes, i); +@@ -157,7 +211,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, + return 1; + } + +-static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, ++static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts) + { + int i; +@@ -174,29 +228,28 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + { + PKCS8_PRIV_KEY_INFO *p8; + X509 *x509; +- const ASN1_TYPE *attrib; ++ ASN1_TYPE *attrib; + ASN1_BMPSTRING *fname = NULL; + ASN1_OCTET_STRING *lkid = NULL; + +- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) ++ if ((attrib = PKCS12_get_attr(bag, NID_friendlyName))) + fname = attrib->value.bmpstring; + +- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) ++ if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) + lkid = attrib->value.octet_string; + +- switch (PKCS12_SAFEBAG_get_nid(bag)) { ++ switch (M_PKCS12_bag_type(bag)) { + case NID_keyBag: + if (!pkey || *pkey) + return 1; +- *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag)); +- if (*pkey == NULL) ++ if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + return 0; + break; + + case NID_pkcs8ShroudedKeyBag: + if (!pkey || *pkey) + return 1; +- if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) ++ if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) + return 0; + *pkey = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); +@@ -205,9 +258,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + break; + + case NID_certBag: +- if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate) ++ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) + return 1; +- if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL) ++ if (!(x509 = PKCS12_certbag2x509(bag))) + return 0; + if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { + X509_free(x509); +@@ -235,11 +288,12 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + break; + + case NID_safeContentsBag: +- return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey, +- ocerts); ++ return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts); ++ break; + + default: + return 1; ++ break; + } + return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h b/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h +deleted file mode 100644 +index 0b52f1e..0000000 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_lcl.h ++++ /dev/null +@@ -1,43 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-struct PKCS12_MAC_DATA_st { +- X509_SIG *dinfo; +- ASN1_OCTET_STRING *salt; +- ASN1_INTEGER *iter; /* defaults to 1 */ +-}; +- +-struct PKCS12_st { +- ASN1_INTEGER *version; +- PKCS12_MAC_DATA *mac; +- PKCS7 *authsafes; +-}; +- +-struct PKCS12_SAFEBAG_st { +- ASN1_OBJECT *type; +- union { +- struct pkcs12_bag_st *bag; /* secret, crl and certbag */ +- struct pkcs8_priv_key_info_st *keybag; /* keybag */ +- X509_SIG *shkeybag; /* shrouded key bag */ +- STACK_OF(PKCS12_SAFEBAG) *safes; +- ASN1_TYPE *other; +- } value; +- STACK_OF(X509_ATTRIBUTE) *attrib; +-}; +- +-struct pkcs12_bag_st { +- ASN1_OBJECT *type; +- union { +- ASN1_OCTET_STRING *x509cert; +- ASN1_OCTET_STRING *x509crl; +- ASN1_OCTET_STRING *octet; +- ASN1_IA5STRING *sdsicert; +- ASN1_TYPE *other; /* Secret or other bag */ +- } value; +-}; +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +index d6b8919..cbf34da 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +@@ -1,91 +1,79 @@ ++/* p12_mutl.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + ++#ifndef OPENSSL_NO_HMAC + # include +-# include "internal/cryptlib.h" ++# include "cryptlib.h" + # include + # include + # include + # include +-# include "p12_lcl.h" +- +-int PKCS12_mac_present(const PKCS12 *p12) +-{ +- return p12->mac ? 1 : 0; +-} +- +-void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, +- const X509_ALGOR **pmacalg, +- const ASN1_OCTET_STRING **psalt, +- const ASN1_INTEGER **piter, +- const PKCS12 *p12) +-{ +- if (p12->mac) { +- X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac); +- if (psalt) +- *psalt = p12->mac->salt; +- if (piter) +- *piter = p12->mac->iter; +- } else { +- if (pmac) +- *pmac = NULL; +- if (pmacalg) +- *pmacalg = NULL; +- if (psalt) +- *psalt = NULL; +- if (piter) +- *piter = NULL; +- } +-} +- +-# define TK26_MAC_KEY_LEN 32 +- +-static int pkcs12_gen_gost_mac_key(const char *pass, int passlen, +- const unsigned char *salt, int saltlen, +- int iter, int keylen, unsigned char *key, +- const EVP_MD *digest) +-{ +- unsigned char out[96]; +- +- if (keylen != TK26_MAC_KEY_LEN) { +- return 0; +- } +- +- if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, +- digest, sizeof(out), out)) { +- return 0; +- } +- memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN); +- OPENSSL_cleanse(out, sizeof(out)); +- return 1; +-} + + /* Generate a MAC */ +-static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, +- unsigned char *mac, unsigned int *maclen, +- int (*pkcs12_key_gen)(const char *pass, int passlen, +- unsigned char *salt, int slen, +- int id, int iter, int n, +- unsigned char *out, +- const EVP_MD *md_type)) ++int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, ++ unsigned char *mac, unsigned int *maclen) + { + const EVP_MD *md_type; +- HMAC_CTX *hmac = NULL; ++ HMAC_CTX hmac; + unsigned char key[EVP_MAX_MD_SIZE], *salt; + int saltlen, iter; +- int md_size = 0; +- int md_type_nid; +- const X509_ALGOR *macalg; +- const ASN1_OBJECT *macoid; +- +- if (pkcs12_key_gen == NULL) +- pkcs12_key_gen = PKCS12_key_gen_utf8; ++ int md_size; + + if (!PKCS7_type_is_data(p12->authsafes)) { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA); +@@ -98,71 +86,46 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + iter = 1; + else + iter = ASN1_INTEGER_get(p12->mac->iter); +- X509_SIG_get0(p12->mac->dinfo, &macalg, NULL); +- X509_ALGOR_get0(&macoid, NULL, NULL, macalg); +- if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) { ++ if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); + return 0; + } + md_size = EVP_MD_size(md_type); +- md_type_nid = EVP_MD_type(md_type); + if (md_size < 0) + return 0; +- if ((md_type_nid == NID_id_GostR3411_94 +- || md_type_nid == NID_id_GostR3411_2012_256 +- || md_type_nid == NID_id_GostR3411_2012_512) +- && !getenv("LEGACY_GOST_PKCS12")) { +- md_size = TK26_MAC_KEY_LEN; +- if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter, +- md_size, key, md_type)) { +- PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); +- return 0; +- } +- } else +- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID, +- iter, md_size, key, md_type)) { ++ if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, ++ md_size, key, md_type)) { + PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR); + return 0; + } +- hmac = HMAC_CTX_new(); +- if (!HMAC_Init_ex(hmac, key, md_size, md_type, NULL) +- || !HMAC_Update(hmac, p12->authsafes->d.data->data, ++ HMAC_CTX_init(&hmac); ++ if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) ++ || !HMAC_Update(&hmac, p12->authsafes->d.data->data, + p12->authsafes->d.data->length) +- || !HMAC_Final(hmac, mac, maclen)) { +- HMAC_CTX_free(hmac); ++ || !HMAC_Final(&hmac, mac, maclen)) { ++ HMAC_CTX_cleanup(&hmac); + return 0; + } +- HMAC_CTX_free(hmac); ++ HMAC_CTX_cleanup(&hmac); + return 1; + } + +-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, +- unsigned char *mac, unsigned int *maclen) +-{ +- return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL); +-} +- + /* Verify the mac */ + int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) + { + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int maclen; +- const ASN1_OCTET_STRING *macoct; +- + if (p12->mac == NULL) { + PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT); + return 0; + } +- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, +- PKCS12_key_gen_utf8)) { ++ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { + PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR); + return 0; + } +- X509_SIG_get0(p12->mac->dinfo, NULL, &macoct); +- if ((maclen != (unsigned int)ASN1_STRING_length(macoct)) +- || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0) ++ if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) ++ || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + return 0; +- + return 1; + } + +@@ -174,7 +137,6 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + { + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int maclen; +- ASN1_OCTET_STRING *macoct; + + if (!md_type) + md_type = EVP_sha1(); +@@ -182,16 +144,11 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR); + return 0; + } +- /* +- * Note that output mac is forced to UTF-8... +- */ +- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, +- PKCS12_key_gen_utf8)) { ++ if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { + PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR); + return 0; + } +- X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); +- if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) { ++ if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { + PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR); + return 0; + } +@@ -202,12 +159,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, + const EVP_MD *md_type) + { +- X509_ALGOR *macalg; +- +- if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) ++ if (!(p12->mac = PKCS12_MAC_DATA_new())) + return PKCS12_ERROR; + if (iter > 1) { +- if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) { ++ if (!(p12->mac->iter = M_ASN1_INTEGER_new())) { + PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -228,12 +183,13 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, + return 0; + } else + memcpy(p12->mac->salt->data, salt, saltlen); +- X509_SIG_getm(p12->mac->dinfo, &macalg, NULL); +- if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)), +- V_ASN1_NULL, NULL)) { ++ p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); ++ if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { + PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); + return 0; + } ++ p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; + + return 1; + } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +index 0ce75ed..9e8ebb2 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +@@ -1,10 +1,60 @@ ++/* p12_npas.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -13,7 +63,6 @@ + #include + #include + #include +-#include "p12_lcl.h" + + /* PKCS#12 password change routine */ + +@@ -22,8 +71,7 @@ static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, + const char *newpass); + static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, + const char *newpass); +-static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, +- int *psaltlen); ++static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); + + /* + * Change the password on a PKCS#12 structure. +@@ -62,7 +110,7 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; + PKCS7 *p7, *p7new; +- ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL; ++ ASN1_OCTET_STRING *p12_data_tmp = NULL; + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned int maclen; + int rv = 0; +@@ -107,11 +155,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) + goto err; + if (!PKCS12_pack_authsafes(p12, newsafes)) + goto err; +- + if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) + goto err; +- X509_SIG_getm(p12->mac->dinfo, NULL, &macoct); +- if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) ++ if (!ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen)) + goto err; + + rv = 1; +@@ -149,15 +195,13 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, + PKCS8_PRIV_KEY_INFO *p8; + X509_SIG *p8new; + int p8_nid, p8_saltlen, p8_iter; +- const X509_ALGOR *shalg; + +- if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag) ++ if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) + return 1; + +- if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) ++ if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) + return 0; +- X509_SIG_get0(bag->value.shkeybag, &shalg, NULL); +- if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen)) ++ if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) + return 0; + p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, + p8_iter, p8); +@@ -169,11 +213,13 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, + return 1; + } + +-static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter, +- int *psaltlen) ++static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) + { + PBEPARAM *pbe; +- pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter); ++ const unsigned char *p; ++ ++ p = alg->parameter->value.sequence->data; ++ pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); + if (!pbe) + return 0; + *pnid = OBJ_obj2nid(alg->algorithm); +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c +index d926a77..3cc7a9f 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c +@@ -1,23 +1,70 @@ ++/* p12_p8d.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + +-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, ++PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, + int passlen) + { +- const X509_ALGOR *dalg; +- const ASN1_OCTET_STRING *doct; +- X509_SIG_get0(p8, &dalg, &doct); +- return PKCS12_item_decrypt_d2i(dalg, ++ return PKCS12_item_decrypt_d2i(p8->algor, + ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, +- passlen, doct, 1); ++ passlen, p8->digest, 1); + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +index 86a07e1..861a087 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c +@@ -1,16 +1,65 @@ ++/* p12_p8e.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "internal/x509_int.h" + + X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, +@@ -20,6 +69,11 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + X509_SIG *p8 = NULL; + X509_ALGOR *pbe; + ++ if (!(p8 = X509_SIG_new())) { ++ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ + if (pbe_nid == -1) + pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); + else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) +@@ -30,40 +84,22 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + } + if (!pbe) { + PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); +- return NULL; +- } +- p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe); +- if (p8 == NULL) { +- X509_ALGOR_free(pbe); +- return NULL; ++ goto err; + } +- +- return p8; +-} +- +-X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, +- PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) +-{ +- X509_SIG *p8; +- ASN1_OCTET_STRING *enckey; +- +- enckey = ++ X509_ALGOR_free(p8->algor); ++ p8->algor = pbe; ++ M_ASN1_OCTET_STRING_free(p8->digest); ++ p8->digest = + PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), + pass, passlen, p8inf, 1); +- if (!enckey) { +- PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR); +- return NULL; +- } +- +- p8 = OPENSSL_zalloc(sizeof(*p8)); +- +- if (p8 == NULL) { +- PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE); +- ASN1_OCTET_STRING_free(enckey); +- return NULL; ++ if (!p8->digest) { ++ PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); ++ goto err; + } +- p8->algor = pbe; +- p8->digest = enckey; + + return p8; ++ ++ err: ++ X509_SIG_free(p8); ++ return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c +deleted file mode 100644 +index 4a3d259..0000000 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_sbag.c ++++ /dev/null +@@ -1,170 +0,0 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include "p12_lcl.h" +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid) +-{ +- return PKCS12_get_attr_gen(bag->attrib, attr_nid); +-} +-#endif +- +-const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, +- int attr_nid) +-{ +- return PKCS12_get_attr_gen(bag->attrib, attr_nid); +-} +- +-ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid) +-{ +- return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid); +-} +- +-const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag) +-{ +- if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag) +- return NULL; +- return bag->value.keybag; +-} +- +-const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag) +-{ +- if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) +- return NULL; +- return bag->value.shkeybag; +-} +- +-const STACK_OF(PKCS12_SAFEBAG) * +-PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag) +-{ +- if (OBJ_obj2nid(bag->type) != NID_safeContentsBag) +- return NULL; +- return bag->value.safes; +-} +- +-const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag) +-{ +- return bag->type; +-} +- +-int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag) +-{ +- return OBJ_obj2nid(bag->type); +-} +- +-int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag) +-{ +- int btype = PKCS12_SAFEBAG_get_nid(bag); +- +- if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag) +- return -1; +- return OBJ_obj2nid(bag->value.bag->type); +-} +- +-X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag) +-{ +- if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag) +- return NULL; +- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) +- return NULL; +- return ASN1_item_unpack(bag->value.bag->value.octet, +- ASN1_ITEM_rptr(X509)); +-} +- +-X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag) +-{ +- if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag) +- return NULL; +- if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) +- return NULL; +- return ASN1_item_unpack(bag->value.bag->value.octet, +- ASN1_ITEM_rptr(X509_CRL)); +-} +- +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509) +-{ +- return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), +- NID_x509Certificate, NID_certBag); +-} +- +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl) +-{ +- return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), +- NID_x509Crl, NID_crlBag); +-} +- +-/* Turn PKCS8 object into a keybag */ +- +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8) +-{ +- PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); +- +- if (bag == NULL) { +- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- bag->type = OBJ_nid2obj(NID_keyBag); +- bag->value.keybag = p8; +- return bag; +-} +- +-/* Turn PKCS8 object into a shrouded keybag */ +- +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8) +-{ +- PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new(); +- +- /* Set up the safe bag */ +- if (bag == NULL) { +- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); +- bag->value.shkeybag = p8; +- return bag; +-} +- +-PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, +- const char *pass, +- int passlen, +- unsigned char *salt, +- int saltlen, int iter, +- PKCS8_PRIV_KEY_INFO *p8inf) +-{ +- PKCS12_SAFEBAG *bag; +- const EVP_CIPHER *pbe_ciph; +- X509_SIG *p8; +- +- pbe_ciph = EVP_get_cipherbynid(pbe_nid); +- +- if (pbe_ciph) +- pbe_nid = -1; +- +- p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, +- p8inf); +- +- if (p8 == NULL) { +- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- bag = PKCS12_SAFEBAG_create0_pkcs8(p8); +- +- if (bag == NULL) { +- PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); +- X509_SIG_free(p8); +- return NULL; +- } +- +- return bag; +-} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +index 0701478..e466f76 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c +@@ -1,14 +1,64 @@ ++/* p12_utl.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + /* Cheap and nasty Unicode stuff */ +@@ -18,11 +68,10 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + { + int ulen, i; + unsigned char *unitmp; +- + if (asclen == -1) + asclen = strlen(asc); + ulen = asclen * 2 + 2; +- if ((unitmp = OPENSSL_malloc(ulen)) == NULL) ++ if (!(unitmp = OPENSSL_malloc(ulen))) + return NULL; + for (i = 0; i < ulen - 2; i += 2) { + unitmp[i] = 0; +@@ -38,10 +87,11 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + return unitmp; + } + +-char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) ++char *OPENSSL_uni2asc(unsigned char *uni, int unilen) + { + int asclen, i; + char *asctmp; ++ + /* string must contain an even number of bytes */ + if (unilen & 1) + return NULL; +@@ -50,7 +100,7 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) + if (!unilen || uni[unilen - 1]) + asclen++; + uni++; +- if ((asctmp = OPENSSL_malloc(asclen)) == NULL) ++ if (!(asctmp = OPENSSL_malloc(asclen))) + return NULL; + for (i = 0; i < unilen; i += 2) + asctmp[i >> 1] = uni[i]; +@@ -58,166 +108,12 @@ char *OPENSSL_uni2asc(const unsigned char *uni, int unilen) + return asctmp; + } + +-/* +- * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and +- * PKCS#12 BMPString format, which is specified as big-endian UTF-16. +- * One should keep in mind that even though BMPString is passed as +- * unsigned char *, it's not the kind of string you can exercise e.g. +- * strlen on. Caller also has to keep in mind that its length is +- * expressed not in number of UTF-16 characters, but in number of +- * bytes the string occupies, and treat it, the length, accordingly. +- */ +-unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, +- unsigned char **uni, int *unilen) +-{ +- int ulen, i, j; +- unsigned char *unitmp, *ret; +- unsigned long utf32chr = 0; +- +- if (asclen == -1) +- asclen = strlen(asc); +- +- for (ulen = 0, i = 0; i < asclen; i += j) { +- j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); +- +- /* +- * Following condition is somewhat opportunistic is sense that +- * decoding failure is used as *indirect* indication that input +- * string might in fact be extended ASCII/ANSI/ISO-8859-X. The +- * fallback is taken in hope that it would allow to process +- * files created with previous OpenSSL version, which used the +- * naive OPENSSL_asc2uni all along. It might be worth noting +- * that probability of false positive depends on language. In +- * cases covered by ISO Latin 1 probability is very low, because +- * any printable non-ASCII alphabet letter followed by another +- * or any ASCII character will trigger failure and fallback. +- * In other cases situation can be intensified by the fact that +- * English letters are not part of alternative keyboard layout, +- * but even then there should be plenty of pairs that trigger +- * decoding failure... +- */ +- if (j < 0) +- return OPENSSL_asc2uni(asc, asclen, uni, unilen); +- +- if (utf32chr > 0x10FFFF) /* UTF-16 cap */ +- return NULL; +- +- if (utf32chr >= 0x10000) /* pair of UTF-16 characters */ +- ulen += 2*2; +- else /* or just one */ +- ulen += 2; +- } +- +- ulen += 2; /* for trailing UTF16 zero */ +- +- if ((ret = OPENSSL_malloc(ulen)) == NULL) +- return NULL; +- +- /* re-run the loop writing down UTF-16 characters in big-endian order */ +- for (unitmp = ret, i = 0; i < asclen; i += j) { +- j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr); +- if (utf32chr >= 0x10000) { /* pair if UTF-16 characters */ +- unsigned int hi, lo; +- +- utf32chr -= 0x10000; +- hi = 0xD800 + (utf32chr>>10); +- lo = 0xDC00 + (utf32chr&0x3ff); +- *unitmp++ = (unsigned char)(hi>>8); +- *unitmp++ = (unsigned char)(hi); +- *unitmp++ = (unsigned char)(lo>>8); +- *unitmp++ = (unsigned char)(lo); +- } else { /* or just one */ +- *unitmp++ = (unsigned char)(utf32chr>>8); +- *unitmp++ = (unsigned char)(utf32chr); +- } +- } +- /* Make result double null terminated */ +- *unitmp++ = 0; +- *unitmp++ = 0; +- if (unilen) +- *unilen = ulen; +- if (uni) +- *uni = ret; +- return ret; +-} +- +-static int bmp_to_utf8(char *str, const unsigned char *utf16, int len) +-{ +- unsigned long utf32chr; +- +- if (len == 0) return 0; +- +- if (len < 2) return -1; +- +- /* pull UTF-16 character in big-endian order */ +- utf32chr = (utf16[0]<<8) | utf16[1]; +- +- if (utf32chr >= 0xD800 && utf32chr < 0xE000) { /* two chars */ +- unsigned int lo; +- +- if (len < 4) return -1; +- +- utf32chr -= 0xD800; +- utf32chr <<= 10; +- lo = (utf16[2]<<8) | utf16[3]; +- if (lo < 0xDC00 || lo >= 0xE000) return -1; +- utf32chr |= lo-0xDC00; +- utf32chr += 0x10000; +- } +- +- return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr); +-} +- +-char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) +-{ +- int asclen, i, j; +- char *asctmp; +- +- /* string must contain an even number of bytes */ +- if (unilen & 1) +- return NULL; +- +- for (asclen = 0, i = 0; i < unilen; ) { +- j = bmp_to_utf8(NULL, uni+i, unilen-i); +- /* +- * falling back to OPENSSL_uni2asc makes lesser sense [than +- * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above], +- * it's done rather to maintain symmetry... +- */ +- if (j < 0) return OPENSSL_uni2asc(uni, unilen); +- if (j == 4) i += 4; +- else i += 2; +- asclen += j; +- } +- +- /* If no terminating zero allow for one */ +- if (!unilen || (uni[unilen-2]||uni[unilen - 1])) +- asclen++; +- +- if ((asctmp = OPENSSL_malloc(asclen)) == NULL) +- return NULL; +- +- /* re-run the loop emitting UTF-8 string */ +- for (asclen = 0, i = 0; i < unilen; ) { +- j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); +- if (j == 4) i += 4; +- else i += 2; +- asclen += j; +- } +- +- /* If no terminating zero write one */ +- if (!unilen || (uni[unilen-2]||uni[unilen - 1])) +- asctmp[asclen] = '\0'; +- +- return asctmp; +-} +- + int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) + { + return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) + { + return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); +@@ -229,9 +125,41 @@ PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) + return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) + { + return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); + } + #endif ++ ++PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509) ++{ ++ return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), ++ NID_x509Certificate, NID_certBag); ++} ++ ++PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl) ++{ ++ return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), ++ NID_x509Crl, NID_crlBag); ++} ++ ++X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) ++{ ++ if (M_PKCS12_bag_type(bag) != NID_certBag) ++ return NULL; ++ if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) ++ return NULL; ++ return ASN1_item_unpack(bag->value.bag->value.octet, ++ ASN1_ITEM_rptr(X509)); ++} ++ ++X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) ++{ ++ if (M_PKCS12_bag_type(bag) != NID_crlBag) ++ return NULL; ++ if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl) ++ return NULL; ++ return ASN1_item_unpack(bag->value.bag->value.octet, ++ ASN1_ITEM_rptr(X509_CRL)); ++} +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +index f705084..e58710b 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pkcs12/pk12err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,6 +70,14 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) + + static ERR_STRING_DATA PKCS12_str_functs[] = { ++ {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, ++ {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), ++ "PKCS12_add_friendlyname_asc"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), ++ "PKCS12_add_friendlyname_uni"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, + {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, + {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, + {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, +@@ -27,26 +86,21 @@ static ERR_STRING_DATA PKCS12_str_functs[] = { + {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, + {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, + {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, +- {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UTF8), "PKCS12_key_gen_utf8"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, ++ {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, + {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, + {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, + {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, + {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, + {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, + {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, +- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF), +- "PKCS12_SAFEBAG_create0_p8inf"}, +- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8), +- "PKCS12_SAFEBAG_create0_pkcs8"}, +- {ERR_FUNC(PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT), +- "PKCS12_SAFEBAG_create_pkcs8_encrypt"}, + {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, + {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, + {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, + {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, + {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, ++ {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, + {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, +- {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"}, + {0, NULL} + }; + +@@ -67,6 +121,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = { + {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"}, + {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"}, + {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"}, ++ {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"}, + {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"}, + {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"}, + {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), +@@ -82,7 +137,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[] = { + + #endif + +-int ERR_load_PKCS12_strings(void) ++void ERR_load_PKCS12_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -91,5 +146,4 @@ int ERR_load_PKCS12_strings(void) + ERR_load_strings(0, PKCS12_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c b/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c +index 29feaa3..fae1c56 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/bio_pk7.c +@@ -1,17 +1,63 @@ ++/* bio_pk7.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include + #include + +-#if !defined(OPENSSL_SYS_VXWORKS) ++#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS) + # include + #endif + #include +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +index 315e1b8..9c0a439 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c +@@ -1,14 +1,64 @@ ++/* pk7_asn.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +index e90bf03..88922ef 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c +@@ -1,10 +1,60 @@ ++/* pk7_attr.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -21,8 +71,7 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap) + { + ASN1_STRING *seq; +- +- if ((seq = ASN1_STRING_new()) == NULL) { ++ if (!(seq = ASN1_STRING_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -38,7 +87,7 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) + const unsigned char *p; + + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); +- if (cap == NULL || (cap->type != V_ASN1_SEQUENCE)) ++ if (!cap || (cap->type != V_ASN1_SEQUENCE)) + return NULL; + p = cap->value.sequence->data; + return (STACK_OF(X509_ALGOR) *) +@@ -49,38 +98,33 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) + /* Basic smime-capabilities OID and optional integer arg */ + int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) + { +- ASN1_INTEGER *nbit = NULL; + X509_ALGOR *alg; + +- if ((alg = X509_ALGOR_new()) == NULL) { ++ if (!(alg = X509_ALGOR_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = OBJ_nid2obj(nid); + if (arg > 0) { +- if ((alg->parameter = ASN1_TYPE_new()) == NULL) { +- goto err; ++ ASN1_INTEGER *nbit; ++ if (!(alg->parameter = ASN1_TYPE_new())) { ++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; + } +- if ((nbit = ASN1_INTEGER_new()) == NULL) { +- goto err; ++ if (!(nbit = ASN1_INTEGER_new())) { ++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; + } + if (!ASN1_INTEGER_set(nbit, arg)) { +- goto err; ++ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); ++ return 0; + } + alg->parameter->value.integer = nbit; + alg->parameter->type = V_ASN1_INTEGER; +- nbit = NULL; +- } +- if (!sk_X509_ALGOR_push(sk, alg)) { +- goto err; + } ++ sk_X509_ALGOR_push(sk, alg); + return 1; +-err: +- PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); +- ASN1_INTEGER_free(nbit); +- X509_ALGOR_free(alg); +- return 0; + } + + int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) +@@ -95,7 +139,7 @@ int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) + + int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) + { +- if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) { ++ if (!t && !(t = X509_gmtime_adj(NULL, 0))) { + PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, + ERR_R_MALLOC_FAILURE); + return 0; +@@ -109,7 +153,7 @@ int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + { + ASN1_OCTET_STRING *os; + os = ASN1_OCTET_STRING_new(); +- if (os == NULL) ++ if (!os) + return 0; + if (!ASN1_STRING_set(os, md, mdlen) + || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c +deleted file mode 100644 +index 965fb37..0000000 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_dgst.c ++++ /dev/null +@@ -1,15 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +index bc6bd30..6cf8253 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pkcs7/pk7_doit.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -79,7 +128,8 @@ static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) + return 1; + + err: +- BIO_free(btmp); ++ if (btmp) ++ BIO_free(btmp); + return 0; + + } +@@ -93,7 +143,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, + int ret = 0; + size_t eklen; + +- pkey = X509_get0_pubkey(ri->cert); ++ pkey = X509_get_pubkey(ri->cert); + + if (!pkey) + return 0; +@@ -130,8 +180,12 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, + ret = 1; + + err: +- EVP_PKEY_CTX_free(pctx); +- OPENSSL_free(ek); ++ if (pkey) ++ EVP_PKEY_free(pkey); ++ if (pctx) ++ EVP_PKEY_CTX_free(pctx); ++ if (ek) ++ OPENSSL_free(ek); + return ret; + + } +@@ -178,13 +232,18 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, + + ret = 1; + +- OPENSSL_clear_free(*pek, *peklen); ++ if (*pek) { ++ OPENSSL_cleanse(*pek, *peklen); ++ OPENSSL_free(*pek); ++ } ++ + *pek = ek; + *peklen = eklen; + + err: +- EVP_PKEY_CTX_free(pctx); +- if (!ret) ++ if (pctx) ++ EVP_PKEY_CTX_free(pctx); ++ if (!ret && ek) + OPENSSL_free(ek); + + return ret; +@@ -331,23 +390,27 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) + BIO_push(out, bio); + else + out = bio; +- return out; +- ++ bio = NULL; ++ if (0) { + err: +- BIO_free_all(out); +- BIO_free_all(btmp); +- return NULL; ++ if (out != NULL) ++ BIO_free_all(out); ++ if (btmp != NULL) ++ BIO_free_all(btmp); ++ out = NULL; ++ } ++ return (out); + } + + static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) + { + int ret; + ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, +- X509_get_issuer_name(pcert)); ++ pcert->cert_info->issuer); + if (ret) + return ret; +- return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert), +- ri->issuer_and_serial->serial); ++ return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, ++ ri->issuer_and_serial->serial); + } + + /* int */ +@@ -459,6 +522,15 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + } + + if (evp_cipher != NULL) { ++#if 0 ++ unsigned char key[EVP_MAX_KEY_LENGTH]; ++ unsigned char iv[EVP_MAX_IV_LENGTH]; ++ unsigned char *p; ++ int keylen, ivlen; ++ int max; ++ X509_OBJECT ret; ++#endif ++ + if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); + goto err; +@@ -491,7 +563,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + /* If we haven't got a certificate try each ri in turn */ + if (pcert == NULL) { + /* +- * Always attempt to decrypt all rinfo even after success as a ++ * Always attempt to decrypt all rinfo even after sucess as a + * defence against MMA timing attacks. + */ + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { +@@ -517,7 +589,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + /* Generate random key as MMA defence */ + tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); + tkey = OPENSSL_malloc(tkeylen); +- if (tkey == NULL) ++ if (!tkey) + goto err; + if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) + goto err; +@@ -535,7 +607,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + */ + if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { + /* Use random key as MMA defence */ +- OPENSSL_clear_free(ek, eklen); ++ OPENSSL_cleanse(ek, eklen); ++ OPENSSL_free(ek); + ek = tkey; + eklen = tkeylen; + tkey = NULL; +@@ -546,10 +619,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) + goto err; + +- OPENSSL_clear_free(ek, eklen); +- ek = NULL; +- OPENSSL_clear_free(tkey, tkeylen); +- tkey = NULL; ++ if (ek) { ++ OPENSSL_cleanse(ek, eklen); ++ OPENSSL_free(ek); ++ ek = NULL; ++ } ++ if (tkey) { ++ OPENSSL_cleanse(tkey, tkeylen); ++ OPENSSL_free(tkey); ++ tkey = NULL; ++ } + + if (out == NULL) + out = etmp; +@@ -557,9 +636,24 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + BIO_push(out, etmp); + etmp = NULL; + } ++#if 1 + if (in_bio != NULL) { + bio = in_bio; + } else { ++# if 0 ++ bio = BIO_new(BIO_s_mem()); ++ if (bio == NULL) ++ goto err; ++ /* ++ * We need to set this so that when we have read all the data, the ++ * encrypt BIO, if present, will read EOF and encode the last few ++ * bytes ++ */ ++ BIO_set_mem_eof_return(bio, 0); ++ ++ if (data_body->length > 0) ++ BIO_write(bio, (char *)data_body->data, data_body->length); ++# else + if (data_body->length > 0) + bio = BIO_new_mem_buf(data_body->data, data_body->length); + else { +@@ -570,19 +664,32 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) + } + if (bio == NULL) + goto err; ++# endif + } + BIO_push(out, bio); + bio = NULL; +- return out; +- ++#endif ++ if (0) { + err: +- OPENSSL_clear_free(ek, eklen); +- OPENSSL_clear_free(tkey, tkeylen); +- BIO_free_all(out); +- BIO_free_all(btmp); +- BIO_free_all(etmp); +- BIO_free_all(bio); +- return NULL; ++ if (ek) { ++ OPENSSL_cleanse(ek, eklen); ++ OPENSSL_free(ek); ++ } ++ if (tkey) { ++ OPENSSL_cleanse(tkey, tkeylen); ++ OPENSSL_free(tkey); ++ } ++ if (out != NULL) ++ BIO_free_all(out); ++ if (btmp != NULL) ++ BIO_free_all(btmp); ++ if (etmp != NULL) ++ BIO_free_all(etmp); ++ if (bio != NULL) ++ BIO_free_all(bio); ++ out = NULL; ++ } ++ return (out); + } + + static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) +@@ -642,7 +749,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + int i, j; + BIO *btmp; + PKCS7_SIGNER_INFO *si; +- EVP_MD_CTX *mdc, *ctx_tmp; ++ EVP_MD_CTX *mdc, ctx_tmp; + STACK_OF(X509_ATTRIBUTE) *sk; + STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; + ASN1_OCTET_STRING *os = NULL; +@@ -657,12 +764,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + return 0; + } + +- ctx_tmp = EVP_MD_CTX_new(); +- if (ctx_tmp == NULL) { +- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- ++ EVP_MD_CTX_init(&ctx_tmp); + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + +@@ -674,9 +776,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + /* XXXXXXXXXXXXXXXX */ + si_sk = p7->d.signed_and_enveloped->signer_info; + os = p7->d.signed_and_enveloped->enc_data->enc_data; +- if (os == NULL) { +- os = ASN1_OCTET_STRING_new(); +- if (os == NULL) { ++ if (!os) { ++ os = M_ASN1_OCTET_STRING_new(); ++ if (!os) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -686,9 +788,9 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + case NID_pkcs7_enveloped: + /* XXXXXXXXXXXXXXXX */ + os = p7->d.enveloped->enc_data->enc_data; +- if (os == NULL) { +- os = ASN1_OCTET_STRING_new(); +- if (os == NULL) { ++ if (!os) { ++ os = M_ASN1_OCTET_STRING_new(); ++ if (!os) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -700,7 +802,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + os = PKCS7_get_octet_string(p7->d.sign->contents); + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { +- ASN1_OCTET_STRING_free(os); ++ M_ASN1_OCTET_STRING_free(os); + os = NULL; + p7->d.sign->contents->d.data = NULL; + } +@@ -710,7 +812,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + os = PKCS7_get_octet_string(p7->d.digest->contents); + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { +- ASN1_OCTET_STRING_free(os); ++ M_ASN1_OCTET_STRING_free(os); + os = NULL; + p7->d.digest->contents->d.data = NULL; + } +@@ -739,7 +841,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + /* + * We now have the EVP_MD_CTX, lets do the signing. + */ +- if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) ++ if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) + goto err; + + sk = si->auth_attr; +@@ -749,18 +851,17 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + * sign the attributes + */ + if (sk_X509_ATTRIBUTE_num(sk) > 0) { +- if (!do_pkcs7_signed_attrib(si, ctx_tmp)) ++ if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) + goto err; + } else { + unsigned char *abuf = NULL; + unsigned int abuflen; + abuflen = EVP_PKEY_size(si->pkey); + abuf = OPENSSL_malloc(abuflen); +- if (abuf == NULL) ++ if (!abuf) + goto err; + +- if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) { +- OPENSSL_free(abuf); ++ if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, si->pkey)) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB); + goto err; + } +@@ -775,8 +876,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + goto err; + if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) + goto err; +- if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len)) +- goto err; ++ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); + } + + if (!PKCS7_is_detached(p7)) { +@@ -806,13 +906,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) + } + ret = 1; + err: +- EVP_MD_CTX_free(ctx_tmp); ++ EVP_MD_CTX_cleanup(&ctx_tmp); + return (ret); + } + + int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) + { +- EVP_MD_CTX *mctx; ++ EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; + unsigned char *abuf = NULL; + int alen; +@@ -823,13 +923,8 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) + if (md == NULL) + return 0; + +- mctx = EVP_MD_CTX_new(); +- if (mctx == NULL) { +- PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) ++ EVP_MD_CTX_init(&mctx); ++ if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, +@@ -842,16 +937,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) + ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); + if (!abuf) + goto err; +- if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) ++ if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + goto err; + OPENSSL_free(abuf); + abuf = NULL; +- if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) ++ if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) + goto err; + abuf = OPENSSL_malloc(siglen); +- if (abuf == NULL) ++ if (!abuf) + goto err; +- if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) ++ if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, +@@ -860,15 +955,16 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) + goto err; + } + +- EVP_MD_CTX_free(mctx); ++ EVP_MD_CTX_cleanup(&mctx); + + ASN1_STRING_set0(si->enc_digest, abuf, siglen); + + return 1; + + err: +- OPENSSL_free(abuf); +- EVP_MD_CTX_free(mctx); ++ if (abuf) ++ OPENSSL_free(abuf); ++ EVP_MD_CTX_cleanup(&mctx); + return 0; + + } +@@ -934,18 +1030,14 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509) + { + ASN1_OCTET_STRING *os; +- EVP_MD_CTX *mdc_tmp, *mdc; ++ EVP_MD_CTX mdc_tmp, *mdc; + int ret = 0, i; + int md_type; + STACK_OF(X509_ATTRIBUTE) *sk; + BIO *btmp; + EVP_PKEY *pkey; + +- mdc_tmp = EVP_MD_CTX_new(); +- if (mdc_tmp == NULL) { +- PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ EVP_MD_CTX_init(&mdc_tmp); + + if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE); +@@ -982,7 +1074,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + * mdc is the digest ctx that we want, unless there are attributes, in + * which case the digest is the signed attributes + */ +- if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) ++ if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) + goto err; + + sk = si->auth_attr; +@@ -992,7 +1084,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + int alen; + ASN1_OCTET_STRING *message_digest; + +- if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len)) ++ if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) + goto err; + message_digest = PKCS7_digest_from_attributes(sk); + if (!message_digest) { +@@ -1002,12 +1094,23 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + } + if ((message_digest->length != (int)md_len) || + (memcmp(message_digest->data, md_dat, md_len))) { ++#if 0 ++ { ++ int ii; ++ for (ii = 0; ii < message_digest->length; ii++) ++ printf("%02X", message_digest->data[ii]); ++ printf(" sent\n"); ++ for (ii = 0; ii < md_len; ii++) ++ printf("%02X", md_dat[ii]); ++ printf(" calc\n"); ++ } ++#endif + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); + ret = -1; + goto err; + } + +- if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL)) ++ if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL)) + goto err; + + alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, +@@ -1017,28 +1120,29 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + ret = -1; + goto err; + } +- if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) ++ if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) + goto err; + + OPENSSL_free(abuf); + } + + os = si->enc_digest; +- pkey = X509_get0_pubkey(x509); ++ pkey = X509_get_pubkey(x509); + if (!pkey) { + ret = -1; + goto err; + } + +- i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey); ++ i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); ++ EVP_PKEY_free(pkey); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE); + ret = -1; + goto err; +- } +- ret = 1; ++ } else ++ ret = 1; + err: +- EVP_MD_CTX_free(mdc_tmp); ++ EVP_MD_CTX_cleanup(&mdc_tmp); + return (ret); + } + +@@ -1074,17 +1178,29 @@ ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) + + static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) + { +- int idx; ++ int i; + X509_ATTRIBUTE *xa; +- idx = X509at_get_attr_by_NID(sk, nid, -1); +- xa = X509at_get_attr(sk, idx); +- return X509_ATTRIBUTE_get0_type(xa, 0); ++ ASN1_OBJECT *o; ++ ++ o = OBJ_nid2obj(nid); ++ if (!o || !sk) ++ return (NULL); ++ for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { ++ xa = sk_X509_ATTRIBUTE_value(sk, i); ++ if (OBJ_cmp(xa->object, o) == 0) { ++ if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) ++ return (sk_ASN1_TYPE_value(xa->value.set, 0)); ++ else ++ return (NULL); ++ } ++ } ++ return (NULL); + } + + ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) + { + ASN1_TYPE *astype; +- if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) ++ if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) + return NULL; + return astype->value.octet_string; + } +@@ -1094,7 +1210,8 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + { + int i; + +- sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); ++ if (p7si->auth_attr != NULL) ++ sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); + p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); + if (p7si->auth_attr == NULL) + return 0; +@@ -1113,7 +1230,8 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, + { + int i; + +- sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); ++ if (p7si->unauth_attr != NULL) ++ sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); + p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); + if (p7si->unauth_attr == NULL) + return 0; +@@ -1145,10 +1263,11 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, + X509_ATTRIBUTE *attr = NULL; + + if (*sk == NULL) { +- if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL) ++ *sk = sk_X509_ATTRIBUTE_new_null(); ++ if (*sk == NULL) + return 0; + new_attrib: +- if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL) ++ if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) + return 0; + if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { + X509_ATTRIBUTE_free(attr); +@@ -1159,7 +1278,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, + + for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { + attr = sk_X509_ATTRIBUTE_value(*sk, i); +- if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { ++ if (OBJ_obj2nid(attr->object) == nid) { + X509_ATTRIBUTE_free(attr); + attr = X509_ATTRIBUTE_create(nid, atrtype, value); + if (attr == NULL) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c +deleted file mode 100644 +index 3c59f9c..0000000 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_enc.c ++++ /dev/null +@@ -1,25 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +- +-PKCS7_in_bio(PKCS7 *p7, BIO *in); +-PKCS7_out_bio(PKCS7 *p7, BIO *out); +- +-PKCS7_add_signer(PKCS7 *p7, X509 *cert, EVP_PKEY *key); +-PKCS7_cipher(PKCS7 *p7, EVP_CIPHER *cipher); +- +-PKCS7_Init(PKCS7 *p7); +-PKCS7_Update(PKCS7 *p7); +-PKCS7_Finish(PKCS7 *p7); +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +index 69c68cf..0c5fcaa 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pkcs7/pk7_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" ++#include "asn1_locl.h" + + long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) + { +@@ -73,7 +121,8 @@ int PKCS7_content_new(PKCS7 *p7, int type) + + return (1); + err: +- PKCS7_free(ret); ++ if (ret != NULL) ++ PKCS7_free(ret); + return (0); + } + +@@ -84,11 +133,13 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) + i = OBJ_obj2nid(p7->type); + switch (i) { + case NID_pkcs7_signed: +- PKCS7_free(p7->d.sign->contents); ++ if (p7->d.sign->contents != NULL) ++ PKCS7_free(p7->d.sign->contents); + p7->d.sign->contents = p7_data; + break; + case NID_pkcs7_digest: +- PKCS7_free(p7->d.digest->contents); ++ if (p7->d.digest->contents != NULL) ++ PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents = p7_data; + break; + case NID_pkcs7_data: +@@ -126,7 +177,7 @@ int PKCS7_set_type(PKCS7 *p7, int type) + break; + case NID_pkcs7_data: + p7->type = obj; +- if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) ++ if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL) + goto err; + break; + case NID_pkcs7_signedAndEnveloped: +@@ -217,8 +268,8 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) + } + } + if (!j) { /* we need to add another algorithm */ +- if ((alg = X509_ALGOR_new()) == NULL +- || (alg->parameter = ASN1_TYPE_new()) == NULL) { ++ if (!(alg = X509_ALGOR_new()) ++ || !(alg->parameter = ASN1_TYPE_new())) { + X509_ALGOR_free(alg); + PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); + return (0); +@@ -260,7 +311,7 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) + PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE); + return 0; + } +- X509_up_ref(x509); ++ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + if (!sk_X509_push(*sk, x509)) { + X509_free(x509); + return 0; +@@ -293,7 +344,7 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) + return 0; + } + +- X509_CRL_up_ref(crl); ++ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + if (!sk_X509_CRL_push(*sk, crl)) { + X509_CRL_free(crl); + return 0; +@@ -317,13 +368,13 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + * because ASN1_INTEGER_set is used to set a 'long' we will do things the + * ugly way. + */ +- ASN1_INTEGER_free(p7i->issuer_and_serial->serial); ++ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + if (!(p7i->issuer_and_serial->serial = +- ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) ++ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + goto err; + + /* lets keep the pkey around for a while */ +- EVP_PKEY_up_ref(pkey); ++ CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + p7i->pkey = pkey; + + /* Set the algorithms */ +@@ -371,14 +422,15 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, + goto err; + return (si); + err: +- PKCS7_SIGNER_INFO_free(si); ++ if (si) ++ PKCS7_SIGNER_INFO_free(si); + return (NULL); + } + + int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) + { + if (PKCS7_type_is_digest(p7)) { +- if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) { ++ if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -432,7 +484,8 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) + goto err; + return ri; + err: +- PKCS7_RECIP_INFO_free(ri); ++ if (ri) ++ PKCS7_RECIP_INFO_free(ri); + return NULL; + } + +@@ -470,12 +523,12 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) + X509_get_issuer_name(x509))) + return 0; + +- ASN1_INTEGER_free(p7i->issuer_and_serial->serial); ++ M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + if (!(p7i->issuer_and_serial->serial = +- ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) ++ M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + return 0; + +- pkey = X509_get0_pubkey(x509); ++ pkey = X509_get_pubkey(x509); + + if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { + PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET, +@@ -495,12 +548,16 @@ int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) + goto err; + } + +- X509_up_ref(x509); ++ EVP_PKEY_free(pkey); ++ ++ CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + p7i->cert = x509; + + return 1; + + err: ++ if (pkey) ++ EVP_PKEY_free(pkey); + return 0; + } + +@@ -557,7 +614,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) + case NID_pkcs7_signedAndEnveloped: + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (os == NULL) { +- os = ASN1_OCTET_STRING_new(); ++ os = M_ASN1_OCTET_STRING_new(); + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } + break; +@@ -565,7 +622,7 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) + case NID_pkcs7_enveloped: + os = p7->d.enveloped->enc_data->enc_data; + if (os == NULL) { +- os = ASN1_OCTET_STRING_new(); ++ os = M_ASN1_OCTET_STRING_new(); + p7->d.enveloped->enc_data->enc_data = os; + } + break; +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +index 97474cf..62fb299 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +@@ -1,15 +1,62 @@ ++/* pk7_mime.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" ++#include + #include + #include + +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +index 4418723..e75c4b2 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c +@@ -1,20 +1,69 @@ ++/* pk7_smime.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* Simple PKCS#7 processing functions */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +- + #define BUFFERSIZE 4096 + + static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +@@ -25,7 +74,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + PKCS7 *p7; + int i; + +- if ((p7 = PKCS7_new()) == NULL) { ++ if (!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -66,8 +115,7 @@ int PKCS7_final(PKCS7 *p7, BIO *data, int flags) + { + BIO *p7bio; + int ret = 0; +- +- if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { ++ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -118,7 +166,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, + return NULL; + } + +- if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) { ++ if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, + PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + return NULL; +@@ -134,13 +182,11 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, + goto err; + /* Add SMIMECapabilities */ + if (!(flags & PKCS7_NOSMIMECAP)) { +- if ((smcap = sk_X509_ALGOR_new_null()) == NULL) { ++ if (!(smcap = sk_X509_ALGOR_new_null())) { + PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) +- || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) +- || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) + || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) + || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) + || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) +@@ -164,7 +210,8 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, + } + return si; + err: +- sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); ++ if (smcap) ++ sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + return NULL; + } + +@@ -208,7 +255,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + X509 *signer; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; +- X509_STORE_CTX *cert_ctx = NULL; ++ X509_STORE_CTX cert_ctx; + char *buf = NULL; + int i, j = 0, k, ret = 0; + BIO *p7bio = NULL; +@@ -229,20 +276,29 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); + return 0; + } ++#if 0 ++ /* ++ * NB: this test commented out because some versions of Netscape ++ * illegally include zero length content when signing data. Also ++ * Microsoft Authenticode includes a SpcIndirectDataContent data ++ * structure which describes the content to be protected by the ++ * signature, rather than directly embedding that content. So ++ * Authenticode implementations are also expected to use ++ * PKCS7_verify() with explicit external data, on non-detached ++ * PKCS#7 signatures. ++ * ++ * In OpenSSL 1.1 a new flag PKCS7_NO_DUAL_CONTENT has been ++ * introduced to disable this sanity check. For the 1.0.2 branch ++ * this change is not acceptable, so the check remains completely ++ * commented out (as it has been for a long time). ++ */ + +- if (flags & PKCS7_NO_DUAL_CONTENT) { +- /* +- * This was originally "#if 0" because we thought that only old broken +- * Netscape did this. It turns out that Authenticode uses this kind +- * of "extended" PKCS7 format, and things like UEFI secure boot and +- * tools like osslsigncode need it. In Authenticode the verification +- * process is different, but the existing PKCs7 verification works. +- */ +- if (!PKCS7_get_detached(p7) && indata) { +- PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); +- return 0; +- } ++ /* Check for data and content: two sets of data */ ++ if (!PKCS7_get_detached(p7) && indata) { ++ PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); ++ return 0; + } ++#endif + + sinfos = PKCS7_get_signer_info(p7); + +@@ -257,29 +313,26 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + + /* Now verify the certificates */ + +- cert_ctx = X509_STORE_CTX_new(); +- if (cert_ctx == NULL) +- goto err; + if (!(flags & PKCS7_NOVERIFY)) + for (k = 0; k < sk_X509_num(signers); k++) { + signer = sk_X509_value(signers, k); + if (!(flags & PKCS7_NOCHAIN)) { +- if (!X509_STORE_CTX_init(cert_ctx, store, signer, ++ if (!X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); + goto err; + } +- X509_STORE_CTX_set_default(cert_ctx, "smime_sign"); +- } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) { ++ X509_STORE_CTX_set_default(&cert_ctx, "smime_sign"); ++ } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB); + goto err; + } + if (!(flags & PKCS7_NOCRL)) +- X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl); +- i = X509_verify_cert(cert_ctx); ++ X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); ++ i = X509_verify_cert(&cert_ctx); + if (i <= 0) +- j = X509_STORE_CTX_get_error(cert_ctx); +- X509_STORE_CTX_cleanup(cert_ctx); ++ j = X509_STORE_CTX_get_error(&cert_ctx); ++ X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, + PKCS7_R_CERTIFICATE_VERIFY_ERROR); +@@ -309,11 +362,11 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + } else + tmpin = indata; + +- if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL) ++ if (!(p7bio = PKCS7_dataInit(p7, tmpin))) + goto err; + + if (flags & PKCS7_TEXT) { +- if ((tmpout = BIO_new(BIO_s_mem())) == NULL) { ++ if (!(tmpout = BIO_new(BIO_s_mem()))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -358,7 +411,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + ret = 1; + + err: +- X509_STORE_CTX_free(cert_ctx); + OPENSSL_free(buf); + if (tmpin == indata) { + if (indata) +@@ -398,7 +450,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, + return 0; + } + +- if ((signers = sk_X509_new_null()) == NULL) { ++ if (!(signers = sk_X509_new_null())) { + PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -440,7 +492,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + BIO *p7bio = NULL; + int i; + X509 *x509; +- if ((p7 = PKCS7_new()) == NULL) { ++ if (!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -477,7 +529,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) + { + BIO *tmpmem; +- int ret = 0, i; ++ int ret, i; + char *buf = NULL; + + if (!p7) { +@@ -496,7 +548,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) + return 0; + } + +- if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) { ++ if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); + return 0; + } +@@ -504,12 +556,12 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) + if (flags & PKCS7_TEXT) { + BIO *tmpbuf, *bread; + /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ +- if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) { ++ if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + BIO_free_all(tmpmem); + return 0; + } +- if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) { ++ if (!(bread = BIO_push(tmpbuf, tmpmem))) { + PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + BIO_free_all(tmpbuf); + BIO_free_all(tmpmem); +@@ -539,9 +591,11 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) + break; + } + if (BIO_write(data, buf, i) != i) { ++ ret = 0; + break; + } + } ++ + err: + OPENSSL_free(buf); + BIO_free_all(tmpmem); +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +index d5baa9b..323513f 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/pkcs7/pkcs7err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,7 +70,10 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) + + static ERR_STRING_DATA PKCS7_str_functs[] = { +- {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "do_pkcs7_signed_attrib"}, ++ {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, ++ {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, ++ {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, ++ {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), + "PKCS7_add0_attrib_signing_time"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), +@@ -29,20 +83,21 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { + {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, +- {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_bio_add_digest"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), +- "pkcs7_copy_existing_digest"}, ++ "PKCS7_COPY_EXISTING_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, +- {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "pkcs7_decrypt_rinfo"}, +- {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "pkcs7_encode_rinfo"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, + {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, +- {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_find_digest"}, ++ {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, + {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, +@@ -56,6 +111,8 @@ static ERR_STRING_DATA PKCS7_str_functs[] = { + {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, ++ {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, ++ {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, + {0, NULL} + }; + +@@ -68,6 +125,9 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { + {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), + "content and data present"}, + {ERR_REASON(PKCS7_R_CTRL_ERROR), "ctrl error"}, ++ {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"}, ++ {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), ++ "decrypted key is wrong length"}, + {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"}, + {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"}, + {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"}, +@@ -75,23 +135,39 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { + "encryption not supported for this key type"}, + {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, + {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, ++ {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"}, + {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, + {ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE), + "invalid signed data type"}, ++ {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, ++ {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"}, ++ {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, ++ {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, + {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"}, ++ {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"}, + {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST), "no default digest"}, + {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), + "no matching digest type found"}, ++ {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), ++ "no multipart body failure"}, ++ {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), + "no recipient matches certificate"}, ++ {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), ++ "no recipient matches key"}, + {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, + {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"}, ++ {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"}, + {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), + "operation not supported on this type"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), + "pkcs7 add signature error"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"}, ++ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"}, ++ {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"}, ++ {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"}, ++ {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"}, + {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), + "private key does not match certificate"}, + {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"}, +@@ -100,6 +176,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { + {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"}, + {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), + "signing not supported for this key type"}, ++ {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, + {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), + "unable to find certificate"}, +@@ -118,7 +195,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[] = { + + #endif + +-int ERR_load_PKCS7_strings(void) ++void ERR_load_PKCS7_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -127,5 +204,4 @@ int ERR_load_PKCS7_strings(void) + ERR_load_strings(0, PKCS7_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +index 85ce4e6..bd76e23 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c ++++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c +@@ -1,38 +1,134 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rand/md_rand.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ ++/* ==================================================================== ++ * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#define OPENSSL_FIPSEVP + ++#ifdef MD_RAND_DEBUG ++# ifndef NDEBUG ++# define NDEBUG ++# endif ++#endif ++ ++#include + #include + #include + + #include "e_os.h" + +-#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS)) +-# include +-#endif +-#if defined(OPENSSL_SYS_VXWORKS) +-# include +-#endif +- +-#include + #include + #include +-#include + #include "rand_lcl.h" + + #include + +-#include +- +-#ifdef OPENSSL_FIPS +-# include +-#endif +- + #ifdef BN_DEBUG + # define PREDICT + #endif +@@ -48,59 +144,41 @@ static long md_count[2] = { 0, 0 }; + static double entropy = 0; + static int initialized = 0; + +-static CRYPTO_RWLOCK *rand_lock = NULL; +-static CRYPTO_RWLOCK *rand_tmp_lock = NULL; +-static CRYPTO_ONCE rand_lock_init = CRYPTO_ONCE_STATIC_INIT; +- +-/* May be set only when a thread holds rand_lock (to prevent double locking) */ +-static unsigned int crypto_lock_rand = 0; +-/* access to locking_threadid is synchronized by rand_tmp_lock */ ++static unsigned int crypto_lock_rand = 0; /* may be set only when a thread ++ * holds CRYPTO_LOCK_RAND (to ++ * prevent double locking) */ ++/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ + /* valid iff crypto_lock_rand is set */ +-static CRYPTO_THREAD_ID locking_threadid; ++static CRYPTO_THREADID locking_threadid; + + #ifdef PREDICT + int rand_predictable = 0; + #endif + +-static int rand_hw_seed(EVP_MD_CTX *ctx); +- +-static void rand_cleanup(void); +-static int rand_seed(const void *buf, int num); +-static int rand_add(const void *buf, int num, double add_entropy); +-static int rand_bytes(unsigned char *buf, int num, int pseudo); +-static int rand_nopseudo_bytes(unsigned char *buf, int num); +-#if OPENSSL_API_COMPAT < 0x10100000L +-static int rand_pseudo_bytes(unsigned char *buf, int num); +-#endif +-static int rand_status(void); +- +-static RAND_METHOD rand_meth = { +- rand_seed, +- rand_nopseudo_bytes, +- rand_cleanup, +- rand_add, +-#if OPENSSL_API_COMPAT < 0x10100000L +- rand_pseudo_bytes, +-#else +- NULL, +-#endif +- rand_status ++const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT; ++ ++static void ssleay_rand_cleanup(void); ++static void ssleay_rand_seed(const void *buf, int num); ++static void ssleay_rand_add(const void *buf, int num, double add_entropy); ++static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num); ++static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); ++static int ssleay_rand_status(void); ++ ++RAND_METHOD rand_ssleay_meth = { ++ ssleay_rand_seed, ++ ssleay_rand_nopseudo_bytes, ++ ssleay_rand_cleanup, ++ ssleay_rand_add, ++ ssleay_rand_pseudo_bytes, ++ ssleay_rand_status + }; + +-DEFINE_RUN_ONCE_STATIC(do_rand_lock_init) +-{ +- OPENSSL_init_crypto(0, NULL); +- rand_lock = CRYPTO_THREAD_lock_new(); +- rand_tmp_lock = CRYPTO_THREAD_lock_new(); +- return rand_lock != NULL && rand_tmp_lock != NULL; +-} +- +-RAND_METHOD *RAND_OpenSSL(void) ++RAND_METHOD *RAND_SSLeay(void) + { +- return (&rand_meth); ++ return (&rand_ssleay_meth); + } + +-static void rand_cleanup(void) ++static void ssleay_rand_cleanup(void) + { + OPENSSL_cleanse(state, sizeof(state)); + state_num = 0; +@@ -110,21 +188,18 @@ static void rand_cleanup(void) + md_count[1] = 0; + entropy = 0; + initialized = 0; +- CRYPTO_THREAD_lock_free(rand_lock); +- CRYPTO_THREAD_lock_free(rand_tmp_lock); + } + +-static int rand_add(const void *buf, int num, double add) ++static void ssleay_rand_add(const void *buf, int num, double add) + { + int i, j, k, st_idx; + long md_c[2]; + unsigned char local_md[MD_DIGEST_LENGTH]; +- EVP_MD_CTX *m; ++ EVP_MD_CTX m; + int do_not_lock; +- int rv = 0; + + if (!num) +- return 1; ++ return; + + /* + * (Based on the rand(3) manpage) +@@ -141,24 +216,18 @@ static int rand_add(const void *buf, int num, double add) + * hash function. + */ + +- m = EVP_MD_CTX_new(); +- if (m == NULL) +- goto err; +- +- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) +- goto err; +- + /* check if we already have the lock */ + if (crypto_lock_rand) { +- CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id(); +- CRYPTO_THREAD_read_lock(rand_tmp_lock); +- do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); +- CRYPTO_THREAD_unlock(rand_tmp_lock); ++ CRYPTO_THREADID cur; ++ CRYPTO_THREADID_current(&cur); ++ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); ++ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); ++ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } else + do_not_lock = 0; + + if (!do_not_lock) +- CRYPTO_THREAD_write_lock(rand_lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); + st_idx = state_index; + + /* +@@ -190,28 +259,24 @@ static int rand_add(const void *buf, int num, double add) + md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); + + if (!do_not_lock) +- CRYPTO_THREAD_unlock(rand_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + ++ EVP_MD_CTX_init(&m); + for (i = 0; i < num; i += MD_DIGEST_LENGTH) { + j = (num - i); + j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j; + +- if (!MD_Init(m)) +- goto err; +- if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) +- goto err; ++ MD_Init(&m); ++ MD_Update(&m, local_md, MD_DIGEST_LENGTH); + k = (st_idx + j) - STATE_SIZE; + if (k > 0) { +- if (!MD_Update(m, &(state[st_idx]), j - k)) +- goto err; +- if (!MD_Update(m, &(state[0]), k)) +- goto err; +- } else if (!MD_Update(m, &(state[st_idx]), j)) +- goto err; ++ MD_Update(&m, &(state[st_idx]), j - k); ++ MD_Update(&m, &(state[0]), k); ++ } else ++ MD_Update(&m, &(state[st_idx]), j); + + /* DO NOT REMOVE THE FOLLOWING CALL TO MD_Update()! */ +- if (!MD_Update(m, buf, j)) +- goto err; ++ MD_Update(&m, buf, j); + /* + * We know that line may cause programs such as purify and valgrind + * to complain about use of uninitialized data. The problem is not, +@@ -220,10 +285,8 @@ static int rand_add(const void *buf, int num, double add) + * insecure keys. + */ + +- if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) +- goto err; +- if (!MD_Final(m, local_md)) +- goto err; ++ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); ++ MD_Final(&m, local_md); + md_c[1]++; + + buf = (const char *)buf + j; +@@ -232,7 +295,7 @@ static int rand_add(const void *buf, int num, double add) + /* + * Parallel threads may interfere with this, but always each byte + * of the new state is the XOR of some previous value of its and +- * local_md (intermediate values may be lost). Alway using locking ++ * local_md (itermediate values may be lost). Alway using locking + * could hurt performance more than necessary given that + * conflicts occur only when the total seeding is longer than the + * random state. +@@ -242,9 +305,10 @@ static int rand_add(const void *buf, int num, double add) + st_idx = 0; + } + } ++ EVP_MD_CTX_cleanup(&m); + + if (!do_not_lock) +- CRYPTO_THREAD_write_lock(rand_lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); + /* + * Don't just copy back local_md into md -- this could mean that other + * thread's seeding remains without effect (except for the incremented +@@ -257,20 +321,19 @@ static int rand_add(const void *buf, int num, double add) + if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ + entropy += add; + if (!do_not_lock) +- CRYPTO_THREAD_unlock(rand_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + +- rv = 1; +- err: +- EVP_MD_CTX_free(m); +- return rv; ++#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) ++ assert(md_c[1] == md_count[1]); ++#endif + } + +-static int rand_seed(const void *buf, int num) ++static void ssleay_rand_seed(const void *buf, int num) + { +- return rand_add(buf, num, (double)num); ++ ssleay_rand_add(buf, num, (double)num); + } + +-static int rand_bytes(unsigned char *buf, int num, int pseudo) ++int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) + { + static volatile int stirred_pool = 0; + int i, j, k; +@@ -278,32 +341,11 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) + int ok; + long md_c[2]; + unsigned char local_md[MD_DIGEST_LENGTH]; +- EVP_MD_CTX *m; ++ EVP_MD_CTX m; + #ifndef GETPID_IS_MEANINGLESS + pid_t curr_pid = getpid(); + #endif +- time_t curr_time = time(NULL); + int do_stir_pool = 0; +-/* time value for various platforms */ +-#ifdef OPENSSL_SYS_WIN32 +- FILETIME tv; +-# ifdef _WIN32_WCE +- SYSTEMTIME t; +- GetSystemTime(&t); +- SystemTimeToFileTime(&t, &tv); +-# else +- GetSystemTimeAsFileTime(&tv); +-# endif +-#elif defined(OPENSSL_SYS_VXWORKS) +- struct timespec tv; +- clock_gettime(CLOCK_REALTIME, &ts); +-#elif defined(OPENSSL_SYS_DSPBIOS) +- unsigned long long tv, OPENSSL_rdtsc(); +- tv = OPENSSL_rdtsc(); +-#else +- struct timeval tv; +- gettimeofday(&tv, NULL); +-#endif + + #ifdef PREDICT + if (rand_predictable) { +@@ -318,10 +360,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) + if (num <= 0) + return 1; + +- m = EVP_MD_CTX_new(); +- if (m == NULL) +- goto err_mem; +- ++ EVP_MD_CTX_init(&m); + /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ + num_ceil = + (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2); +@@ -343,21 +382,13 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) + * are fed into the hash function and the results are kept in the + * global 'md'. + */ ++ if (lock) ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); + +- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) +- goto err_mem; +- +- CRYPTO_THREAD_write_lock(rand_lock); +- /* +- * We could end up in an async engine while holding this lock so ensure +- * we don't pause and cause a deadlock +- */ +- ASYNC_block_pause(); +- +- /* prevent rand_bytes() from trying to obtain the lock again */ +- CRYPTO_THREAD_write_lock(rand_tmp_lock); +- locking_threadid = CRYPTO_THREAD_get_current_id(); +- CRYPTO_THREAD_unlock(rand_tmp_lock); ++ /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); ++ CRYPTO_THREADID_current(&locking_threadid); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; + + if (!initialized) { +@@ -391,7 +422,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) + * In the output function only half of 'md' remains secret, so we + * better make sure that the required entropy gets 'evenly + * distributed' through 'state', our randomness pool. The input +- * function (rand_add) chains all of 'md', which makes it more ++ * function (ssleay_rand_add) chains all of 'md', which makes it more + * suitable for this purpose. + */ + +@@ -403,9 +434,9 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) + #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ + /* + * Note that the seed does not matter, it's just that +- * rand_add expects to have something to hash. ++ * ssleay_rand_add expects to have something to hash. + */ +- rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); ++ ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); + n -= MD_DIGEST_LENGTH; + } + if (ok) +@@ -431,46 +462,41 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) + + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; +- ASYNC_unblock_pause(); +- CRYPTO_THREAD_unlock(rand_lock); ++ if (lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + + while (num > 0) { + /* num_ceil -= MD_DIGEST_LENGTH/2 */ + j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num; + num -= j; +- if (!MD_Init(m)) +- goto err; ++ MD_Init(&m); + #ifndef GETPID_IS_MEANINGLESS + if (curr_pid) { /* just in the first iteration to save time */ +- if (!MD_Update(m, (unsigned char *)&curr_pid, sizeof curr_pid)) +- goto err; ++ MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid); + curr_pid = 0; + } + #endif +- if (curr_time) { /* just in the first iteration to save time */ +- if (!MD_Update(m, (unsigned char *)&curr_time, sizeof curr_time)) +- goto err; +- if (!MD_Update(m, (unsigned char *)&tv, sizeof tv)) +- goto err; +- curr_time = 0; +- if (!rand_hw_seed(m)) +- goto err; +- } +- if (!MD_Update(m, local_md, MD_DIGEST_LENGTH)) +- goto err; +- if (!MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c))) +- goto err; ++ MD_Update(&m, local_md, MD_DIGEST_LENGTH); ++ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); ++ ++#ifndef PURIFY /* purify complains */ ++ /* ++ * The following line uses the supplied buffer as a small source of ++ * entropy: since this buffer is often uninitialised it may cause ++ * programs such as purify or valgrind to complain. So for those ++ * builds it is not used: the removal of such a small source of ++ * entropy has negligible impact on security. ++ */ ++ MD_Update(&m, buf, j); ++#endif + + k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; + if (k > 0) { +- if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k)) +- goto err; +- if (!MD_Update(m, &(state[0]), k)) +- goto err; +- } else if (!MD_Update(m, &(state[st_idx]), MD_DIGEST_LENGTH / 2)) +- goto err; +- if (!MD_Final(m, local_md)) +- goto err; ++ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k); ++ MD_Update(&m, &(state[0]), k); ++ } else ++ MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2); ++ MD_Final(&m, local_md); + + for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) { + /* may compete with other threads */ +@@ -482,93 +508,69 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo) + } + } + +- if (!MD_Init(m) +- || !MD_Update(m, (unsigned char *)&(md_c[0]), sizeof(md_c)) +- || !MD_Update(m, local_md, MD_DIGEST_LENGTH)) +- goto err; +- CRYPTO_THREAD_write_lock(rand_lock); +- /* +- * Prevent deadlocks if we end up in an async engine +- */ +- ASYNC_block_pause(); +- if (!MD_Update(m, md, MD_DIGEST_LENGTH) || !MD_Final(m, md)) { +- CRYPTO_THREAD_unlock(rand_lock); +- goto err; +- } +- ASYNC_unblock_pause(); +- CRYPTO_THREAD_unlock(rand_lock); +- +- EVP_MD_CTX_free(m); ++ MD_Init(&m); ++ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); ++ MD_Update(&m, local_md, MD_DIGEST_LENGTH); ++ if (lock) ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); ++ MD_Update(&m, md, MD_DIGEST_LENGTH); ++ MD_Final(&m, md); ++ if (lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); ++ ++ EVP_MD_CTX_cleanup(&m); + if (ok) + return (1); + else if (pseudo) + return 0; + else { +- RANDerr(RAND_F_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); ++ RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED); + ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " +- "https://www.openssl.org/docs/faq.html"); ++ "http://www.openssl.org/support/faq.html"); + return (0); + } +- err: +- RANDerr(RAND_F_RAND_BYTES, ERR_R_EVP_LIB); +- EVP_MD_CTX_free(m); +- return 0; +- err_mem: +- RANDerr(RAND_F_RAND_BYTES, ERR_R_MALLOC_FAILURE); +- EVP_MD_CTX_free(m); +- return 0; +- + } + +-static int rand_nopseudo_bytes(unsigned char *buf, int num) ++static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num) + { +- return rand_bytes(buf, num, 0); ++ return ssleay_rand_bytes(buf, num, 0, 1); + } + +-#if OPENSSL_API_COMPAT < 0x10100000L + /* + * pseudo-random bytes that are guaranteed to be unique but not unpredictable + */ +-static int rand_pseudo_bytes(unsigned char *buf, int num) ++static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) + { +- return rand_bytes(buf, num, 1); ++ return ssleay_rand_bytes(buf, num, 1, 1); + } +-#endif + +-static int rand_status(void) ++static int ssleay_rand_status(void) + { +- CRYPTO_THREAD_ID cur; ++ CRYPTO_THREADID cur; + int ret; + int do_not_lock; + +- if (!RUN_ONCE(&rand_lock_init, do_rand_lock_init)) +- return 0; +- +- cur = CRYPTO_THREAD_get_current_id(); ++ CRYPTO_THREADID_current(&cur); + /* + * check if we already have the lock (could happen if a RAND_poll() + * implementation calls RAND_status()) + */ + if (crypto_lock_rand) { +- CRYPTO_THREAD_read_lock(rand_tmp_lock); +- do_not_lock = CRYPTO_THREAD_compare_id(locking_threadid, cur); +- CRYPTO_THREAD_unlock(rand_tmp_lock); ++ CRYPTO_r_lock(CRYPTO_LOCK_RAND2); ++ do_not_lock = !CRYPTO_THREADID_cmp(&locking_threadid, &cur); ++ CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); + } else + do_not_lock = 0; + + if (!do_not_lock) { +- CRYPTO_THREAD_write_lock(rand_lock); +- /* +- * Prevent deadlocks in case we end up in an async engine +- */ +- ASYNC_block_pause(); ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND); + + /* +- * prevent rand_bytes() from trying to obtain the lock again ++ * prevent ssleay_rand_bytes() from trying to obtain the lock again + */ +- CRYPTO_THREAD_write_lock(rand_tmp_lock); +- locking_threadid = cur; +- CRYPTO_THREAD_unlock(rand_tmp_lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_RAND2); ++ CRYPTO_THREADID_cpy(&locking_threadid, &cur); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); + crypto_lock_rand = 1; + } + +@@ -583,84 +585,8 @@ static int rand_status(void) + /* before unlocking, we must clear 'crypto_lock_rand' */ + crypto_lock_rand = 0; + +- ASYNC_unblock_pause(); +- CRYPTO_THREAD_unlock(rand_lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RAND); + } + + return ret; + } +- +-/* +- * rand_hw_seed: get seed data from any available hardware RNG. only +- * currently supports rdrand. +- */ +- +-/* Adapted from eng_rdrand.c */ +- +-#if (defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ +- defined(__x86_64) || defined(__x86_64__) || \ +- defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ) \ +- && !defined(OPENSSL_NO_RDRAND) +- +-# define RDRAND_CALLS 4 +- +-size_t OPENSSL_ia32_rdrand(void); +-extern unsigned int OPENSSL_ia32cap_P[]; +- +-static int rand_hw_seed(EVP_MD_CTX *ctx) +-{ +- int i; +- if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) +- return 1; +- for (i = 0; i < RDRAND_CALLS; i++) { +- size_t rnd; +- rnd = OPENSSL_ia32_rdrand(); +- if (rnd == 0) +- return 1; +- if (!MD_Update(ctx, (unsigned char *)&rnd, sizeof(size_t))) +- return 0; +- } +- return 1; +-} +- +-/* XOR an existing buffer with random data */ +- +-void rand_hw_xor(unsigned char *buf, size_t num) +-{ +- size_t rnd; +- if (!(OPENSSL_ia32cap_P[1] & (1 << (62 - 32)))) +- return; +- while (num >= sizeof(size_t)) { +- rnd = OPENSSL_ia32_rdrand(); +- if (rnd == 0) +- return; +- *((size_t *)buf) ^= rnd; +- buf += sizeof(size_t); +- num -= sizeof(size_t); +- } +- if (num) { +- rnd = OPENSSL_ia32_rdrand(); +- if (rnd == 0) +- return; +- while (num) { +- *buf ^= rnd & 0xff; +- rnd >>= 8; +- buf++; +- num--; +- } +- } +-} +- +-#else +- +-static int rand_hw_seed(EVP_MD_CTX *ctx) +-{ +- return 1; +-} +- +-void rand_hw_xor(unsigned char *buf, size_t num) +-{ +- return; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c +deleted file mode 100644 +index dd58b21..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c ++++ /dev/null +@@ -1,249 +0,0 @@ +-/* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#ifdef OPENSSL_NO_EGD +-NON_EMPTY_TRANSLATION_UNIT +-#else +- +-# include +-# include +-# include +- +-/*- +- * Query the EGD . +- * +- * This module supplies three routines: +- * +- * RAND_query_egd_bytes(path, buf, bytes) +- * will actually query "bytes" bytes of entropy form the egd-socket located +- * at path and will write them to buf (if supplied) or will directly feed +- * it to RAND_seed() if buf==NULL. +- * The number of bytes is not limited by the maximum chunk size of EGD, +- * which is 255 bytes. If more than 255 bytes are wanted, several chunks +- * of entropy bytes are requested. The connection is left open until the +- * query is competed. +- * RAND_query_egd_bytes() returns with +- * -1 if an error occurred during connection or communication. +- * num the number of bytes read from the EGD socket. This number is either +- * the number of bytes requested or smaller, if the EGD pool is +- * drained and the daemon signals that the pool is empty. +- * This routine does not touch any RAND_status(). This is necessary, since +- * PRNG functions may call it during initialization. +- * +- * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them +- * used to seed the PRNG. +- * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL. +- * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the +- * seed status so that the return value can reflect the seed state: +- * -1 if an error occurred during connection or communication _or_ +- * if the PRNG has still not received the required seeding. +- * num the number of bytes read from the EGD socket. This number is either +- * the number of bytes requested or smaller, if the EGD pool is +- * drained and the daemon signals that the pool is empty. +- * +- * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed +- * the PRNG. +- * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. +- */ +- +-# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI) +-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +-{ +- return (-1); +-} +- +-int RAND_egd(const char *path) +-{ +- return (-1); +-} +- +-int RAND_egd_bytes(const char *path, int bytes) +-{ +- return (-1); +-} +-# else +-# include +-# include OPENSSL_UNISTD +-# include +-# include +-# include +-# ifndef NO_SYS_UN_H +-# ifdef OPENSSL_SYS_VXWORKS +-# include +-# else +-# include +-# endif +-# else +-struct sockaddr_un { +- short sun_family; /* AF_UNIX */ +- char sun_path[108]; /* path name (gag) */ +-}; +-# endif /* NO_SYS_UN_H */ +-# include +-# include +- +-int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) +-{ +- int ret = 0; +- struct sockaddr_un addr; +- int len, num, numbytes; +- int fd = -1; +- int success; +- unsigned char egdbuf[2], tempbuf[255], *retrievebuf; +- +- memset(&addr, 0, sizeof(addr)); +- addr.sun_family = AF_UNIX; +- if (strlen(path) >= sizeof(addr.sun_path)) +- return (-1); +- OPENSSL_strlcpy(addr.sun_path, path, sizeof addr.sun_path); +- len = offsetof(struct sockaddr_un, sun_path) + strlen(path); +- fd = socket(AF_UNIX, SOCK_STREAM, 0); +- if (fd == -1) +- return (-1); +- success = 0; +- while (!success) { +- if (connect(fd, (struct sockaddr *)&addr, len) == 0) +- success = 1; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +-# ifdef EINPROGRESS +- case EINPROGRESS: +-# endif +-# ifdef EALREADY +- case EALREADY: +-# endif +- /* No error, try again */ +- break; +-# ifdef EISCONN +- case EISCONN: +- success = 1; +- break; +-# endif +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- +- while (bytes > 0) { +- egdbuf[0] = 1; +- egdbuf[1] = bytes < 255 ? bytes : 255; +- numbytes = 0; +- while (numbytes != 2) { +- num = write(fd, egdbuf + numbytes, 2 - numbytes); +- if (num >= 0) +- numbytes += num; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- numbytes = 0; +- while (numbytes != 1) { +- num = read(fd, egdbuf, 1); +- if (num == 0) +- goto err; /* descriptor closed */ +- else if (num > 0) +- numbytes += num; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- if (egdbuf[0] == 0) +- goto err; +- if (buf) +- retrievebuf = buf + ret; +- else +- retrievebuf = tempbuf; +- numbytes = 0; +- while (numbytes != egdbuf[0]) { +- num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); +- if (num == 0) +- goto err; /* descriptor closed */ +- else if (num > 0) +- numbytes += num; +- else { +- switch (errno) { +-# ifdef EINTR +- case EINTR: +-# endif +-# ifdef EAGAIN +- case EAGAIN: +-# endif +- /* No error, try again */ +- break; +- default: +- ret = -1; +- goto err; /* failure */ +- } +- } +- } +- ret += egdbuf[0]; +- bytes -= egdbuf[0]; +- if (!buf) +- RAND_seed(tempbuf, egdbuf[0]); +- } +- err: +- if (fd != -1) +- close(fd); +- return (ret); +-} +- +-int RAND_egd_bytes(const char *path, int bytes) +-{ +- int num, ret = -1; +- +- num = RAND_query_egd_bytes(path, NULL, bytes); +- if (num < 0) +- goto err; +- if (RAND_status() == 1) +- ret = num; +- err: +- return (ret); +-} +- +-int RAND_egd(const char *path) +-{ +- return (RAND_egd_bytes(path, 255)); +-} +- +-# endif +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +index 5543126..55d86ea 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rand/rand_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,18 +70,25 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) + + static ERR_STRING_DATA RAND_str_functs[] = { +- {ERR_FUNC(RAND_F_RAND_BYTES), "RAND_bytes"}, ++ {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"}, ++ {ERR_FUNC(RAND_F_RAND_INIT_FIPS), "RAND_init_fips"}, ++ {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"}, + {0, NULL} + }; + + static ERR_STRING_DATA RAND_str_reasons[] = { ++ {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"}, ++ {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, ++ {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, ++ {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET), ++ "no fips random method set"}, + {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"}, + {0, NULL} + }; + + #endif + +-int ERR_load_RAND_strings(void) ++void ERR_load_RAND_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -39,5 +97,4 @@ int ERR_load_RAND_strings(void) + ERR_load_strings(0, RAND_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h +index d98c90e..f9fda3e 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_lcl.h +@@ -1,10 +1,112 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rand/rand_lcl.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #ifndef HEADER_RAND_LCL_H +@@ -13,7 +115,17 @@ + # define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ + + # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) +-# define USE_SHA1_RAND ++# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) ++# define USE_SHA1_RAND ++# elif !defined(OPENSSL_NO_MD5) ++# define USE_MD5_RAND ++# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) ++# define USE_MDC2_RAND ++# elif !defined(OPENSSL_NO_MD2) ++# define USE_MD2_RAND ++# else ++# error No message digest algorithm available ++# endif + # endif + + # include +@@ -41,6 +153,6 @@ + # define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) + # endif + +-void rand_hw_xor(unsigned char *buf, size_t num); ++int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock); + + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +index 2387126..88a78d3 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c +@@ -1,23 +1,74 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rand/rand_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" +-#include +-#include "internal/rand.h" ++#include "cryptlib.h" ++#include + +-#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + + #ifdef OPENSSL_FIPS + # include + # include ++# include "rand_lcl.h" + #endif + + #ifndef OPENSSL_NO_ENGINE +@@ -29,8 +80,10 @@ static const RAND_METHOD *default_RAND_meth = NULL; + int RAND_set_rand_method(const RAND_METHOD *meth) + { + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(funct_ref); +- funct_ref = NULL; ++ if (funct_ref) { ++ ENGINE_finish(funct_ref); ++ funct_ref = NULL; ++ } + #endif + default_RAND_meth = meth; + return 1; +@@ -43,7 +96,7 @@ const RAND_METHOD *RAND_get_rand_method(void) + ENGINE *e = ENGINE_get_default_RAND(); + if (e) { + default_RAND_meth = ENGINE_get_RAND(e); +- if (default_RAND_meth == NULL) { ++ if (!default_RAND_meth) { + ENGINE_finish(e); + e = NULL; + } +@@ -52,7 +105,7 @@ const RAND_METHOD *RAND_get_rand_method(void) + funct_ref = e; + else + #endif +- default_RAND_meth = RAND_OpenSSL(); ++ default_RAND_meth = RAND_SSLeay(); + } + return default_RAND_meth; + } +@@ -65,7 +118,7 @@ int RAND_set_rand_engine(ENGINE *engine) + if (!ENGINE_init(engine)) + return 0; + tmp_meth = ENGINE_get_RAND(engine); +- if (tmp_meth == NULL) { ++ if (!tmp_meth) { + ENGINE_finish(engine); + return 0; + } +@@ -77,7 +130,7 @@ int RAND_set_rand_engine(ENGINE *engine) + } + #endif + +-void rand_cleanup_int(void) ++void RAND_cleanup(void) + { + const RAND_METHOD *meth = RAND_get_rand_method(); + if (meth && meth->cleanup) +@@ -107,7 +160,6 @@ int RAND_bytes(unsigned char *buf, int num) + return (-1); + } + +-#if OPENSSL_API_COMPAT < 0x10100000L + int RAND_pseudo_bytes(unsigned char *buf, int num) + { + const RAND_METHOD *meth = RAND_get_rand_method(); +@@ -115,7 +167,6 @@ int RAND_pseudo_bytes(unsigned char *buf, int num) + return meth->pseudorand(buf, num); + return (-1); + } +-#endif + + int RAND_status(void) + { +@@ -124,3 +175,126 @@ int RAND_status(void) + return meth->status(); + return 0; + } ++ ++#ifdef OPENSSL_FIPS ++ ++/* ++ * FIPS DRBG initialisation code. This sets up the DRBG for use by the rest ++ * of OpenSSL. ++ */ ++ ++/* ++ * Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather ++ * entropy internally through RAND_poll(). ++ */ ++ ++static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout, ++ int entropy, size_t min_len, size_t max_len) ++{ ++ /* Round up request to multiple of block size */ ++ min_len = ((min_len + 19) / 20) * 20; ++ *pout = OPENSSL_malloc(min_len); ++ if (!*pout) ++ return 0; ++ if (ssleay_rand_bytes(*pout, min_len, 0, 0) <= 0) { ++ OPENSSL_free(*pout); ++ *pout = NULL; ++ return 0; ++ } ++ return min_len; ++} ++ ++static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen) ++{ ++ if (out) { ++ OPENSSL_cleanse(out, olen); ++ OPENSSL_free(out); ++ } ++} ++ ++/* ++ * Set "additional input" when generating random data. This uses the current ++ * PID, a time value and a counter. ++ */ ++ ++static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout) ++{ ++ /* Use of static variables is OK as this happens under a lock */ ++ static unsigned char buf[16]; ++ static unsigned long counter; ++ FIPS_get_timevec(buf, &counter); ++ *pout = buf; ++ return sizeof(buf); ++} ++ ++/* ++ * RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is ++ * correctly seeded by RAND_poll(). ++ */ ++ ++static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen, ++ double entropy) ++{ ++ RAND_SSLeay()->add(in, inlen, entropy); ++ return 1; ++} ++ ++static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen) ++{ ++ RAND_SSLeay()->seed(in, inlen); ++ return 1; ++} ++ ++# ifndef OPENSSL_DRBG_DEFAULT_TYPE ++# define OPENSSL_DRBG_DEFAULT_TYPE NID_aes_256_ctr ++# endif ++# ifndef OPENSSL_DRBG_DEFAULT_FLAGS ++# define OPENSSL_DRBG_DEFAULT_FLAGS DRBG_FLAG_CTR_USE_DF ++# endif ++ ++static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE; ++static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS; ++ ++void RAND_set_fips_drbg_type(int type, int flags) ++{ ++ fips_drbg_type = type; ++ fips_drbg_flags = flags; ++} ++ ++int RAND_init_fips(void) ++{ ++ DRBG_CTX *dctx; ++ size_t plen; ++ unsigned char pers[32], *p; ++# ifndef OPENSSL_ALLOW_DUAL_EC_DRBG ++ if (fips_drbg_type >> 16) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_DUAL_EC_DRBG_DISABLED); ++ return 0; ++ } ++# endif ++ ++ dctx = FIPS_get_default_drbg(); ++ if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG); ++ return 0; ++ } ++ ++ FIPS_drbg_set_callbacks(dctx, ++ drbg_get_entropy, drbg_free_entropy, 20, ++ drbg_get_entropy, drbg_free_entropy); ++ FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0, ++ drbg_rand_seed, drbg_rand_add); ++ /* Personalisation string: a string followed by date time vector */ ++ strcpy((char *)pers, "OpenSSL DRBG2.0"); ++ plen = drbg_get_adin(dctx, &p); ++ memcpy(pers + 16, p, plen); ++ ++ if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0) { ++ RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG); ++ return 0; ++ } ++ FIPS_rand_set_method(FIPS_drbg_method()); ++ return 1; ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +index ecba2dc..11ee152 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c ++++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c +@@ -1,21 +1,122 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rand/rand_unix.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + #include + + #define USE_SOCKETS + #include "e_os.h" +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include "rand_lcl.h" + +-#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) ++#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI)) + + # include + # include +@@ -143,17 +244,17 @@ int RAND_poll(void) + { + unsigned long l; + pid_t curr_pid = getpid(); +-# if defined(DEVRANDOM) || (!defined(OPENSS_NO_EGD) && defined(DEVRANDOM_EGD)) ++# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) + unsigned char tmpbuf[ENTROPY_NEEDED]; + int n = 0; + # endif + # ifdef DEVRANDOM + static const char *randomfiles[] = { DEVRANDOM }; +- struct stat randomstats[OSSL_NELEM(randomfiles)]; ++ struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; + int fd; + unsigned int i; + # endif +-# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) ++# ifdef DEVRANDOM_EGD + static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; + const char **egdsocket = NULL; + # endif +@@ -166,7 +267,8 @@ int RAND_poll(void) + * out of random entries. + */ + +- for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) { ++ for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && ++ (n < ENTROPY_NEEDED); i++) { + if ((fd = open(randomfiles[i], O_RDONLY + # ifdef O_NONBLOCK + | O_NONBLOCK +@@ -205,7 +307,14 @@ int RAND_poll(void) + do { + int try_read = 0; + +-# if defined(OPENSSL_SYS_LINUX) ++# if defined(OPENSSL_SYS_BEOS_R5) ++ /* ++ * select() is broken in BeOS R5, so we simply try to read ++ * something and snooze if we couldn't ++ */ ++ try_read = 1; ++ ++# elif defined(OPENSSL_SYS_LINUX) + /* use poll() */ + struct pollfd pset; + +@@ -249,6 +358,10 @@ int RAND_poll(void) + ENTROPY_NEEDED - n); + if (r > 0) + n += r; ++# if defined(OPENSSL_SYS_BEOS_R5) ++ if (r == 0) ++ snooze(t.tv_usec); ++# endif + } else + r = -1; + +@@ -270,7 +383,7 @@ int RAND_poll(void) + } + # endif /* defined(DEVRANDOM) */ + +-# if !defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD) ++# ifdef DEVRANDOM_EGD + /* + * Use an EGD socket to read entropy from an EGD or PRNGD entropy + * collecting daemon. +@@ -287,7 +400,7 @@ int RAND_poll(void) + } + # endif /* defined(DEVRANDOM_EGD) */ + +-# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) ++# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) + if (n > 0) { + RAND_add(tmpbuf, sizeof tmpbuf, (double)n); + OPENSSL_cleanse(tmpbuf, n); +@@ -303,7 +416,15 @@ int RAND_poll(void) + l = time(NULL); + RAND_add(&l, sizeof(l), 0.0); + +-# if defined(DEVRANDOM) || (!defined(OPENSSL_NO_EGD) && defined(DEVRANDOM_EGD)) ++# if defined(OPENSSL_SYS_BEOS) ++ { ++ system_info sysInfo; ++ get_system_info(&sysInfo); ++ RAND_add(&sysInfo, sizeof(sysInfo), 0); ++ } ++# endif ++ ++# if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) + return 1; + # else + return 0; +@@ -314,7 +435,9 @@ int RAND_poll(void) + #endif /* !(defined(OPENSSL_SYS_WINDOWS) || + * defined(OPENSSL_SYS_WIN32) || + * defined(OPENSSL_SYS_VMS) || +- * defined(OPENSSL_SYS_VXWORKS) */ ++ * defined(OPENSSL_SYS_OS2) || ++ * defined(OPENSSL_SYS_VXWORKS) || ++ * defined(OPENSSL_SYS_NETWARE)) */ + + #if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) + int RAND_poll(void) +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_vms.c b/Cryptlib/OpenSSL/crypto/rand/rand_vms.c +deleted file mode 100644 +index 9c462dd..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_vms.c ++++ /dev/null +@@ -1,133 +0,0 @@ +-/* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * Modified by VMS Software, Inc (2016) +- * Eliminate looping through all processes (performance) +- * Add additional randomizations using rand() function +- */ +- +-#include +-#include "rand_lcl.h" +- +-#if defined(OPENSSL_SYS_VMS) +-# include +-# include +-# include +-# include +-# include +-# ifdef __DECC +-# pragma message disable DOLLARID +-# endif +- +-/* +- * Use 32-bit pointers almost everywhere. Define the type to which to cast a +- * pointer passed to an external function. +- */ +-# if __INITIAL_POINTER_SIZE == 64 +-# define PTR_T __void_ptr64 +-# pragma pointer_size save +-# pragma pointer_size 32 +-# else /* __INITIAL_POINTER_SIZE == 64 */ +-# define PTR_T void * +-# endif /* __INITIAL_POINTER_SIZE == 64 [else] */ +- +-static struct items_data_st { +- short length, code; /* length is number of bytes */ +-} items_data[] = { +- {4, JPI$_BUFIO}, +- {4, JPI$_CPUTIM}, +- {4, JPI$_DIRIO}, +- {4, JPI$_IMAGECOUNT}, +- {8, JPI$_LAST_LOGIN_I}, +- {8, JPI$_LOGINTIM}, +- {4, JPI$_PAGEFLTS}, +- {4, JPI$_PID}, +- {4, JPI$_PPGCNT}, +- {4, JPI$_WSPEAK}, +- {4, JPI$_FINALEXC}, +- {0, 0} /* zero terminated */ +-}; +- +-int RAND_poll(void) +-{ +- +- /* determine the number of items in the JPI array */ +- +- struct items_data_st item_entry; +- int item_entry_count = sizeof(items_data)/sizeof(item_entry); +- +- /* Create the JPI itemlist array to hold item_data content */ +- +- struct { +- short length, code; +- int *buffer; +- int *retlen; +- } item[item_entry_count], *pitem; /* number of entries in items_data */ +- +- struct items_data_st *pitems_data; +- int data_buffer[(item_entry_count*2)+4]; /* 8 bytes per entry max */ +- int iosb[2]; +- int sys_time[2]; +- int *ptr; +- int i, j ; +- int tmp_length = 0; +- int total_length = 0; +- +- pitems_data = items_data; +- pitem = item; +- +- +- /* Setup itemlist for GETJPI */ +- while (pitems_data->length) { +- pitem->length = pitems_data->length; +- pitem->code = pitems_data->code; +- pitem->buffer = &data_buffer[total_length]; +- pitem->retlen = 0; +- /* total_length is in longwords */ +- total_length += pitems_data->length/4; +- pitems_data++; +- pitem ++; +- } +- pitem->length = pitem->code = 0; +- +- /* Fill data_buffer with various info bits from this process */ +- /* and twist that data to seed the SSL random number init */ +- +- if (sys$getjpiw(EFN$C_ENF, NULL, NULL, item, &iosb, 0, 0) == SS$_NORMAL) { +- for (i = 0; i < total_length; i++) { +- sys$gettim((struct _generic_64 *)&sys_time[0]); +- srand(sys_time[0] * data_buffer[0] * data_buffer[1] + i); +- +- if (i == (total_length - 1)) { /* for JPI$_FINALEXC */ +- ptr = &data_buffer[i]; +- for (j = 0; j < 4; j++) { +- data_buffer[i + j] = ptr[j]; +- /* OK to use rand() just to scramble the seed */ +- data_buffer[i + j] ^= (sys_time[0] ^ rand()); +- tmp_length++; +- } +- } else { +- /* OK to use rand() just to scramble the seed */ +- data_buffer[i] ^= (sys_time[0] ^ rand()); +- } +- } +- +- total_length += (tmp_length - 1); +- +- /* size of seed is total_length*4 bytes (64bytes) */ +- RAND_add((PTR_T) data_buffer, total_length*4, total_length * 2); +- } else { +- return 0; +- } +- +- return 1; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c +deleted file mode 100644 +index 1be0ed3..0000000 +--- a/Cryptlib/OpenSSL/crypto/rand/rand_win.c ++++ /dev/null +@@ -1,135 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "internal/cryptlib.h" +-#include +-#include "rand_lcl.h" +- +-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) +-# include +-/* On Windows 7 or higher use BCrypt instead of the legacy CryptoAPI */ +-# if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0601 +-# define RAND_WINDOWS_USE_BCRYPT +-# endif +- +-# ifdef RAND_WINDOWS_USE_BCRYPT +-# include +-# pragma comment(lib, "bcrypt.lib") +-# ifndef STATUS_SUCCESS +-# define STATUS_SUCCESS ((NTSTATUS)0x00000000L) +-# endif +-# else +-# include +-/* +- * Intel hardware RNG CSP -- available from +- * http://developer.intel.com/design/security/rng/redist_license.htm +- */ +-# define PROV_INTEL_SEC 22 +-# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider" +-# endif +- +-static void readtimer(void); +- +-int RAND_poll(void) +-{ +- MEMORYSTATUS mst; +-# ifndef RAND_WINDOWS_USE_BCRYPT +- HCRYPTPROV hProvider; +-# endif +- DWORD w; +- BYTE buf[64]; +- +-# ifdef RAND_WINDOWS_USE_BCRYPT +- if (BCryptGenRandom(NULL, buf, (ULONG)sizeof(buf), BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS) { +- RAND_add(buf, sizeof(buf), sizeof(buf)); +- } +-# else +- /* poll the CryptoAPI PRNG */ +- /* The CryptoAPI returns sizeof(buf) bytes of randomness */ +- if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { +- if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { +- RAND_add(buf, sizeof(buf), sizeof(buf)); +- } +- CryptReleaseContext(hProvider, 0); +- } +- +- /* poll the Pentium PRG with CryptoAPI */ +- if (CryptAcquireContextW(&hProvider, NULL, INTEL_DEF_PROV, PROV_INTEL_SEC, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { +- if (CryptGenRandom(hProvider, (DWORD)sizeof(buf), buf) != 0) { +- RAND_add(buf, sizeof(buf), sizeof(buf)); +- } +- CryptReleaseContext(hProvider, 0); +- } +-# endif +- +- /* timer data */ +- readtimer(); +- +- /* memory usage statistics */ +- GlobalMemoryStatus(&mst); +- RAND_add(&mst, sizeof(mst), 1); +- +- /* process ID */ +- w = GetCurrentProcessId(); +- RAND_add(&w, sizeof(w), 1); +- +- return (1); +-} +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) +-{ +- RAND_poll(); +- return RAND_status(); +-} +- +-void RAND_screen(void) +-{ +- RAND_poll(); +-} +-#endif +- +-/* feed timing information to the PRNG */ +-static void readtimer(void) +-{ +- DWORD w; +- LARGE_INTEGER l; +- static int have_perfc = 1; +-# if defined(_MSC_VER) && defined(_M_X86) +- static int have_tsc = 1; +- DWORD cyclecount; +- +- if (have_tsc) { +- __try { +- __asm { +- _emit 0x0f _emit 0x31 mov cyclecount, eax} +- RAND_add(&cyclecount, sizeof(cyclecount), 1); +- } +- __except(EXCEPTION_EXECUTE_HANDLER) { +- have_tsc = 0; +- } +- } +-# else +-# define have_tsc 0 +-# endif +- +- if (have_perfc) { +- if (QueryPerformanceCounter(&l) == 0) +- have_perfc = 0; +- else +- RAND_add(&l, sizeof(l), 0); +- } +- +- if (!have_tsc && !have_perfc) { +- w = GetTickCount(); +- RAND_add(&w, sizeof(w), 0); +- } +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c +index 15fa9dc..728fd0a 100644 +--- a/Cryptlib/OpenSSL/crypto/rand/randfile.c ++++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c +@@ -1,19 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rand/randfile.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" +- + #include + #include + #include + #include + ++#include "e_os.h" + #include + #include + #include +@@ -57,52 +105,23 @@ + # define chmod _chmod + # define open _open + # define fdopen _fdopen +-# define fstat _fstat +-# define fileno _fileno + #endif + + #undef BUFSIZE + #define BUFSIZE 1024 + #define RAND_DATA 1024 + +-#ifdef OPENSSL_SYS_VMS +-/* +- * Misc hacks needed for specific cases. +- * +- * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically) +- * to make sure the FILE* is a 32-bit pointer no matter what. We know that +- * stdio function return this type (a study of stdio.h proves it). +- * Additionally, we create a similar char pointer type for the sake of +- * vms_setbuf below. +- */ +-# if __INITIAL_POINTER_SIZE == 64 +-# pragma pointer_size save +-# pragma pointer_size 32 +-typedef char *char_ptr32; +-# pragma pointer_size restore +-/* +- * On VMS, setbuf() will only take 32-bit pointers, and a compilation +- * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here. +- * Since we know that the FILE* really is a 32-bit pointer expanded to +- * 64 bits, we also know it's safe to convert it back to a 32-bit pointer. +- * As for the buffer parameter, we only use NULL here, so that passes as +- * well... +- */ +-# define setbuf(fp,buf) (setbuf)((__FILE_ptr32)(fp), (char_ptr32)(buf)) +-# endif +- ++#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64))) + /* + * This declaration is a nasty hack to get around vms' extension to fopen for +- * passing in sharing options being disabled by /STANDARD=ANSI89 ++ * passing in sharing options being disabled by our /STANDARD=ANSI89 + */ +-static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) = +- (__FILE_ptr32 (*)(const char *, const char *, ...))fopen; ++static FILE *(*const vms_fopen)(const char *, const char *, ...) = ++ (FILE *(*)(const char *, const char *, ...))fopen; + # define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0" +- +-# define openssl_fopen(fname,mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS) + #endif + +-#define RFILE ".rnd" ++/* #define RFILE ".rnd" - defined in ../../e_os.h */ + + /* + * Note that these functions are intended for seed files only. Entropy +@@ -116,24 +135,35 @@ int RAND_load_file(const char *file, long bytes) + * if bytes == -1, read complete file. + */ + +- unsigned char buf[BUFSIZE]; ++ MS_STATIC unsigned char buf[BUFSIZE]; + #ifndef OPENSSL_NO_POSIX_IO + struct stat sb; + #endif + int i, ret = 0, n; +- FILE *in = NULL; ++/* ++ * If setvbuf() is to be called, then the FILE pointer ++ * to it must be 32 bit. ++*/ ++ ++#if !defined OPENSSL_NO_SETVBUF_IONBF && defined(OPENSSL_SYS_VMS) && defined(__VMS_VER) && (__VMS_VER >= 70000000) ++ /* For 64-bit-->32 bit API Support*/ ++#if __INITIAL_POINTER_SIZE == 64 ++#pragma __required_pointer_size __save ++#pragma __required_pointer_size 32 ++#endif ++ FILE *in; /* setvbuf() requires 32-bit pointers */ ++#if __INITIAL_POINTER_SIZE == 64 ++#pragma __required_pointer_size __restore ++#endif ++#else ++ FILE *in; ++#endif /* OPENSSL_SYS_VMS */ + + if (file == NULL) +- return 0; +- +- if (bytes == 0) +- return ret; +- +- in = openssl_fopen(file, "rb"); +- if (in == NULL) +- goto err; ++ return (0); + + #ifndef OPENSSL_NO_POSIX_IO ++# ifdef PURIFY + /* + * struct stat can have padding and unused fields that may not be + * initialized in the call to stat(). We need to clear the entire +@@ -141,11 +171,22 @@ int RAND_load_file(const char *file, long bytes) + * applications such as Valgrind. + */ + memset(&sb, 0, sizeof(sb)); +- if (fstat(fileno(in), &sb) < 0) +- goto err; ++# endif ++ if (stat(file, &sb) < 0) ++ return (0); + RAND_add(&sb, sizeof(sb), 0.0); ++#endif ++ if (bytes == 0) ++ return (ret); + +-# if defined(S_ISBLK) && defined(S_ISCHR) ++#ifdef OPENSSL_SYS_VMS ++ in = vms_fopen(file, "rb", VMS_OPEN_ATTRS); ++#else ++ in = fopen(file, "rb"); ++#endif ++ if (in == NULL) ++ goto err; ++#if defined(S_ISBLK) && defined(S_ISCHR) && !defined(OPENSSL_NO_POSIX_IO) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { + /* + * this file is a device. we don't want read an infinite number of +@@ -153,9 +194,10 @@ int RAND_load_file(const char *file, long bytes) + * because we will waste system entropy. + */ + bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ +- setbuf(in, NULL); /* don't do buffered reads */ ++# ifndef OPENSSL_NO_SETVBUF_IONBF ++ setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ ++# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + } +-# endif + #endif + for (;;) { + if (bytes > 0) +@@ -165,8 +207,12 @@ int RAND_load_file(const char *file, long bytes) + i = fread(buf, 1, n, in); + if (i <= 0) + break; +- ++#ifdef PURIFY + RAND_add(buf, i, (double)i); ++#else ++ /* even if n != i, use the full array */ ++ RAND_add(buf, n, (double)i); ++#endif + ret += i; + if (bytes > 0) { + bytes -= n; +@@ -174,11 +220,10 @@ int RAND_load_file(const char *file, long bytes) + break; + } + } ++ fclose(in); + OPENSSL_cleanse(buf, BUFSIZE); + err: +- if (in != NULL) +- fclose(in); +- return ret; ++ return (ret); + } + + int RAND_write_file(const char *file) +@@ -190,15 +235,9 @@ int RAND_write_file(const char *file) + #ifndef OPENSSL_NO_POSIX_IO + struct stat sb; + +-# if defined(S_ISBLK) && defined(S_ISCHR) +-# ifdef _WIN32 +- /* +- * Check for |file| being a driver as "ASCII-safe" on Windows, +- * because driver paths are always ASCII. +- */ +-# endif + i = stat(file, &sb); + if (i != -1) { ++# if defined(S_ISBLK) && defined(S_ISCHR) + if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) { + /* + * this file is a device. we don't write back to it. we +@@ -206,14 +245,13 @@ int RAND_write_file(const char *file) + * device. Otherwise attempting to write to and chmod the device + * causes problems. + */ +- return 1; ++ return (1); + } +- } + # endif ++ } + #endif + +-#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \ +- !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) ++#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && !defined(OPENSSL_SYS_VMS) + { + # ifndef O_BINARY + # define O_BINARY 0 +@@ -228,7 +266,7 @@ int RAND_write_file(const char *file) + } + #endif + +-#ifdef OPENSSL_SYS_VMS ++#if (defined(OPENSSL_SYS_VMS) && (defined(__alpha) || defined(__ia64))) + /* + * VMS NOTE: Prior versions of this routine created a _new_ version of + * the rand file for each call into this routine, then deleted all +@@ -247,14 +285,17 @@ int RAND_write_file(const char *file) + * rand file in a concurrent use situation. + */ + +- out = openssl_fopen(file, "rb+"); +-#endif ++ out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); + if (out == NULL) +- out = openssl_fopen(file, "wb"); ++ out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); ++#else ++ if (out == NULL) ++ out = fopen(file, "wb"); ++#endif + if (out == NULL) + goto err; + +-#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO) ++#ifndef NO_CHMOD + chmod(file, 0600); + #endif + n = RAND_DATA; +@@ -282,70 +323,31 @@ int RAND_write_file(const char *file) + const char *RAND_file_name(char *buf, size_t size) + { + char *s = NULL; +- int use_randfile = 1; + #ifdef __OpenBSD__ + struct stat sb; + #endif + +-#if defined(_WIN32) && defined(CP_UTF8) +- DWORD len; +- WCHAR *var, *val; +- +- if ((var = L"RANDFILE", +- len = GetEnvironmentVariableW(var, NULL, 0)) == 0 +- && (var = L"HOME", use_randfile = 0, +- len = GetEnvironmentVariableW(var, NULL, 0)) == 0 +- && (var = L"USERPROFILE", +- len = GetEnvironmentVariableW(var, NULL, 0)) == 0) { +- var = L"SYSTEMROOT", +- len = GetEnvironmentVariableW(var, NULL, 0); +- } +- +- if (len != 0) { +- int sz; +- +- val = _alloca(len * sizeof(WCHAR)); +- +- if (GetEnvironmentVariableW(var, val, len) < len +- && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0, +- NULL, NULL)) != 0) { +- s = _alloca(sz); +- if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz, +- NULL, NULL) == 0) +- s = NULL; +- } +- } +-#else +- if (OPENSSL_issetugid() != 0) { +- use_randfile = 0; +- } else { ++ if (OPENSSL_issetugid() == 0) + s = getenv("RANDFILE"); +- if (s == NULL || *s == '\0') { +- use_randfile = 0; ++ if (s != NULL && *s && strlen(s) + 1 < size) { ++ if (BUF_strlcpy(buf, s, size) >= size) ++ return NULL; ++ } else { ++ if (OPENSSL_issetugid() == 0) + s = getenv("HOME"); +- } +- } +-#endif + #ifdef DEFAULT_HOME +- if (!use_randfile && s == NULL) { +- s = DEFAULT_HOME; +- } ++ if (s == NULL) { ++ s = DEFAULT_HOME; ++ } + #endif +- if (s != NULL && *s) { +- size_t len = strlen(s); +- +- if (use_randfile && len + 1 < size) { +- if (OPENSSL_strlcpy(buf, s, size) >= size) +- return NULL; +- } else if (len + strlen(RFILE) + 2 < size) { +- OPENSSL_strlcpy(buf, s, size); ++ if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) { ++ BUF_strlcpy(buf, s, size); + #ifndef OPENSSL_SYS_VMS +- OPENSSL_strlcat(buf, "/", size); ++ BUF_strlcat(buf, "/", size); + #endif +- OPENSSL_strlcat(buf, RFILE, size); +- } +- } else { +- buf[0] = '\0'; /* no file name */ ++ BUF_strlcat(buf, RFILE, size); ++ } else ++ buf[0] = '\0'; /* no file name */ + } + + #ifdef __OpenBSD__ +@@ -357,10 +359,14 @@ const char *RAND_file_name(char *buf, size_t size) + * available. + */ + +- if (!buf[0] || stat(buf, &sb) == -1) +- if (OPENSSL_strlcpy(buf, "/dev/arandom", size) >= size) { +- return NULL; ++ if (!buf[0]) ++ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { ++ return (NULL); ++ } ++ if (stat(buf, &sb) == -1) ++ if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) { ++ return (NULL); + } + #endif +- return buf[0] ? buf : NULL; ++ return (buf); + } +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +index be11bad..0f0a248 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rc4/rc4_enc.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +@@ -30,6 +79,197 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + y = key->y; + d = key->data; + ++#if defined(RC4_CHUNK) && !defined(PEDANTIC) ++ /*- ++ * The original reason for implementing this(*) was the fact that ++ * pre-21164a Alpha CPUs don't have byte load/store instructions ++ * and e.g. a byte store has to be done with 64-bit load, shift, ++ * and, or and finally 64-bit store. Peaking data and operating ++ * at natural word size made it possible to reduce amount of ++ * instructions as well as to perform early read-ahead without ++ * suffering from RAW (read-after-write) hazard. This resulted ++ * in ~40%(**) performance improvement on 21064 box with gcc. ++ * But it's not only Alpha users who win here:-) Thanks to the ++ * early-n-wide read-ahead this implementation also exhibits ++ * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending ++ * on sizeof(RC4_INT)). ++ * ++ * (*) "this" means code which recognizes the case when input ++ * and output pointers appear to be aligned at natural CPU ++ * word boundary ++ * (**) i.e. according to 'apps/openssl speed rc4' benchmark, ++ * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... ++ * ++ * Cavets. ++ * ++ * - RC4_CHUNK="unsigned long long" should be a #1 choice for ++ * UltraSPARC. Unfortunately gcc generates very slow code ++ * (2.5-3 times slower than one generated by Sun's WorkShop ++ * C) and therefore gcc (at least 2.95 and earlier) should ++ * always be told that RC4_CHUNK="unsigned long". ++ * ++ * ++ */ ++ ++# define RC4_STEP ( \ ++ x=(x+1) &0xff, \ ++ tx=d[x], \ ++ y=(tx+y)&0xff, \ ++ ty=d[y], \ ++ d[y]=tx, \ ++ d[x]=ty, \ ++ (RC4_CHUNK)d[(tx+ty)&0xff]\ ++ ) ++ ++ if ((((size_t)indata & (sizeof(RC4_CHUNK) - 1)) | ++ ((size_t)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) { ++ RC4_CHUNK ichunk, otp; ++ const union { ++ long one; ++ char little; ++ } is_endian = { ++ 1 ++ }; ++ ++ /*- ++ * I reckon we can afford to implement both endian ++ * cases and to decide which way to take at run-time ++ * because the machine code appears to be very compact ++ * and redundant 1-2KB is perfectly tolerable (i.e. ++ * in case the compiler fails to eliminate it:-). By ++ * suggestion from Terrel Larson ++ * who also stands for the is_endian union:-) ++ * ++ * Special notes. ++ * ++ * - is_endian is declared automatic as doing otherwise ++ * (declaring static) prevents gcc from eliminating ++ * the redundant code; ++ * - compilers (those I've tried) don't seem to have ++ * problems eliminating either the operators guarded ++ * by "if (sizeof(RC4_CHUNK)==8)" or the condition ++ * expressions themselves so I've got 'em to replace ++ * corresponding #ifdefs from the previous version; ++ * - I chose to let the redundant switch cases when ++ * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed ++ * before); ++ * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in ++ * [LB]ESHFT guards against "shift is out of range" ++ * warnings when sizeof(RC4_CHUNK)!=8 ++ * ++ * ++ */ ++ if (!is_endian.little) { /* BIG-ENDIAN CASE */ ++# define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) ++ for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { ++ ichunk = *(RC4_CHUNK *) indata; ++ otp = RC4_STEP << BESHFT(0); ++ otp |= RC4_STEP << BESHFT(1); ++ otp |= RC4_STEP << BESHFT(2); ++ otp |= RC4_STEP << BESHFT(3); ++ if (sizeof(RC4_CHUNK) == 8) { ++ otp |= RC4_STEP << BESHFT(4); ++ otp |= RC4_STEP << BESHFT(5); ++ otp |= RC4_STEP << BESHFT(6); ++ otp |= RC4_STEP << BESHFT(7); ++ } ++ *(RC4_CHUNK *) outdata = otp ^ ichunk; ++ indata += sizeof(RC4_CHUNK); ++ outdata += sizeof(RC4_CHUNK); ++ } ++ if (len) { ++ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; ++ ++ ichunk = *(RC4_CHUNK *) indata; ++ ochunk = *(RC4_CHUNK *) outdata; ++ otp = 0; ++ i = BESHFT(0); ++ mask <<= (sizeof(RC4_CHUNK) - len) << 3; ++ switch (len & (sizeof(RC4_CHUNK) - 1)) { ++ case 7: ++ otp = RC4_STEP << i, i -= 8; ++ case 6: ++ otp |= RC4_STEP << i, i -= 8; ++ case 5: ++ otp |= RC4_STEP << i, i -= 8; ++ case 4: ++ otp |= RC4_STEP << i, i -= 8; ++ case 3: ++ otp |= RC4_STEP << i, i -= 8; ++ case 2: ++ otp |= RC4_STEP << i, i -= 8; ++ case 1: ++ otp |= RC4_STEP << i, i -= 8; ++ case 0:; /* ++ * it's never the case, ++ * but it has to be here ++ * for ultrix? ++ */ ++ } ++ ochunk &= ~mask; ++ ochunk |= (otp ^ ichunk) & mask; ++ *(RC4_CHUNK *) outdata = ochunk; ++ } ++ key->x = x; ++ key->y = y; ++ return; ++ } else { /* LITTLE-ENDIAN CASE */ ++# define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) ++ for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { ++ ichunk = *(RC4_CHUNK *) indata; ++ otp = RC4_STEP; ++ otp |= RC4_STEP << 8; ++ otp |= RC4_STEP << 16; ++ otp |= RC4_STEP << 24; ++ if (sizeof(RC4_CHUNK) == 8) { ++ otp |= RC4_STEP << LESHFT(4); ++ otp |= RC4_STEP << LESHFT(5); ++ otp |= RC4_STEP << LESHFT(6); ++ otp |= RC4_STEP << LESHFT(7); ++ } ++ *(RC4_CHUNK *) outdata = otp ^ ichunk; ++ indata += sizeof(RC4_CHUNK); ++ outdata += sizeof(RC4_CHUNK); ++ } ++ if (len) { ++ RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk; ++ ++ ichunk = *(RC4_CHUNK *) indata; ++ ochunk = *(RC4_CHUNK *) outdata; ++ otp = 0; ++ i = 0; ++ mask >>= (sizeof(RC4_CHUNK) - len) << 3; ++ switch (len & (sizeof(RC4_CHUNK) - 1)) { ++ case 7: ++ otp = RC4_STEP, i += 8; ++ case 6: ++ otp |= RC4_STEP << i, i += 8; ++ case 5: ++ otp |= RC4_STEP << i, i += 8; ++ case 4: ++ otp |= RC4_STEP << i, i += 8; ++ case 3: ++ otp |= RC4_STEP << i, i += 8; ++ case 2: ++ otp |= RC4_STEP << i, i += 8; ++ case 1: ++ otp |= RC4_STEP << i, i += 8; ++ case 0:; /* ++ * it's never the case, ++ * but it has to be here ++ * for ultrix? ++ */ ++ } ++ ochunk &= ~mask; ++ ochunk |= (otp ^ ichunk) & mask; ++ *(RC4_CHUNK *) outdata = ochunk; ++ } ++ key->x = x; ++ key->y = y; ++ return; ++ } ++ } ++#endif + #define LOOP(in,out) \ + x=((x+1)&0xff); \ + tx=d[x]; \ +@@ -38,19 +278,27 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + d[y]=tx; \ + (out) = d[(tx+ty)&0xff]^ (in); + ++#ifndef RC4_INDEX ++# define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++)) ++#else ++# define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) ++#endif ++ + i = len >> 3; + if (i) { + for (;;) { +- LOOP(indata[0], outdata[0]); +- LOOP(indata[1], outdata[1]); +- LOOP(indata[2], outdata[2]); +- LOOP(indata[3], outdata[3]); +- LOOP(indata[4], outdata[4]); +- LOOP(indata[5], outdata[5]); +- LOOP(indata[6], outdata[6]); +- LOOP(indata[7], outdata[7]); ++ RC4_LOOP(indata, outdata, 0); ++ RC4_LOOP(indata, outdata, 1); ++ RC4_LOOP(indata, outdata, 2); ++ RC4_LOOP(indata, outdata, 3); ++ RC4_LOOP(indata, outdata, 4); ++ RC4_LOOP(indata, outdata, 5); ++ RC4_LOOP(indata, outdata, 6); ++ RC4_LOOP(indata, outdata, 7); ++#ifdef RC4_INDEX + indata += 8; + outdata += 8; ++#endif + if (--i == 0) + break; + } +@@ -58,25 +306,25 @@ void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + i = len & 0x07; + if (i) { + for (;;) { +- LOOP(indata[0], outdata[0]); ++ RC4_LOOP(indata, outdata, 0); + if (--i == 0) + break; +- LOOP(indata[1], outdata[1]); ++ RC4_LOOP(indata, outdata, 1); + if (--i == 0) + break; +- LOOP(indata[2], outdata[2]); ++ RC4_LOOP(indata, outdata, 2); + if (--i == 0) + break; +- LOOP(indata[3], outdata[3]); ++ RC4_LOOP(indata, outdata, 3); + if (--i == 0) + break; +- LOOP(indata[4], outdata[4]); ++ RC4_LOOP(indata, outdata, 4); + if (--i == 0) + break; +- LOOP(indata[5], outdata[5]); ++ RC4_LOOP(indata, outdata, 5); + if (--i == 0) + break; +- LOOP(indata[6], outdata[6]); ++ RC4_LOOP(indata, outdata, 6); + if (--i == 0) + break; + } +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h b/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h +index 4380add..faf8742 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_locl.h +@@ -1,16 +1,5 @@ +-/* +- * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- + #ifndef HEADER_RC4_LOCL_H + # define HEADER_RC4_LOCL_H +- + # include +-# include "internal/cryptlib.h" +- ++# include + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +index 16f81a4..06890d1 100644 +--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c +@@ -1,22 +1,80 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rc4/rc4_skey.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include "rc4_locl.h" + #include + ++const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT; ++ + const char *RC4_options(void) + { ++#ifdef RC4_INDEX ++ if (sizeof(RC4_INT) == 1) ++ return ("rc4(idx,char)"); ++ else ++ return ("rc4(idx,int)"); ++#else + if (sizeof(RC4_INT) == 1) +- return ("rc4(char)"); ++ return ("rc4(ptr,char)"); + else +- return ("rc4(int)"); ++ return ("rc4(ptr,int)"); ++#endif + } + + /*- +@@ -28,7 +86,7 @@ const char *RC4_options(void) + * Date: Wed, 14 Sep 1994 06:35:31 GMT + */ + +-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) ++void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) + { + register RC4_INT tmp; + register int id1, id2; +diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c +new file mode 100644 +index 0000000..cbd4a24 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_utl.c +@@ -0,0 +1,62 @@ ++/* crypto/rc4/rc4_utl.c */ ++/* ==================================================================== ++ * Copyright (c) 2011 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ */ ++ ++#include ++#include ++#include ++ ++void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) ++{ ++#ifdef OPENSSL_FIPS ++ fips_cipher_abort(RC4); ++#endif ++ private_RC4_set_key(key, len, data); ++} +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c +index 5694140..951e1d5 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c +@@ -1,21 +1,72 @@ ++/* crypto/rsa/rsa_ameth.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include ++#include + #include +-#include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" +-#include "rsa_locl.h" ++#ifndef OPENSSL_NO_CMS ++# include ++#endif ++#include "asn1_locl.h" + + #ifndef OPENSSL_NO_CMS + static int rsa_cms_sign(CMS_SignerInfo *si); +@@ -44,10 +95,9 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + const unsigned char *p; + int pklen; + RSA *rsa = NULL; +- + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) + return 0; +- if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) { ++ if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { + RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); + return 0; + } +@@ -67,8 +117,7 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + RSA *rsa; +- +- if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) { ++ if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) { + RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); + return 0; + } +@@ -101,7 +150,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) + return 1; + } + +-static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) ++static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p; + int pklen; +@@ -120,21 +169,45 @@ static int rsa_bits(const EVP_PKEY *pkey) + return BN_num_bits(pkey->pkey.rsa->n); + } + +-static int rsa_security_bits(const EVP_PKEY *pkey) ++static void int_rsa_free(EVP_PKEY *pkey) + { +- return RSA_security_bits(pkey->pkey.rsa); ++ RSA_free(pkey->pkey.rsa); + } + +-static void int_rsa_free(EVP_PKEY *pkey) ++static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { +- RSA_free(pkey->pkey.rsa); ++ size_t i; ++ if (!b) ++ return; ++ if (*pbuflen < (i = (size_t)BN_num_bytes(b))) ++ *pbuflen = i; + } + + static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) + { + char *str; + const char *s; ++ unsigned char *m = NULL; + int ret = 0, mod_len = 0; ++ size_t buf_len = 0; ++ ++ update_buflen(x->n, &buf_len); ++ update_buflen(x->e, &buf_len); ++ ++ if (priv) { ++ update_buflen(x->d, &buf_len); ++ update_buflen(x->p, &buf_len); ++ update_buflen(x->q, &buf_len); ++ update_buflen(x->dmp1, &buf_len); ++ update_buflen(x->dmq1, &buf_len); ++ update_buflen(x->iqmp, &buf_len); ++ } ++ ++ m = (unsigned char *)OPENSSL_malloc(buf_len + 10); ++ if (m == NULL) { ++ RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } + + if (x->n != NULL) + mod_len = BN_num_bits(x->n); +@@ -143,36 +216,40 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) + goto err; + + if (priv && x->d) { +- if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) ++ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) ++ <= 0) + goto err; + str = "modulus:"; + s = "publicExponent:"; + } else { +- if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) ++ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) ++ <= 0) + goto err; + str = "Modulus:"; + s = "Exponent:"; + } +- if (!ASN1_bn_print(bp, str, x->n, NULL, off)) ++ if (!ASN1_bn_print(bp, str, x->n, m, off)) + goto err; +- if (!ASN1_bn_print(bp, s, x->e, NULL, off)) ++ if (!ASN1_bn_print(bp, s, x->e, m, off)) + goto err; + if (priv) { +- if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) ++ if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) + goto err; +- if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) ++ if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) + goto err; +- if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) ++ if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) + goto err; +- if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) ++ if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) + goto err; +- if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) ++ if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) + goto err; +- if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) ++ if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) + goto err; + } + ret = 1; + err: ++ if (m != NULL) ++ OPENSSL_free(m); + return (ret); + } + +@@ -191,23 +268,34 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + /* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */ + static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) + { +- if (alg == NULL) ++ const unsigned char *p; ++ int plen; ++ if (alg == NULL || alg->parameter == NULL) + return NULL; + if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) + return NULL; +- return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), +- alg->parameter); ++ if (alg->parameter->type != V_ASN1_SEQUENCE) ++ return NULL; ++ ++ p = alg->parameter->value.sequence->data; ++ plen = alg->parameter->value.sequence->length; ++ return d2i_X509_ALGOR(NULL, &p, plen); + } + + static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, + X509_ALGOR **pmaskHash) + { ++ const unsigned char *p; ++ int plen; + RSA_PSS_PARAMS *pss; + + *pmaskHash = NULL; + +- pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), +- alg->parameter); ++ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) ++ return NULL; ++ p = alg->parameter->value.sequence->data; ++ plen = alg->parameter->value.sequence->length; ++ pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); + + if (!pss) + return NULL; +@@ -299,8 +387,10 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, + X509_ALGOR *maskHash; + pss = rsa_pss_decode(sigalg, &maskHash); + rv = rsa_pss_param_print(bp, pss, maskHash, indent); +- RSA_PSS_PARAMS_free(pss); +- X509_ALGOR_free(maskHash); ++ if (pss) ++ RSA_PSS_PARAMS_free(pss); ++ if (maskHash) ++ X509_ALGOR_free(maskHash); + if (!rv) + return 0; + } else if (!sig && BIO_puts(bp, "\n") <= 0) +@@ -366,7 +456,7 @@ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) + if (EVP_MD_type(md) == NID_sha1) + return 1; + *palg = X509_ALGOR_new(); +- if (*palg == NULL) ++ if (!*palg) + return 0; + X509_ALGOR_set_md(*palg, md); + return 1; +@@ -386,13 +476,15 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) + if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) + goto err; + *palg = X509_ALGOR_new(); +- if (*palg == NULL) ++ if (!*palg) + goto err; + X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); + stmp = NULL; + err: +- ASN1_STRING_free(stmp); +- X509_ALGOR_free(algtmp); ++ if (stmp) ++ ASN1_STRING_free(stmp); ++ if (algtmp) ++ X509_ALGOR_free(algtmp); + if (*palg) + return 1; + return 0; +@@ -459,11 +551,11 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) + saltlen--; + } + pss = RSA_PSS_PARAMS_new(); +- if (pss == NULL) ++ if (!pss) + goto err; + if (saltlen != 20) { + pss->saltLength = ASN1_INTEGER_new(); +- if (pss->saltLength == NULL) ++ if (!pss->saltLength) + goto err; + if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) + goto err; +@@ -477,16 +569,18 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) + goto err; + rv = 1; + err: +- RSA_PSS_PARAMS_free(pss); ++ if (pss) ++ RSA_PSS_PARAMS_free(pss); + if (rv) + return os; +- ASN1_STRING_free(os); ++ if (os) ++ ASN1_STRING_free(os); + return NULL; + } + + /* + * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL +- * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are ++ * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are + * passed to pkctx instead. + */ + +@@ -568,7 +662,8 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, + + err: + RSA_PSS_PARAMS_free(pss); +- X509_ALGOR_free(maskHash); ++ if (maskHash) ++ X509_ALGOR_free(maskHash); + return rv; + } + +@@ -646,7 +741,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + ASN1_BIT_STRING *sig) + { + int pad_mode; +- EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); ++ EVP_PKEY_CTX *pkctx = ctx->pctx; + if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) + return 0; + if (pad_mode == RSA_PKCS1_PADDING) +@@ -673,16 +768,20 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + return 2; + } + +-#ifndef OPENSSL_NO_CMS + static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, + X509_ALGOR **pmaskHash) + { ++ const unsigned char *p; ++ int plen; + RSA_OAEP_PARAMS *pss; + + *pmaskHash = NULL; + +- pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), +- alg->parameter); ++ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) ++ return NULL; ++ p = alg->parameter->value.sequence->data; ++ plen = alg->parameter->value.sequence->length; ++ pss = d2i_RSA_OAEP_PARAMS(NULL, &p, plen); + + if (!pss) + return NULL; +@@ -692,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, + return pss; + } + ++#ifndef OPENSSL_NO_CMS + static int rsa_cms_decrypt(CMS_RecipientInfo *ri) + { + EVP_PKEY_CTX *pkctx; +@@ -760,7 +860,8 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) + + err: + RSA_OAEP_PARAMS_free(oaep); +- X509_ALGOR_free(maskHash); ++ if (maskHash) ++ X509_ALGOR_free(maskHash); + return rv; + } + +@@ -793,19 +894,18 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) + if (labellen < 0) + goto err; + oaep = RSA_OAEP_PARAMS_new(); +- if (oaep == NULL) ++ if (!oaep) + goto err; + if (!rsa_md_to_algor(&oaep->hashFunc, md)) + goto err; + if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) + goto err; + if (labellen > 0) { +- ASN1_OCTET_STRING *los; ++ ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new(); + oaep->pSourceFunc = X509_ALGOR_new(); +- if (oaep->pSourceFunc == NULL) ++ if (!oaep->pSourceFunc) + goto err; +- los = ASN1_OCTET_STRING_new(); +- if (los == NULL) ++ if (!los) + goto err; + if (!ASN1_OCTET_STRING_set(los, label, labellen)) { + ASN1_OCTET_STRING_free(los); +@@ -821,13 +921,15 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) + os = NULL; + rv = 1; + err: +- RSA_OAEP_PARAMS_free(oaep); +- ASN1_STRING_free(os); ++ if (oaep) ++ RSA_OAEP_PARAMS_free(oaep); ++ if (os) ++ ASN1_STRING_free(os); + return rv; + } + #endif + +-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { ++const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { + { + EVP_PKEY_RSA, + EVP_PKEY_RSA, +@@ -847,7 +949,6 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { + + int_rsa_size, + rsa_bits, +- rsa_security_bits, + + 0, 0, 0, 0, 0, 0, + +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +index 20f8ebf..aff8b58 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c +@@ -1,18 +1,68 @@ ++/* rsa_asn1.c */ + /* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2000. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include ++#include + #include + #include +-#include "rsa_locl.h" + + /* Override the default free and new methods */ + static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, +@@ -20,7 +70,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + { + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE *)RSA_new(); +- if (*pval != NULL) ++ if (*pval) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { +@@ -35,12 +85,12 @@ ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { + ASN1_SIMPLE(RSA, version, LONG), + ASN1_SIMPLE(RSA, n, BIGNUM), + ASN1_SIMPLE(RSA, e, BIGNUM), +- ASN1_SIMPLE(RSA, d, CBIGNUM), +- ASN1_SIMPLE(RSA, p, CBIGNUM), +- ASN1_SIMPLE(RSA, q, CBIGNUM), +- ASN1_SIMPLE(RSA, dmp1, CBIGNUM), +- ASN1_SIMPLE(RSA, dmq1, CBIGNUM), +- ASN1_SIMPLE(RSA, iqmp, CBIGNUM) ++ ASN1_SIMPLE(RSA, d, BIGNUM), ++ ASN1_SIMPLE(RSA, p, BIGNUM), ++ ASN1_SIMPLE(RSA, q, BIGNUM), ++ ASN1_SIMPLE(RSA, dmp1, BIGNUM), ++ ASN1_SIMPLE(RSA, dmq1, BIGNUM), ++ ASN1_SIMPLE(RSA, iqmp, BIGNUM) + } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) + + +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +index 00260fb..475dfc5 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c +@@ -1,30 +1,65 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_chk.c */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + */ + + #include + #include +-#include "rsa_locl.h" ++#include + + int RSA_check_key(const RSA *key) +-{ +- return RSA_check_key_ex(key, NULL); +-} +- +-int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) + { + BIGNUM *i, *j, *k, *l, *m; + BN_CTX *ctx; + int ret = 1; + +- if (key->p == NULL || key->q == NULL || key->n == NULL +- || key->e == NULL || key->d == NULL) { +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING); ++ if (!key->p || !key->q || !key->n || !key->e || !key->d) { ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING); + return 0; + } + +@@ -37,29 +72,29 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) + if (i == NULL || j == NULL || k == NULL || l == NULL + || m == NULL || ctx == NULL) { + ret = -1; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE); ++ RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (BN_is_one(key->e)) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE); + } + if (!BN_is_odd(key->e)) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE); + } + + /* p prime? */ +- if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) { ++ if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL) != 1) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); + } + + /* q prime? */ +- if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) { ++ if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL) != 1) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); + } + + /* n = p*q? */ +@@ -69,7 +104,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) + } + if (BN_cmp(i, key->n) != 0) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); + } + + /* d*e = 1 mod lcm(p-1,q-1)? */ +@@ -102,7 +137,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) + + if (!BN_is_one(i)) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); + } + + if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { +@@ -117,7 +152,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) + } + if (BN_cmp(j, key->dmp1) != 0) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D); + } + + /* dmq1 = d mod (q-1)? */ +@@ -131,7 +166,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) + } + if (BN_cmp(j, key->dmq1) != 0) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); + } + + /* iqmp = q^-1 mod p? */ +@@ -141,7 +176,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) + } + if (BN_cmp(i, key->iqmp) != 0) { + ret = 0; +- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q); ++ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q); + } + } + +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c +index 9cd733b..5c416b5 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c +@@ -1,24 +1,71 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "internal/bn_int.h" ++#include ++#include + #include +-#include "rsa_locl.h" +- +-int RSA_bits(const RSA *r) +-{ +- return (BN_num_bits(r->n)); +-} ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif + + int RSA_size(const RSA *r) + { +@@ -28,24 +75,52 @@ int RSA_size(const RSA *r) + int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); + } + + int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); + } + + int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + } + + int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD); ++ return -1; ++ } ++#endif + return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); + } + +@@ -56,8 +131,10 @@ int RSA_flags(const RSA *r) + + void RSA_blinding_off(RSA *rsa) + { +- BN_BLINDING_free(rsa->blinding); +- rsa->blinding = NULL; ++ if (rsa->blinding != NULL) { ++ BN_BLINDING_free(rsa->blinding); ++ rsa->blinding = NULL; ++ } + rsa->flags &= ~RSA_FLAG_BLINDING; + rsa->flags |= RSA_FLAG_NO_BLINDING; + } +@@ -110,7 +187,8 @@ static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, + + BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) + { +- BIGNUM *e; ++ BIGNUM local_n; ++ BIGNUM *e, *n; + BN_CTX *ctx; + BN_BLINDING *ret = NULL; + +@@ -136,42 +214,33 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) + } else + e = rsa->e; + +- if ((RAND_status() == 0) && rsa->d != NULL +- && bn_get_words(rsa->d) != NULL) { ++ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { + /* + * if PRNG is not properly seeded, resort to secret exponent as + * unpredictable seed + */ +- RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG), +- 0.0); ++ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); + } + +- { +- BIGNUM *n = BN_new(); +- +- if (n == NULL) { +- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ /* Set BN_FLG_CONSTTIME flag */ ++ n = &local_n; + BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); ++ } else ++ n = rsa->n; + +- ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, +- rsa->_method_mod_n); +- /* We MUST free n before any further use of rsa->n */ +- BN_free(n); +- } ++ ret = BN_BLINDING_create_param(NULL, e, n, ctx, ++ rsa->meth->bn_mod_exp, rsa->_method_mod_n); + if (ret == NULL) { + RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); + goto err; + } +- +- BN_BLINDING_set_current_thread(ret); +- ++ CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); + err: + BN_CTX_end(ctx); +- if (ctx != in_ctx) ++ if (in_ctx == NULL) + BN_CTX_free(ctx); +- if (e != rsa->e) ++ if (rsa->e == NULL) + BN_free(e); + + return ret; +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c +index 21e0562..32f0c88 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c +@@ -1,10 +1,56 @@ +-/* +- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_depr.c */ ++/* ==================================================================== ++ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + /* +@@ -12,27 +58,27 @@ + * "new" versions). + */ + +-#include +-#if OPENSSL_API_COMPAT >= 0x00908000L +-NON_EMPTY_TRANSLATION_UNIT ++#include ++#include ++#include "cryptlib.h" ++#include ++#include + +-#else ++#ifdef OPENSSL_NO_DEPRECATED + +-# include +-# include +-# include "internal/cryptlib.h" +-# include +-# include ++static void *dummy = &dummy; ++ ++#else + + RSA *RSA_generate_key(int bits, unsigned long e_value, + void (*callback) (int, int, void *), void *cb_arg) + { ++ BN_GENCB cb; + int i; +- BN_GENCB *cb = BN_GENCB_new(); + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); + +- if (cb == NULL || rsa == NULL || e == NULL) ++ if (!rsa || !e) + goto err; + + /* +@@ -45,17 +91,17 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, + goto err; + } + +- BN_GENCB_set_old(cb, callback, cb_arg); ++ BN_GENCB_set_old(&cb, callback, cb_arg); + +- if (RSA_generate_key_ex(rsa, bits, e, cb)) { ++ if (RSA_generate_key_ex(rsa, bits, e, &cb)) { + BN_free(e); +- BN_GENCB_free(cb); + return rsa; + } + err: +- BN_free(e); +- RSA_free(rsa); +- BN_GENCB_free(cb); ++ if (e) ++ BN_free(e); ++ if (rsa) ++ RSA_free(rsa); + return 0; + } + #endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +new file mode 100644 +index 0000000..b147fff +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c +@@ -0,0 +1,904 @@ ++/* crypto/rsa/rsa_eay.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++/* ==================================================================== ++ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++ ++#ifndef RSA_NULL ++ ++static int RSA_eay_public_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++static int RSA_eay_private_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++static int RSA_eay_public_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++static int RSA_eay_private_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding); ++static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, ++ BN_CTX *ctx); ++static int RSA_eay_init(RSA *rsa); ++static int RSA_eay_finish(RSA *rsa); ++static RSA_METHOD rsa_pkcs1_eay_meth = { ++ "Eric Young's PKCS#1 RSA", ++ RSA_eay_public_encrypt, ++ RSA_eay_public_decrypt, /* signature verification */ ++ RSA_eay_private_encrypt, /* signing */ ++ RSA_eay_private_decrypt, ++ RSA_eay_mod_exp, ++ BN_mod_exp_mont, /* XXX probably we should not use Montgomery ++ * if e == 3 */ ++ RSA_eay_init, ++ RSA_eay_finish, ++ 0, /* flags */ ++ NULL, ++ 0, /* rsa_sign */ ++ 0, /* rsa_verify */ ++ NULL /* rsa_keygen */ ++}; ++ ++const RSA_METHOD *RSA_PKCS1_SSLeay(void) ++{ ++ return (&rsa_pkcs1_eay_meth); ++} ++ ++static int RSA_eay_public_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret; ++ int i, j, k, num = 0, r = -1; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); ++ return -1; ++ } ++ ++ if (BN_ucmp(rsa->n, rsa->e) <= 0) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ ++ /* for large moduli, enforce exponent limit */ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { ++ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); ++ break; ++# ifndef OPENSSL_NO_SHA ++ case RSA_PKCS1_OAEP_PADDING: ++ i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); ++ break; ++# endif ++ case RSA_SSLV23_PADDING: ++ i = RSA_padding_add_SSLv23(buf, num, from, flen); ++ break; ++ case RSA_NO_PADDING: ++ i = RSA_padding_add_none(buf, num, from, flen); ++ break; ++ default: ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (i <= 0) ++ goto err; ++ ++ if (BN_bin2bn(buf, num, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ /* usually the padding functions would catch this */ ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ ++ /* ++ * put in leading 0 bytes if the number is less than the length of the ++ * modulus ++ */ ++ j = BN_num_bytes(ret); ++ i = BN_bn2bin(ret, &(to[num - j])); ++ for (k = 0; k < (num - i); k++) ++ to[k] = 0; ++ ++ r = num; ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} ++ ++static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) ++{ ++ BN_BLINDING *ret; ++ int got_write_lock = 0; ++ CRYPTO_THREADID cur; ++ ++ CRYPTO_r_lock(CRYPTO_LOCK_RSA); ++ ++ if (rsa->blinding == NULL) { ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ got_write_lock = 1; ++ ++ if (rsa->blinding == NULL) ++ rsa->blinding = RSA_setup_blinding(rsa, ctx); ++ } ++ ++ ret = rsa->blinding; ++ if (ret == NULL) ++ goto err; ++ ++ CRYPTO_THREADID_current(&cur); ++ if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) { ++ /* rsa->blinding is ours! */ ++ ++ *local = 1; ++ } else { ++ /* resort to rsa->mt_blinding instead */ ++ ++ /* ++ * instructs rsa_blinding_convert(), rsa_blinding_invert() that the ++ * BN_BLINDING is shared, meaning that accesses require locks, and ++ * that the blinding factor must be stored outside the BN_BLINDING ++ */ ++ *local = 0; ++ ++ if (rsa->mt_blinding == NULL) { ++ if (!got_write_lock) { ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ got_write_lock = 1; ++ } ++ ++ if (rsa->mt_blinding == NULL) ++ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); ++ } ++ ret = rsa->mt_blinding; ++ } ++ ++ err: ++ if (got_write_lock) ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); ++ else ++ CRYPTO_r_unlock(CRYPTO_LOCK_RSA); ++ return ret; ++} ++ ++static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, ++ BN_CTX *ctx) ++{ ++ if (unblind == NULL) ++ /* ++ * Local blinding: store the unblinding factor in BN_BLINDING. ++ */ ++ return BN_BLINDING_convert_ex(f, NULL, b, ctx); ++ else { ++ /* ++ * Shared blinding: store the unblinding factor outside BN_BLINDING. ++ */ ++ int ret; ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); ++ ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); ++ return ret; ++ } ++} ++ ++static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, ++ BN_CTX *ctx) ++{ ++ /* ++ * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex ++ * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING ++ * is shared between threads, unblind must be non-null: ++ * BN_BLINDING_invert_ex will then use the local unblinding factor, and ++ * will only read the modulus from BN_BLINDING. In both cases it's safe ++ * to access the blinding without a lock. ++ */ ++ return BN_BLINDING_invert_ex(f, unblind, b, ctx); ++} ++ ++/* signing */ ++static int RSA_eay_private_encrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret, *res; ++ int i, j, k, num = 0, r = -1; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ int local_blinding = 0; ++ /* ++ * Used only if the blinding structure is shared. A non-NULL unblind ++ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store ++ * the unblinding factor outside the blinding structure. ++ */ ++ BIGNUM *unblind = NULL; ++ BN_BLINDING *blinding = NULL; ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); ++ break; ++ case RSA_X931_PADDING: ++ i = RSA_padding_add_X931(buf, num, from, flen); ++ break; ++ case RSA_NO_PADDING: ++ i = RSA_padding_add_none(buf, num, from, flen); ++ break; ++ case RSA_SSLV23_PADDING: ++ default: ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (i <= 0) ++ goto err; ++ ++ if (BN_bin2bn(buf, num, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ /* usually the padding functions would catch this */ ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { ++ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); ++ if (blinding == NULL) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ if (blinding != NULL) { ++ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) ++ goto err; ++ } ++ ++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || ++ ((rsa->p != NULL) && ++ (rsa->q != NULL) && ++ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { ++ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) ++ goto err; ++ } else { ++ BIGNUM local_d; ++ BIGNUM *d = NULL; ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ BN_init(&local_d); ++ d = &local_d; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ } ++ ++ if (blinding) ++ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) ++ goto err; ++ ++ if (padding == RSA_X931_PADDING) { ++ BN_sub(f, rsa->n, ret); ++ if (BN_cmp(ret, f) > 0) ++ res = f; ++ else ++ res = ret; ++ } else ++ res = ret; ++ ++ /* ++ * put in leading 0 bytes if the number is less than the length of the ++ * modulus ++ */ ++ j = BN_num_bytes(res); ++ i = BN_bn2bin(res, &(to[num - j])); ++ for (k = 0; k < (num - i); k++) ++ to[k] = 0; ++ ++ r = num; ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} ++ ++static int RSA_eay_private_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret; ++ int j, num = 0, r = -1; ++ unsigned char *p; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ int local_blinding = 0; ++ /* ++ * Used only if the blinding structure is shared. A non-NULL unblind ++ * instructs rsa_blinding_convert() and rsa_blinding_invert() to store ++ * the unblinding factor outside the blinding structure. ++ */ ++ BIGNUM *unblind = NULL; ++ BN_BLINDING *blinding = NULL; ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* ++ * This check was for equality but PGP does evil things and chops off the ++ * top '0' bytes ++ */ ++ if (flen > num) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ++ RSA_R_DATA_GREATER_THAN_MOD_LEN); ++ goto err; ++ } ++ ++ /* make data into a big number */ ++ if (BN_bin2bn(from, (int)flen, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { ++ blinding = rsa_get_blinding(rsa, &local_blinding, ctx); ++ if (blinding == NULL) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); ++ goto err; ++ } ++ } ++ ++ if (blinding != NULL) { ++ if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!rsa_blinding_convert(blinding, f, unblind, ctx)) ++ goto err; ++ } ++ ++ /* do the decrypt */ ++ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || ++ ((rsa->p != NULL) && ++ (rsa->q != NULL) && ++ (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { ++ if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) ++ goto err; ++ } else { ++ BIGNUM local_d; ++ BIGNUM *d = NULL; ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ d = &local_d; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ } ++ ++ if (blinding) ++ if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) ++ goto err; ++ ++ p = buf; ++ j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); ++ break; ++# ifndef OPENSSL_NO_SHA ++ case RSA_PKCS1_OAEP_PADDING: ++ r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); ++ break; ++# endif ++ case RSA_SSLV23_PADDING: ++ r = RSA_padding_check_SSLv23(to, num, buf, j, num); ++ break; ++ case RSA_NO_PADDING: ++ r = RSA_padding_check_none(to, num, buf, j, num); ++ break; ++ default: ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (r < 0) ++ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); ++ ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} ++ ++/* signature verification */ ++static int RSA_eay_public_decrypt(int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, int padding) ++{ ++ BIGNUM *f, *ret; ++ int i, num = 0, r = -1; ++ unsigned char *p; ++ unsigned char *buf = NULL; ++ BN_CTX *ctx = NULL; ++ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); ++ return -1; ++ } ++ ++ if (BN_ucmp(rsa->n, rsa->e) <= 0) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ ++ /* for large moduli, enforce exponent limit */ ++ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { ++ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); ++ return -1; ++ } ++ } ++ ++ if ((ctx = BN_CTX_new()) == NULL) ++ goto err; ++ BN_CTX_start(ctx); ++ f = BN_CTX_get(ctx); ++ ret = BN_CTX_get(ctx); ++ num = BN_num_bytes(rsa->n); ++ buf = OPENSSL_malloc(num); ++ if (!f || !ret || !buf) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ ++ /* ++ * This check was for equality but PGP does evil things and chops off the ++ * top '0' bytes ++ */ ++ if (flen > num) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN); ++ goto err; ++ } ++ ++ if (BN_bin2bn(from, flen, f) == NULL) ++ goto err; ++ ++ if (BN_ucmp(f, rsa->n) >= 0) { ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ++ RSA_R_DATA_TOO_LARGE_FOR_MODULUS); ++ goto err; ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ ++ if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) ++ if (!BN_sub(ret, rsa->n, ret)) ++ goto err; ++ ++ p = buf; ++ i = BN_bn2bin(ret, p); ++ ++ switch (padding) { ++ case RSA_PKCS1_PADDING: ++ r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); ++ break; ++ case RSA_X931_PADDING: ++ r = RSA_padding_check_X931(to, num, buf, i, num); ++ break; ++ case RSA_NO_PADDING: ++ r = RSA_padding_check_none(to, num, buf, i, num); ++ break; ++ default: ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ goto err; ++ } ++ if (r < 0) ++ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); ++ ++ err: ++ if (ctx != NULL) { ++ BN_CTX_end(ctx); ++ BN_CTX_free(ctx); ++ } ++ if (buf != NULL) { ++ OPENSSL_cleanse(buf, num); ++ OPENSSL_free(buf); ++ } ++ return (r); ++} ++ ++static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) ++{ ++ BIGNUM *r1, *m1, *vrfy; ++ BIGNUM local_dmp1, local_dmq1, local_c, local_r1; ++ BIGNUM *dmp1, *dmq1, *c, *pr1; ++ int ret = 0; ++ ++ BN_CTX_start(ctx); ++ r1 = BN_CTX_get(ctx); ++ m1 = BN_CTX_get(ctx); ++ vrfy = BN_CTX_get(ctx); ++ ++ { ++ BIGNUM local_p, local_q; ++ BIGNUM *p = NULL, *q = NULL; ++ ++ /* ++ * Make sure BN_mod_inverse in Montgomery intialization uses the ++ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) ++ */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ BN_init(&local_p); ++ p = &local_p; ++ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); ++ ++ BN_init(&local_q); ++ q = &local_q; ++ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); ++ } else { ++ p = rsa->p; ++ q = rsa->q; ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) ++ goto err; ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) ++ goto err; ++ } ++ } ++ ++ if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) ++ if (!BN_MONT_CTX_set_locked ++ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) ++ goto err; ++ ++ /* compute I mod q */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ c = &local_c; ++ BN_with_flags(c, I, BN_FLG_CONSTTIME); ++ if (!BN_mod(r1, c, rsa->q, ctx)) ++ goto err; ++ } else { ++ if (!BN_mod(r1, I, rsa->q, ctx)) ++ goto err; ++ } ++ ++ /* compute r1^dmq1 mod q */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ dmq1 = &local_dmq1; ++ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); ++ } else ++ dmq1 = rsa->dmq1; ++ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q)) ++ goto err; ++ ++ /* compute I mod p */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ c = &local_c; ++ BN_with_flags(c, I, BN_FLG_CONSTTIME); ++ if (!BN_mod(r1, c, rsa->p, ctx)) ++ goto err; ++ } else { ++ if (!BN_mod(r1, I, rsa->p, ctx)) ++ goto err; ++ } ++ ++ /* compute r1^dmp1 mod p */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ dmp1 = &local_dmp1; ++ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); ++ } else ++ dmp1 = rsa->dmp1; ++ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p)) ++ goto err; ++ ++ if (!BN_sub(r0, r0, m1)) ++ goto err; ++ /* ++ * This will help stop the size of r0 increasing, which does affect the ++ * multiply if it optimised for a power of 2 size ++ */ ++ if (BN_is_negative(r0)) ++ if (!BN_add(r0, r0, rsa->p)) ++ goto err; ++ ++ if (!BN_mul(r1, r0, rsa->iqmp, ctx)) ++ goto err; ++ ++ /* Turn BN_FLG_CONSTTIME flag on before division operation */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ pr1 = &local_r1; ++ BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); ++ } else ++ pr1 = r1; ++ if (!BN_mod(r0, pr1, rsa->p, ctx)) ++ goto err; ++ ++ /* ++ * If p < q it is occasionally possible for the correction of adding 'p' ++ * if r0 is negative above to leave the result still negative. This can ++ * break the private key operations: the following second correction ++ * should *always* correct this rare occurrence. This will *never* happen ++ * with OpenSSL generated keys because they ensure p > q [steve] ++ */ ++ if (BN_is_negative(r0)) ++ if (!BN_add(r0, r0, rsa->p)) ++ goto err; ++ if (!BN_mul(r1, r0, rsa->q, ctx)) ++ goto err; ++ if (!BN_add(r0, r1, m1)) ++ goto err; ++ ++ if (rsa->e && rsa->n) { ++ if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ /* ++ * If 'I' was greater than (or equal to) rsa->n, the operation will ++ * be equivalent to using 'I mod n'. However, the result of the ++ * verify will *always* be less than 'n' so we don't check for ++ * absolute equality, just congruency. ++ */ ++ if (!BN_sub(vrfy, vrfy, I)) ++ goto err; ++ if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) ++ goto err; ++ if (BN_is_negative(vrfy)) ++ if (!BN_add(vrfy, vrfy, rsa->n)) ++ goto err; ++ if (!BN_is_zero(vrfy)) { ++ /* ++ * 'I' and 'vrfy' aren't congruent mod n. Don't leak ++ * miscalculated CRT output, just do a raw (slower) mod_exp and ++ * return that instead. ++ */ ++ ++ BIGNUM local_d; ++ BIGNUM *d = NULL; ++ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ d = &local_d; ++ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; ++ if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, ++ rsa->_method_mod_n)) ++ goto err; ++ } ++ } ++ ret = 1; ++ err: ++ BN_CTX_end(ctx); ++ return (ret); ++} ++ ++static int RSA_eay_init(RSA *rsa) ++{ ++ rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; ++ return (1); ++} ++ ++static int RSA_eay_finish(RSA *rsa) ++{ ++ if (rsa->_method_mod_n != NULL) ++ BN_MONT_CTX_free(rsa->_method_mod_n); ++ if (rsa->_method_mod_p != NULL) ++ BN_MONT_CTX_free(rsa->_method_mod_p); ++ if (rsa->_method_mod_q != NULL) ++ BN_MONT_CTX_free(rsa->_method_mod_q); ++ return (1); ++} ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +index bf54095..0bab05e 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,35 +70,36 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) + + static ERR_STRING_DATA RSA_str_functs[] = { +- {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"}, +- {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"}, +- {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"}, +- {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"}, +- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"}, +- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"}, +- {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"}, +- {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"}, +- {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"}, +- {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"}, +- {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"}, ++ {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"}, ++ {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"}, ++ {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"}, ++ {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, ++ {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"}, ++ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"}, ++ {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "RSA_ALGOR_TO_MD"}, ++ {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, + {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, +- {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"}, +- {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"}, +- {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"}, +- {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"}, +- {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"}, +- {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"}, +- {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"}, ++ {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "RSA_CMS_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, ++ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"}, ++ {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"}, ++ {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, ++ {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "RSA_MGF1_TO_MD"}, + {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, + {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, +- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"}, +- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"}, +- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"}, +- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"}, +- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"}, +- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"}, +- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"}, +- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"}, ++ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"}, + {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, + {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), + "RSA_padding_add_PKCS1_OAEP"}, +@@ -75,9 +127,14 @@ static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, + {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, + {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, +- {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"}, +- {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"}, +- {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"}, ++ {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, ++ {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"}, ++ {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "RSA_PSS_TO_CTX"}, ++ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"}, ++ {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, + {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, + {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, + {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), +@@ -85,6 +142,7 @@ static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, + {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), + "RSA_verify_ASN1_OCTET_STRING"}, ++ {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, + {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"}, + {0, NULL} + }; +@@ -119,6 +177,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"}, + {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"}, + {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"}, ++ {ERR_REASON(RSA_R_INVALID_KEYBITS), "invalid keybits"}, + {ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"}, + {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, + {ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"}, +@@ -134,11 +193,14 @@ static ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"}, + {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"}, + {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"}, ++ {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non fips rsa method"}, + {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"}, + {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), + "null before block missing"}, + {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"}, + {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"}, ++ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), ++ "operation not allowed in fips mode"}, + {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"}, +@@ -156,6 +218,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"}, + {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"}, + {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"}, ++ {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST), "unknown pss digest"}, + {ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE), + "unsupported encryption type"}, + {ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"}, +@@ -172,7 +235,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = { + + #endif + +-int ERR_load_RSA_strings(void) ++void ERR_load_RSA_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -181,5 +244,4 @@ int ERR_load_RSA_strings(void) + ERR_load_strings(0, RSA_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +index 0d1d56b..082c8da 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_gen.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + /* +@@ -15,9 +64,14 @@ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "rsa_locl.h" ++#include ++#ifdef OPENSSL_FIPS ++# include ++extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, ++ BN_GENCB *cb); ++#endif + + static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + BN_GENCB *cb); +@@ -31,8 +85,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + */ + int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) + { ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD); ++ return 0; ++ } ++#endif + if (rsa->meth->rsa_keygen) + return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); ++#endif + return rsa_builtin_keygen(rsa, bits, e_value, cb); + } + +@@ -40,6 +105,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + BN_GENCB *cb) + { + BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; ++ BIGNUM local_r0, local_d, local_p; ++ BIGNUM *pr0, *d, *p; + int bitsp, bitsq, ok = -1, n = 0; + BN_CTX *ctx = NULL; + +@@ -60,19 +127,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + /* We need the RSA components non-NULL */ + if (!rsa->n && ((rsa->n = BN_new()) == NULL)) + goto err; +- if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL)) ++ if (!rsa->d && ((rsa->d = BN_new()) == NULL)) + goto err; + if (!rsa->e && ((rsa->e = BN_new()) == NULL)) + goto err; +- if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL)) ++ if (!rsa->p && ((rsa->p = BN_new()) == NULL)) + goto err; +- if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL)) ++ if (!rsa->q && ((rsa->q = BN_new()) == NULL)) + goto err; +- if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL)) ++ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) + goto err; +- if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL)) ++ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) + goto err; +- if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL)) ++ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) + goto err; + + if (BN_copy(rsa->e, e_value) == NULL) +@@ -137,53 +204,37 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + goto err; /* q-1 */ + if (!BN_mul(r0, r1, r2, ctx)) + goto err; /* (p-1)(q-1) */ +- { +- BIGNUM *pr0 = BN_new(); +- +- if (pr0 == NULL) +- goto err; ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ pr0 = &local_r0; + BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); +- if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { +- BN_free(pr0); +- goto err; /* d */ +- } +- /* We MUST free pr0 before any further use of r0 */ +- BN_free(pr0); +- } +- +- { +- BIGNUM *d = BN_new(); +- +- if (d == NULL) +- goto err; ++ } else ++ pr0 = r0; ++ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) ++ goto err; /* d */ ++ ++ /* set up d for correct BN_FLG_CONSTTIME flag */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ d = &local_d; + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); ++ } else ++ d = rsa->d; + +- if ( /* calculate d mod (p-1) */ +- !BN_mod(rsa->dmp1, d, r1, ctx) +- /* calculate d mod (q-1) */ +- || !BN_mod(rsa->dmq1, d, r2, ctx)) { +- BN_free(d); +- goto err; +- } +- /* We MUST free d before any further use of rsa->d */ +- BN_free(d); +- } ++ /* calculate d mod (p-1) */ ++ if (!BN_mod(rsa->dmp1, d, r1, ctx)) ++ goto err; + +- { +- BIGNUM *p = BN_new(); ++ /* calculate d mod (q-1) */ ++ if (!BN_mod(rsa->dmq1, d, r2, ctx)) ++ goto err; + +- if (p == NULL) +- goto err; ++ /* calculate inverse of q mod p */ ++ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { ++ p = &local_p; + BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); +- +- /* calculate inverse of q mod p */ +- if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) { +- BN_free(p); +- goto err; +- } +- /* We MUST free p before any further use of rsa->p */ +- BN_free(p); +- } ++ } else ++ p = rsa->p; ++ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) ++ goto err; + + ok = 1; + err: +@@ -191,9 +242,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, + RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); + ok = 0; + } +- if (ctx != NULL) ++ if (ctx != NULL) { + BN_CTX_end(ctx); +- BN_CTX_free(ctx); ++ BN_CTX_free(ctx); ++ } + + return ok; + } +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +index 48e9100..6ea6b40 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c +@@ -1,19 +1,77 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_lib.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "internal/bn_int.h" +-#include +-#include "rsa_locl.h" ++#include ++#include ++#include ++#ifndef OPENSSL_NO_ENGINE ++# include ++#endif ++ ++#ifdef OPENSSL_FIPS ++# include ++#endif ++ ++const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT; + + static const RSA_METHOD *default_RSA_meth = NULL; + +@@ -32,10 +90,17 @@ void RSA_set_default_method(const RSA_METHOD *meth) + const RSA_METHOD *RSA_get_default_method(void) + { + if (default_RSA_meth == NULL) { +-#ifdef RSA_NULL +- default_RSA_meth = RSA_null_method(); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode()) ++ return FIPS_rsa_pkcs1_ssleay(); ++ else ++ return RSA_PKCS1_SSLeay(); + #else +- default_RSA_meth = RSA_PKCS1_OpenSSL(); ++# ifdef RSA_NULL ++ default_RSA_meth = RSA_null_method(); ++# else ++ default_RSA_meth = RSA_PKCS1_SSLeay(); ++# endif + #endif + } + +@@ -58,8 +123,10 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) + if (mtmp->finish) + mtmp->finish(rsa); + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(rsa->engine); +- rsa->engine = NULL; ++ if (rsa->engine) { ++ ENGINE_finish(rsa->engine); ++ rsa->engine = NULL; ++ } + #endif + rsa->meth = meth; + if (meth->init) +@@ -69,56 +136,74 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) + + RSA *RSA_new_method(ENGINE *engine) + { +- RSA *ret = OPENSSL_zalloc(sizeof(*ret)); ++ RSA *ret; + ++ ret = (RSA *)OPENSSL_malloc(sizeof(RSA)); + if (ret == NULL) { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); + return NULL; + } +- +- ret->references = 1; +- ret->lock = CRYPTO_THREAD_lock_new(); +- if (ret->lock == NULL) { +- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(ret); +- return NULL; +- } ++ memset(ret,0,sizeof(RSA)); + + ret->meth = RSA_get_default_method(); + #ifndef OPENSSL_NO_ENGINE +- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; + if (engine) { + if (!ENGINE_init(engine)) { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- goto err; ++ OPENSSL_free(ret); ++ return NULL; + } + ret->engine = engine; + } else + ret->engine = ENGINE_get_default_RSA(); + if (ret->engine) { + ret->meth = ENGINE_get_RSA(ret->engine); +- if (ret->meth == NULL) { ++ if (!ret->meth) { + RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); +- goto err; ++ ENGINE_finish(ret->engine); ++ OPENSSL_free(ret); ++ return NULL; + } + } + #endif + ++ ret->pad = 0; ++ ret->version = 0; ++ ret->n = NULL; ++ ret->e = NULL; ++ ret->d = NULL; ++ ret->p = NULL; ++ ret->q = NULL; ++ ret->dmp1 = NULL; ++ ret->dmq1 = NULL; ++ ret->iqmp = NULL; ++ ret->references = 1; ++ ret->_method_mod_n = NULL; ++ ret->_method_mod_p = NULL; ++ ret->_method_mod_q = NULL; ++ ret->blinding = NULL; ++ ret->mt_blinding = NULL; ++ ret->bignum_data = NULL; + ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { +- goto err; ++#ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++#endif ++ OPENSSL_free(ret); ++ return (NULL); + } + + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { +- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL); +- goto err; ++#ifndef OPENSSL_NO_ENGINE ++ if (ret->engine) ++ ENGINE_finish(ret->engine); ++#endif ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); ++ OPENSSL_free(ret); ++ ret = NULL; + } +- +- return ret; +- +-err: +- RSA_free(ret); +- return NULL; ++ return (ret); + } + + void RSA_free(RSA *r) +@@ -128,48 +213,75 @@ void RSA_free(RSA *r) + if (r == NULL) + return; + +- CRYPTO_atomic_add(&r->references, -1, &i, r->lock); +- REF_PRINT_COUNT("RSA", r); ++ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); ++#ifdef REF_PRINT ++ REF_PRINT("RSA", r); ++#endif + if (i > 0) + return; +- REF_ASSERT_ISNT(i < 0); ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "RSA_free, bad reference count\n"); ++ abort(); ++ } ++#endif + + if (r->meth->finish) + r->meth->finish(r); + #ifndef OPENSSL_NO_ENGINE +- ENGINE_finish(r->engine); ++ if (r->engine) ++ ENGINE_finish(r->engine); + #endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); + +- CRYPTO_THREAD_lock_free(r->lock); +- +- BN_clear_free(r->n); +- BN_clear_free(r->e); +- BN_clear_free(r->d); +- BN_clear_free(r->p); +- BN_clear_free(r->q); +- BN_clear_free(r->dmp1); +- BN_clear_free(r->dmq1); +- BN_clear_free(r->iqmp); +- BN_BLINDING_free(r->blinding); +- BN_BLINDING_free(r->mt_blinding); +- OPENSSL_free(r->bignum_data); ++ if (r->n != NULL) ++ BN_clear_free(r->n); ++ if (r->e != NULL) ++ BN_clear_free(r->e); ++ if (r->d != NULL) ++ BN_clear_free(r->d); ++ if (r->p != NULL) ++ BN_clear_free(r->p); ++ if (r->q != NULL) ++ BN_clear_free(r->q); ++ if (r->dmp1 != NULL) ++ BN_clear_free(r->dmp1); ++ if (r->dmq1 != NULL) ++ BN_clear_free(r->dmq1); ++ if (r->iqmp != NULL) ++ BN_clear_free(r->iqmp); ++ if (r->blinding != NULL) ++ BN_BLINDING_free(r->blinding); ++ if (r->mt_blinding != NULL) ++ BN_BLINDING_free(r->mt_blinding); ++ if (r->bignum_data != NULL) ++ OPENSSL_free_locked(r->bignum_data); + OPENSSL_free(r); + } + + int RSA_up_ref(RSA *r) + { +- int i; +- +- if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("RSA", r); +- REF_ASSERT_ISNT(i < 2); ++ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); ++#ifdef REF_PRINT ++ REF_PRINT("RSA", r); ++#endif ++#ifdef REF_CHECK ++ if (i < 2) { ++ fprintf(stderr, "RSA_up_ref, bad reference count\n"); ++ abort(); ++ } ++#endif + return ((i > 1) ? 1 : 0); + } + ++int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, ++ new_func, dup_func, free_func); ++} ++ + int RSA_set_ex_data(RSA *r, int idx, void *arg) + { + return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); +@@ -180,131 +292,46 @@ void *RSA_get_ex_data(const RSA *r, int idx) + return (CRYPTO_get_ex_data(&r->ex_data, idx)); + } + +-int RSA_security_bits(const RSA *rsa) +-{ +- return BN_security_bits(BN_num_bits(rsa->n), -1); +-} +- +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +-{ +- /* If the fields n and e in r are NULL, the corresponding input +- * parameters MUST be non-NULL for n and e. d may be +- * left NULL (in case only the public key is used). +- */ +- if ((r->n == NULL && n == NULL) +- || (r->e == NULL && e == NULL)) +- return 0; +- +- if (n != NULL) { +- BN_free(r->n); +- r->n = n; +- } +- if (e != NULL) { +- BN_free(r->e); +- r->e = e; +- } +- if (d != NULL) { +- BN_free(r->d); +- r->d = d; +- } +- +- return 1; +-} +- +-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) ++int RSA_memory_lock(RSA *r) + { +- /* If the fields p and q in r are NULL, the corresponding input +- * parameters MUST be non-NULL. +- */ +- if ((r->p == NULL && p == NULL) +- || (r->q == NULL && q == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(r->p); +- r->p = p; +- } +- if (q != NULL) { +- BN_free(r->q); +- r->q = q; +- } +- +- return 1; +-} +- +-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +-{ +- /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input +- * parameters MUST be non-NULL. +- */ +- if ((r->dmp1 == NULL && dmp1 == NULL) +- || (r->dmq1 == NULL && dmq1 == NULL) +- || (r->iqmp == NULL && iqmp == NULL)) +- return 0; +- +- if (dmp1 != NULL) { +- BN_free(r->dmp1); +- r->dmp1 = dmp1; ++ int i, j, k, off; ++ char *p; ++ BIGNUM *bn, **t[6], *b; ++ BN_ULONG *ul; ++ ++ if (r->d == NULL) ++ return (1); ++ t[0] = &r->d; ++ t[1] = &r->p; ++ t[2] = &r->q; ++ t[3] = &r->dmp1; ++ t[4] = &r->dmq1; ++ t[5] = &r->iqmp; ++ k = sizeof(BIGNUM) * 6; ++ off = k / sizeof(BN_ULONG) + 1; ++ j = 1; ++ for (i = 0; i < 6; i++) ++ j += (*t[i])->top; ++ if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) { ++ RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); ++ return (0); + } +- if (dmq1 != NULL) { +- BN_free(r->dmq1); +- r->dmq1 = dmq1; ++ bn = (BIGNUM *)p; ++ ul = (BN_ULONG *)&(p[off]); ++ for (i = 0; i < 6; i++) { ++ b = *(t[i]); ++ *(t[i]) = &(bn[i]); ++ memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM)); ++ bn[i].flags = BN_FLG_STATIC_DATA; ++ bn[i].d = ul; ++ memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top); ++ ul += b->top; ++ BN_clear_free(b); + } +- if (iqmp != NULL) { +- BN_free(r->iqmp); +- r->iqmp = iqmp; +- } +- +- return 1; +-} +- +-void RSA_get0_key(const RSA *r, +- const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +-{ +- if (n != NULL) +- *n = r->n; +- if (e != NULL) +- *e = r->e; +- if (d != NULL) +- *d = r->d; +-} +- +-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +-{ +- if (p != NULL) +- *p = r->p; +- if (q != NULL) +- *q = r->q; +-} +- +-void RSA_get0_crt_params(const RSA *r, +- const BIGNUM **dmp1, const BIGNUM **dmq1, +- const BIGNUM **iqmp) +-{ +- if (dmp1 != NULL) +- *dmp1 = r->dmp1; +- if (dmq1 != NULL) +- *dmq1 = r->dmq1; +- if (iqmp != NULL) +- *iqmp = r->iqmp; +-} + +-void RSA_clear_flags(RSA *r, int flags) +-{ +- r->flags &= ~flags; +-} ++ /* I should fix this so it can still be done */ ++ r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC); + +-int RSA_test_flags(const RSA *r, int flags) +-{ +- return r->flags & flags; +-} +- +-void RSA_set_flags(RSA *r, int flags) +-{ +- r->flags |= flags; +-} +- +-ENGINE *RSA_get0_engine(const RSA *r) +-{ +- return r->engine; ++ r->bignum_data = p; ++ return (1); + } +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h +index 5d16aa6..3e88187 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h +@@ -1,95 +1,3 @@ +-/* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-struct rsa_st { +- /* +- * The first parameter is used to pickup errors where this is passed +- * instead of aEVP_PKEY, it is set to 0 +- */ +- int pad; +- long version; +- const RSA_METHOD *meth; +- /* functional reference if 'meth' is ENGINE-provided */ +- ENGINE *engine; +- BIGNUM *n; +- BIGNUM *e; +- BIGNUM *d; +- BIGNUM *p; +- BIGNUM *q; +- BIGNUM *dmp1; +- BIGNUM *dmq1; +- BIGNUM *iqmp; +- /* be careful using this if the RSA structure is shared */ +- CRYPTO_EX_DATA ex_data; +- int references; +- int flags; +- /* Used to cache montgomery values */ +- BN_MONT_CTX *_method_mod_n; +- BN_MONT_CTX *_method_mod_p; +- BN_MONT_CTX *_method_mod_q; +- /* +- * all BIGNUM values are actually in the following data, if it is not +- * NULL +- */ +- char *bignum_data; +- BN_BLINDING *blinding; +- BN_BLINDING *mt_blinding; +- CRYPTO_RWLOCK *lock; +-}; +- +-struct rsa_meth_st { +- char *name; +- int (*rsa_pub_enc) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +- int (*rsa_pub_dec) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +- int (*rsa_priv_enc) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +- int (*rsa_priv_dec) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +- /* Can be null */ +- int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx); +- /* Can be null */ +- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +- /* called at new */ +- int (*init) (RSA *rsa); +- /* called at free */ +- int (*finish) (RSA *rsa); +- /* RSA_METHOD_FLAG_* things */ +- int flags; +- /* may be needed! */ +- char *app_data; +- /* +- * New sign and verify functions: some libraries don't allow arbitrary +- * data to be signed/verified: this allows them to be used. Note: for +- * this to work the RSA_public_decrypt() and RSA_private_encrypt() should +- * *NOT* be used RSA_sign(), RSA_verify() should be used instead. +- */ +- int (*rsa_sign) (int type, +- const unsigned char *m, unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, +- const RSA *rsa); +- int (*rsa_verify) (int dtype, const unsigned char *m, +- unsigned int m_length, const unsigned char *sigbuf, +- unsigned int siglen, const RSA *rsa); +- /* +- * If this callback is NULL, the builtin software RSA key-gen will be +- * used. This is for behavioural compatibility whilst the code gets +- * rewired, but one day it would be nice to assume there are no such +- * things as "builtin software" implementations. +- */ +- int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +-}; +- + extern int int_rsa_verify(int dtype, const unsigned char *m, + unsigned int m_len, unsigned char *rm, + size_t *prm_len, const unsigned char *sigbuf, +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c +deleted file mode 100644 +index 9480abd..0000000 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c ++++ /dev/null +@@ -1,273 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "rsa_locl.h" +-#include +- +-RSA_METHOD *RSA_meth_new(const char *name, int flags) +-{ +- RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth)); +- +- if (meth != NULL) { +- meth->flags = flags; +- +- meth->name = OPENSSL_strdup(name); +- if (meth->name != NULL) +- return meth; +- +- OPENSSL_free(meth); +- } +- +- RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; +-} +- +-void RSA_meth_free(RSA_METHOD *meth) +-{ +- if (meth != NULL) { +- OPENSSL_free(meth->name); +- OPENSSL_free(meth); +- } +-} +- +-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) +-{ +- RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret)); +- +- if (ret != NULL) { +- memcpy(ret, meth, sizeof(*meth)); +- +- ret->name = OPENSSL_strdup(meth->name); +- if (ret->name != NULL) +- return ret; +- +- OPENSSL_free(ret); +- } +- +- RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE); +- return NULL; +-} +- +-const char *RSA_meth_get0_name(const RSA_METHOD *meth) +-{ +- return meth->name; +-} +- +-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) +-{ +- char *tmpname = OPENSSL_strdup(name); +- +- if (tmpname == NULL) { +- RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- +- OPENSSL_free(meth->name); +- meth->name = tmpname; +- +- return 1; +-} +- +-int RSA_meth_get_flags(RSA_METHOD *meth) +-{ +- return meth->flags; +-} +- +-int RSA_meth_set_flags(RSA_METHOD *meth, int flags) +-{ +- meth->flags = flags; +- return 1; +-} +- +-void *RSA_meth_get0_app_data(const RSA_METHOD *meth) +-{ +- return meth->app_data; +-} +- +-int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data) +-{ +- meth->app_data = app_data; +- return 1; +-} +- +-int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- return meth->rsa_pub_enc; +-} +- +-int RSA_meth_set_pub_enc(RSA_METHOD *meth, +- int (*pub_enc) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)) +-{ +- meth->rsa_pub_enc = pub_enc; +- return 1; +-} +- +-int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- return meth->rsa_pub_dec; +-} +- +-int RSA_meth_set_pub_dec(RSA_METHOD *meth, +- int (*pub_dec) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)) +-{ +- meth->rsa_pub_dec = pub_dec; +- return 1; +-} +- +-int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- return meth->rsa_priv_enc; +-} +- +-int RSA_meth_set_priv_enc(RSA_METHOD *meth, +- int (*priv_enc) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)) +-{ +- meth->rsa_priv_enc = priv_enc; +- return 1; +-} +- +-int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) +- (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- return meth->rsa_priv_dec; +-} +- +-int RSA_meth_set_priv_dec(RSA_METHOD *meth, +- int (*priv_dec) (int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, +- int padding)) +-{ +- meth->rsa_priv_dec = priv_dec; +- return 1; +-} +- +- /* Can be null */ +-int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) +- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) +-{ +- return meth->rsa_mod_exp; +-} +- +-int RSA_meth_set_mod_exp(RSA_METHOD *meth, +- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, +- BN_CTX *ctx)) +-{ +- meth->rsa_mod_exp = mod_exp; +- return 1; +-} +- +- /* Can be null */ +-int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) +- (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +-{ +- return meth->bn_mod_exp; +-} +- +-int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, +- int (*bn_mod_exp) (BIGNUM *r, +- const BIGNUM *a, +- const BIGNUM *p, +- const BIGNUM *m, +- BN_CTX *ctx, +- BN_MONT_CTX *m_ctx)) +-{ +- meth->bn_mod_exp = bn_mod_exp; +- return 1; +-} +- +- /* called at new */ +-int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa) +-{ +- return meth->init; +-} +- +-int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa)) +-{ +- meth->init = init; +- return 1; +-} +- +- /* called at free */ +-int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) +-{ +- return meth->finish; +-} +- +-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) +-{ +- meth->finish = finish; +- return 1; +-} +- +-int (*RSA_meth_get_sign(const RSA_METHOD *meth)) +- (int type, +- const unsigned char *m, unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, +- const RSA *rsa) +-{ +- return meth->rsa_sign; +-} +- +-int RSA_meth_set_sign(RSA_METHOD *meth, +- int (*sign) (int type, const unsigned char *m, +- unsigned int m_length, +- unsigned char *sigret, unsigned int *siglen, +- const RSA *rsa)) +-{ +- meth->rsa_sign = sign; +- return 1; +-} +- +-int (*RSA_meth_get_verify(const RSA_METHOD *meth)) +- (int dtype, const unsigned char *m, +- unsigned int m_length, const unsigned char *sigbuf, +- unsigned int siglen, const RSA *rsa) +-{ +- return meth->rsa_verify; +-} +- +-int RSA_meth_set_verify(RSA_METHOD *meth, +- int (*verify) (int dtype, const unsigned char *m, +- unsigned int m_length, +- const unsigned char *sigbuf, +- unsigned int siglen, const RSA *rsa)) +-{ +- meth->rsa_verify = verify; +- return 1; +-} +- +-int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) +- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) +-{ +- return meth->rsa_keygen; +-} +- +-int RSA_meth_set_keygen(RSA_METHOD *meth, +- int (*keygen) (RSA *rsa, int bits, BIGNUM *e, +- BN_GENCB *cb)) +-{ +- meth->rsa_keygen = keygen; +- return 1; +-} +- +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c +index b78756d..982b31f 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c +@@ -1,15 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_none.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/cryptlib.h" ++#include ++#include "cryptlib.h" + #include + #include ++#include + + int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *from, int flen) +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c +index d339494..241b431 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c +@@ -1,16 +1,67 @@ ++/* rsa_null.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "rsa_locl.h" ++#include ++#include + + /* + * This is a dummy RSA implementation that just returns errors when called. +@@ -28,6 +79,9 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + static int RSA_null_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); ++#if 0 /* not currently used */ ++static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa); ++#endif + static int RSA_null_init(RSA *rsa); + static int RSA_null_finish(RSA *rsa); + static RSA_METHOD rsa_null_meth = { +@@ -82,6 +136,14 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from, + return -1; + } + ++#if 0 /* not currently used */ ++static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) ++{ ++ ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); ++ return -1; ++} ++#endif ++ + static int RSA_null_init(RSA *rsa) + { + return (1); +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +index 868104f..19d28c6 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c +@@ -1,10 +1,7 @@ ++/* crypto/rsa/rsa_oaep.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Written by Ulf Moeller. This software is distributed on an "AS IS" basis, ++ * WITHOUT WARRANTY OF ANY KIND, either express or implied. + */ + + /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ +@@ -20,15 +17,16 @@ + * one-wayness. For the RSA function, this is an equivalent notion. + */ + +-#include "internal/constant_time_locl.h" ++#include "constant_time_locl.h" + +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include "rsa_locl.h" ++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include ++# include + + int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *from, int flen, +@@ -78,11 +76,11 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); + if (RAND_bytes(seed, mdlen) <= 0) + return 0; +-#ifdef PKCS_TESTVECT ++# ifdef PKCS_TESTVECT + memcpy(seed, + "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", + 20); +-#endif ++# endif + + dbmask = OPENSSL_malloc(emlen - mdlen); + if (dbmask == NULL) { +@@ -239,8 +237,10 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + RSA_R_OAEP_DECODING_ERROR); + cleanup: +- OPENSSL_free(db); +- OPENSSL_free(em); ++ if (db != NULL) ++ OPENSSL_free(db); ++ if (em != NULL) ++ OPENSSL_free(em); + return mlen; + } + +@@ -249,13 +249,12 @@ int PKCS1_MGF1(unsigned char *mask, long len, + { + long i, outlen = 0; + unsigned char cnt[4]; +- EVP_MD_CTX *c = EVP_MD_CTX_new(); ++ EVP_MD_CTX c; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; + int rv = -1; + +- if (c == NULL) +- goto err; ++ EVP_MD_CTX_init(&c); + mdlen = EVP_MD_size(dgst); + if (mdlen < 0) + goto err; +@@ -264,16 +263,16 @@ int PKCS1_MGF1(unsigned char *mask, long len, + cnt[1] = (unsigned char)((i >> 16) & 255); + cnt[2] = (unsigned char)((i >> 8)) & 255; + cnt[3] = (unsigned char)(i & 255); +- if (!EVP_DigestInit_ex(c, dgst, NULL) +- || !EVP_DigestUpdate(c, seed, seedlen) +- || !EVP_DigestUpdate(c, cnt, 4)) ++ if (!EVP_DigestInit_ex(&c, dgst, NULL) ++ || !EVP_DigestUpdate(&c, seed, seedlen) ++ || !EVP_DigestUpdate(&c, cnt, 4)) + goto err; + if (outlen + mdlen <= len) { +- if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) ++ if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + goto err; + outlen += mdlen; + } else { +- if (!EVP_DigestFinal_ex(c, md, NULL)) ++ if (!EVP_DigestFinal_ex(&c, md, NULL)) + goto err; + memcpy(mask + outlen, md, len - outlen); + outlen = len; +@@ -281,6 +280,8 @@ int PKCS1_MGF1(unsigned char *mask, long len, + } + rv = 0; + err: +- EVP_MD_CTX_free(c); ++ EVP_MD_CTX_cleanup(&c); + return rv; + } ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c +deleted file mode 100644 +index 7826066..0000000 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c ++++ /dev/null +@@ -1,790 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include "internal/cryptlib.h" +-#include "internal/bn_int.h" +-#include "rsa_locl.h" +- +-#ifndef RSA_NULL +- +-static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding); +-static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, +- BN_CTX *ctx); +-static int rsa_ossl_init(RSA *rsa); +-static int rsa_ossl_finish(RSA *rsa); +-static RSA_METHOD rsa_pkcs1_ossl_meth = { +- "OpenSSL PKCS#1 RSA (from Eric Young)", +- rsa_ossl_public_encrypt, +- rsa_ossl_public_decrypt, /* signature verification */ +- rsa_ossl_private_encrypt, /* signing */ +- rsa_ossl_private_decrypt, +- rsa_ossl_mod_exp, +- BN_mod_exp_mont, /* XXX probably we should not use Montgomery +- * if e == 3 */ +- rsa_ossl_init, +- rsa_ossl_finish, +- RSA_FLAG_FIPS_METHOD, /* flags */ +- NULL, +- 0, /* rsa_sign */ +- 0, /* rsa_verify */ +- NULL /* rsa_keygen */ +-}; +- +-const RSA_METHOD *RSA_PKCS1_OpenSSL(void) +-{ +- return &rsa_pkcs1_ossl_meth; +-} +- +-static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- BIGNUM *f, *ret; +- int i, j, k, num = 0, r = -1; +- unsigned char *buf = NULL; +- BN_CTX *ctx = NULL; +- +- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); +- return -1; +- } +- +- if (BN_ucmp(rsa->n, rsa->e) <= 0) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- +- /* for large moduli, enforce exponent limit */ +- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { +- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- } +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num = BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if (f == NULL || ret == NULL || buf == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- switch (padding) { +- case RSA_PKCS1_PADDING: +- i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); +- break; +- case RSA_PKCS1_OAEP_PADDING: +- i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); +- break; +- case RSA_SSLV23_PADDING: +- i = RSA_padding_add_SSLv23(buf, num, from, flen); +- break; +- case RSA_NO_PADDING: +- i = RSA_padding_add_none(buf, num, from, flen); +- break; +- default: +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (i <= 0) +- goto err; +- +- if (BN_bin2bn(buf, num, f) == NULL) +- goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) { +- /* usually the padding functions would catch this */ +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, +- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked +- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) +- goto err; +- +- if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, +- rsa->_method_mod_n)) +- goto err; +- +- /* +- * put in leading 0 bytes if the number is less than the length of the +- * modulus +- */ +- j = BN_num_bytes(ret); +- i = BN_bn2bin(ret, &(to[num - j])); +- for (k = 0; k < (num - i); k++) +- to[k] = 0; +- +- r = num; +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- OPENSSL_clear_free(buf, num); +- return (r); +-} +- +-static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) +-{ +- BN_BLINDING *ret; +- +- CRYPTO_THREAD_write_lock(rsa->lock); +- +- if (rsa->blinding == NULL) { +- rsa->blinding = RSA_setup_blinding(rsa, ctx); +- } +- +- ret = rsa->blinding; +- if (ret == NULL) +- goto err; +- +- if (BN_BLINDING_is_current_thread(ret)) { +- /* rsa->blinding is ours! */ +- +- *local = 1; +- } else { +- /* resort to rsa->mt_blinding instead */ +- +- /* +- * instructs rsa_blinding_convert(), rsa_blinding_invert() that the +- * BN_BLINDING is shared, meaning that accesses require locks, and +- * that the blinding factor must be stored outside the BN_BLINDING +- */ +- *local = 0; +- +- if (rsa->mt_blinding == NULL) { +- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); +- } +- ret = rsa->mt_blinding; +- } +- +- err: +- CRYPTO_THREAD_unlock(rsa->lock); +- return ret; +-} +- +-static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, +- BN_CTX *ctx) +-{ +- if (unblind == NULL) +- /* +- * Local blinding: store the unblinding factor in BN_BLINDING. +- */ +- return BN_BLINDING_convert_ex(f, NULL, b, ctx); +- else { +- /* +- * Shared blinding: store the unblinding factor outside BN_BLINDING. +- */ +- int ret; +- +- BN_BLINDING_lock(b); +- ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); +- BN_BLINDING_unlock(b); +- +- return ret; +- } +-} +- +-static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, +- BN_CTX *ctx) +-{ +- /* +- * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex +- * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING +- * is shared between threads, unblind must be non-null: +- * BN_BLINDING_invert_ex will then use the local unblinding factor, and +- * will only read the modulus from BN_BLINDING. In both cases it's safe +- * to access the blinding without a lock. +- */ +- return BN_BLINDING_invert_ex(f, unblind, b, ctx); +-} +- +-/* signing */ +-static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- BIGNUM *f, *ret, *res; +- int i, j, k, num = 0, r = -1; +- unsigned char *buf = NULL; +- BN_CTX *ctx = NULL; +- int local_blinding = 0; +- /* +- * Used only if the blinding structure is shared. A non-NULL unblind +- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store +- * the unblinding factor outside the blinding structure. +- */ +- BIGNUM *unblind = NULL; +- BN_BLINDING *blinding = NULL; +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num = BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if (f == NULL || ret == NULL || buf == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- switch (padding) { +- case RSA_PKCS1_PADDING: +- i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); +- break; +- case RSA_X931_PADDING: +- i = RSA_padding_add_X931(buf, num, from, flen); +- break; +- case RSA_NO_PADDING: +- i = RSA_padding_add_none(buf, num, from, flen); +- break; +- case RSA_SSLV23_PADDING: +- default: +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (i <= 0) +- goto err; +- +- if (BN_bin2bn(buf, num, f) == NULL) +- goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) { +- /* usually the padding functions would catch this */ +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, +- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { +- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); +- if (blinding == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (blinding != NULL) { +- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) +- goto err; +- } +- +- if ((rsa->flags & RSA_FLAG_EXT_PKEY) || +- ((rsa->p != NULL) && +- (rsa->q != NULL) && +- (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { +- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) +- goto err; +- } else { +- BIGNUM *d = BN_new(); +- if (d == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked +- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) { +- BN_free(d); +- goto err; +- } +- +- if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, +- rsa->_method_mod_n)) { +- BN_free(d); +- goto err; +- } +- /* We MUST free d before any further use of rsa->d */ +- BN_free(d); +- } +- +- if (blinding) +- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) +- goto err; +- +- if (padding == RSA_X931_PADDING) { +- BN_sub(f, rsa->n, ret); +- if (BN_cmp(ret, f) > 0) +- res = f; +- else +- res = ret; +- } else +- res = ret; +- +- /* +- * put in leading 0 bytes if the number is less than the length of the +- * modulus +- */ +- j = BN_num_bytes(res); +- i = BN_bn2bin(res, &(to[num - j])); +- for (k = 0; k < (num - i); k++) +- to[k] = 0; +- +- r = num; +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- OPENSSL_clear_free(buf, num); +- return (r); +-} +- +-static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- BIGNUM *f, *ret; +- int j, num = 0, r = -1; +- unsigned char *p; +- unsigned char *buf = NULL; +- BN_CTX *ctx = NULL; +- int local_blinding = 0; +- /* +- * Used only if the blinding structure is shared. A non-NULL unblind +- * instructs rsa_blinding_convert() and rsa_blinding_invert() to store +- * the unblinding factor outside the blinding structure. +- */ +- BIGNUM *unblind = NULL; +- BN_BLINDING *blinding = NULL; +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num = BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if (f == NULL || ret == NULL || buf == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* +- * This check was for equality but PGP does evil things and chops off the +- * top '0' bytes +- */ +- if (flen > num) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, +- RSA_R_DATA_GREATER_THAN_MOD_LEN); +- goto err; +- } +- +- /* make data into a big number */ +- if (BN_bin2bn(from, (int)flen, f) == NULL) +- goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, +- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { +- blinding = rsa_get_blinding(rsa, &local_blinding, ctx); +- if (blinding == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); +- goto err; +- } +- } +- +- if (blinding != NULL) { +- if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- if (!rsa_blinding_convert(blinding, f, unblind, ctx)) +- goto err; +- } +- +- /* do the decrypt */ +- if ((rsa->flags & RSA_FLAG_EXT_PKEY) || +- ((rsa->p != NULL) && +- (rsa->q != NULL) && +- (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { +- if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) +- goto err; +- } else { +- BIGNUM *d = BN_new(); +- if (d == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked +- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) { +- BN_free(d); +- goto err; +- } +- if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, +- rsa->_method_mod_n)) { +- BN_free(d); +- goto err; +- } +- /* We MUST free d before any further use of rsa->d */ +- BN_free(d); +- } +- +- if (blinding) +- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) +- goto err; +- +- p = buf; +- j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ +- +- switch (padding) { +- case RSA_PKCS1_PADDING: +- r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); +- break; +- case RSA_PKCS1_OAEP_PADDING: +- r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); +- break; +- case RSA_SSLV23_PADDING: +- r = RSA_padding_check_SSLv23(to, num, buf, j, num); +- break; +- case RSA_NO_PADDING: +- r = RSA_padding_check_none(to, num, buf, j, num); +- break; +- default: +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (r < 0) +- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); +- +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- OPENSSL_clear_free(buf, num); +- return (r); +-} +- +-/* signature verification */ +-static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, +- unsigned char *to, RSA *rsa, int padding) +-{ +- BIGNUM *f, *ret; +- int i, num = 0, r = -1; +- unsigned char *p; +- unsigned char *buf = NULL; +- BN_CTX *ctx = NULL; +- +- if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); +- return -1; +- } +- +- if (BN_ucmp(rsa->n, rsa->e) <= 0) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- +- /* for large moduli, enforce exponent limit */ +- if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { +- if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); +- return -1; +- } +- } +- +- if ((ctx = BN_CTX_new()) == NULL) +- goto err; +- BN_CTX_start(ctx); +- f = BN_CTX_get(ctx); +- ret = BN_CTX_get(ctx); +- num = BN_num_bytes(rsa->n); +- buf = OPENSSL_malloc(num); +- if (f == NULL || ret == NULL || buf == NULL) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* +- * This check was for equality but PGP does evil things and chops off the +- * top '0' bytes +- */ +- if (flen > num) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN); +- goto err; +- } +- +- if (BN_bin2bn(from, flen, f) == NULL) +- goto err; +- +- if (BN_ucmp(f, rsa->n) >= 0) { +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, +- RSA_R_DATA_TOO_LARGE_FOR_MODULUS); +- goto err; +- } +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked +- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) +- goto err; +- +- if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, +- rsa->_method_mod_n)) +- goto err; +- +- if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12)) +- if (!BN_sub(ret, rsa->n, ret)) +- goto err; +- +- p = buf; +- i = BN_bn2bin(ret, p); +- +- switch (padding) { +- case RSA_PKCS1_PADDING: +- r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); +- break; +- case RSA_X931_PADDING: +- r = RSA_padding_check_X931(to, num, buf, i, num); +- break; +- case RSA_NO_PADDING: +- r = RSA_padding_check_none(to, num, buf, i, num); +- break; +- default: +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); +- goto err; +- } +- if (r < 0) +- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); +- +- err: +- if (ctx != NULL) +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- OPENSSL_clear_free(buf, num); +- return (r); +-} +- +-static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) +-{ +- BIGNUM *r1, *m1, *vrfy; +- int ret = 0; +- +- BN_CTX_start(ctx); +- +- r1 = BN_CTX_get(ctx); +- m1 = BN_CTX_get(ctx); +- vrfy = BN_CTX_get(ctx); +- +- { +- BIGNUM *p = BN_new(), *q = BN_new(); +- +- /* +- * Make sure BN_mod_inverse in Montgomery initialization uses the +- * BN_FLG_CONSTTIME flag +- */ +- if (p == NULL || q == NULL) { +- BN_free(p); +- BN_free(q); +- goto err; +- } +- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); +- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); +- +- if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { +- if (!BN_MONT_CTX_set_locked +- (&rsa->_method_mod_p, rsa->lock, p, ctx) +- || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, +- rsa->lock, q, ctx)) { +- BN_free(p); +- BN_free(q); +- goto err; +- } +- } +- /* +- * We MUST free p and q before any further use of rsa->p and rsa->q +- */ +- BN_free(p); +- BN_free(q); +- } +- +- if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) +- if (!BN_MONT_CTX_set_locked +- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) +- goto err; +- +- /* compute I mod q */ +- { +- BIGNUM *c = BN_new(); +- if (c == NULL) +- goto err; +- BN_with_flags(c, I, BN_FLG_CONSTTIME); +- +- if (!BN_mod(r1, c, rsa->q, ctx)) { +- BN_free(c); +- goto err; +- } +- +- { +- BIGNUM *dmq1 = BN_new(); +- if (dmq1 == NULL) { +- BN_free(c); +- goto err; +- } +- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); +- +- /* compute r1^dmq1 mod q */ +- if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, +- rsa->_method_mod_q)) { +- BN_free(c); +- BN_free(dmq1); +- goto err; +- } +- /* We MUST free dmq1 before any further use of rsa->dmq1 */ +- BN_free(dmq1); +- } +- +- /* compute I mod p */ +- if (!BN_mod(r1, c, rsa->p, ctx)) { +- BN_free(c); +- goto err; +- } +- /* We MUST free c before any further use of I */ +- BN_free(c); +- } +- +- { +- BIGNUM *dmp1 = BN_new(); +- if (dmp1 == NULL) +- goto err; +- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); +- +- /* compute r1^dmp1 mod p */ +- if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, +- rsa->_method_mod_p)) { +- BN_free(dmp1); +- goto err; +- } +- /* We MUST free dmp1 before any further use of rsa->dmp1 */ +- BN_free(dmp1); +- } +- +- if (!BN_sub(r0, r0, m1)) +- goto err; +- /* +- * This will help stop the size of r0 increasing, which does affect the +- * multiply if it optimised for a power of 2 size +- */ +- if (BN_is_negative(r0)) +- if (!BN_add(r0, r0, rsa->p)) +- goto err; +- +- if (!BN_mul(r1, r0, rsa->iqmp, ctx)) +- goto err; +- +- { +- BIGNUM *pr1 = BN_new(); +- if (pr1 == NULL) +- goto err; +- BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); +- +- if (!BN_mod(r0, pr1, rsa->p, ctx)) { +- BN_free(pr1); +- goto err; +- } +- /* We MUST free pr1 before any further use of r1 */ +- BN_free(pr1); +- } +- +- /* +- * If p < q it is occasionally possible for the correction of adding 'p' +- * if r0 is negative above to leave the result still negative. This can +- * break the private key operations: the following second correction +- * should *always* correct this rare occurrence. This will *never* happen +- * with OpenSSL generated keys because they ensure p > q [steve] +- */ +- if (BN_is_negative(r0)) +- if (!BN_add(r0, r0, rsa->p)) +- goto err; +- if (!BN_mul(r1, r0, rsa->q, ctx)) +- goto err; +- if (!BN_add(r0, r1, m1)) +- goto err; +- +- if (rsa->e && rsa->n) { +- if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, +- rsa->_method_mod_n)) +- goto err; +- /* +- * If 'I' was greater than (or equal to) rsa->n, the operation will +- * be equivalent to using 'I mod n'. However, the result of the +- * verify will *always* be less than 'n' so we don't check for +- * absolute equality, just congruency. +- */ +- if (!BN_sub(vrfy, vrfy, I)) +- goto err; +- if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) +- goto err; +- if (BN_is_negative(vrfy)) +- if (!BN_add(vrfy, vrfy, rsa->n)) +- goto err; +- if (!BN_is_zero(vrfy)) { +- /* +- * 'I' and 'vrfy' aren't congruent mod n. Don't leak +- * miscalculated CRT output, just do a raw (slower) mod_exp and +- * return that instead. +- */ +- +- BIGNUM *d = BN_new(); +- if (d == NULL) +- goto err; +- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); +- +- if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, +- rsa->_method_mod_n)) { +- BN_free(d); +- goto err; +- } +- /* We MUST free d before any further use of rsa->d */ +- BN_free(d); +- } +- } +- ret = 1; +- err: +- BN_CTX_end(ctx); +- return (ret); +-} +- +-static int rsa_ossl_init(RSA *rsa) +-{ +- rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; +- return (1); +-} +- +-static int rsa_ossl_finish(RSA *rsa) +-{ +- BN_MONT_CTX_free(rsa->_method_mod_n); +- BN_MONT_CTX_free(rsa->_method_mod_p); +- BN_MONT_CTX_free(rsa->_method_mod_q); +- return (1); +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c +index efb16a0..efa1fd3 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c +@@ -1,16 +1,65 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_pk1.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + +-#include "internal/constant_time_locl.h" ++#include "constant_time_locl.h" + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -49,28 +98,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *p; + + p = from; +- +- /* +- * The format is +- * 00 || 01 || PS || 00 || D +- * PS - padding string, at least 8 bytes of FF +- * D - data. +- */ +- +- if (num < 11) +- return -1; +- +- /* Accept inputs with and without the leading 0-byte. */ +- if (num == flen) { +- if ((*p++) != 0x00) { +- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, +- RSA_R_INVALID_PADDING); +- return -1; +- } +- flen--; +- } +- +- if ((num != (flen + 1)) || (*(p++) != 0x01)) { ++ if ((num != (flen + 1)) || (*(p++) != 01)) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, + RSA_R_BLOCK_TYPE_IS_NOT_01); + return (-1); +@@ -175,15 +203,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + if (num < 11) + goto err; + +- em = OPENSSL_zalloc(num); ++ em = OPENSSL_malloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; + } ++ memset(em, 0, num); + /* + * Always do this zero-padding copy (even when num == flen) to avoid + * leaking that information. The copy still leaks some side-channel +- * information, but it's impossible to have a fixed memory access ++ * information, but it's impossible to have a fixed memory access + * pattern since we can't read out of the bounds of |from|. + * + * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. +@@ -237,7 +266,8 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + memcpy(to, em + msg_index, mlen); + + err: +- OPENSSL_free(em); ++ if (em != NULL) ++ OPENSSL_free(em); + if (mlen == -1) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, + RSA_R_PKCS_DECODING_ERROR); +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c +index db4fb0f..ac583bf 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c +@@ -1,22 +1,77 @@ ++/* crypto/rsa/rsa_pmeth.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include + #include +-#include +-#include "internal/evp_int.h" ++#ifndef OPENSSL_NO_CMS ++# include ++#endif ++#ifdef OPENSSL_FIPS ++# include ++#endif ++#include "evp_locl.h" + #include "rsa_locl.h" + + /* RSA pkey context structure */ +@@ -45,12 +100,21 @@ typedef struct { + static int pkey_rsa_init(EVP_PKEY_CTX *ctx) + { + RSA_PKEY_CTX *rctx; +- rctx = OPENSSL_zalloc(sizeof(*rctx)); +- if (rctx == NULL) ++ rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); ++ if (!rctx) + return 0; + rctx->nbits = 1024; ++ rctx->pub_exp = NULL; + rctx->pad_mode = RSA_PKCS1_PADDING; ++ rctx->md = NULL; ++ rctx->mgf1md = NULL; ++ rctx->tbuf = NULL; ++ + rctx->saltlen = -2; ++ ++ rctx->oaep_label = NULL; ++ rctx->oaep_labellen = 0; ++ + ctx->data = rctx; + ctx->keygen_info = rctx->gentmp; + ctx->keygen_info_count = 2; +@@ -75,8 +139,9 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) + dctx->md = sctx->md; + dctx->mgf1md = sctx->mgf1md; + if (sctx->oaep_label) { +- OPENSSL_free(dctx->oaep_label); +- dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); ++ if (dctx->oaep_label) ++ OPENSSL_free(dctx->oaep_label); ++ dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen); + if (!dctx->oaep_label) + return 0; + dctx->oaep_labellen = sctx->oaep_labellen; +@@ -89,7 +154,7 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) + if (ctx->tbuf) + return 1; + ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); +- if (ctx->tbuf == NULL) ++ if (!ctx->tbuf) + return 0; + return 1; + } +@@ -98,13 +163,50 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) + { + RSA_PKEY_CTX *rctx = ctx->data; + if (rctx) { +- BN_free(rctx->pub_exp); +- OPENSSL_free(rctx->tbuf); +- OPENSSL_free(rctx->oaep_label); ++ if (rctx->pub_exp) ++ BN_free(rctx->pub_exp); ++ if (rctx->tbuf) ++ OPENSSL_free(rctx->tbuf); ++ if (rctx->oaep_label) ++ OPENSSL_free(rctx->oaep_label); + OPENSSL_free(rctx); + } + } + ++#ifdef OPENSSL_FIPS ++/* ++ * FIP checker. Return value indicates status of context parameters: 1 : ++ * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in ++ * FIPS mode. ++ */ ++ ++static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) ++{ ++ RSA_PKEY_CTX *rctx = ctx->data; ++ RSA *rsa = ctx->pkey->pkey.rsa; ++ int rv = -1; ++ if (!FIPS_mode()) ++ return 0; ++ if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) ++ rv = 0; ++ if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) ++ return -1; ++ if (rctx->md) { ++ const EVP_MD *fmd; ++ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md)); ++ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) ++ return rv; ++ } ++ if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) { ++ const EVP_MD *fmd; ++ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md)); ++ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS)) ++ return rv; ++ } ++ return 1; ++} ++#endif ++ + static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, + size_t tbslen) +@@ -113,17 +215,39 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + ++#ifdef OPENSSL_FIPS ++ ret = pkey_fips_check_ctx(ctx); ++ if (ret < 0) { ++ RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return -1; ++ } ++#endif ++ + if (rctx->md) { + if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } ++#ifdef OPENSSL_FIPS ++ if (ret > 0) { ++ unsigned int slen; ++ ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, ++ rctx->pad_mode, ++ rctx->saltlen, ++ rctx->mgf1md, sig, &slen); ++ if (ret > 0) ++ *siglen = slen; ++ else ++ *siglen = 0; ++ return ret; ++ } ++#endif + + if (EVP_MD_type(rctx->md) == NID_mdc2) { + unsigned int sltmp; + if (rctx->pad_mode != RSA_PKCS1_PADDING) + return -1; +- ret = RSA_sign_ASN1_OCTET_STRING(0, ++ ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, + tbs, tbslen, sig, &sltmp, rsa); + + if (ret <= 0) +@@ -225,7 +349,27 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + size_t rslen; ++#ifdef OPENSSL_FIPS ++ int rv; ++ rv = pkey_fips_check_ctx(ctx); ++ if (rv < 0) { ++ RSAerr(RSA_F_PKEY_RSA_VERIFY, ++ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); ++ return -1; ++ } ++#endif + if (rctx->md) { ++#ifdef OPENSSL_FIPS ++ if (rv > 0) { ++ return FIPS_rsa_verify_digest(rsa, ++ tbs, tbslen, ++ rctx->md, ++ rctx->pad_mode, ++ rctx->saltlen, ++ rctx->mgf1md, sig, siglen); ++ ++ } ++#endif + if (rctx->pad_mode == RSA_PKCS1_PADDING) + return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + sig, siglen, rsa); +@@ -329,43 +473,20 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, + + static int check_padding_md(const EVP_MD *md, int padding) + { +- int mdnid; + if (!md) + return 1; + +- mdnid = EVP_MD_type(md); +- + if (padding == RSA_NO_PADDING) { + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); + return 0; + } + + if (padding == RSA_X931_PADDING) { +- if (RSA_X931_hash_id(mdnid) == -1) { ++ if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); + return 0; + } +- } else { +- switch(mdnid) { +- /* List of all supported RSA digests */ +- case NID_sha1: +- case NID_sha224: +- case NID_sha256: +- case NID_sha384: +- case NID_sha512: +- case NID_md5: +- case NID_md5_sha1: +- case NID_md2: +- case NID_md4: +- case NID_mdc2: +- case NID_ripemd160: +- return 1; +- +- default: +- RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST); +- return 0; +- +- } ++ return 1; + } + + return 1; +@@ -420,8 +541,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + return 1; + + case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: +- if (p1 < 512) { +- RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL); ++ if (p1 < 256) { ++ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); + return -2; + } + rctx->nbits = p1; +@@ -479,7 +600,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); + return -2; + } +- OPENSSL_free(rctx->oaep_label); ++ if (rctx->oaep_label) ++ OPENSSL_free(rctx->oaep_label); + if (p2 && p1 > 0) { + rctx->oaep_label = p2; + rctx->oaep_labellen = p1; +@@ -526,21 +648,21 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); + return 0; + } +- if (strcmp(type, "rsa_padding_mode") == 0) { ++ if (!strcmp(type, "rsa_padding_mode")) { + int pm; +- if (strcmp(value, "pkcs1") == 0) ++ if (!strcmp(value, "pkcs1")) + pm = RSA_PKCS1_PADDING; +- else if (strcmp(value, "sslv23") == 0) ++ else if (!strcmp(value, "sslv23")) + pm = RSA_SSLV23_PADDING; +- else if (strcmp(value, "none") == 0) ++ else if (!strcmp(value, "none")) + pm = RSA_NO_PADDING; +- else if (strcmp(value, "oeap") == 0) ++ else if (!strcmp(value, "oeap")) + pm = RSA_PKCS1_OAEP_PADDING; +- else if (strcmp(value, "oaep") == 0) ++ else if (!strcmp(value, "oaep")) + pm = RSA_PKCS1_OAEP_PADDING; +- else if (strcmp(value, "x931") == 0) ++ else if (!strcmp(value, "x931")) + pm = RSA_X931_PADDING; +- else if (strcmp(value, "pss") == 0) ++ else if (!strcmp(value, "pss")) + pm = RSA_PKCS1_PSS_PADDING; + else { + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); +@@ -549,19 +671,19 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, + return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); + } + +- if (strcmp(type, "rsa_pss_saltlen") == 0) { ++ if (!strcmp(type, "rsa_pss_saltlen")) { + int saltlen; + saltlen = atoi(value); + return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); + } + +- if (strcmp(type, "rsa_keygen_bits") == 0) { ++ if (!strcmp(type, "rsa_keygen_bits")) { + int nbits; + nbits = atoi(value); + return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); + } + +- if (strcmp(type, "rsa_keygen_pubexp") == 0) { ++ if (!strcmp(type, "rsa_keygen_pubexp")) { + int ret; + BIGNUM *pubexp = NULL; + if (!BN_asc2bn(&pubexp, value)) +@@ -572,28 +694,28 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, + return ret; + } + +- if (strcmp(type, "rsa_mgf1_md") == 0) { ++ if (!strcmp(type, "rsa_mgf1_md")) { + const EVP_MD *md; +- if ((md = EVP_get_digestbyname(value)) == NULL) { ++ if (!(md = EVP_get_digestbyname(value))) { + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); + return 0; + } + return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md); + } + +- if (strcmp(type, "rsa_oaep_md") == 0) { ++ if (!strcmp(type, "rsa_oaep_md")) { + const EVP_MD *md; +- if ((md = EVP_get_digestbyname(value)) == NULL) { ++ if (!(md = EVP_get_digestbyname(value))) { + RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); + return 0; + } + return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md); + } +- if (strcmp(type, "rsa_oaep_label") == 0) { ++ if (!strcmp(type, "rsa_oaep_label")) { + unsigned char *lab; + long lablen; + int ret; +- lab = OPENSSL_hexstr2buf(value, &lablen); ++ lab = string_to_hex(value, &lablen); + if (!lab) + return 0; + ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); +@@ -609,27 +731,22 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) + { + RSA *rsa = NULL; + RSA_PKEY_CTX *rctx = ctx->data; +- BN_GENCB *pcb; ++ BN_GENCB *pcb, cb; + int ret; +- if (rctx->pub_exp == NULL) { ++ if (!rctx->pub_exp) { + rctx->pub_exp = BN_new(); +- if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4)) ++ if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) + return 0; + } + rsa = RSA_new(); +- if (rsa == NULL) ++ if (!rsa) + return 0; + if (ctx->pkey_gencb) { +- pcb = BN_GENCB_new(); +- if (pcb == NULL) { +- RSA_free(rsa); +- return 0; +- } ++ pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } else + pcb = NULL; + ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); +- BN_GENCB_free(pcb); + if (ret > 0) + EVP_PKEY_assign_RSA(pkey, rsa); + else +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c +index 5e6c599..076f871 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c +@@ -1,18 +1,68 @@ ++/* crypto/rsa/rsa_prn.c */ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2006. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int RSA_print_fp(FILE *fp, const RSA *x, int off) + { + BIO *b; +@@ -34,7 +84,7 @@ int RSA_print(BIO *bp, const RSA *x, int off) + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); +- if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) ++ if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +index 0ec63b2..41bc084 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c +@@ -1,20 +1,69 @@ ++/* rsa_pss.c */ + /* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include "rsa_locl.h" + + static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + +@@ -38,12 +87,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + int hLen, maskedDBLen, MSBits, emLen; + const unsigned char *H; + unsigned char *DB = NULL; +- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX ctx; + unsigned char H_[EVP_MAX_MD_SIZE]; +- +- +- if (ctx == NULL) +- goto err; ++ EVP_MD_CTX_init(&ctx); + + if (mgf1Hash == NULL) + mgf1Hash = Hash; +@@ -87,7 +133,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + DB = OPENSSL_malloc(maskedDBLen); +- if (DB == NULL) { ++ if (!DB) { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -106,15 +152,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED); + goto err; + } +- if (!EVP_DigestInit_ex(ctx, Hash, NULL) +- || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) +- || !EVP_DigestUpdate(ctx, mHash, hLen)) ++ if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ++ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ++ || !EVP_DigestUpdate(&ctx, mHash, hLen)) + goto err; + if (maskedDBLen - i) { +- if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) ++ if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) + goto err; + } +- if (!EVP_DigestFinal_ex(ctx, H_, NULL)) ++ if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) + goto err; + if (memcmp(H_, H, hLen)) { + RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); +@@ -123,8 +169,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + ret = 1; + + err: +- OPENSSL_free(DB); +- EVP_MD_CTX_free(ctx); ++ if (DB) ++ OPENSSL_free(DB); ++ EVP_MD_CTX_cleanup(&ctx); + + return ret; + +@@ -146,7 +193,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + int ret = 0; + int hLen, maskedDBLen, MSBits, emLen; + unsigned char *H, *salt = NULL, *p; +- EVP_MD_CTX *ctx = NULL; ++ EVP_MD_CTX ctx; + + if (mgf1Hash == NULL) + mgf1Hash = Hash; +@@ -184,7 +231,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + } + if (sLen > 0) { + salt = OPENSSL_malloc(sLen); +- if (salt == NULL) { ++ if (!salt) { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, + ERR_R_MALLOC_FAILURE); + goto err; +@@ -194,17 +241,16 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; +- ctx = EVP_MD_CTX_new(); +- if (ctx == NULL) +- goto err; +- if (!EVP_DigestInit_ex(ctx, Hash, NULL) +- || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) +- || !EVP_DigestUpdate(ctx, mHash, hLen)) ++ EVP_MD_CTX_init(&ctx); ++ if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ++ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) ++ || !EVP_DigestUpdate(&ctx, mHash, hLen)) + goto err; +- if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) ++ if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) + goto err; +- if (!EVP_DigestFinal_ex(ctx, H, NULL)) ++ if (!EVP_DigestFinal_ex(&ctx, H, NULL)) + goto err; ++ EVP_MD_CTX_cleanup(&ctx); + + /* Generate dbMask in place then perform XOR on it */ + if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) +@@ -232,8 +278,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + ret = 1; + + err: +- EVP_MD_CTX_free(ctx); +- OPENSSL_free(salt); ++ if (salt) ++ OPENSSL_free(salt); + + return ret; + +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c +index 9e5fff4..e400236 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_saos.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -34,7 +83,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type, + RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return (0); + } +- s = OPENSSL_malloc((unsigned int)j + 1); ++ s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); + if (s == NULL) { + RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); + return (0); +@@ -47,7 +96,8 @@ int RSA_sign_ASN1_OCTET_STRING(int type, + else + *siglen = i; + +- OPENSSL_clear_free(s, (unsigned int)j + 1); ++ OPENSSL_cleanse(s, (unsigned int)j + 1); ++ OPENSSL_free(s); + return (ret); + } + +@@ -67,7 +117,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, + return (0); + } + +- s = OPENSSL_malloc((unsigned int)siglen); ++ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); + if (s == NULL) { + RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); + goto err; +@@ -88,7 +138,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, + } else + ret = 1; + err: +- ASN1_OCTET_STRING_free(sig); +- OPENSSL_clear_free(s, (unsigned int)siglen); ++ if (sig != NULL) ++ M_ASN1_OCTET_STRING_free(sig); ++ if (s != NULL) { ++ OPENSSL_cleanse(s, (unsigned int)siglen); ++ OPENSSL_free(s); ++ } + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +index 952d24f..82ca832 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c +@@ -1,248 +1,301 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_sign.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + #include "rsa_locl.h" + + /* Size of an SSL signature: MD5+SHA1 */ + #define SSL_SIG_LENGTH 36 + +-/* +- * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as +- * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This +- * encodes the DigestInfo (T and tLen) but does not add the padding. +- * +- * On success, it returns one and sets |*out| to a newly allocated buffer +- * containing the result and |*out_len| to its length. The caller must free +- * |*out| with |OPENSSL_free|. Otherwise, it returns zero. +- */ +-static int encode_pkcs1(unsigned char **out, int *out_len, int type, +- const unsigned char *m, unsigned int m_len) ++int RSA_sign(int type, const unsigned char *m, unsigned int m_len, ++ unsigned char *sigret, unsigned int *siglen, RSA *rsa) + { + X509_SIG sig; +- X509_ALGOR algor; + ASN1_TYPE parameter; ++ int i, j, ret = 1; ++ unsigned char *p, *tmps = NULL; ++ const unsigned char *s = NULL; ++ X509_ALGOR algor; + ASN1_OCTET_STRING digest; +- uint8_t *der = NULL; +- int len; +- +- sig.algor = &algor; +- sig.algor->algorithm = OBJ_nid2obj(type); +- if (sig.algor->algorithm == NULL) { +- RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE); +- return 0; +- } +- if (OBJ_length(sig.algor->algorithm) == 0) { +- RSAerr(RSA_F_ENCODE_PKCS1, +- RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD); + return 0; + } +- parameter.type = V_ASN1_NULL; +- parameter.value.ptr = NULL; +- sig.algor->parameter = ¶meter; +- +- sig.digest = &digest; +- sig.digest->data = (unsigned char *)m; +- sig.digest->length = m_len; +- +- len = i2d_X509_SIG(&sig, &der); +- if (len < 0) +- return 0; +- +- *out = der; +- *out_len = len; +- return 1; +-} +- +-int RSA_sign(int type, const unsigned char *m, unsigned int m_len, +- unsigned char *sigret, unsigned int *siglen, RSA *rsa) +-{ +- int encrypt_len, encoded_len = 0, ret = 0; +- unsigned char *tmps = NULL; +- const unsigned char *encoded = NULL; +- +- if (rsa->meth->rsa_sign) { ++#endif ++ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) { + return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); + } +- +- /* Compute the encoded digest. */ ++ /* Special case: SSL signature, just check the length */ + if (type == NID_md5_sha1) { +- /* +- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and +- * earlier. It has no DigestInfo wrapper but otherwise is +- * RSASSA-PKCS1-v1_5. +- */ + if (m_len != SSL_SIG_LENGTH) { + RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH); +- return 0; ++ return (0); + } +- encoded_len = SSL_SIG_LENGTH; +- encoded = m; ++ i = SSL_SIG_LENGTH; ++ s = m; + } else { +- if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len)) +- goto err; +- encoded = tmps; +- } ++ sig.algor = &algor; ++ sig.algor->algorithm = OBJ_nid2obj(type); ++ if (sig.algor->algorithm == NULL) { ++ RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE); ++ return (0); ++ } ++ if (sig.algor->algorithm->length == 0) { ++ RSAerr(RSA_F_RSA_SIGN, ++ RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); ++ return (0); ++ } ++ parameter.type = V_ASN1_NULL; ++ parameter.value.ptr = NULL; ++ sig.algor->parameter = ¶meter; + +- if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) { ++ sig.digest = &digest; ++ sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */ ++ sig.digest->length = m_len; ++ ++ i = i2d_X509_SIG(&sig, NULL); ++ } ++ j = RSA_size(rsa); ++ if (i > (j - RSA_PKCS1_PADDING_SIZE)) { + RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); +- goto err; ++ return (0); + } +- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa, +- RSA_PKCS1_PADDING); +- if (encrypt_len <= 0) +- goto err; +- +- *siglen = encrypt_len; +- ret = 1; ++ if (type != NID_md5_sha1) { ++ tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1); ++ if (tmps == NULL) { ++ RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE); ++ return (0); ++ } ++ p = tmps; ++ i2d_X509_SIG(&sig, &p); ++ s = tmps; ++ } ++ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); ++ if (i <= 0) ++ ret = 0; ++ else ++ *siglen = i; + +-err: +- OPENSSL_clear_free(tmps, (size_t)encoded_len); +- return ret; ++ if (type != NID_md5_sha1) { ++ OPENSSL_cleanse(tmps, (unsigned int)j + 1); ++ OPENSSL_free(tmps); ++ } ++ return (ret); + } + + /* +- * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be +- * called in two modes. If |rm| is NULL, it verifies the signature for digest +- * |m|. Otherwise, it recovers the digest from the signature, writing the digest +- * to |rm| and the length to |*prm_len|. |type| is the NID of the digest +- * algorithm to use. It returns one on successful verification and zero +- * otherwise. ++ * Check DigestInfo structure does not contain extraneous data by reencoding ++ * using DER and checking encoding against original. + */ +-int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, ++static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo, ++ int dinfolen) ++{ ++ unsigned char *der = NULL; ++ int derlen; ++ int ret = 0; ++ derlen = i2d_X509_SIG(sig, &der); ++ if (derlen <= 0) ++ return 0; ++ if (derlen == dinfolen && !memcmp(dinfo, der, derlen)) ++ ret = 1; ++ OPENSSL_cleanse(der, derlen); ++ OPENSSL_free(der); ++ return ret; ++} ++ ++int int_rsa_verify(int dtype, const unsigned char *m, ++ unsigned int m_len, + unsigned char *rm, size_t *prm_len, + const unsigned char *sigbuf, size_t siglen, RSA *rsa) + { +- int decrypt_len, ret = 0, encoded_len = 0; +- unsigned char *decrypt_buf = NULL, *encoded = NULL; ++ int i, ret = 0, sigtype; ++ unsigned char *s; ++ X509_SIG *sig = NULL; + +- if (siglen != (size_t)RSA_size(rsa)) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); ++#ifdef OPENSSL_FIPS ++ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) ++ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD); + return 0; + } ++#endif + +- /* Recover the encoded digest. */ +- decrypt_buf = OPENSSL_malloc(siglen); +- if (decrypt_buf == NULL) { ++ if (siglen != (unsigned int)RSA_size(rsa)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); ++ return (0); ++ } ++ ++ if ((dtype == NID_md5_sha1) && rm) { ++ i = RSA_public_decrypt((int)siglen, ++ sigbuf, rm, rsa, RSA_PKCS1_PADDING); ++ if (i <= 0) ++ return 0; ++ *prm_len = i; ++ return 1; ++ } ++ ++ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen); ++ if (s == NULL) { + RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } +- +- decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa, +- RSA_PKCS1_PADDING); +- if (decrypt_len <= 0) ++ if ((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); + goto err; ++ } ++ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); + +- if (type == NID_md5_sha1) { +- /* +- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and +- * earlier. It has no DigestInfo wrapper but otherwise is +- * RSASSA-PKCS1-v1_5. +- */ +- if (decrypt_len != SSL_SIG_LENGTH) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); +- goto err; +- } +- +- if (rm != NULL) { +- memcpy(rm, decrypt_buf, SSL_SIG_LENGTH); +- *prm_len = SSL_SIG_LENGTH; +- } else { +- if (m_len != SSL_SIG_LENGTH) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); +- goto err; +- } +- +- if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); +- goto err; +- } +- } +- } else if (type == NID_mdc2 && decrypt_len == 2 + 16 +- && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) { +- /* +- * Oddball MDC2 case: signature can be OCTET STRING. check for correct +- * tag and length octets. +- */ +- if (rm != NULL) { +- memcpy(rm, decrypt_buf + 2, 16); ++ if (i <= 0) ++ goto err; ++ /* ++ * Oddball MDC2 case: signature can be OCTET STRING. check for correct ++ * tag and length octets. ++ */ ++ if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) { ++ if (rm) { ++ memcpy(rm, s + 2, 16); + *prm_len = 16; ++ ret = 1; ++ } else if (memcmp(m, s + 2, 16)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); + } else { +- if (m_len != 16) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); +- goto err; +- } +- +- if (memcmp(m, decrypt_buf + 2, 16) != 0) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); +- goto err; +- } ++ ret = 1; + } ++ } else if (dtype == NID_md5_sha1) { ++ /* Special case: SSL signature */ ++ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ else ++ ret = 1; + } else { +- /* +- * If recovering the digest, extract a digest-sized output from the end +- * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption +- * output as in a standard verification. +- */ +- if (rm != NULL) { +- const EVP_MD *md = EVP_get_digestbynid(type); +- if (md == NULL) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE); +- goto err; +- } +- +- m_len = EVP_MD_size(md); +- if (m_len > (size_t)decrypt_len) { +- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); +- goto err; +- } +- m = decrypt_buf + decrypt_len - m_len; +- } ++ const unsigned char *p = s; ++ sig = d2i_X509_SIG(NULL, &p, (long)i); + +- /* Construct the encoded digest and ensure it matches. */ +- if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len)) ++ if (sig == NULL) + goto err; + +- if (encoded_len != decrypt_len +- || memcmp(encoded, decrypt_buf, encoded_len) != 0) { ++ /* Excess data can be used to create forgeries */ ++ if (p != s + i || !rsa_check_digestinfo(sig, s, i)) { + RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); + goto err; + } + +- /* Output the recovered digest. */ +- if (rm != NULL) { +- memcpy(rm, m, m_len); +- *prm_len = m_len; ++ /* ++ * Parameters to the signature algorithm can also be used to create ++ * forgeries ++ */ ++ if (sig->algor->parameter ++ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ goto err; + } +- } + +- ret = 1; ++ sigtype = OBJ_obj2nid(sig->algor->algorithm); + +-err: +- OPENSSL_clear_free(encoded, (size_t)encoded_len); +- OPENSSL_clear_free(decrypt_buf, siglen); +- return ret; ++#ifdef RSA_DEBUG ++ /* put a backward compatibility flag in EAY */ ++ fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype), ++ OBJ_nid2ln(dtype)); ++#endif ++ if (sigtype != dtype) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); ++ goto err; ++ } ++ if (rm) { ++ const EVP_MD *md; ++ md = EVP_get_digestbynid(dtype); ++ if (md && (EVP_MD_size(md) != sig->digest->length)) ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); ++ else { ++ memcpy(rm, sig->digest->data, sig->digest->length); ++ *prm_len = sig->digest->length; ++ ret = 1; ++ } ++ } else if (((unsigned int)sig->digest->length != m_len) || ++ (memcmp(m, sig->digest->data, m_len) != 0)) { ++ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); ++ } else ++ ret = 1; ++ } ++ err: ++ if (sig != NULL) ++ X509_SIG_free(sig); ++ if (s != NULL) { ++ OPENSSL_cleanse(s, (unsigned int)siglen); ++ OPENSSL_free(s); ++ } ++ return (ret); + } + +-int RSA_verify(int type, const unsigned char *m, unsigned int m_len, ++int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) + { + +- if (rsa->meth->rsa_verify) { +- return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa); ++ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) { ++ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa); + } + +- return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa); ++ return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa); + } +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c +index 9ef6b80..746e01f 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/rsa/rsa_ssl.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c +index b9301f3..725ead0 100644 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c ++++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c +@@ -1,16 +1,67 @@ ++/* rsa_x931.c */ + /* +- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2005. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2005 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include ++#include + #include + + int RSA_padding_add_X931(unsigned char *to, int tlen, +diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c +deleted file mode 100644 +index 9dd993f..0000000 +--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c ++++ /dev/null +@@ -1,195 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include "rsa_locl.h" +- +-/* X9.31 RSA key derivation and generation */ +- +-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, +- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, +- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, +- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb) +-{ +- BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; +- BN_CTX *ctx = NULL, *ctx2 = NULL; +- int ret = 0; +- +- if (!rsa) +- goto err; +- +- ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto err; +- BN_CTX_start(ctx); +- +- r0 = BN_CTX_get(ctx); +- r1 = BN_CTX_get(ctx); +- r2 = BN_CTX_get(ctx); +- r3 = BN_CTX_get(ctx); +- +- if (r3 == NULL) +- goto err; +- if (!rsa->e) { +- rsa->e = BN_dup(e); +- if (!rsa->e) +- goto err; +- } else +- e = rsa->e; +- +- /* +- * If not all parameters present only calculate what we can. This allows +- * test programs to output selective parameters. +- */ +- +- if (Xp && rsa->p == NULL) { +- rsa->p = BN_new(); +- if (rsa->p == NULL) +- goto err; +- +- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, +- Xp, Xp1, Xp2, e, ctx, cb)) +- goto err; +- } +- +- if (Xq && rsa->q == NULL) { +- rsa->q = BN_new(); +- if (rsa->q == NULL) +- goto err; +- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, +- Xq, Xq1, Xq2, e, ctx, cb)) +- goto err; +- } +- +- if (rsa->p == NULL || rsa->q == NULL) { +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- return 2; +- } +- +- /* +- * Since both primes are set we can now calculate all remaining +- * components. +- */ +- +- /* calculate n */ +- rsa->n = BN_new(); +- if (rsa->n == NULL) +- goto err; +- if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) +- goto err; +- +- /* calculate d */ +- if (!BN_sub(r1, rsa->p, BN_value_one())) +- goto err; /* p-1 */ +- if (!BN_sub(r2, rsa->q, BN_value_one())) +- goto err; /* q-1 */ +- if (!BN_mul(r0, r1, r2, ctx)) +- goto err; /* (p-1)(q-1) */ +- +- if (!BN_gcd(r3, r1, r2, ctx)) +- goto err; +- +- if (!BN_div(r0, NULL, r0, r3, ctx)) +- goto err; /* LCM((p-1)(q-1)) */ +- +- ctx2 = BN_CTX_new(); +- if (ctx2 == NULL) +- goto err; +- +- rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */ +- if (rsa->d == NULL) +- goto err; +- +- /* calculate d mod (p-1) */ +- rsa->dmp1 = BN_new(); +- if (rsa->dmp1 == NULL) +- goto err; +- if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx)) +- goto err; +- +- /* calculate d mod (q-1) */ +- rsa->dmq1 = BN_new(); +- if (rsa->dmq1 == NULL) +- goto err; +- if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx)) +- goto err; +- +- /* calculate inverse of q mod p */ +- rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); +- +- ret = 1; +- err: +- if (ctx) +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- BN_CTX_free(ctx2); +- +- return ret; +- +-} +- +-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, +- BN_GENCB *cb) +-{ +- int ok = 0; +- BIGNUM *Xp = NULL, *Xq = NULL; +- BN_CTX *ctx = NULL; +- +- ctx = BN_CTX_new(); +- if (ctx == NULL) +- goto error; +- +- BN_CTX_start(ctx); +- Xp = BN_CTX_get(ctx); +- Xq = BN_CTX_get(ctx); +- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) +- goto error; +- +- rsa->p = BN_new(); +- rsa->q = BN_new(); +- if (rsa->p == NULL || rsa->q == NULL) +- goto error; +- +- /* Generate two primes from Xp, Xq */ +- +- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, +- e, ctx, cb)) +- goto error; +- +- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, +- e, ctx, cb)) +- goto error; +- +- /* +- * Since rsa->p and rsa->q are valid this call will just derive remaining +- * RSA components. +- */ +- +- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, +- NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) +- goto error; +- +- ok = 1; +- +- error: +- if (ctx) +- BN_CTX_end(ctx); +- BN_CTX_free(ctx); +- +- if (ok) +- return 1; +- +- return 0; +- +-} +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +index 273ab08..a6dd760 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/sha/sha1_one.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +@@ -12,6 +61,7 @@ + #include + #include + ++#ifndef OPENSSL_NO_SHA1 + unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) + { + SHA_CTX c; +@@ -26,3 +76,4 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) + OPENSSL_cleanse(&c, sizeof(c)); + return (md); + } ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +index 819370e..a67f1fe 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c +@@ -1,17 +1,74 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/sha/sha1dgst.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include ++#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) ++ ++# undef SHA_0 ++# define SHA_1 + + # include + ++const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; ++ + /* The implementation is in ../md32_common.h */ + + # include "sha_locl.h" ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c +index 5e7ba43..72a1159 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha256.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha256.c +@@ -1,22 +1,22 @@ +-/* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++/* crypto/sha/sha256.c */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved ++ * according to the OpenSSL license [found in ../../LICENSE]. ++ * ==================================================================== + */ +- + #include ++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + +-#include +-#include ++# include ++# include + +-#include +-#include +-#include ++# include ++# include ++# include + +-int SHA224_Init(SHA256_CTX *c) ++const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; ++ ++fips_md_init_ctx(SHA224, SHA256) + { + memset(c, 0, sizeof(*c)); + c->h[0] = 0xc1059ed8UL; +@@ -31,7 +31,7 @@ int SHA224_Init(SHA256_CTX *c) + return 1; + } + +-int SHA256_Init(SHA256_CTX *c) ++fips_md_init(SHA256) + { + memset(c, 0, sizeof(*c)); + c->h[0] = 0x6a09e667UL; +@@ -84,21 +84,20 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) + return SHA256_Final(md, c); + } + +-#define DATA_ORDER_IS_BIG_ENDIAN +- +-#define HASH_LONG SHA_LONG +-#define HASH_CTX SHA256_CTX +-#define HASH_CBLOCK SHA_CBLOCK ++# define DATA_ORDER_IS_BIG_ENDIAN + ++# define HASH_LONG SHA_LONG ++# define HASH_CTX SHA256_CTX ++# define HASH_CBLOCK SHA_CBLOCK + /* + * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." + * default: case below covers for it. It's not clear however if it's + * permitted to truncate to amount of bytes not divisible by 4. I bet not, + * but if it is, then default: case shall be extended. For reference. +- * Idea behind separate cases for pre-defined lengths is to let the ++ * Idea behind separate cases for pre-defined lenghts is to let the + * compiler decide if it's appropriate to unroll small loops. + */ +-#define HASH_MAKE_STRING(c,s) do { \ ++# define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + unsigned int nn; \ + switch ((c)->md_len) \ +@@ -119,18 +118,18 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) + } \ + } while (0) + +-#define HASH_UPDATE SHA256_Update +-#define HASH_TRANSFORM SHA256_Transform +-#define HASH_FINAL SHA256_Final +-#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +-#ifndef SHA256_ASM ++# define HASH_UPDATE SHA256_Update ++# define HASH_TRANSFORM SHA256_Transform ++# define HASH_FINAL SHA256_Final ++# define HASH_BLOCK_DATA_ORDER sha256_block_data_order ++# ifndef SHA256_ASM + static +-#endif ++# endif + void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); + +-#include "internal/md32_common.h" ++# include "md32_common.h" + +-#ifndef SHA256_ASM ++# ifndef SHA256_ASM + static const SHA_LONG K256[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, +@@ -155,15 +154,15 @@ static const SHA_LONG K256[64] = { + * is left one. This is why you might notice that rotation coefficients + * differ from those observed in FIPS document by 32-N... + */ +-# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +-# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +-# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +-# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) ++# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) ++# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) ++# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) ++# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) + +-# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +-# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) ++# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) ++# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +-# ifdef OPENSSL_SMALL_FOOTPRINT ++# ifdef OPENSSL_SMALL_FOOTPRINT + + static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, + size_t num) +@@ -185,7 +184,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, + h = ctx->h[7]; + + for (i = 0; i < 16; i++) { +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[i] = l; + T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i]; + T2 = Sigma0(a) + Maj(a, b, c); +@@ -230,14 +229,14 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, + } + } + +-# else ++# else + +-# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ ++# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +-# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ ++# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ +@@ -309,52 +308,52 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, + } else { + SHA_LONG l; + +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[0] = l; + ROUND_00_15(0, a, b, c, d, e, f, g, h); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[1] = l; + ROUND_00_15(1, h, a, b, c, d, e, f, g); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[2] = l; + ROUND_00_15(2, g, h, a, b, c, d, e, f); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[3] = l; + ROUND_00_15(3, f, g, h, a, b, c, d, e); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[4] = l; + ROUND_00_15(4, e, f, g, h, a, b, c, d); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[5] = l; + ROUND_00_15(5, d, e, f, g, h, a, b, c); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[6] = l; + ROUND_00_15(6, c, d, e, f, g, h, a, b); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[7] = l; + ROUND_00_15(7, b, c, d, e, f, g, h, a); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[8] = l; + ROUND_00_15(8, a, b, c, d, e, f, g, h); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[9] = l; + ROUND_00_15(9, h, a, b, c, d, e, f, g); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[10] = l; + ROUND_00_15(10, g, h, a, b, c, d, e, f); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[11] = l; + ROUND_00_15(11, f, g, h, a, b, c, d, e); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[12] = l; + ROUND_00_15(12, e, f, g, h, a, b, c, d); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[13] = l; + ROUND_00_15(13, d, e, f, g, h, a, b, c); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[14] = l; + ROUND_00_15(14, c, d, e, f, g, h, a, b); +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + T1 = X[15] = l; + ROUND_00_15(15, b, c, d, e, f, g, h, a); + } +@@ -382,5 +381,7 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, + } + } + +-# endif +-#endif /* SHA256_ASM */ ++# endif ++# endif /* SHA256_ASM */ ++ ++#endif /* OPENSSL_NO_SHA256 */ +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c +index d24d103..3bf66ae 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha512.c ++++ b/Cryptlib/OpenSSL/crypto/sha/sha512.c +@@ -1,19 +1,17 @@ +-/* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++/* crypto/sha/sha512.c */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved ++ * according to the OpenSSL license [found in ../../LICENSE]. ++ * ==================================================================== + */ +- + #include ++#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) + /*- + * IMPLEMENTATION NOTES. + * + * As you might have noticed 32-bit hash algorithms: + * +- * - permit SHA_LONG to be wider than 32-bit ++ * - permit SHA_LONG to be wider than 32-bit (case on CRAY); + * - optimized versions implement two transform functions: one operating + * on [aligned] data in host byte order and one - on data in input + * stream byte order; +@@ -43,24 +41,26 @@ + * 16-bit platforms. + * + */ +-#include +-#include ++# include ++# include + +-#include +-#include +-#include ++# include ++# include ++# include + +-#include "internal/cryptlib.h" ++# include "cryptlib.h" + +-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ ++const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; ++ ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ + defined(__aarch64__) || \ + defined(SHA512_ASM) +-# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +-#endif ++# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA ++# endif + +-int SHA384_Init(SHA512_CTX *c) ++fips_md_init_ctx(SHA384, SHA512) + { + c->h[0] = U64(0xcbbb9d5dc1059ed8); + c->h[1] = U64(0x629a292a367cd507); +@@ -78,7 +78,7 @@ int SHA384_Init(SHA512_CTX *c) + return 1; + } + +-int SHA512_Init(SHA512_CTX *c) ++fips_md_init(SHA512) + { + c->h[0] = U64(0x6a09e667f3bcc908); + c->h[1] = U64(0xbb67ae8584caa73b); +@@ -96,9 +96,9 @@ int SHA512_Init(SHA512_CTX *c) + return 1; + } + +-#ifndef SHA512_ASM ++# ifndef SHA512_ASM + static +-#endif ++# endif + void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); + + int SHA512_Final(unsigned char *md, SHA512_CTX *c) +@@ -108,17 +108,15 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) + + p[n] = 0x80; /* There always is a room for one */ + n++; +- if (n > (sizeof(c->u) - 16)) { +- memset(p + n, 0, sizeof(c->u) - n); +- n = 0; +- sha512_block_data_order(c, p, 1); +- } ++ if (n > (sizeof(c->u) - 16)) ++ memset(p + n, 0, sizeof(c->u) - n), n = 0, ++ sha512_block_data_order(c, p, 1); + + memset(p + n, 0, sizeof(c->u) - 16 - n); +-#ifdef B_ENDIAN ++# ifdef B_ENDIAN + c->u.d[SHA_LBLOCK - 2] = c->Nh; + c->u.d[SHA_LBLOCK - 1] = c->Nl; +-#else ++# else + p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); + p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); + p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); +@@ -135,7 +133,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) + p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); + p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); + p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); +-#endif ++# endif + + sha512_block_data_order(c, p, 1); + +@@ -215,14 +213,14 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) + } + + if (len >= sizeof(c->u)) { +-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA ++# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data % sizeof(c->u.d[0]) != 0) + while (len >= sizeof(c->u)) + memcpy(p, data, sizeof(c->u)), + sha512_block_data_order(c, p, 1), + len -= sizeof(c->u), data += sizeof(c->u); + else +-#endif ++# endif + sha512_block_data_order(c, data, len / sizeof(c->u)), + data += len, len %= sizeof(c->u), data -= len; + } +@@ -240,10 +238,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) + + void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) + { +-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA ++# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data % sizeof(c->u.d[0]) != 0) + memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p; +-#endif ++# endif + sha512_block_data_order(c, data, 1); + } + +@@ -275,7 +273,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) + return (md); + } + +-#ifndef SHA512_ASM ++# ifndef SHA512_ASM + static const SHA_LONG64 K512[80] = { + U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), + U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), +@@ -319,23 +317,23 @@ static const SHA_LONG64 K512[80] = { + U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) + }; + +-# ifndef PEDANTIC +-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if defined(__x86_64) || defined(__x86_64__) +-# define ROTR(a,n) ({ SHA_LONG64 ret; \ ++# ifndef PEDANTIC ++# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if defined(__x86_64) || defined(__x86_64__) ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rorq %1,%0" \ + : "=r"(ret) \ + : "J"(n),"0"(a) \ + : "cc"); ret; }) +-# if !defined(B_ENDIAN) +-# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ ++# if !defined(B_ENDIAN) ++# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + asm ("bswapq %0" \ + : "=r"(ret) \ + : "0"(ret)); ret; }) +-# endif +-# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +-# if defined(I386_ONLY) +-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ ++# endif ++# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) ++# if defined(I386_ONLY) ++# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ + "roll $16,%%eax; roll $16,%%edx; "\ +@@ -343,39 +341,39 @@ static const SHA_LONG64 K512[80] = { + : "=a"(lo),"=d"(hi) \ + : "0"(lo),"1"(hi) : "cc"); \ + ((SHA_LONG64)hi)<<32|lo; }) +-# else +-# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ ++# else ++# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm ("bswapl %0; bswapl %1;" \ + : "=r"(lo),"=r"(hi) \ + : "0"(lo),"1"(hi)); \ + ((SHA_LONG64)hi)<<32|lo; }) +-# endif +-# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +-# define ROTR(a,n) ({ SHA_LONG64 ret; \ ++# endif ++# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) +-# elif defined(__aarch64__) +-# define ROTR(a,n) ({ SHA_LONG64 ret; \ ++# elif defined(__aarch64__) ++# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("ror %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"I"(n)); ret; }) +-# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ ++# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ + __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ +-# define PULL64(x) ({ SHA_LONG64 ret; \ ++# define PULL64(x) ({ SHA_LONG64 ret; \ + asm ("rev %0,%1" \ + : "=r"(ret) \ + : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) ++# endif + # endif +-# endif +-# elif defined(_MSC_VER) +-# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +-# pragma intrinsic(_rotr64) +-# define ROTR(a,n) _rotr64((a),n) +-# endif +-# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +-# if defined(I386_ONLY) ++# elif defined(_MSC_VER) ++# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ ++# pragma intrinsic(_rotr64) ++# define ROTR(a,n) _rotr64((a),n) ++# endif ++# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) ++# if defined(I386_ONLY) + static SHA_LONG64 __fastcall __pull64be(const void *x) + { + _asm mov edx,[ecx + 0] +@@ -383,34 +381,34 @@ static SHA_LONG64 __fastcall __pull64be(const void *x) + _asm xchg dh, dl + _asm xchg ah, al + _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al} +-# else ++# else + static SHA_LONG64 __fastcall __pull64be(const void *x) + { + _asm mov edx,[ecx + 0] + _asm mov eax,[ecx + 4] + _asm bswap edx _asm bswap eax} +-# endif +-# define PULL64(x) __pull64be(&(x)) +-# if _MSC_VER<=1200 +-# pragma inline_depth(0) ++# endif ++# define PULL64(x) __pull64be(&(x)) ++# if _MSC_VER<=1200 ++# pragma inline_depth(0) ++# endif + # endif + # endif + # endif +-# endif +-# ifndef PULL64 +-# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +-# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +-# endif +-# ifndef ROTR +-# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +-# endif +-# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +-# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +-# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +-# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) +-# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +-# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) ++# ifndef PULL64 ++# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) ++# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) ++# endif ++# ifndef ROTR ++# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) ++# endif ++# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) ++# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) ++# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) ++# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) ++# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) ++# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) ++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) + /* + * This code should give better results on 32-bit CPU with less than + * ~24 registers, both size and performance wise... +@@ -435,11 +433,11 @@ _asm bswap edx _asm bswap eax} + F[7] = ctx->h[7]; + + for (i = 0; i < 16; i++, F--) { +-# ifdef B_ENDIAN ++# ifdef B_ENDIAN + T = W[i]; +-# else ++# else + T = PULL64(W[i]); +-# endif ++# endif + F[0] = A; + F[4] = E; + F[8] = T; +@@ -474,7 +472,7 @@ _asm bswap edx _asm bswap eax} + } + } + +-# elif defined(OPENSSL_SMALL_FOOTPRINT) ++# elif defined(OPENSSL_SMALL_FOOTPRINT) + static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + size_t num) + { +@@ -495,11 +493,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + h = ctx->h[7]; + + for (i = 0; i < 16; i++) { +-# ifdef B_ENDIAN ++# ifdef B_ENDIAN + T1 = X[i] = W[i]; +-# else ++# else + T1 = X[i] = PULL64(W[i]); +-# endif ++# endif + T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; + T2 = Sigma0(a) + Maj(a, b, c); + h = g; +@@ -544,12 +542,12 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + } + } + +-# else +-# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ ++# else ++# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) +-# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ ++# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ +@@ -573,7 +571,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + g = ctx->h[6]; + h = ctx->h[7]; + +-# ifdef B_ENDIAN ++# ifdef B_ENDIAN + T1 = X[0] = W[0]; + ROUND_00_15(0, a, b, c, d, e, f, g, h); + T1 = X[1] = W[1]; +@@ -606,7 +604,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + ROUND_00_15(14, c, d, e, f, g, h, a, b); + T1 = X[15] = W[15]; + ROUND_00_15(15, b, c, d, e, f, g, h, a); +-# else ++# else + T1 = X[0] = PULL64(W[0]); + ROUND_00_15(0, a, b, c, d, e, f, g, h); + T1 = X[1] = PULL64(W[1]); +@@ -639,7 +637,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + ROUND_00_15(14, c, d, e, f, g, h, a, b); + T1 = X[15] = PULL64(W[15]); + ROUND_00_15(15, b, c, d, e, f, g, h, a); +-# endif ++# endif + + for (i = 16; i < 80; i += 16) { + ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); +@@ -673,6 +671,14 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, + } + } + ++# endif ++ ++# endif /* SHA512_ASM */ ++ ++#else /* !OPENSSL_NO_SHA512 */ ++ ++# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) ++static void *dummy = &dummy; + # endif + +-#endif /* SHA512_ASM */ ++#endif /* !OPENSSL_NO_SHA512 */ +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +new file mode 100644 +index 0000000..f77cf5e +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c +@@ -0,0 +1,74 @@ ++/* crypto/sha/sha1dgst.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) ++ ++# undef SHA_1 ++# define SHA_0 ++ ++# include ++ ++const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT; ++ ++/* The implementation is in ../md32_common.h */ ++ ++# include "sha_locl.h" ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_locl.h b/Cryptlib/OpenSSL/crypto/sha/sha_locl.h +index 918278a..03bd411 100644 +--- a/Cryptlib/OpenSSL/crypto/sha/sha_locl.h ++++ b/Cryptlib/OpenSSL/crypto/sha/sha_locl.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/sha/sha_locl.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +@@ -27,22 +76,45 @@ + ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ + } while (0) + +-#define HASH_UPDATE SHA1_Update +-#define HASH_TRANSFORM SHA1_Transform +-#define HASH_FINAL SHA1_Final +-#define HASH_INIT SHA1_Init +-#define HASH_BLOCK_DATA_ORDER sha1_block_data_order +-#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ ++#if defined(SHA_0) ++ ++# define HASH_UPDATE SHA_Update ++# define HASH_TRANSFORM SHA_Transform ++# define HASH_FINAL SHA_Final ++# define HASH_INIT SHA_Init ++# define HASH_BLOCK_DATA_ORDER sha_block_data_order ++# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) ++ ++static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num); ++ ++#elif defined(SHA_1) ++ ++# define HASH_UPDATE SHA1_Update ++# define HASH_TRANSFORM SHA1_Transform ++# define HASH_FINAL SHA1_Final ++# define HASH_INIT SHA1_Init ++# define HASH_BLOCK_DATA_ORDER sha1_block_data_order ++# if defined(__MWERKS__) && defined(__MC68K__) ++ /* Metrowerks for Motorola fails otherwise:-( */ ++# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ ++ ix=(a)=ROTATE((a),1); \ ++ } while (0) ++# else ++# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ + ix=(a)=ROTATE((a),1) \ + ) ++# endif + +-#ifndef SHA1_ASM +-static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); +-#else ++# ifndef SHA1_ASM ++static ++# endif + void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); ++ ++#else ++# error "Either SHA_0 or SHA_1 must be defined." + #endif + +-#include "internal/md32_common.h" ++#include "md32_common.h" + + #define INIT_DATA_h0 0x67452301UL + #define INIT_DATA_h1 0xefcdab89UL +@@ -50,7 +122,11 @@ void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); + #define INIT_DATA_h3 0x10325476UL + #define INIT_DATA_h4 0xc3d2e1f0UL + +-int HASH_INIT(SHA_CTX *c) ++#ifdef SHA_0 ++fips_md_init(SHA) ++#else ++fips_md_init_ctx(SHA1, SHA) ++#endif + { + memset(c, 0, sizeof(*c)); + c->h0 = INIT_DATA_h0; +@@ -115,7 +191,7 @@ int HASH_INIT(SHA_CTX *c) + # ifndef MD32_XARRAY + /* + * Originally X was an array. As it's automatic it's natural +- * to expect RISC compiler to accommodate at least part of it in ++ * to expect RISC compiler to accomodate at least part of it in + * the register bank, isn't it? Unfortunately not all compilers + * "find" this expectation reasonable:-( On order to make such + * compilers generate better code I replace X[] with a bunch of +@@ -132,7 +208,7 @@ int HASH_INIT(SHA_CTX *c) + # define X(i) XX[i] + # endif + +-# if !defined(SHA1_ASM) ++# if !defined(SHA_1) || !defined(SHA1_ASM) + static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) + { + const unsigned char *data = p; +@@ -366,7 +442,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xa; } while(0) + +-# if !defined(SHA1_ASM) ++# if !defined(SHA_1) || !defined(SHA1_ASM) + static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) + { + const unsigned char *data = p; +@@ -382,7 +458,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) + + for (;;) { + for (i = 0; i < 16; i++) { +- (void)HOST_c2l(data, l); ++ HOST_c2l(data, l); + X[i] = l; + BODY_00_15(X[i]); + } +diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c +new file mode 100644 +index 0000000..0930b98 +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/sha/sha_one.c +@@ -0,0 +1,79 @@ ++/* crypto/sha/sha_one.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#ifndef OPENSSL_NO_SHA0 ++unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) ++{ ++ SHA_CTX c; ++ static unsigned char m[SHA_DIGEST_LENGTH]; ++ ++ if (md == NULL) ++ md = m; ++ if (!SHA_Init(&c)) ++ return NULL; ++ SHA_Update(&c, d, n); ++ SHA_Final(md, &c); ++ OPENSSL_cleanse(&c, sizeof(c)); ++ return (md); ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c +index 43ddf30..fa50083 100644 +--- a/Cryptlib/OpenSSL/crypto/stack/stack.c ++++ b/Cryptlib/OpenSSL/crypto/stack/stack.c +@@ -1,34 +1,86 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/stack/stack.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + ++/*- ++ * Code for stacks ++ * Author - Eric Young v 1.0 ++ * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the ++ * lowest index for the searched item. ++ * ++ * 1.1 eay - Take from netdb and added to SSLeay ++ * ++ * 1.0 eay - First version 29/07/92 ++ */ + #include +-#include "internal/cryptlib.h" +-#include "internal/numbers.h" ++#include "cryptlib.h" + #include + #include + +-struct stack_st { +- int num; +- const char **data; +- int sorted; +- size_t num_alloc; +- OPENSSL_sk_compfunc comp; +-}; +- + #undef MIN_NODES + #define MIN_NODES 4 + ++const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT; ++ + #include + +-OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c) +-{ +- OPENSSL_sk_compfunc old = sk->comp; ++int (*sk_set_cmp_func(_STACK *sk, int (*c) (const void *, const void *))) ++ (const void *, const void *) { ++ int (*old) (const void *, const void *) = sk->comp; + + if (sk->comp != c) + sk->sorted = 0; +@@ -37,50 +89,51 @@ OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfu + return old; + } + +-OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk) ++_STACK *sk_dup(_STACK *sk) + { +- OPENSSL_STACK *ret; ++ _STACK *ret; ++ char **s; + +- if (sk->num < 0) +- return NULL; +- +- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) +- return NULL; +- +- /* direct structure assignment */ +- *ret = *sk; +- +- if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL) ++ if ((ret = sk_new(sk->comp)) == NULL) + goto err; ++ s = (char **)OPENSSL_realloc((char *)ret->data, ++ (unsigned int)sizeof(char *) * ++ sk->num_alloc); ++ if (s == NULL) ++ goto err; ++ ret->data = s; ++ ++ ret->num = sk->num; + memcpy(ret->data, sk->data, sizeof(char *) * sk->num); +- return ret; ++ ret->sorted = sk->sorted; ++ ret->num_alloc = sk->num_alloc; ++ ret->comp = sk->comp; ++ return (ret); + err: +- OPENSSL_sk_free(ret); +- return NULL; ++ if (ret) ++ sk_free(ret); ++ return (NULL); + } + +-OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, +- OPENSSL_sk_copyfunc copy_func, +- OPENSSL_sk_freefunc free_func) ++_STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *), ++ void (*free_func) (void *)) + { +- OPENSSL_STACK *ret; ++ _STACK *ret; + int i; + +- if (sk->num < 0) +- return NULL; +- +- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) +- return NULL; +- +- /* direct structure assignment */ +- *ret = *sk; +- +- ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES; +- ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc); ++ if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL) ++ return ret; ++ ret->comp = sk->comp; ++ ret->sorted = sk->sorted; ++ ret->num = sk->num; ++ ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES; ++ ret->data = OPENSSL_malloc(sizeof(char *) * ret->num_alloc); + if (ret->data == NULL) { + OPENSSL_free(ret); + return NULL; + } ++ for (i = 0; i < ret->num_alloc; i++) ++ ret->data[i] = NULL; + + for (i = 0; i < ret->num; ++i) { + if (sk->data[i] == NULL) +@@ -88,103 +141,112 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, + if ((ret->data[i] = copy_func(sk->data[i])) == NULL) { + while (--i >= 0) + if (ret->data[i] != NULL) +- free_func((void *)ret->data[i]); +- OPENSSL_sk_free(ret); ++ free_func(ret->data[i]); ++ sk_free(ret); + return NULL; + } + } + return ret; + } + +-OPENSSL_STACK *OPENSSL_sk_new_null(void) ++_STACK *sk_new_null(void) + { +- return OPENSSL_sk_new((OPENSSL_sk_compfunc)NULL); ++ return sk_new((int (*)(const void *, const void *))0); + } + +-OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c) ++_STACK *sk_new(int (*c) (const void *, const void *)) + { +- OPENSSL_STACK *ret; ++ _STACK *ret; ++ int i; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) ++ if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL) + goto err; +- if ((ret->data = OPENSSL_zalloc(sizeof(*ret->data) * MIN_NODES)) == NULL) ++ if ((ret->data = OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL) + goto err; ++ for (i = 0; i < MIN_NODES; i++) ++ ret->data[i] = NULL; + ret->comp = c; + ret->num_alloc = MIN_NODES; ++ ret->num = 0; ++ ret->sorted = 0; + return (ret); +- + err: +- OPENSSL_free(ret); ++ if (ret) ++ OPENSSL_free(ret); + return (NULL); + } + +-int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) ++int sk_insert(_STACK *st, void *data, int loc) + { +- if (st == NULL || st->num < 0 || st->num == INT_MAX) { +- return 0; +- } +- +- if (st->num_alloc <= (size_t)(st->num + 1)) { +- size_t doub_num_alloc = st->num_alloc * 2; +- const char **tmpdata; ++ char **s; + +- /* Overflow checks */ +- if (doub_num_alloc < st->num_alloc) +- return 0; +- +- /* Avoid overflow due to multiplication by sizeof(char *) */ +- if (doub_num_alloc > SIZE_MAX / sizeof(char *)) +- return 0; +- +- tmpdata = OPENSSL_realloc((char *)st->data, +- sizeof(char *) * doub_num_alloc); +- if (tmpdata == NULL) +- return 0; +- +- st->data = tmpdata; +- st->num_alloc = doub_num_alloc; ++ if (st == NULL) ++ return 0; ++ if (st->num_alloc <= st->num + 1) { ++ s = OPENSSL_realloc((char *)st->data, ++ (unsigned int)sizeof(char *) * st->num_alloc * 2); ++ if (s == NULL) ++ return (0); ++ st->data = s; ++ st->num_alloc *= 2; + } +- if ((loc >= st->num) || (loc < 0)) { ++ if ((loc >= (int)st->num) || (loc < 0)) + st->data[st->num] = data; +- } else { +- memmove(&st->data[loc + 1], &st->data[loc], +- sizeof(st->data[0]) * (st->num - loc)); ++ else { ++ int i; ++ char **f, **t; ++ ++ f = st->data; ++ t = &(st->data[1]); ++ for (i = st->num; i >= loc; i--) ++ t[i] = f[i]; ++ ++#ifdef undef /* no memmove on sunos :-( */ ++ memmove(&(st->data[loc + 1]), ++ &(st->data[loc]), sizeof(char *) * (st->num - loc)); ++#endif + st->data[loc] = data; + } + st->num++; + st->sorted = 0; +- return st->num; ++ return (st->num); + } + +-void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p) ++void *sk_delete_ptr(_STACK *st, void *p) + { + int i; + + for (i = 0; i < st->num; i++) + if (st->data[i] == p) +- return OPENSSL_sk_delete(st, i); +- return NULL; ++ return (sk_delete(st, i)); ++ return (NULL); + } + +-void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc) ++void *sk_delete(_STACK *st, int loc) + { +- const char *ret; ++ char *ret; ++ int i, j; + +- if (st == NULL || loc < 0 || loc >= st->num) ++ if (!st || (loc < 0) || (loc >= st->num)) + return NULL; + + ret = st->data[loc]; +- if (loc != st->num - 1) +- memmove(&st->data[loc], &st->data[loc + 1], +- sizeof(st->data[0]) * (st->num - loc - 1)); ++ if (loc != st->num - 1) { ++ j = st->num - 1; ++ for (i = loc; i < j; i++) ++ st->data[i] = st->data[i + 1]; ++ /* ++ * In theory memcpy is not safe for this memcpy( &(st->data[loc]), ++ * &(st->data[loc+1]), sizeof(char *)*(st->num-loc-1)); ++ */ ++ } + st->num--; +- return (void *)ret; ++ return (ret); + } + +-static int internal_find(OPENSSL_STACK *st, const void *data, +- int ret_val_options) ++static int internal_find(_STACK *st, void *data, int ret_val_options) + { +- const void *r; ++ const void *const *r; + int i; + + if (st == NULL) +@@ -196,65 +258,65 @@ static int internal_find(OPENSSL_STACK *st, const void *data, + return (i); + return (-1); + } +- OPENSSL_sk_sort(st); ++ sk_sort(st); + if (data == NULL) + return (-1); + r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp, + ret_val_options); + if (r == NULL) + return (-1); +- return (int)((const char **)r - st->data); ++ return (int)((char **)r - st->data); + } + +-int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data) ++int sk_find(_STACK *st, void *data) + { + return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); + } + +-int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data) ++int sk_find_ex(_STACK *st, void *data) + { + return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); + } + +-int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data) ++int sk_push(_STACK *st, void *data) + { +- return (OPENSSL_sk_insert(st, data, st->num)); ++ return (sk_insert(st, data, st->num)); + } + +-int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data) ++int sk_unshift(_STACK *st, void *data) + { +- return (OPENSSL_sk_insert(st, data, 0)); ++ return (sk_insert(st, data, 0)); + } + +-void *OPENSSL_sk_shift(OPENSSL_STACK *st) ++void *sk_shift(_STACK *st) + { + if (st == NULL) + return (NULL); + if (st->num <= 0) + return (NULL); +- return (OPENSSL_sk_delete(st, 0)); ++ return (sk_delete(st, 0)); + } + +-void *OPENSSL_sk_pop(OPENSSL_STACK *st) ++void *sk_pop(_STACK *st) + { + if (st == NULL) + return (NULL); + if (st->num <= 0) + return (NULL); +- return (OPENSSL_sk_delete(st, st->num - 1)); ++ return (sk_delete(st, st->num - 1)); + } + +-void OPENSSL_sk_zero(OPENSSL_STACK *st) ++void sk_zero(_STACK *st) + { + if (st == NULL) + return; + if (st->num <= 0) + return; +- memset(st->data, 0, sizeof(*st->data) * st->num); ++ memset((char *)st->data, 0, sizeof(*st->data) * st->num); + st->num = 0; + } + +-void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) ++void sk_pop_free(_STACK *st, void (*func) (void *)) + { + int i; + +@@ -262,51 +324,61 @@ void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func) + return; + for (i = 0; i < st->num; i++) + if (st->data[i] != NULL) +- func((char *)st->data[i]); +- OPENSSL_sk_free(st); ++ func(st->data[i]); ++ sk_free(st); + } + +-void OPENSSL_sk_free(OPENSSL_STACK *st) ++void sk_free(_STACK *st) + { + if (st == NULL) + return; +- OPENSSL_free(st->data); ++ if (st->data != NULL) ++ OPENSSL_free(st->data); + OPENSSL_free(st); + } + +-int OPENSSL_sk_num(const OPENSSL_STACK *st) ++int sk_num(const _STACK *st) + { + if (st == NULL) + return -1; + return st->num; + } + +-void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i) ++void *sk_value(const _STACK *st, int i) + { +- if (st == NULL || i < 0 || i >= st->num) ++ if (!st || (i < 0) || (i >= st->num)) + return NULL; +- return (void *)st->data[i]; ++ return st->data[i]; + } + +-void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data) ++void *sk_set(_STACK *st, int i, void *value) + { +- if (st == NULL || i < 0 || i >= st->num) ++ if (!st || (i < 0) || (i >= st->num)) + return NULL; +- st->data[i] = data; +- return (void *)st->data[i]; ++ return (st->data[i] = value); + } + +-void OPENSSL_sk_sort(OPENSSL_STACK *st) ++void sk_sort(_STACK *st) + { + if (st && !st->sorted && st->comp != NULL) { +- qsort(st->data, st->num, sizeof(char *), st->comp); ++ int (*comp_func) (const void *, const void *); ++ ++ /* ++ * same comment as in sk_find ... previously st->comp was declared as ++ * a (void*,void*) callback type, but this made the population of the ++ * callback pointer illogical - our callbacks compare type** with ++ * type**, so we leave the casting until absolutely necessary (ie. ++ * "now"). ++ */ ++ comp_func = (int (*)(const void *, const void *))(st->comp); ++ qsort(st->data, st->num, sizeof(char *), comp_func); + st->sorted = 1; + } + } + +-int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st) ++int sk_is_sorted(const _STACK *st) + { +- if (st == NULL) ++ if (!st) + return 1; + return st->sorted; + } +diff --git a/Cryptlib/OpenSSL/crypto/threads_none.c b/Cryptlib/OpenSSL/crypto/threads_none.c +deleted file mode 100644 +index 72bf25b..0000000 +--- a/Cryptlib/OpenSSL/crypto/threads_none.c ++++ /dev/null +@@ -1,124 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG) +- +-CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) +-{ +- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(unsigned int)); +- if (lock == NULL) +- return NULL; +- +- *(unsigned int *)lock = 1; +- +- return lock; +-} +- +-int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) +-{ +- OPENSSL_assert(*(unsigned int *)lock == 1); +- return 1; +-} +- +-int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) +-{ +- OPENSSL_assert(*(unsigned int *)lock == 1); +- return 1; +-} +- +-int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) +-{ +- OPENSSL_assert(*(unsigned int *)lock == 1); +- return 1; +-} +- +-void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) { +- if (lock == NULL) +- return; +- +- *(unsigned int *)lock = 0; +- OPENSSL_free(lock); +- +- return; +-} +- +-int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) +-{ +- if (*once != 0) +- return 1; +- +- init(); +- *once = 1; +- +- return 1; +-} +- +-#define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256 +- +-static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX]; +- +-int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) +-{ +- static unsigned int thread_local_key = 0; +- +- if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) +- return 0; +- +- *key = thread_local_key++; +- +- thread_local_storage[*key] = NULL; +- +- return 1; +-} +- +-void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) +-{ +- if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) +- return NULL; +- +- return thread_local_storage[*key]; +-} +- +-int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) +-{ +- if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX) +- return 0; +- +- thread_local_storage[*key] = val; +- +- return 1; +-} +- +-int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) +-{ +- *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1; +- return 1; +-} +- +-CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) +-{ +- return 0; +-} +- +-int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) +-{ +- return (a == b); +-} +- +-int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) +-{ +- *val += amount; +- *ret = *val; +- +- return 1; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/threads_pthread.c b/Cryptlib/OpenSSL/crypto/threads_pthread.c +deleted file mode 100644 +index 151013e..0000000 +--- a/Cryptlib/OpenSSL/crypto/threads_pthread.c ++++ /dev/null +@@ -1,171 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +- +-#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) +- +-# ifdef PTHREAD_RWLOCK_INITIALIZER +-# define USE_RWLOCK +-# endif +- +-CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) +-{ +-# ifdef USE_RWLOCK +- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t)); +- if (lock == NULL) +- return NULL; +- +- if (pthread_rwlock_init(lock, NULL) != 0) { +- OPENSSL_free(lock); +- return NULL; +- } +-# else +- pthread_mutexattr_t attr; +- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(pthread_mutex_t)); +- if (lock == NULL) +- return NULL; +- +- pthread_mutexattr_init(&attr); +- pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE); +- +- if (pthread_mutex_init(lock, &attr) != 0) { +- pthread_mutexattr_destroy(&attr); +- OPENSSL_free(lock); +- return NULL; +- } +- +- pthread_mutexattr_destroy(&attr); +-# endif +- +- return lock; +-} +- +-int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) +-{ +-# ifdef USE_RWLOCK +- if (pthread_rwlock_rdlock(lock) != 0) +- return 0; +-# else +- if (pthread_mutex_lock(lock) != 0) +- return 0; +-# endif +- +- return 1; +-} +- +-int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) +-{ +-# ifdef USE_RWLOCK +- if (pthread_rwlock_wrlock(lock) != 0) +- return 0; +-# else +- if (pthread_mutex_lock(lock) != 0) +- return 0; +-# endif +- +- return 1; +-} +- +-int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) +-{ +-# ifdef USE_RWLOCK +- if (pthread_rwlock_unlock(lock) != 0) +- return 0; +-# else +- if (pthread_mutex_unlock(lock) != 0) +- return 0; +-# endif +- +- return 1; +-} +- +-void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) +-{ +- if (lock == NULL) +- return; +- +-# ifdef USE_RWLOCK +- pthread_rwlock_destroy(lock); +-# else +- pthread_mutex_destroy(lock); +-# endif +- OPENSSL_free(lock); +- +- return; +-} +- +-int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) +-{ +- if (pthread_once(once, init) != 0) +- return 0; +- +- return 1; +-} +- +-int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) +-{ +- if (pthread_key_create(key, cleanup) != 0) +- return 0; +- +- return 1; +-} +- +-void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) +-{ +- return pthread_getspecific(*key); +-} +- +-int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) +-{ +- if (pthread_setspecific(*key, val) != 0) +- return 0; +- +- return 1; +-} +- +-int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) +-{ +- if (pthread_key_delete(*key) != 0) +- return 0; +- +- return 1; +-} +- +-CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) +-{ +- return pthread_self(); +-} +- +-int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) +-{ +- return pthread_equal(a, b); +-} +- +-int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) +-{ +-# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) +- if (__atomic_is_lock_free(sizeof(*val), val)) { +- *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL); +- return 1; +- } +-# endif +- if (!CRYPTO_THREAD_write_lock(lock)) +- return 0; +- +- *val += amount; +- *ret = *val; +- +- if (!CRYPTO_THREAD_unlock(lock)) +- return 0; +- +- return 1; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/threads_win.c b/Cryptlib/OpenSSL/crypto/threads_win.c +deleted file mode 100644 +index 4e0de90..0000000 +--- a/Cryptlib/OpenSSL/crypto/threads_win.c ++++ /dev/null +@@ -1,136 +0,0 @@ +-/* +- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#if defined(_WIN32) +-# include +-#endif +- +-#include +- +-#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) +- +-CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) +-{ +- CRYPTO_RWLOCK *lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION)); +- if (lock == NULL) +- return NULL; +- +- /* 0x400 is the spin count value suggested in the documentation */ +- if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) { +- OPENSSL_free(lock); +- return NULL; +- } +- +- return lock; +-} +- +-int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) +-{ +- EnterCriticalSection(lock); +- return 1; +-} +- +-int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) +-{ +- EnterCriticalSection(lock); +- return 1; +-} +- +-int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) +-{ +- LeaveCriticalSection(lock); +- return 1; +-} +- +-void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) +-{ +- if (lock == NULL) +- return; +- +- DeleteCriticalSection(lock); +- OPENSSL_free(lock); +- +- return; +-} +- +-# define ONCE_UNINITED 0 +-# define ONCE_ININIT 1 +-# define ONCE_DONE 2 +- +-/* +- * We don't use InitOnceExecuteOnce because that isn't available in WinXP which +- * we still have to support. +- */ +-int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void)) +-{ +- LONG volatile *lock = (LONG *)once; +- LONG result; +- +- if (*lock == ONCE_DONE) +- return 1; +- +- do { +- result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED); +- if (result == ONCE_UNINITED) { +- init(); +- *lock = ONCE_DONE; +- return 1; +- } +- } while (result == ONCE_ININIT); +- +- return (*lock == ONCE_DONE); +-} +- +-int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *)) +-{ +- *key = TlsAlloc(); +- if (*key == TLS_OUT_OF_INDEXES) +- return 0; +- +- return 1; +-} +- +-void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key) +-{ +- return TlsGetValue(*key); +-} +- +-int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val) +-{ +- if (TlsSetValue(*key, val) == 0) +- return 0; +- +- return 1; +-} +- +-int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key) +-{ +- if (TlsFree(*key) == 0) +- return 0; +- +- return 1; +-} +- +-CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void) +-{ +- return GetCurrentThreadId(); +-} +- +-int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b) +-{ +- return (a == b); +-} +- +-int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) +-{ +- *ret = InterlockedExchangeAdd(val, amount) + amount; +- return 1; +-} +- +-#endif +diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +index 1432230..f9b42ac 100644 +--- a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c ++++ b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c +@@ -1,25 +1,77 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/txt_db/txt_db.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + + #undef BUFSIZE + #define BUFSIZE 512 + ++const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT; ++ + TXT_DB *TXT_DB_read(BIO *in, int num) + { + TXT_DB *ret = NULL; ++ int er = 1; + int esc = 0; + long ln = 0; + int i, add, n; +@@ -34,7 +86,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + if (!BUF_MEM_grow(buf, size)) + goto err; + +- if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) ++ if ((ret = OPENSSL_malloc(sizeof(TXT_DB))) == NULL) + goto err; + ret->num_fields = num; + ret->index = NULL; +@@ -72,7 +124,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + continue; + else { + buf->data[offset - 1] = '\0'; /* blat the '\n' */ +- if ((p = OPENSSL_malloc(add + offset)) == NULL) ++ if (!(p = OPENSSL_malloc(add + offset))) + goto err; + offset = 0; + } +@@ -104,24 +156,46 @@ TXT_DB *TXT_DB_read(BIO *in, int num) + } + *(p++) = '\0'; + if ((n != num) || (*f != '\0')) { +- ret->error = DB_ERROR_WRONG_NUM_FIELDS; ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary ++ * fix :-( */ ++ fprintf(stderr, ++ "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", ++ ln, num, n, f); ++#endif ++ er = 2; + goto err; + } + pp[n] = p; +- if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) ++ if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary ++ * fix :-( */ ++ fprintf(stderr, "failure in sk_push\n"); ++#endif ++ er = 2; + goto err; ++ } + } +- BUF_MEM_free(buf); +- return ret; ++ er = 0; + err: + BUF_MEM_free(buf); +- if (ret != NULL) { +- sk_OPENSSL_PSTRING_free(ret->data); +- OPENSSL_free(ret->index); +- OPENSSL_free(ret->qual); +- OPENSSL_free(ret); +- } +- return (NULL); ++ if (er) { ++#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) ++ if (er == 1) ++ fprintf(stderr, "OPENSSL_malloc failure\n"); ++#endif ++ if (ret != NULL) { ++ if (ret->data != NULL) ++ sk_OPENSSL_PSTRING_free(ret->data); ++ if (ret->index != NULL) ++ OPENSSL_free(ret->index); ++ if (ret->qual != NULL) ++ OPENSSL_free(ret->qual); ++ if (ret != NULL) ++ OPENSSL_free(ret); ++ } ++ return (NULL); ++ } else ++ return (ret); + } + + OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, +@@ -145,7 +219,7 @@ OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, + } + + int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), +- OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp) ++ LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) + { + LHASH_OF(OPENSSL_STRING) *idx; + OPENSSL_STRING *r; +@@ -156,7 +230,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + return (0); + } + /* FIXME: we lose type checking at this point */ +- if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) { ++ if ((idx = (LHASH_OF(OPENSSL_STRING) *)lh_new(hash, cmp)) == NULL) { + db->error = DB_ERROR_MALLOC; + return (0); + } +@@ -173,7 +247,8 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), + return (0); + } + } +- lh_OPENSSL_STRING_free(db->index[field]); ++ if (db->index[field] != NULL) ++ lh_OPENSSL_STRING_free(db->index[field]); + db->index[field] = idx; + db->qual[field] = qual; + return (1); +@@ -222,7 +297,8 @@ long TXT_DB_write(BIO *out, TXT_DB *db) + } + ret = tot; + err: +- BUF_MEM_free(buf); ++ if (buf != NULL) ++ BUF_MEM_free(buf); + return (ret); + } + +@@ -272,10 +348,12 @@ void TXT_DB_free(TXT_DB *db) + + if (db->index != NULL) { + for (i = db->num_fields - 1; i >= 0; i--) +- lh_OPENSSL_STRING_free(db->index[i]); ++ if (db->index[i] != NULL) ++ lh_OPENSSL_STRING_free(db->index[i]); + OPENSSL_free(db->index); + } +- OPENSSL_free(db->qual); ++ if (db->qual != NULL) ++ OPENSSL_free(db->qual); + if (db->data != NULL) { + for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) { + /* +@@ -286,10 +364,12 @@ void TXT_DB_free(TXT_DB *db) + max = p[db->num_fields]; /* last address */ + if (max == NULL) { /* new row */ + for (n = 0; n < db->num_fields; n++) +- OPENSSL_free(p[n]); ++ if (p[n] != NULL) ++ OPENSSL_free(p[n]); + } else { + for (n = 0; n < db->num_fields; n++) { +- if (((p[n] < (char *)p) || (p[n] > max))) ++ if (((p[n] < (char *)p) || (p[n] > max)) ++ && (p[n] != NULL)) + OPENSSL_free(p[n]); + } + } +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c +new file mode 100644 +index 0000000..e79d54e +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c +@@ -0,0 +1,69 @@ ++/* crypto/ui/ui_compat.c */ ++/* ==================================================================== ++ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include ++ ++int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, ++ int verify) ++{ ++ return UI_UTIL_read_pw_string(buf, length, prompt, verify); ++} ++ ++int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, ++ int verify) ++{ ++ return UI_UTIL_read_pw(buf, buff, size, prompt, verify); ++} +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +new file mode 100644 +index 0000000..3cc067c +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c +@@ -0,0 +1,878 @@ ++/* crypto/ui/ui_lib.c */ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "cryptlib.h" ++#include ++#include ++#include ++#include ++#include "ui_locl.h" ++ ++IMPLEMENT_STACK_OF(UI_STRING_ST) ++ ++static const UI_METHOD *default_UI_meth = NULL; ++ ++UI *UI_new(void) ++{ ++ return (UI_new_method(NULL)); ++} ++ ++UI *UI_new_method(const UI_METHOD *method) ++{ ++ UI *ret; ++ ++ ret = (UI *)OPENSSL_malloc(sizeof(UI)); ++ if (ret == NULL) { ++ UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (method == NULL) ++ ret->meth = UI_get_default_method(); ++ else ++ ret->meth = method; ++ ++ ret->strings = NULL; ++ ret->user_data = NULL; ++ ret->flags = 0; ++ CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); ++ return ret; ++} ++ ++static void free_string(UI_STRING *uis) ++{ ++ if (uis->flags & OUT_STRING_FREEABLE) { ++ OPENSSL_free((char *)uis->out_string); ++ switch (uis->type) { ++ case UIT_BOOLEAN: ++ OPENSSL_free((char *)uis->_.boolean_data.action_desc); ++ OPENSSL_free((char *)uis->_.boolean_data.ok_chars); ++ OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); ++ break; ++ default: ++ break; ++ } ++ } ++ OPENSSL_free(uis); ++} ++ ++void UI_free(UI *ui) ++{ ++ if (ui == NULL) ++ return; ++ sk_UI_STRING_pop_free(ui->strings, free_string); ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); ++ OPENSSL_free(ui); ++} ++ ++static int allocate_string_stack(UI *ui) ++{ ++ if (ui->strings == NULL) { ++ ui->strings = sk_UI_STRING_new_null(); ++ if (ui->strings == NULL) { ++ return -1; ++ } ++ } ++ return 0; ++} ++ ++static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, ++ int prompt_freeable, ++ enum UI_string_types type, ++ int input_flags, char *result_buf) ++{ ++ UI_STRING *ret = NULL; ++ ++ if (prompt == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER); ++ } else if ((type == UIT_PROMPT || type == UIT_VERIFY ++ || type == UIT_BOOLEAN) && result_buf == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER); ++ } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) { ++ ret->out_string = prompt; ++ ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; ++ ret->input_flags = input_flags; ++ ret->type = type; ++ ret->result_buf = result_buf; ++ } ++ return ret; ++} ++ ++static int general_allocate_string(UI *ui, const char *prompt, ++ int prompt_freeable, ++ enum UI_string_types type, int input_flags, ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf) ++{ ++ int ret = -1; ++ UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, ++ type, input_flags, result_buf); ++ ++ if (s != NULL) { ++ if (allocate_string_stack(ui) >= 0) { ++ s->_.string_data.result_minsize = minsize; ++ s->_.string_data.result_maxsize = maxsize; ++ s->_.string_data.test_buf = test_buf; ++ ret = sk_UI_STRING_push(ui->strings, s); ++ /* sk_push() returns 0 on error. Let's addapt that */ ++ if (ret <= 0) ++ ret--; ++ } else ++ free_string(s); ++ } ++ return ret; ++} ++ ++static int general_allocate_boolean(UI *ui, ++ const char *prompt, ++ const char *action_desc, ++ const char *ok_chars, ++ const char *cancel_chars, ++ int prompt_freeable, ++ enum UI_string_types type, ++ int input_flags, char *result_buf) ++{ ++ int ret = -1; ++ UI_STRING *s; ++ const char *p; ++ ++ if (ok_chars == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); ++ } else if (cancel_chars == NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER); ++ } else { ++ for (p = ok_chars; *p != '\0'; p++) { ++ if (strchr(cancel_chars, *p) != NULL) { ++ UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ++ UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); ++ } ++ } ++ ++ s = general_allocate_prompt(ui, prompt, prompt_freeable, ++ type, input_flags, result_buf); ++ ++ if (s != NULL) { ++ if (allocate_string_stack(ui) >= 0) { ++ s->_.boolean_data.action_desc = action_desc; ++ s->_.boolean_data.ok_chars = ok_chars; ++ s->_.boolean_data.cancel_chars = cancel_chars; ++ ret = sk_UI_STRING_push(ui->strings, s); ++ /* ++ * sk_push() returns 0 on error. Let's addapt that ++ */ ++ if (ret <= 0) ++ ret--; ++ } else ++ free_string(s); ++ } ++ } ++ return ret; ++} ++ ++/* ++ * Returns the index to the place in the stack or -1 for error. Uses a ++ * direct reference to the prompt. ++ */ ++int UI_add_input_string(UI *ui, const char *prompt, int flags, ++ char *result_buf, int minsize, int maxsize) ++{ ++ return general_allocate_string(ui, prompt, 0, ++ UIT_PROMPT, flags, result_buf, minsize, ++ maxsize, NULL); ++} ++ ++/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */ ++int UI_dup_input_string(UI *ui, const char *prompt, int flags, ++ char *result_buf, int minsize, int maxsize) ++{ ++ char *prompt_copy = NULL; ++ ++ if (prompt != NULL) { ++ prompt_copy = BUF_strdup(prompt); ++ if (prompt_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ } ++ ++ return general_allocate_string(ui, prompt_copy, 1, ++ UIT_PROMPT, flags, result_buf, minsize, ++ maxsize, NULL); ++} ++ ++int UI_add_verify_string(UI *ui, const char *prompt, int flags, ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf) ++{ ++ return general_allocate_string(ui, prompt, 0, ++ UIT_VERIFY, flags, result_buf, minsize, ++ maxsize, test_buf); ++} ++ ++int UI_dup_verify_string(UI *ui, const char *prompt, int flags, ++ char *result_buf, int minsize, int maxsize, ++ const char *test_buf) ++{ ++ char *prompt_copy = NULL; ++ ++ if (prompt != NULL) { ++ prompt_copy = BUF_strdup(prompt); ++ if (prompt_copy == NULL) { ++ UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ } ++ ++ return general_allocate_string(ui, prompt_copy, 1, ++ UIT_VERIFY, flags, result_buf, minsize, ++ maxsize, test_buf); ++} ++ ++int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, ++ const char *ok_chars, const char *cancel_chars, ++ int flags, char *result_buf) ++{ ++ return general_allocate_boolean(ui, prompt, action_desc, ++ ok_chars, cancel_chars, 0, UIT_BOOLEAN, ++ flags, result_buf); ++} ++ ++int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, ++ const char *ok_chars, const char *cancel_chars, ++ int flags, char *result_buf) ++{ ++ char *prompt_copy = NULL; ++ char *action_desc_copy = NULL; ++ char *ok_chars_copy = NULL; ++ char *cancel_chars_copy = NULL; ++ ++ if (prompt != NULL) { ++ prompt_copy = BUF_strdup(prompt); ++ if (prompt_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (action_desc != NULL) { ++ action_desc_copy = BUF_strdup(action_desc); ++ if (action_desc_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (ok_chars != NULL) { ++ ok_chars_copy = BUF_strdup(ok_chars); ++ if (ok_chars_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ if (cancel_chars != NULL) { ++ cancel_chars_copy = BUF_strdup(cancel_chars); ++ if (cancel_chars_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ } ++ ++ return general_allocate_boolean(ui, prompt_copy, action_desc_copy, ++ ok_chars_copy, cancel_chars_copy, 1, ++ UIT_BOOLEAN, flags, result_buf); ++ err: ++ if (prompt_copy) ++ OPENSSL_free(prompt_copy); ++ if (action_desc_copy) ++ OPENSSL_free(action_desc_copy); ++ if (ok_chars_copy) ++ OPENSSL_free(ok_chars_copy); ++ if (cancel_chars_copy) ++ OPENSSL_free(cancel_chars_copy); ++ return -1; ++} ++ ++int UI_add_info_string(UI *ui, const char *text) ++{ ++ return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, ++ NULL); ++} ++ ++int UI_dup_info_string(UI *ui, const char *text) ++{ ++ char *text_copy = NULL; ++ ++ if (text != NULL) { ++ text_copy = BUF_strdup(text); ++ if (text_copy == NULL) { ++ UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ } ++ ++ return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, ++ 0, 0, NULL); ++} ++ ++int UI_add_error_string(UI *ui, const char *text) ++{ ++ return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, ++ NULL); ++} ++ ++int UI_dup_error_string(UI *ui, const char *text) ++{ ++ char *text_copy = NULL; ++ ++ if (text != NULL) { ++ text_copy = BUF_strdup(text); ++ if (text_copy == NULL) { ++ UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE); ++ return -1; ++ } ++ } ++ return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, ++ 0, 0, NULL); ++} ++ ++char *UI_construct_prompt(UI *ui, const char *object_desc, ++ const char *object_name) ++{ ++ char *prompt = NULL; ++ ++ if (ui->meth->ui_construct_prompt != NULL) ++ prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name); ++ else { ++ char prompt1[] = "Enter "; ++ char prompt2[] = " for "; ++ char prompt3[] = ":"; ++ int len = 0; ++ ++ if (object_desc == NULL) ++ return NULL; ++ len = sizeof(prompt1) - 1 + strlen(object_desc); ++ if (object_name != NULL) ++ len += sizeof(prompt2) - 1 + strlen(object_name); ++ len += sizeof(prompt3) - 1; ++ ++ prompt = (char *)OPENSSL_malloc(len + 1); ++ if (prompt == NULL) ++ return NULL; ++ BUF_strlcpy(prompt, prompt1, len + 1); ++ BUF_strlcat(prompt, object_desc, len + 1); ++ if (object_name != NULL) { ++ BUF_strlcat(prompt, prompt2, len + 1); ++ BUF_strlcat(prompt, object_name, len + 1); ++ } ++ BUF_strlcat(prompt, prompt3, len + 1); ++ } ++ return prompt; ++} ++ ++void *UI_add_user_data(UI *ui, void *user_data) ++{ ++ void *old_data = ui->user_data; ++ ui->user_data = user_data; ++ return old_data; ++} ++ ++void *UI_get0_user_data(UI *ui) ++{ ++ return ui->user_data; ++} ++ ++const char *UI_get0_result(UI *ui, int i) ++{ ++ if (i < 0) { ++ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL); ++ return NULL; ++ } ++ if (i >= sk_UI_STRING_num(ui->strings)) { ++ UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE); ++ return NULL; ++ } ++ return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); ++} ++ ++static int print_error(const char *str, size_t len, UI *ui) ++{ ++ UI_STRING uis; ++ ++ memset(&uis, 0, sizeof(uis)); ++ uis.type = UIT_ERROR; ++ uis.out_string = str; ++ ++ if (ui->meth->ui_write_string != NULL ++ && ui->meth->ui_write_string(ui, &uis) <= 0) ++ return -1; ++ return 0; ++} ++ ++int UI_process(UI *ui) ++{ ++ int i, ok = 0; ++ ++ if (ui->meth->ui_open_session != NULL ++ && ui->meth->ui_open_session(ui) <= 0) { ++ ok = -1; ++ goto err; ++ } ++ ++ if (ui->flags & UI_FLAG_PRINT_ERRORS) ++ ERR_print_errors_cb((int (*)(const char *, size_t, void *)) ++ print_error, (void *)ui); ++ ++ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { ++ if (ui->meth->ui_write_string != NULL ++ && (ui->meth->ui_write_string(ui, ++ sk_UI_STRING_value(ui->strings, i)) ++ <= 0)) ++ { ++ ok = -1; ++ goto err; ++ } ++ } ++ ++ if (ui->meth->ui_flush != NULL) ++ switch (ui->meth->ui_flush(ui)) { ++ case -1: /* Interrupt/Cancel/something... */ ++ ok = -2; ++ goto err; ++ case 0: /* Errors */ ++ ok = -1; ++ goto err; ++ default: /* Success */ ++ ok = 0; ++ break; ++ } ++ ++ for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { ++ if (ui->meth->ui_read_string != NULL) { ++ switch (ui->meth->ui_read_string(ui, ++ sk_UI_STRING_value(ui->strings, ++ i))) { ++ case -1: /* Interrupt/Cancel/something... */ ++ ok = -2; ++ goto err; ++ case 0: /* Errors */ ++ ok = -1; ++ goto err; ++ default: /* Success */ ++ ok = 0; ++ break; ++ } ++ } ++ } ++ err: ++ if (ui->meth->ui_close_session != NULL ++ && ui->meth->ui_close_session(ui) <= 0) ++ return -1; ++ return ok; ++} ++ ++int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) ++{ ++ if (ui == NULL) { ++ UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER); ++ return -1; ++ } ++ switch (cmd) { ++ case UI_CTRL_PRINT_ERRORS: ++ { ++ int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS); ++ if (i) ++ ui->flags |= UI_FLAG_PRINT_ERRORS; ++ else ++ ui->flags &= ~UI_FLAG_PRINT_ERRORS; ++ return save_flag; ++ } ++ case UI_CTRL_IS_REDOABLE: ++ return ! !(ui->flags & UI_FLAG_REDOABLE); ++ default: ++ break; ++ } ++ UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND); ++ return -1; ++} ++ ++int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) ++{ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, ++ new_func, dup_func, free_func); ++} ++ ++int UI_set_ex_data(UI *r, int idx, void *arg) ++{ ++ return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); ++} ++ ++void *UI_get_ex_data(UI *r, int idx) ++{ ++ return (CRYPTO_get_ex_data(&r->ex_data, idx)); ++} ++ ++void UI_set_default_method(const UI_METHOD *meth) ++{ ++ default_UI_meth = meth; ++} ++ ++const UI_METHOD *UI_get_default_method(void) ++{ ++ if (default_UI_meth == NULL) { ++ default_UI_meth = UI_OpenSSL(); ++ } ++ return default_UI_meth; ++} ++ ++const UI_METHOD *UI_get_method(UI *ui) ++{ ++ return ui->meth; ++} ++ ++const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) ++{ ++ ui->meth = meth; ++ return ui->meth; ++} ++ ++UI_METHOD *UI_create_method(char *name) ++{ ++ UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); ++ ++ if (ui_method) { ++ memset(ui_method, 0, sizeof(*ui_method)); ++ ui_method->name = BUF_strdup(name); ++ } ++ return ui_method; ++} ++ ++/* ++ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method ++ * (that is, it hasn't been allocated using UI_create_method(), you deserve ++ * anything Murphy can throw at you and more! You have been warned. ++ */ ++void UI_destroy_method(UI_METHOD *ui_method) ++{ ++ OPENSSL_free(ui_method->name); ++ ui_method->name = NULL; ++ OPENSSL_free(ui_method); ++} ++ ++int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui)) ++{ ++ if (method != NULL) { ++ method->ui_open_session = opener; ++ return 0; ++ } ++ return -1; ++} ++ ++int UI_method_set_writer(UI_METHOD *method, ++ int (*writer) (UI *ui, UI_STRING *uis)) ++{ ++ if (method != NULL) { ++ method->ui_write_string = writer; ++ return 0; ++ } ++ return -1; ++} ++ ++int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui)) ++{ ++ if (method != NULL) { ++ method->ui_flush = flusher; ++ return 0; ++ } ++ return -1; ++} ++ ++int UI_method_set_reader(UI_METHOD *method, ++ int (*reader) (UI *ui, UI_STRING *uis)) ++{ ++ if (method != NULL) { ++ method->ui_read_string = reader; ++ return 0; ++ } ++ return -1; ++} ++ ++int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui)) ++{ ++ if (method != NULL) { ++ method->ui_close_session = closer; ++ return 0; ++ } ++ return -1; ++} ++ ++int UI_method_set_prompt_constructor(UI_METHOD *method, ++ char *(*prompt_constructor) (UI *ui, ++ const char ++ *object_desc, ++ const char ++ *object_name)) ++{ ++ if (method != NULL) { ++ method->ui_construct_prompt = prompt_constructor; ++ return 0; ++ } ++ return -1; ++} ++ ++int (*UI_method_get_opener(UI_METHOD *method)) (UI *) ++{ ++ if (method != NULL) ++ return method->ui_open_session; ++ return NULL; ++} ++ ++int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) ++{ ++ if (method != NULL) ++ return method->ui_write_string; ++ return NULL; ++} ++ ++int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) ++{ ++ if (method != NULL) ++ return method->ui_flush; ++ return NULL; ++} ++ ++int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) ++{ ++ if (method != NULL) ++ return method->ui_read_string; ++ return NULL; ++} ++ ++int (*UI_method_get_closer(UI_METHOD *method)) (UI *) ++{ ++ if (method != NULL) ++ return method->ui_close_session; ++ return NULL; ++} ++ ++char *(*UI_method_get_prompt_constructor(UI_METHOD *method)) (UI *, ++ const char *, ++ const char *) ++{ ++ if (method != NULL) ++ return method->ui_construct_prompt; ++ return NULL; ++} ++ ++enum UI_string_types UI_get_string_type(UI_STRING *uis) ++{ ++ if (!uis) ++ return UIT_NONE; ++ return uis->type; ++} ++ ++int UI_get_input_flags(UI_STRING *uis) ++{ ++ if (!uis) ++ return 0; ++ return uis->input_flags; ++} ++ ++const char *UI_get0_output_string(UI_STRING *uis) ++{ ++ if (!uis) ++ return NULL; ++ return uis->out_string; ++} ++ ++const char *UI_get0_action_string(UI_STRING *uis) ++{ ++ if (!uis) ++ return NULL; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_BOOLEAN: ++ return uis->_.boolean_data.action_desc; ++ default: ++ return NULL; ++ } ++} ++ ++const char *UI_get0_result_string(UI_STRING *uis) ++{ ++ if (!uis) ++ return NULL; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ return uis->result_buf; ++ default: ++ return NULL; ++ } ++} ++ ++const char *UI_get0_test_string(UI_STRING *uis) ++{ ++ if (!uis) ++ return NULL; ++ switch (uis->type) { ++ case UIT_VERIFY: ++ return uis->_.string_data.test_buf; ++ default: ++ return NULL; ++ } ++} ++ ++int UI_get_result_minsize(UI_STRING *uis) ++{ ++ if (!uis) ++ return -1; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ return uis->_.string_data.result_minsize; ++ default: ++ return -1; ++ } ++} ++ ++int UI_get_result_maxsize(UI_STRING *uis) ++{ ++ if (!uis) ++ return -1; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ return uis->_.string_data.result_maxsize; ++ default: ++ return -1; ++ } ++} ++ ++int UI_set_result(UI *ui, UI_STRING *uis, const char *result) ++{ ++ int l = strlen(result); ++ ++ ui->flags &= ~UI_FLAG_REDOABLE; ++ ++ if (!uis) ++ return -1; ++ switch (uis->type) { ++ case UIT_PROMPT: ++ case UIT_VERIFY: ++ { ++ char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1]; ++ char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1]; ++ ++ BIO_snprintf(number1, sizeof(number1), "%d", ++ uis->_.string_data.result_minsize); ++ BIO_snprintf(number2, sizeof(number2), "%d", ++ uis->_.string_data.result_maxsize); ++ ++ if (l < uis->_.string_data.result_minsize) { ++ ui->flags |= UI_FLAG_REDOABLE; ++ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL); ++ ERR_add_error_data(5, "You must type in ", ++ number1, " to ", number2, " characters"); ++ return -1; ++ } ++ if (l > uis->_.string_data.result_maxsize) { ++ ui->flags |= UI_FLAG_REDOABLE; ++ UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE); ++ ERR_add_error_data(5, "You must type in ", ++ number1, " to ", number2, " characters"); ++ return -1; ++ } ++ } ++ ++ if (!uis->result_buf) { ++ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); ++ return -1; ++ } ++ ++ BUF_strlcpy(uis->result_buf, result, ++ uis->_.string_data.result_maxsize + 1); ++ break; ++ case UIT_BOOLEAN: ++ { ++ const char *p; ++ ++ if (!uis->result_buf) { ++ UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER); ++ return -1; ++ } ++ ++ uis->result_buf[0] = '\0'; ++ for (p = result; *p; p++) { ++ if (strchr(uis->_.boolean_data.ok_chars, *p)) { ++ uis->result_buf[0] = uis->_.boolean_data.ok_chars[0]; ++ break; ++ } ++ if (strchr(uis->_.boolean_data.cancel_chars, *p)) { ++ uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0]; ++ break; ++ } ++ } ++ } ++ default: ++ break; ++ } ++ return 0; ++} +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_locl.h b/Cryptlib/OpenSSL/crypto/ui/ui_locl.h +new file mode 100644 +index 0000000..bebc13a +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_locl.h +@@ -0,0 +1,145 @@ ++/* crypto/ui/ui.h */ ++/* ++ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef HEADER_UI_LOCL_H ++# define HEADER_UI_LOCL_H ++ ++# include ++# include ++ ++# ifdef _ ++# undef _ ++# endif ++ ++struct ui_method_st { ++ char *name; ++ /* ++ * All the functions return 1 or non-NULL for success and 0 or NULL for ++ * failure ++ */ ++ /* ++ * Open whatever channel for this, be it the console, an X window or ++ * whatever. This function should use the ex_data structure to save ++ * intermediate data. ++ */ ++ int (*ui_open_session) (UI *ui); ++ int (*ui_write_string) (UI *ui, UI_STRING *uis); ++ /* ++ * Flush the output. If a GUI dialog box is used, this function can be ++ * used to actually display it. ++ */ ++ int (*ui_flush) (UI *ui); ++ int (*ui_read_string) (UI *ui, UI_STRING *uis); ++ int (*ui_close_session) (UI *ui); ++ /* ++ * Construct a prompt in a user-defined manner. object_desc is a textual ++ * short description of the object, for example "pass phrase", and ++ * object_name is the name of the object (might be a card name or a file ++ * name. The returned string shall always be allocated on the heap with ++ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). ++ */ ++ char *(*ui_construct_prompt) (UI *ui, const char *object_desc, ++ const char *object_name); ++}; ++ ++struct ui_string_st { ++ enum UI_string_types type; /* Input */ ++ const char *out_string; /* Input */ ++ int input_flags; /* Flags from the user */ ++ /* ++ * The following parameters are completely irrelevant for UIT_INFO, and ++ * can therefore be set to 0 or NULL ++ */ ++ char *result_buf; /* Input and Output: If not NULL, ++ * user-defined with size in result_maxsize. ++ * Otherwise, it may be allocated by the UI ++ * routine, meaning result_minsize is going ++ * to be overwritten. */ ++ union { ++ struct { ++ int result_minsize; /* Input: minimum required size of the ++ * result. */ ++ int result_maxsize; /* Input: maximum permitted size of the ++ * result */ ++ const char *test_buf; /* Input: test string to verify against */ ++ } string_data; ++ struct { ++ const char *action_desc; /* Input */ ++ const char *ok_chars; /* Input */ ++ const char *cancel_chars; /* Input */ ++ } boolean_data; ++ } _; ++ ++# define OUT_STRING_FREEABLE 0x01 ++ int flags; /* flags for internal use */ ++}; ++ ++struct ui_st { ++ const UI_METHOD *meth; ++ STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than ++ * one thing at a time, and with different ++ * echoing status. */ ++ void *user_data; ++ CRYPTO_EX_DATA ex_data; ++# define UI_FLAG_REDOABLE 0x0001 ++# define UI_FLAG_PRINT_ERRORS 0x0100 ++ int flags; ++}; ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c +new file mode 100644 +index 0000000..80dd40e +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/ui/ui_util.c +@@ -0,0 +1,97 @@ ++/* crypto/ui/ui_util.c */ ++/* ==================================================================== ++ * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@openssl.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#include ++#include "ui_locl.h" ++ ++#ifndef BUFSIZ ++#define BUFSIZ 256 ++#endif ++ ++int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, ++ int verify) ++{ ++ char buff[BUFSIZ]; ++ int ret; ++ ++ ret = ++ UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, ++ prompt, verify); ++ OPENSSL_cleanse(buff, BUFSIZ); ++ return (ret); ++} ++ ++int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, ++ int verify) ++{ ++ int ok = 0; ++ UI *ui; ++ ++ if (size < 1) ++ return -1; ++ ++ ui = UI_new(); ++ if (ui) { ++ ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); ++ if (ok >= 0 && verify) ++ ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf); ++ if (ok >= 0) ++ ok = UI_process(ui); ++ UI_free(ui); ++ } ++ if (ok > 0) ++ ok = 0; ++ return (ok); ++} +diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c +index 12df8a4..90694c6 100644 +--- a/Cryptlib/OpenSSL/crypto/uid.c ++++ b/Cryptlib/OpenSSL/crypto/uid.c +@@ -1,10 +1,56 @@ +-/* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/uid.c */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -19,7 +65,7 @@ int OPENSSL_issetugid(void) + return issetugid(); + } + +-#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) ++#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) + + int OPENSSL_issetugid(void) + { +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c +deleted file mode 100644 +index f3a1f05..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c ++++ /dev/null +@@ -1,388 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +- +-#include "internal/cryptlib.h" +- +-#ifndef NO_SYS_TYPES_H +-# include +-#endif +-#ifndef OPENSSL_NO_POSIX_IO +-# include +-#endif +- +- +-#include +-#include +-#include "internal/x509_int.h" +-#include "x509_lcl.h" +- +-struct lookup_dir_hashes_st { +- unsigned long hash; +- int suffix; +-}; +- +-struct lookup_dir_entry_st { +- char *dir; +- int dir_type; +- STACK_OF(BY_DIR_HASH) *hashes; +-}; +- +-typedef struct lookup_dir_st { +- BUF_MEM *buffer; +- STACK_OF(BY_DIR_ENTRY) *dirs; +- CRYPTO_RWLOCK *lock; +-} BY_DIR; +- +-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, +- char **ret); +-static int new_dir(X509_LOOKUP *lu); +-static void free_dir(X509_LOOKUP *lu); +-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); +-static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, +- X509_NAME *name, X509_OBJECT *ret); +-static X509_LOOKUP_METHOD x509_dir_lookup = { +- "Load certs from files in a directory", +- new_dir, /* new */ +- free_dir, /* free */ +- NULL, /* init */ +- NULL, /* shutdown */ +- dir_ctrl, /* ctrl */ +- get_cert_by_subject, /* get_by_subject */ +- NULL, /* get_by_issuer_serial */ +- NULL, /* get_by_fingerprint */ +- NULL, /* get_by_alias */ +-}; +- +-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) +-{ +- return (&x509_dir_lookup); +-} +- +-static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, +- char **retp) +-{ +- int ret = 0; +- BY_DIR *ld; +- char *dir = NULL; +- +- ld = (BY_DIR *)ctx->method_data; +- +- switch (cmd) { +- case X509_L_ADD_DIR: +- if (argl == X509_FILETYPE_DEFAULT) { +- dir = (char *)getenv(X509_get_default_cert_dir_env()); +- if (dir) +- ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM); +- else +- ret = add_cert_dir(ld, X509_get_default_cert_dir(), +- X509_FILETYPE_PEM); +- if (!ret) { +- X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR); +- } +- } else +- ret = add_cert_dir(ld, argp, (int)argl); +- break; +- } +- return (ret); +-} +- +-static int new_dir(X509_LOOKUP *lu) +-{ +- BY_DIR *a; +- +- if ((a = OPENSSL_malloc(sizeof(*a))) == NULL) +- return 0; +- if ((a->buffer = BUF_MEM_new()) == NULL) { +- OPENSSL_free(a); +- return 0; +- } +- a->dirs = NULL; +- a->lock = CRYPTO_THREAD_lock_new(); +- if (a->lock == NULL) { +- BUF_MEM_free(a->buffer); +- OPENSSL_free(a); +- return 0; +- } +- lu->method_data = (char *)a; +- return 1; +-} +- +-static void by_dir_hash_free(BY_DIR_HASH *hash) +-{ +- OPENSSL_free(hash); +-} +- +-static int by_dir_hash_cmp(const BY_DIR_HASH *const *a, +- const BY_DIR_HASH *const *b) +-{ +- if ((*a)->hash > (*b)->hash) +- return 1; +- if ((*a)->hash < (*b)->hash) +- return -1; +- return 0; +-} +- +-static void by_dir_entry_free(BY_DIR_ENTRY *ent) +-{ +- OPENSSL_free(ent->dir); +- sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); +- OPENSSL_free(ent); +-} +- +-static void free_dir(X509_LOOKUP *lu) +-{ +- BY_DIR *a; +- +- a = (BY_DIR *)lu->method_data; +- sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); +- BUF_MEM_free(a->buffer); +- CRYPTO_THREAD_lock_free(a->lock); +- OPENSSL_free(a); +-} +- +-static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) +-{ +- const char *s, *p; +- +- if (dir == NULL || !*dir) { +- X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY); +- return 0; +- } +- +- s = dir; +- p = s; +- do { +- if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) { +- BY_DIR_ENTRY *ent; +- int j; +- size_t len; +- const char *ss = s; +- s = p + 1; +- len = p - ss; +- if (len == 0) +- continue; +- for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) { +- ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j); +- if (strlen(ent->dir) == len && +- strncmp(ent->dir, ss, len) == 0) +- break; +- } +- if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) +- continue; +- if (ctx->dirs == NULL) { +- ctx->dirs = sk_BY_DIR_ENTRY_new_null(); +- if (!ctx->dirs) { +- X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- } +- ent = OPENSSL_malloc(sizeof(*ent)); +- if (ent == NULL) +- return 0; +- ent->dir_type = type; +- ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); +- ent->dir = OPENSSL_strndup(ss, len); +- if (ent->dir == NULL || ent->hashes == NULL) { +- by_dir_entry_free(ent); +- return 0; +- } +- if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) { +- by_dir_entry_free(ent); +- return 0; +- } +- } +- } while (*p++ != '\0'); +- return 1; +-} +- +-static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, +- X509_NAME *name, X509_OBJECT *ret) +-{ +- BY_DIR *ctx; +- union { +- X509 st_x509; +- X509_CRL crl; +- } data; +- int ok = 0; +- int i, j, k; +- unsigned long h; +- BUF_MEM *b = NULL; +- X509_OBJECT stmp, *tmp; +- const char *postfix = ""; +- +- if (name == NULL) +- return (0); +- +- stmp.type = type; +- if (type == X509_LU_X509) { +- data.st_x509.cert_info.subject = name; +- stmp.data.x509 = &data.st_x509; +- postfix = ""; +- } else if (type == X509_LU_CRL) { +- data.crl.crl.issuer = name; +- stmp.data.crl = &data.crl; +- postfix = "r"; +- } else { +- X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE); +- goto finish; +- } +- +- if ((b = BUF_MEM_new()) == NULL) { +- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB); +- goto finish; +- } +- +- ctx = (BY_DIR *)xl->method_data; +- +- h = X509_NAME_hash(name); +- for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { +- BY_DIR_ENTRY *ent; +- int idx; +- BY_DIR_HASH htmp, *hent; +- ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); +- j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; +- if (!BUF_MEM_grow(b, j)) { +- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); +- goto finish; +- } +- if (type == X509_LU_CRL && ent->hashes) { +- htmp.hash = h; +- CRYPTO_THREAD_read_lock(ctx->lock); +- idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); +- if (idx >= 0) { +- hent = sk_BY_DIR_HASH_value(ent->hashes, idx); +- k = hent->suffix; +- } else { +- hent = NULL; +- k = 0; +- } +- CRYPTO_THREAD_unlock(ctx->lock); +- } else { +- k = 0; +- hent = NULL; +- } +- for (;;) { +- char c = '/'; +-#ifdef OPENSSL_SYS_VMS +- c = ent->dir[strlen(ent->dir) - 1]; +- if (c != ':' && c != '>' && c != ']') { +- /* +- * If no separator is present, we assume the directory +- * specifier is a logical name, and add a colon. We really +- * should use better VMS routines for merging things like +- * this, but this will do for now... -- Richard Levitte +- */ +- c = ':'; +- } else { +- c = '\0'; +- } +-#endif +- if (c == '\0') { +- /* +- * This is special. When c == '\0', no directory separator +- * should be added. +- */ +- BIO_snprintf(b->data, b->max, +- "%s%08lx.%s%d", ent->dir, h, postfix, k); +- } else { +- BIO_snprintf(b->data, b->max, +- "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k); +- } +-#ifndef OPENSSL_NO_POSIX_IO +-# ifdef _WIN32 +-# define stat _stat +-# endif +- { +- struct stat st; +- if (stat(b->data, &st) < 0) +- break; +- } +-#endif +- /* found one. */ +- if (type == X509_LU_X509) { +- if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0) +- break; +- } else if (type == X509_LU_CRL) { +- if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0) +- break; +- } +- /* else case will caught higher up */ +- k++; +- } +- +- /* +- * we have added it to the cache so now pull it out again +- */ +- CRYPTO_THREAD_write_lock(ctx->lock); +- j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); +- if (j != -1) +- tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); +- else +- tmp = NULL; +- CRYPTO_THREAD_unlock(ctx->lock); +- +- /* If a CRL, update the last file suffix added for this */ +- +- if (type == X509_LU_CRL) { +- CRYPTO_THREAD_write_lock(ctx->lock); +- /* +- * Look for entry again in case another thread added an entry +- * first. +- */ +- if (!hent) { +- htmp.hash = h; +- idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); +- if (idx >= 0) +- hent = sk_BY_DIR_HASH_value(ent->hashes, idx); +- } +- if (!hent) { +- hent = OPENSSL_malloc(sizeof(*hent)); +- if (hent == NULL) { +- CRYPTO_THREAD_unlock(ctx->lock); +- X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); +- ok = 0; +- goto finish; +- } +- hent->hash = h; +- hent->suffix = k; +- if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { +- CRYPTO_THREAD_unlock(ctx->lock); +- OPENSSL_free(hent); +- ok = 0; +- goto finish; +- } +- } else if (hent->suffix < k) { +- hent->suffix = k; +- } +- +- CRYPTO_THREAD_unlock(ctx->lock); +- +- } +- +- if (tmp != NULL) { +- ok = 1; +- ret->type = tmp->type; +- memcpy(&ret->data, &tmp->data, sizeof(ret->data)); +- /* +- * If we were going to up the reference count, we would need to +- * do it on a perl 'type' basis +- */ +- /*- CRYPTO_add(&tmp->data.x509->references,1, +- CRYPTO_LOCK_X509);*/ +- goto finish; +- } +- } +- finish: +- BUF_MEM_free(b); +- return (ok); +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c +deleted file mode 100644 +index 4376bed..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/by_file.c ++++ /dev/null +@@ -1,221 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +- +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include "x509_lcl.h" +- +-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, +- long argl, char **ret); +-static X509_LOOKUP_METHOD x509_file_lookup = { +- "Load file into cache", +- NULL, /* new */ +- NULL, /* free */ +- NULL, /* init */ +- NULL, /* shutdown */ +- by_file_ctrl, /* ctrl */ +- NULL, /* get_by_subject */ +- NULL, /* get_by_issuer_serial */ +- NULL, /* get_by_fingerprint */ +- NULL, /* get_by_alias */ +-}; +- +-X509_LOOKUP_METHOD *X509_LOOKUP_file(void) +-{ +- return (&x509_file_lookup); +-} +- +-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, +- long argl, char **ret) +-{ +- int ok = 0; +- char *file; +- +- switch (cmd) { +- case X509_L_FILE_LOAD: +- if (argl == X509_FILETYPE_DEFAULT) { +- file = (char *)getenv(X509_get_default_cert_file_env()); +- if (file) +- ok = (X509_load_cert_crl_file(ctx, file, +- X509_FILETYPE_PEM) != 0); +- +- else +- ok = (X509_load_cert_crl_file +- (ctx, X509_get_default_cert_file(), +- X509_FILETYPE_PEM) != 0); +- +- if (!ok) { +- X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS); +- } +- } else { +- if (argl == X509_FILETYPE_PEM) +- ok = (X509_load_cert_crl_file(ctx, argp, +- X509_FILETYPE_PEM) != 0); +- else +- ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0); +- } +- break; +- } +- return (ok); +-} +- +-int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) +-{ +- int ret = 0; +- BIO *in = NULL; +- int i, count = 0; +- X509 *x = NULL; +- +- if (file == NULL) +- return (1); +- in = BIO_new(BIO_s_file()); +- +- if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { +- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB); +- goto err; +- } +- +- if (type == X509_FILETYPE_PEM) { +- for (;;) { +- x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); +- if (x == NULL) { +- if ((ERR_GET_REASON(ERR_peek_last_error()) == +- PEM_R_NO_START_LINE) && (count > 0)) { +- ERR_clear_error(); +- break; +- } else { +- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB); +- goto err; +- } +- } +- i = X509_STORE_add_cert(ctx->store_ctx, x); +- if (!i) +- goto err; +- count++; +- X509_free(x); +- x = NULL; +- } +- ret = count; +- } else if (type == X509_FILETYPE_ASN1) { +- x = d2i_X509_bio(in, NULL); +- if (x == NULL) { +- X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB); +- goto err; +- } +- i = X509_STORE_add_cert(ctx->store_ctx, x); +- if (!i) +- goto err; +- ret = i; +- } else { +- X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE); +- goto err; +- } +- err: +- X509_free(x); +- BIO_free(in); +- return (ret); +-} +- +-int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) +-{ +- int ret = 0; +- BIO *in = NULL; +- int i, count = 0; +- X509_CRL *x = NULL; +- +- if (file == NULL) +- return (1); +- in = BIO_new(BIO_s_file()); +- +- if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { +- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB); +- goto err; +- } +- +- if (type == X509_FILETYPE_PEM) { +- for (;;) { +- x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); +- if (x == NULL) { +- if ((ERR_GET_REASON(ERR_peek_last_error()) == +- PEM_R_NO_START_LINE) && (count > 0)) { +- ERR_clear_error(); +- break; +- } else { +- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB); +- goto err; +- } +- } +- i = X509_STORE_add_crl(ctx->store_ctx, x); +- if (!i) +- goto err; +- count++; +- X509_CRL_free(x); +- x = NULL; +- } +- ret = count; +- } else if (type == X509_FILETYPE_ASN1) { +- x = d2i_X509_CRL_bio(in, NULL); +- if (x == NULL) { +- X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB); +- goto err; +- } +- i = X509_STORE_add_crl(ctx->store_ctx, x); +- if (!i) +- goto err; +- ret = i; +- } else { +- X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE); +- goto err; +- } +- err: +- X509_CRL_free(x); +- BIO_free(in); +- return (ret); +-} +- +-int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) +-{ +- STACK_OF(X509_INFO) *inf; +- X509_INFO *itmp; +- BIO *in; +- int i, count = 0; +- if (type != X509_FILETYPE_PEM) +- return X509_load_cert_file(ctx, file, type); +- in = BIO_new_file(file, "r"); +- if (!in) { +- X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB); +- return 0; +- } +- inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); +- BIO_free(in); +- if (!inf) { +- X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB); +- return 0; +- } +- for (i = 0; i < sk_X509_INFO_num(inf); i++) { +- itmp = sk_X509_INFO_value(inf, i); +- if (itmp->x509) { +- X509_STORE_add_cert(ctx->store_ctx, itmp->x509); +- count++; +- } +- if (itmp->crl) { +- X509_STORE_add_crl(ctx->store_ctx, itmp->crl); +- count++; +- } +- } +- sk_X509_INFO_pop_free(inf, X509_INFO_free); +- return count; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/t_crl.c b/Cryptlib/OpenSSL/crypto/x509/t_crl.c +deleted file mode 100644 +index f3ca6db..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/t_crl.c ++++ /dev/null +@@ -1,89 +0,0 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_NO_STDIO +-int X509_CRL_print_fp(FILE *fp, X509_CRL *x) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = X509_CRL_print(b, x); +- BIO_free(b); +- return (ret); +-} +-#endif +- +-int X509_CRL_print(BIO *out, X509_CRL *x) +-{ +- STACK_OF(X509_REVOKED) *rev; +- X509_REVOKED *r; +- const X509_ALGOR *sig_alg; +- const ASN1_BIT_STRING *sig; +- long l; +- int i; +- char *p; +- +- BIO_printf(out, "Certificate Revocation List (CRL):\n"); +- l = X509_CRL_get_version(x); +- if (l >= 0 && l <= 1) +- BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l); +- else +- BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l); +- X509_CRL_get0_signature(x, &sig, &sig_alg); +- X509_signature_print(out, sig_alg, NULL); +- p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); +- BIO_printf(out, "%8sIssuer: %s\n", "", p); +- OPENSSL_free(p); +- BIO_printf(out, "%8sLast Update: ", ""); +- ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)); +- BIO_printf(out, "\n%8sNext Update: ", ""); +- if (X509_CRL_get0_nextUpdate(x)) +- ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x)); +- else +- BIO_printf(out, "NONE"); +- BIO_printf(out, "\n"); +- +- X509V3_extensions_print(out, "CRL extensions", +- X509_CRL_get0_extensions(x), 0, 8); +- +- rev = X509_CRL_get_REVOKED(x); +- +- if (sk_X509_REVOKED_num(rev) > 0) +- BIO_printf(out, "Revoked Certificates:\n"); +- else +- BIO_printf(out, "No Revoked Certificates.\n"); +- +- for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { +- r = sk_X509_REVOKED_value(rev, i); +- BIO_printf(out, " Serial Number: "); +- i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r)); +- BIO_printf(out, "\n Revocation Date: "); +- ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r)); +- BIO_printf(out, "\n"); +- X509V3_extensions_print(out, "CRL entry extensions", +- X509_REVOKED_get0_extensions(r), 0, 8); +- } +- X509_signature_print(out, sig_alg, sig); +- +- return 1; +- +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/t_req.c b/Cryptlib/OpenSSL/crypto/x509/t_req.c +deleted file mode 100644 +index 77ce810..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/t_req.c ++++ /dev/null +@@ -1,198 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#ifndef OPENSSL_NO_STDIO +-int X509_REQ_print_fp(FILE *fp, X509_REQ *x) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = X509_REQ_print(b, x); +- BIO_free(b); +- return (ret); +-} +-#endif +- +-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, +- unsigned long cflag) +-{ +- long l; +- int i; +- EVP_PKEY *pkey; +- STACK_OF(X509_EXTENSION) *exts; +- char mlch = ' '; +- int nmindent = 0; +- +- if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { +- mlch = '\n'; +- nmindent = 12; +- } +- +- if (nmflags == X509_FLAG_COMPAT) +- nmindent = 16; +- +- if (!(cflag & X509_FLAG_NO_HEADER)) { +- if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) +- goto err; +- if (BIO_write(bp, " Data:\n", 10) <= 0) +- goto err; +- } +- if (!(cflag & X509_FLAG_NO_VERSION)) { +- l = X509_REQ_get_version(x); +- if (l >= 0 && l <= 2) { +- if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0) +- goto err; +- } else { +- if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0) +- goto err; +- } +- } +- if (!(cflag & X509_FLAG_NO_SUBJECT)) { +- if (BIO_printf(bp, " Subject:%c", mlch) <= 0) +- goto err; +- if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x), +- nmindent, nmflags) < 0) +- goto err; +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- if (!(cflag & X509_FLAG_NO_PUBKEY)) { +- X509_PUBKEY *xpkey; +- ASN1_OBJECT *koid; +- if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) +- goto err; +- if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) +- goto err; +- xpkey = X509_REQ_get_X509_PUBKEY(x); +- X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey); +- if (i2a_ASN1_OBJECT(bp, koid) <= 0) +- goto err; +- if (BIO_puts(bp, "\n") <= 0) +- goto err; +- +- pkey = X509_REQ_get0_pubkey(x); +- if (pkey == NULL) { +- BIO_printf(bp, "%12sUnable to load Public Key\n", ""); +- ERR_print_errors(bp); +- } else { +- EVP_PKEY_print_public(bp, pkey, 16, NULL); +- } +- } +- +- if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { +- /* may not be */ +- if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) +- goto err; +- +- if (X509_REQ_get_attr_count(x) == 0) { +- if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) +- goto err; +- } else { +- for (i = 0; i < X509_REQ_get_attr_count(x); i++) { +- ASN1_TYPE *at; +- X509_ATTRIBUTE *a; +- ASN1_BIT_STRING *bs = NULL; +- ASN1_OBJECT *aobj; +- int j, type = 0, count = 1, ii = 0; +- +- a = X509_REQ_get_attr(x, i); +- aobj = X509_ATTRIBUTE_get0_object(a); +- if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) +- continue; +- if (BIO_printf(bp, "%12s", "") <= 0) +- goto err; +- if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { +- ii = 0; +- count = X509_ATTRIBUTE_count(a); +- get_next: +- at = X509_ATTRIBUTE_get0_type(a, ii); +- type = at->type; +- bs = at->value.asn1_string; +- } +- for (j = 25 - j; j > 0; j--) +- if (BIO_write(bp, " ", 1) != 1) +- goto err; +- if (BIO_puts(bp, ":") <= 0) +- goto err; +- if ((type == V_ASN1_PRINTABLESTRING) || +- (type == V_ASN1_T61STRING) || +- (type == V_ASN1_UTF8STRING) || +- (type == V_ASN1_IA5STRING)) { +- if (BIO_write(bp, (char *)bs->data, bs->length) +- != bs->length) +- goto err; +- BIO_puts(bp, "\n"); +- } else { +- BIO_puts(bp, "unable to print attribute\n"); +- } +- if (++ii < count) +- goto get_next; +- } +- } +- } +- if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { +- exts = X509_REQ_get_extensions(x); +- if (exts) { +- BIO_printf(bp, "%8sRequested Extensions:\n", ""); +- for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { +- ASN1_OBJECT *obj; +- X509_EXTENSION *ex; +- int critical; +- ex = sk_X509_EXTENSION_value(exts, i); +- if (BIO_printf(bp, "%12s", "") <= 0) +- goto err; +- obj = X509_EXTENSION_get_object(ex); +- i2a_ASN1_OBJECT(bp, obj); +- critical = X509_EXTENSION_get_critical(ex); +- if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0) +- goto err; +- if (!X509V3_EXT_print(bp, ex, cflag, 16)) { +- BIO_printf(bp, "%16s", ""); +- ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); +- } +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); +- } +- } +- +- if (!(cflag & X509_FLAG_NO_SIGDUMP)) { +- const X509_ALGOR *sig_alg; +- const ASN1_BIT_STRING *sig; +- X509_REQ_get0_signature(x, &sig, &sig_alg); +- if (!X509_signature_print(bp, sig_alg, sig)) +- goto err; +- } +- +- return (1); +- err: +- X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB); +- return (0); +-} +- +-int X509_REQ_print(BIO *bp, X509_REQ *x) +-{ +- return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/t_x509.c b/Cryptlib/OpenSSL/crypto/x509/t_x509.c +deleted file mode 100644 +index eb65d88..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/t_x509.c ++++ /dev/null +@@ -1,376 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include +-#include "internal/asn1_int.h" +- +-#ifndef OPENSSL_NO_STDIO +-int X509_print_fp(FILE *fp, X509 *x) +-{ +- return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +-} +- +-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, +- unsigned long cflag) +-{ +- BIO *b; +- int ret; +- +- if ((b = BIO_new(BIO_s_file())) == NULL) { +- X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB); +- return (0); +- } +- BIO_set_fp(b, fp, BIO_NOCLOSE); +- ret = X509_print_ex(b, x, nmflag, cflag); +- BIO_free(b); +- return (ret); +-} +-#endif +- +-int X509_print(BIO *bp, X509 *x) +-{ +- return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +-} +- +-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, +- unsigned long cflag) +-{ +- long l; +- int ret = 0, i; +- char *m = NULL, mlch = ' '; +- int nmindent = 0; +- ASN1_INTEGER *bs; +- EVP_PKEY *pkey = NULL; +- const char *neg; +- +- if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { +- mlch = '\n'; +- nmindent = 12; +- } +- +- if (nmflags == X509_FLAG_COMPAT) +- nmindent = 16; +- +- if (!(cflag & X509_FLAG_NO_HEADER)) { +- if (BIO_write(bp, "Certificate:\n", 13) <= 0) +- goto err; +- if (BIO_write(bp, " Data:\n", 10) <= 0) +- goto err; +- } +- if (!(cflag & X509_FLAG_NO_VERSION)) { +- l = X509_get_version(x); +- if (l >= 0 && l <= 2) { +- if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0) +- goto err; +- } else { +- if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0) +- goto err; +- } +- } +- if (!(cflag & X509_FLAG_NO_SERIAL)) { +- +- if (BIO_write(bp, " Serial Number:", 22) <= 0) +- goto err; +- +- bs = X509_get_serialNumber(x); +- if (bs->length <= (int)sizeof(long)) { +- ERR_set_mark(); +- l = ASN1_INTEGER_get(bs); +- ERR_pop_to_mark(); +- } else { +- l = -1; +- } +- if (l != -1) { +- unsigned long ul; +- if (bs->type == V_ASN1_NEG_INTEGER) { +- ul = 0 - (unsigned long)l; +- neg = "-"; +- } else { +- ul = l; +- neg = ""; +- } +- if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0) +- goto err; +- } else { +- neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : ""; +- if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) +- goto err; +- +- for (i = 0; i < bs->length; i++) { +- if (BIO_printf(bp, "%02x%c", bs->data[i], +- ((i + 1 == bs->length) ? '\n' : ':')) <= 0) +- goto err; +- } +- } +- +- } +- +- if (!(cflag & X509_FLAG_NO_SIGNAME)) { +- const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x); +- if (X509_signature_print(bp, tsig_alg, NULL) <= 0) +- goto err; +- } +- +- if (!(cflag & X509_FLAG_NO_ISSUER)) { +- if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) +- goto err; +- if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags) +- < 0) +- goto err; +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- if (!(cflag & X509_FLAG_NO_VALIDITY)) { +- if (BIO_write(bp, " Validity\n", 17) <= 0) +- goto err; +- if (BIO_write(bp, " Not Before: ", 24) <= 0) +- goto err; +- if (!ASN1_TIME_print(bp, X509_get0_notBefore(x))) +- goto err; +- if (BIO_write(bp, "\n Not After : ", 25) <= 0) +- goto err; +- if (!ASN1_TIME_print(bp, X509_get0_notAfter(x))) +- goto err; +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- if (!(cflag & X509_FLAG_NO_SUBJECT)) { +- if (BIO_printf(bp, " Subject:%c", mlch) <= 0) +- goto err; +- if (X509_NAME_print_ex +- (bp, X509_get_subject_name(x), nmindent, nmflags) < 0) +- goto err; +- if (BIO_write(bp, "\n", 1) <= 0) +- goto err; +- } +- if (!(cflag & X509_FLAG_NO_PUBKEY)) { +- X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x); +- ASN1_OBJECT *xpoid; +- X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey); +- if (BIO_write(bp, " Subject Public Key Info:\n", 33) <= 0) +- goto err; +- if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) +- goto err; +- if (i2a_ASN1_OBJECT(bp, xpoid) <= 0) +- goto err; +- if (BIO_puts(bp, "\n") <= 0) +- goto err; +- +- pkey = X509_get0_pubkey(x); +- if (pkey == NULL) { +- BIO_printf(bp, "%12sUnable to load Public Key\n", ""); +- ERR_print_errors(bp); +- } else { +- EVP_PKEY_print_public(bp, pkey, 16, NULL); +- } +- } +- +- if (!(cflag & X509_FLAG_NO_IDS)) { +- const ASN1_BIT_STRING *iuid, *suid; +- X509_get0_uids(x, &iuid, &suid); +- if (iuid != NULL) { +- if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0) +- goto err; +- if (!X509_signature_dump(bp, iuid, 12)) +- goto err; +- } +- if (suid != NULL) { +- if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0) +- goto err; +- if (!X509_signature_dump(bp, suid, 12)) +- goto err; +- } +- } +- +- if (!(cflag & X509_FLAG_NO_EXTENSIONS)) +- X509V3_extensions_print(bp, "X509v3 extensions", +- X509_get0_extensions(x), cflag, 8); +- +- if (!(cflag & X509_FLAG_NO_SIGDUMP)) { +- const X509_ALGOR *sig_alg; +- const ASN1_BIT_STRING *sig; +- X509_get0_signature(&sig, &sig_alg, x); +- if (X509_signature_print(bp, sig_alg, sig) <= 0) +- goto err; +- } +- if (!(cflag & X509_FLAG_NO_AUX)) { +- if (!X509_aux_print(bp, x, 0)) +- goto err; +- } +- ret = 1; +- err: +- OPENSSL_free(m); +- return (ret); +-} +- +-int X509_ocspid_print(BIO *bp, X509 *x) +-{ +- unsigned char *der = NULL; +- unsigned char *dertmp; +- int derlen; +- int i; +- unsigned char SHA1md[SHA_DIGEST_LENGTH]; +- ASN1_BIT_STRING *keybstr; +- X509_NAME *subj; +- +- /* +- * display the hash of the subject as it would appear in OCSP requests +- */ +- if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) +- goto err; +- subj = X509_get_subject_name(x); +- derlen = i2d_X509_NAME(subj, NULL); +- if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL) +- goto err; +- i2d_X509_NAME(subj, &dertmp); +- +- if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) +- goto err; +- for (i = 0; i < SHA_DIGEST_LENGTH; i++) { +- if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) +- goto err; +- } +- OPENSSL_free(der); +- der = NULL; +- +- /* +- * display the hash of the public key as it would appear in OCSP requests +- */ +- if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) +- goto err; +- +- keybstr = X509_get0_pubkey_bitstr(x); +- +- if (keybstr == NULL) +- goto err; +- +- if (!EVP_Digest(ASN1_STRING_get0_data(keybstr), +- ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(), +- NULL)) +- goto err; +- for (i = 0; i < SHA_DIGEST_LENGTH; i++) { +- if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) +- goto err; +- } +- BIO_printf(bp, "\n"); +- +- return (1); +- err: +- OPENSSL_free(der); +- return (0); +-} +- +-int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) +-{ +- const unsigned char *s; +- int i, n; +- +- n = sig->length; +- s = sig->data; +- for (i = 0; i < n; i++) { +- if ((i % 18) == 0) { +- if (BIO_write(bp, "\n", 1) <= 0) +- return 0; +- if (BIO_indent(bp, indent, indent) <= 0) +- return 0; +- } +- if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0) +- return 0; +- } +- if (BIO_write(bp, "\n", 1) != 1) +- return 0; +- +- return 1; +-} +- +-int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, +- const ASN1_STRING *sig) +-{ +- int sig_nid; +- if (BIO_puts(bp, " Signature Algorithm: ") <= 0) +- return 0; +- if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) +- return 0; +- +- sig_nid = OBJ_obj2nid(sigalg->algorithm); +- if (sig_nid != NID_undef) { +- int pkey_nid, dig_nid; +- const EVP_PKEY_ASN1_METHOD *ameth; +- if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { +- ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); +- if (ameth && ameth->sig_print) +- return ameth->sig_print(bp, sigalg, sig, 9, 0); +- } +- } +- if (sig) +- return X509_signature_dump(bp, sig, 9); +- else if (BIO_puts(bp, "\n") <= 0) +- return 0; +- return 1; +-} +- +-int X509_aux_print(BIO *out, X509 *x, int indent) +-{ +- char oidstr[80], first; +- STACK_OF(ASN1_OBJECT) *trust, *reject; +- const unsigned char *alias, *keyid; +- int keyidlen; +- int i; +- if (X509_trusted(x) == 0) +- return 1; +- trust = X509_get0_trust_objects(x); +- reject = X509_get0_reject_objects(x); +- if (trust) { +- first = 1; +- BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, ""); +- for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) { +- if (!first) +- BIO_puts(out, ", "); +- else +- first = 0; +- OBJ_obj2txt(oidstr, sizeof oidstr, +- sk_ASN1_OBJECT_value(trust, i), 0); +- BIO_puts(out, oidstr); +- } +- BIO_puts(out, "\n"); +- } else +- BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); +- if (reject) { +- first = 1; +- BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, ""); +- for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) { +- if (!first) +- BIO_puts(out, ", "); +- else +- first = 0; +- OBJ_obj2txt(oidstr, sizeof oidstr, +- sk_ASN1_OBJECT_value(reject, i), 0); +- BIO_puts(out, oidstr); +- } +- BIO_puts(out, "\n"); +- } else +- BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); +- alias = X509_alias_get0(x, NULL); +- if (alias) +- BIO_printf(out, "%*sAlias: %s\n", indent, "", alias); +- keyid = X509_keyid_get0(x, &keyidlen); +- if (keyid) { +- BIO_printf(out, "%*sKey Id: ", indent, ""); +- for (i = 0; i < keyidlen; i++) +- BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]); +- BIO_write(out, "\n", 1); +- } +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/vpm_int.h b/Cryptlib/OpenSSL/crypto/x509/vpm_int.h +new file mode 100644 +index 0000000..9c55def +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/x509/vpm_int.h +@@ -0,0 +1,70 @@ ++/* vpm_int.h */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2013. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2013 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* internal only structure to hold additional X509_VERIFY_PARAM data */ ++ ++struct X509_VERIFY_PARAM_ID_st { ++ STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ ++ unsigned int hostflags; /* Flags to control matching features */ ++ char *peername; /* Matching hostname in peer certificate */ ++ char *email; /* If not NULL email address to match */ ++ size_t emaillen; ++ unsigned char *ip; /* If not NULL IP address to match */ ++ size_t iplen; /* Length of IP address */ ++}; +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c +index 15f0e4f..2501075 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_att.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_att.c +@@ -1,21 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_att.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include "x509_lcl.h" + + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) + { +@@ -25,15 +73,16 @@ int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) + int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos) + { +- const ASN1_OBJECT *obj = OBJ_nid2obj(nid); ++ ASN1_OBJECT *obj; + ++ obj = OBJ_nid2obj(nid); + if (obj == NULL) + return (-2); + return (X509at_get_attr_by_OBJ(x, obj, lastpos)); + } + + int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, +- const ASN1_OBJECT *obj, int lastpos) ++ ASN1_OBJECT *obj, int lastpos) + { + int n; + X509_ATTRIBUTE *ex; +@@ -97,8 +146,10 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + err: + X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE); + err2: +- X509_ATTRIBUTE_free(new_attr); +- sk_X509_ATTRIBUTE_free(sk); ++ if (new_attr != NULL) ++ X509_ATTRIBUTE_free(new_attr); ++ if (sk != NULL) ++ sk_X509_ATTRIBUTE_free(sk); + return (NULL); + } + +@@ -150,7 +201,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + } + + void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, +- const ASN1_OBJECT *obj, int lastpos, int type) ++ ASN1_OBJECT *obj, int lastpos, int type) + { + int i; + X509_ATTRIBUTE *at; +@@ -239,7 +290,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) + return (0); + ASN1_OBJECT_free(attr->object); + attr->object = OBJ_dup(obj); +- return attr->object != NULL; ++ return (1); + } + + int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, +@@ -259,12 +310,15 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + } + atype = stmp->type; + } else if (len != -1) { +- if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL) ++ if (!(stmp = ASN1_STRING_type_new(attrtype))) + goto err; + if (!ASN1_STRING_set(stmp, data, len)) + goto err; + atype = attrtype; + } ++ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) ++ goto err; ++ attr->single = 0; + /* + * This is a bit naughty because the attribute should really have at + * least one value but some types use and zero length SET and require +@@ -274,7 +328,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + ASN1_STRING_free(stmp); + return 1; + } +- if ((ttmp = ASN1_TYPE_new()) == NULL) ++ if (!(ttmp = ASN1_TYPE_new())) + goto err; + if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { + if (!ASN1_TYPE_set1(ttmp, attrtype, data)) +@@ -283,7 +337,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + ASN1_TYPE_set(ttmp, atype, stmp); + stmp = NULL; + } +- if (!sk_ASN1_TYPE_push(attr->set, ttmp)) ++ if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) + goto err; + return 1; + err: +@@ -293,11 +347,13 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + return 0; + } + +-int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr) ++int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) + { +- if (attr == NULL) +- return 0; +- return sk_ASN1_TYPE_num(attr->set); ++ if (!attr->single) ++ return sk_ASN1_TYPE_num(attr->value.set); ++ if (attr->value.single) ++ return 1; ++ return 0; + } + + ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) +@@ -324,6 +380,11 @@ void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, + ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) + { + if (attr == NULL) ++ return (NULL); ++ if (idx >= X509_ATTRIBUTE_count(attr)) + return NULL; +- return sk_ASN1_TYPE_value(attr->set, idx); ++ if (!attr->single) ++ return sk_ASN1_TYPE_value(attr->value.set, idx); ++ else ++ return attr->value.single; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +index 0105635..49c71b9 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c +@@ -1,29 +1,77 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_cmp.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + + int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) + { + int i; +- const X509_CINF *ai, *bi; ++ X509_CINF *ai, *bi; + +- ai = &a->cert_info; +- bi = &b->cert_info; +- i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber); ++ ai = a->cert_info; ++ bi = b->cert_info; ++ i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); + if (i) + return (i); + return (X509_NAME_cmp(ai->issuer, bi->issuer)); +@@ -33,97 +81,94 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) + unsigned long X509_issuer_and_serial_hash(X509 *a) + { + unsigned long ret = 0; +- EVP_MD_CTX *ctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX ctx; + unsigned char md[16]; + char *f; + +- if (ctx == NULL) ++ EVP_MD_CTX_init(&ctx); ++ f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); ++ if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) + goto err; +- f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0); +- if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL)) +- goto err; +- if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) ++ if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) + goto err; + OPENSSL_free(f); + if (!EVP_DigestUpdate +- (ctx, (unsigned char *)a->cert_info.serialNumber.data, +- (unsigned long)a->cert_info.serialNumber.length)) ++ (&ctx, (unsigned char *)a->cert_info->serialNumber->data, ++ (unsigned long)a->cert_info->serialNumber->length)) + goto err; +- if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL)) ++ if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) + goto err; + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) + ) & 0xffffffffL; + err: +- EVP_MD_CTX_free(ctx); ++ EVP_MD_CTX_cleanup(&ctx); + return (ret); + } + #endif + + int X509_issuer_name_cmp(const X509 *a, const X509 *b) + { +- return (X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer)); ++ return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer)); + } + + int X509_subject_name_cmp(const X509 *a, const X509 *b) + { +- return (X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject)); ++ return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject)); + } + + int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) + { +- return (X509_NAME_cmp(a->crl.issuer, b->crl.issuer)); ++ return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); + } + ++#ifndef OPENSSL_NO_SHA + int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) + { + return memcmp(a->sha1_hash, b->sha1_hash, 20); + } ++#endif + +-X509_NAME *X509_get_issuer_name(const X509 *a) ++X509_NAME *X509_get_issuer_name(X509 *a) + { +- return (a->cert_info.issuer); ++ return (a->cert_info->issuer); + } + + unsigned long X509_issuer_name_hash(X509 *x) + { +- return (X509_NAME_hash(x->cert_info.issuer)); ++ return (X509_NAME_hash(x->cert_info->issuer)); + } + + #ifndef OPENSSL_NO_MD5 + unsigned long X509_issuer_name_hash_old(X509 *x) + { +- return (X509_NAME_hash_old(x->cert_info.issuer)); ++ return (X509_NAME_hash_old(x->cert_info->issuer)); + } + #endif + +-X509_NAME *X509_get_subject_name(const X509 *a) ++X509_NAME *X509_get_subject_name(X509 *a) + { +- return (a->cert_info.subject); ++ return (a->cert_info->subject); + } + + ASN1_INTEGER *X509_get_serialNumber(X509 *a) + { +- return &a->cert_info.serialNumber; +-} +- +-const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a) +-{ +- return &a->cert_info.serialNumber; ++ return (a->cert_info->serialNumber); + } + + unsigned long X509_subject_name_hash(X509 *x) + { +- return (X509_NAME_hash(x->cert_info.subject)); ++ return (X509_NAME_hash(x->cert_info->subject)); + } + + #ifndef OPENSSL_NO_MD5 + unsigned long X509_subject_name_hash_old(X509 *x) + { +- return (X509_NAME_hash_old(x->cert_info.subject)); ++ return (X509_NAME_hash_old(x->cert_info->subject)); + } + #endif + ++#ifndef OPENSSL_NO_SHA + /* + * Compare two certificates: they must be identical for this to work. NB: + * Although "cmp" operations are generally prototyped to take "const" +@@ -143,16 +188,16 @@ int X509_cmp(const X509 *a, const X509 *b) + if (rv) + return rv; + /* Check for match against stored encoding too */ +- if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) { +- if (a->cert_info.enc.len < b->cert_info.enc.len) +- return -1; +- if (a->cert_info.enc.len > b->cert_info.enc.len) +- return 1; +- return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc, +- a->cert_info.enc.len); ++ if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) { ++ rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len); ++ if (rv) ++ return rv; ++ return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc, ++ a->cert_info->enc.len); + } + return rv; + } ++#endif + + int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) + { +@@ -206,23 +251,21 @@ unsigned long X509_NAME_hash(X509_NAME *x) + + unsigned long X509_NAME_hash_old(X509_NAME *x) + { +- EVP_MD_CTX *md_ctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX md_ctx; + unsigned long ret = 0; + unsigned char md[16]; + +- if (md_ctx == NULL) +- return ret; +- + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x, NULL); +- EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); +- if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL) +- && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length) +- && EVP_DigestFinal_ex(md_ctx, md, NULL)) ++ EVP_MD_CTX_init(&md_ctx); ++ EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); ++ if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) ++ && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) ++ && EVP_DigestFinal_ex(&md_ctx, md, NULL)) + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) + ) & 0xffffffffL; +- EVP_MD_CTX_free(md_ctx); ++ EVP_MD_CTX_cleanup(&md_ctx); + + return (ret); + } +@@ -233,13 +276,15 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial) + { + int i; ++ X509_CINF cinf; + X509 x, *x509 = NULL; + + if (!sk) + return NULL; + +- x.cert_info.serialNumber = *serial; +- x.cert_info.issuer = name; ++ x.cert_info = &cinf; ++ cinf.serialNumber = serial; ++ cinf.issuer = name; + + for (i = 0; i < sk_X509_num(sk); i++) { + x509 = sk_X509_value(sk, i); +@@ -262,26 +307,26 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) + return (NULL); + } + +-EVP_PKEY *X509_get0_pubkey(const X509 *x) ++EVP_PKEY *X509_get_pubkey(X509 *x) + { +- if (x == NULL) +- return NULL; +- return X509_PUBKEY_get0(x->cert_info.key); ++ if ((x == NULL) || (x->cert_info == NULL)) ++ return (NULL); ++ return (X509_PUBKEY_get(x->cert_info->key)); + } + +-EVP_PKEY *X509_get_pubkey(X509 *x) ++ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) + { +- if (x == NULL) ++ if (!x) + return NULL; +- return X509_PUBKEY_get(x->cert_info.key); ++ return x->cert_info->key->public_key; + } + +-int X509_check_private_key(const X509 *x, const EVP_PKEY *k) ++int X509_check_private_key(X509 *x, EVP_PKEY *k) + { +- const EVP_PKEY *xk; ++ EVP_PKEY *xk; + int ret; + +- xk = X509_get0_pubkey(x); ++ xk = X509_get_pubkey(x); + + if (xk) + ret = EVP_PKEY_cmp(xk, k); +@@ -300,6 +345,8 @@ int X509_check_private_key(const X509 *x, const EVP_PKEY *k) + case -2: + X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE); + } ++ if (xk) ++ EVP_PKEY_free(xk); + if (ret > 0) + return 1; + return 0; +@@ -317,8 +364,8 @@ static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags) + { + const EC_GROUP *grp = NULL; + int curve_nid; +- if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC) +- grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)); ++ if (pkey && pkey->type == EVP_PKEY_EC) ++ grp = EC_KEY_get0_group(pkey->pkey.ec); + if (!grp) + return X509_V_ERR_SUITE_B_INVALID_ALGORITHM; + curve_nid = EC_GROUP_get_curve_name(grp); +@@ -348,12 +395,11 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, + unsigned long flags) + { + int rv, i, sign_nid; +- EVP_PKEY *pk; +- unsigned long tflags = flags; +- ++ EVP_PKEY *pk = NULL; ++ unsigned long tflags; + if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) + return X509_V_OK; +- ++ tflags = flags; + /* If no EE certificate passed in must be first in chain */ + if (x == NULL) { + x = sk_X509_value(chain, 0); +@@ -361,17 +407,6 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, + } else + i = 0; + +- pk = X509_get0_pubkey(x); +- +- /* +- * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build +- * a chain all, just report trust success or failure, but must also report +- * Suite-B errors if applicable. This is indicated via a NULL chain +- * pointer. All we need to do is check the leaf key algorithm. +- */ +- if (chain == NULL) +- return check_suite_b(pk, -1, &tflags); +- + if (X509_get_version(x) != 2) { + rv = X509_V_ERR_SUITE_B_INVALID_VERSION; + /* Correct error depth */ +@@ -379,6 +414,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, + goto end; + } + ++ pk = X509_get_pubkey(x); + /* Check EE key only */ + rv = check_suite_b(pk, -1, &tflags); + if (rv != X509_V_OK) { +@@ -393,7 +429,8 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, + rv = X509_V_ERR_SUITE_B_INVALID_VERSION; + goto end; + } +- pk = X509_get0_pubkey(x); ++ EVP_PKEY_free(pk); ++ pk = X509_get_pubkey(x); + rv = check_suite_b(pk, sign_nid, &tflags); + if (rv != X509_V_OK) + goto end; +@@ -402,6 +439,8 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, + /* Final check: root CA signature */ + rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags); + end: ++ if (pk) ++ EVP_PKEY_free(pk); + if (rv != X509_V_OK) { + /* Invalid signature or LOS errors are for previous cert */ + if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM +@@ -409,7 +448,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain, + i--; + /* + * If we have LOS error and flags changed then we are signing P-384 +- * with P-256. Use more meaningful error. ++ * with P-256. Use more meaninggul error. + */ + if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags) + rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256; +@@ -424,7 +463,7 @@ int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags) + int sign_nid; + if (!(flags & X509_V_FLAG_SUITEB_128_LOS)) + return X509_V_OK; +- sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm); ++ sign_nid = OBJ_obj2nid(crl->crl->sig_alg->algorithm); + return check_suite_b(pk, sign_nid, &flags); + } + +@@ -453,7 +492,7 @@ STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain) + ret = sk_X509_dup(chain); + for (i = 0; i < sk_X509_num(ret); i++) { + X509 *x = sk_X509_value(ret, i); +- X509_up_ref(x); ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + } + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c +index cb03dbf..50ca2a6 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c +@@ -1,17 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_d2.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + ++#ifndef OPENSSL_NO_STDIO + int X509_STORE_set_default_paths(X509_STORE *ctx) + { + X509_LOOKUP *lookup; +@@ -55,3 +105,5 @@ int X509_STORE_load_locations(X509_STORE *ctx, const char *file, + return (0); + return (1); + } ++ ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c +index d11358e..25c5537 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_def.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_def.c +@@ -1,14 +1,63 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_def.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +index 3f4b8ef..a2a8e1b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_err.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -19,14 +70,12 @@ + # define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) + + static ERR_STRING_DATA X509_str_functs[] = { +- {ERR_FUNC(X509_F_ADD_CERT_DIR), "add_cert_dir"}, +- {ERR_FUNC(X509_F_BUILD_CHAIN), "build_chain"}, +- {ERR_FUNC(X509_F_BY_FILE_CTRL), "by_file_ctrl"}, +- {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "check_name_constraints"}, +- {ERR_FUNC(X509_F_CHECK_POLICY), "check_policy"}, +- {ERR_FUNC(X509_F_DANE_I2D), "dane_i2d"}, +- {ERR_FUNC(X509_F_DIR_CTRL), "dir_ctrl"}, +- {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "get_cert_by_subject"}, ++ {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"}, ++ {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"}, ++ {ERR_FUNC(X509_F_CHECK_NAME_CONSTRAINTS), "CHECK_NAME_CONSTRAINTS"}, ++ {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"}, ++ {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"}, ++ {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"}, + {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"}, + {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"}, + {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"}, +@@ -60,10 +109,8 @@ static ERR_STRING_DATA X509_str_functs[] = { + "X509_NAME_ENTRY_set_object"}, + {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"}, + {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"}, +- {ERR_FUNC(X509_F_X509_OBJECT_NEW), "X509_OBJECT_new"}, + {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"}, +- {ERR_FUNC(X509_F_X509_PUBKEY_DECODE), "x509_pubkey_decode"}, +- {ERR_FUNC(X509_F_X509_PUBKEY_GET0), "X509_PUBKEY_get0"}, ++ {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"}, + {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"}, + {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY), + "X509_REQ_check_private_key"}, +@@ -87,7 +134,6 @@ static ERR_STRING_DATA X509_str_functs[] = { + + static ERR_STRING_DATA X509_str_reasons[] = { + {ERR_REASON(X509_R_AKID_MISMATCH), "akid mismatch"}, +- {ERR_REASON(X509_R_BAD_SELECTOR), "bad selector"}, + {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"}, + {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"}, + {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"}, +@@ -95,6 +141,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { + "cert already in hash table"}, + {ERR_REASON(X509_R_CRL_ALREADY_DELTA), "crl already delta"}, + {ERR_REASON(X509_R_CRL_VERIFY_FAILURE), "crl verify failure"}, ++ {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"}, + {ERR_REASON(X509_R_IDP_MISMATCH), "idp mismatch"}, + {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"}, + {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"}, +@@ -129,7 +176,7 @@ static ERR_STRING_DATA X509_str_reasons[] = { + + #endif + +-int ERR_load_X509_strings(void) ++void ERR_load_X509_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -138,5 +185,4 @@ int ERR_load_X509_strings(void) + ERR_load_strings(0, X509_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c +index 3bbb0a6..fb4e311 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c +@@ -1,139 +1,186 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_ext.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + #include + +-int X509_CRL_get_ext_count(const X509_CRL *x) ++int X509_CRL_get_ext_count(X509_CRL *x) + { +- return (X509v3_get_ext_count(x->crl.extensions)); ++ return (X509v3_get_ext_count(x->crl->extensions)); + } + +-int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos) ++int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) + { +- return (X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos)); ++ return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); + } + +-int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, +- int lastpos) ++int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) + { +- return (X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos)); ++ return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); + } + +-int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) ++int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) + { +- return (X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos)); ++ return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); + } + +-X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc) ++X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) + { +- return (X509v3_get_ext(x->crl.extensions, loc)); ++ return (X509v3_get_ext(x->crl->extensions, loc)); + } + + X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) + { +- return (X509v3_delete_ext(x->crl.extensions, loc)); ++ return (X509v3_delete_ext(x->crl->extensions, loc)); + } + +-void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) ++void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) + { +- return X509V3_get_d2i(x->crl.extensions, nid, crit, idx); ++ return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); + } + + int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags) + { +- return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags); ++ return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); + } + + int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) + { +- return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL); ++ return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); + } + +-int X509_get_ext_count(const X509 *x) ++int X509_get_ext_count(X509 *x) + { +- return (X509v3_get_ext_count(x->cert_info.extensions)); ++ return (X509v3_get_ext_count(x->cert_info->extensions)); + } + +-int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) ++int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) + { +- return (X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos)); ++ return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); + } + +-int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) ++int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) + { +- return (X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos)); ++ return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); + } + +-int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) ++int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) + { + return (X509v3_get_ext_by_critical +- (x->cert_info.extensions, crit, lastpos)); ++ (x->cert_info->extensions, crit, lastpos)); + } + +-X509_EXTENSION *X509_get_ext(const X509 *x, int loc) ++X509_EXTENSION *X509_get_ext(X509 *x, int loc) + { +- return (X509v3_get_ext(x->cert_info.extensions, loc)); ++ return (X509v3_get_ext(x->cert_info->extensions, loc)); + } + + X509_EXTENSION *X509_delete_ext(X509 *x, int loc) + { +- return (X509v3_delete_ext(x->cert_info.extensions, loc)); ++ return (X509v3_delete_ext(x->cert_info->extensions, loc)); + } + + int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) + { +- return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL); ++ return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); + } + +-void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) ++void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) + { +- return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx); ++ return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); + } + + int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags) + { +- return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit, ++ return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, + flags); + } + +-int X509_REVOKED_get_ext_count(const X509_REVOKED *x) ++int X509_REVOKED_get_ext_count(X509_REVOKED *x) + { + return (X509v3_get_ext_count(x->extensions)); + } + +-int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos) ++int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) + { + return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); + } + +-int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, ++int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, + int lastpos) + { + return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); + } + +-int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos) ++int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) + { + return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); + } + +-X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) ++X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) + { + return (X509v3_get_ext(x->extensions, loc)); + } +@@ -148,7 +195,7 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) + return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); + } + +-void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx) ++void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) + { + return X509V3_get_d2i(x->extensions, nid, crit, idx); + } +@@ -158,3 +205,7 @@ int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + { + return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); + } ++ ++IMPLEMENT_STACK_OF(X509_EXTENSION) ++ ++IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lcl.h b/Cryptlib/OpenSSL/crypto/x509/x509_lcl.h +deleted file mode 100644 +index 40bd102..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_lcl.h ++++ /dev/null +@@ -1,142 +0,0 @@ +-/* +- * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-/* +- * This structure holds all parameters associated with a verify operation by +- * including an X509_VERIFY_PARAM structure in related structures the +- * parameters used can be customized +- */ +- +-struct X509_VERIFY_PARAM_st { +- char *name; +- time_t check_time; /* Time to use */ +- uint32_t inh_flags; /* Inheritance flags */ +- unsigned long flags; /* Various verify flags */ +- int purpose; /* purpose to check untrusted certificates */ +- int trust; /* trust setting to check */ +- int depth; /* Verify depth */ +- int auth_level; /* Security level for chain verification */ +- STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ +- /* Peer identity details */ +- STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ +- unsigned int hostflags; /* Flags to control matching features */ +- char *peername; /* Matching hostname in peer certificate */ +- char *email; /* If not NULL email address to match */ +- size_t emaillen; +- unsigned char *ip; /* If not NULL IP address to match */ +- size_t iplen; /* Length of IP address */ +-}; +- +-/* No error callback if depth < 0 */ +-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth); +- +-/* a sequence of these are used */ +-struct x509_attributes_st { +- ASN1_OBJECT *object; +- STACK_OF(ASN1_TYPE) *set; +-}; +- +-struct X509_extension_st { +- ASN1_OBJECT *object; +- ASN1_BOOLEAN critical; +- ASN1_OCTET_STRING value; +-}; +- +-/* +- * Method to handle CRL access. In general a CRL could be very large (several +- * Mb) and can consume large amounts of resources if stored in memory by +- * multiple processes. This method allows general CRL operations to be +- * redirected to more efficient callbacks: for example a CRL entry database. +- */ +- +-#define X509_CRL_METHOD_DYNAMIC 1 +- +-struct x509_crl_method_st { +- int flags; +- int (*crl_init) (X509_CRL *crl); +- int (*crl_free) (X509_CRL *crl); +- int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret, +- ASN1_INTEGER *ser, X509_NAME *issuer); +- int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk); +-}; +- +-struct x509_lookup_method_st { +- const char *name; +- int (*new_item) (X509_LOOKUP *ctx); +- void (*free) (X509_LOOKUP *ctx); +- int (*init) (X509_LOOKUP *ctx); +- int (*shutdown) (X509_LOOKUP *ctx); +- int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl, +- char **ret); +- int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- X509_NAME *name, X509_OBJECT *ret); +- int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- X509_NAME *name, ASN1_INTEGER *serial, +- X509_OBJECT *ret); +- int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- const unsigned char *bytes, int len, +- X509_OBJECT *ret); +- int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- const char *str, int len, X509_OBJECT *ret); +-}; +- +-/* This is the functions plus an instance of the local variables. */ +-struct x509_lookup_st { +- int init; /* have we been started */ +- int skip; /* don't use us. */ +- X509_LOOKUP_METHOD *method; /* the functions */ +- char *method_data; /* method data */ +- X509_STORE *store_ctx; /* who owns us */ +-}; +- +-/* +- * This is used to hold everything. It is used for all certificate +- * validation. Once we have a certificate chain, the 'verify' function is +- * then called to actually check the cert chain. +- */ +-struct x509_store_st { +- /* The following is a cache of trusted certs */ +- int cache; /* if true, stash any hits */ +- STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ +- /* These are external lookup methods */ +- STACK_OF(X509_LOOKUP) *get_cert_methods; +- X509_VERIFY_PARAM *param; +- /* Callbacks for various operations */ +- /* called to verify a certificate */ +- int (*verify) (X509_STORE_CTX *ctx); +- /* error callback */ +- int (*verify_cb) (int ok, X509_STORE_CTX *ctx); +- /* get issuers cert from ctx */ +- int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x); +- /* check issued */ +- int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer); +- /* Check revocation status of chain */ +- int (*check_revocation) (X509_STORE_CTX *ctx); +- /* retrieve CRL */ +- int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); +- /* Check CRL validity */ +- int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl); +- /* Check certificate against CRL */ +- int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); +- /* Check policy status of the chain */ +- int (*check_policy) (X509_STORE_CTX *ctx); +- STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm); +- STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm); +- int (*cleanup) (X509_STORE_CTX *ctx); +- CRYPTO_EX_DATA ex_data; +- int references; +- CRYPTO_RWLOCK *lock; +-}; +- +-typedef struct lookup_dir_hashes_st BY_DIR_HASH; +-typedef struct lookup_dir_entry_st BY_DIR_ENTRY; +-DEFINE_STACK_OF(BY_DIR_HASH) +-DEFINE_STACK_OF(BY_DIR_ENTRY) +-typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; +-DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +index 952cbfb..50120a4 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c +@@ -1,29 +1,80 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_lu.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + #include +-#include "x509_lcl.h" + + X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) + { + X509_LOOKUP *ret; + +- ret = OPENSSL_zalloc(sizeof(*ret)); ++ ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); + if (ret == NULL) + return NULL; + ++ ret->init = 0; ++ ret->skip = 0; + ret->method = method; ++ ret->method_data = NULL; ++ ret->store_ctx = NULL; + if ((method->new_item != NULL) && !method->new_item(ret)) { + OPENSSL_free(ret); + return NULL; +@@ -40,16 +91,6 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx) + OPENSSL_free(ctx); + } + +-int X509_STORE_lock(X509_STORE *s) +-{ +- return CRYPTO_THREAD_write_lock(s->lock); +-} +- +-int X509_STORE_unlock(X509_STORE *s) +-{ +- return CRYPTO_THREAD_unlock(s->lock); +-} +- + int X509_LOOKUP_init(X509_LOOKUP *ctx) + { + if (ctx->method == NULL) +@@ -81,39 +122,38 @@ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + return 1; + } + +-int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- X509_NAME *name, X509_OBJECT *ret) ++int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, ++ X509_OBJECT *ret) + { + if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) +- return 0; ++ return X509_LU_FAIL; + if (ctx->skip) + return 0; + return ctx->method->get_by_subject(ctx, type, name, ret); + } + +-int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- X509_NAME *name, ASN1_INTEGER *serial, +- X509_OBJECT *ret) ++int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, ++ ASN1_INTEGER *serial, X509_OBJECT *ret) + { + if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL)) +- return 0; ++ return X509_LU_FAIL; + return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); + } + +-int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- const unsigned char *bytes, int len, ++int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, ++ unsigned char *bytes, int len, + X509_OBJECT *ret) + { + if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) +- return 0; ++ return X509_LU_FAIL; + return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); + } + +-int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type, +- const char *str, int len, X509_OBJECT *ret) ++int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, ++ X509_OBJECT *ret) + { + if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) +- return 0; ++ return X509_LU_FAIL; + return ctx->method->get_by_alias(ctx, type, str, len, ret); + } + +@@ -143,33 +183,35 @@ X509_STORE *X509_STORE_new(void) + { + X509_STORE *ret; + +- if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) ++ if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) + return NULL; +- if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) +- goto err; ++ ret->objs = sk_X509_OBJECT_new(x509_object_cmp); + ret->cache = 1; +- if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) +- goto err; ++ ret->get_cert_methods = sk_X509_LOOKUP_new_null(); ++ ret->verify = 0; ++ ret->verify_cb = 0; + + if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) +- goto err; +- +- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) +- goto err; ++ return NULL; + +- ret->lock = CRYPTO_THREAD_lock_new(); +- if (ret->lock == NULL) +- goto err; ++ ret->get_issuer = 0; ++ ret->check_issued = 0; ++ ret->check_revocation = 0; ++ ret->get_crl = 0; ++ ret->check_crl = 0; ++ ret->cert_crl = 0; ++ ret->lookup_certs = 0; ++ ret->lookup_crls = 0; ++ ret->cleanup = 0; ++ ++ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) { ++ sk_X509_OBJECT_free(ret->objs); ++ OPENSSL_free(ret); ++ return NULL; ++ } + + ret->references = 1; + return ret; +- +-err: +- X509_VERIFY_PARAM_free(ret->param); +- sk_X509_OBJECT_free(ret->objs); +- sk_X509_LOOKUP_free(ret->get_cert_methods); +- OPENSSL_free(ret); +- return NULL; + } + + static void cleanup(X509_OBJECT *a) +@@ -196,11 +238,18 @@ void X509_STORE_free(X509_STORE *vfy) + if (vfy == NULL) + return; + +- CRYPTO_atomic_add(&vfy->references, -1, &i, vfy->lock); +- REF_PRINT_COUNT("X509_STORE", vfy); ++ i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE); ++#ifdef REF_PRINT ++ REF_PRINT("X509_STORE", vfy); ++#endif + if (i > 0) + return; +- REF_ASSERT_ISNT(i < 0); ++#ifdef REF_CHECK ++ if (i < 0) { ++ fprintf(stderr, "X509_STORE_free, bad reference count\n"); ++ abort(); /* ok */ ++ } ++#endif + + sk = vfy->get_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { +@@ -212,23 +261,11 @@ void X509_STORE_free(X509_STORE *vfy) + sk_X509_OBJECT_pop_free(vfy->objs, cleanup); + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); +- X509_VERIFY_PARAM_free(vfy->param); +- CRYPTO_THREAD_lock_free(vfy->lock); ++ if (vfy->param) ++ X509_VERIFY_PARAM_free(vfy->param); + OPENSSL_free(vfy); + } + +-int X509_STORE_up_ref(X509_STORE *vfy) +-{ +- int i; +- +- if (CRYPTO_atomic_add(&vfy->references, 1, &i, vfy->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("X509_STORE", a); +- REF_ASSERT_ISNT(i < 2); +- return ((i > 1) ? 1 : 0); +-} +- + X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) + { + int i; +@@ -257,46 +294,39 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) + } + } + +-X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, +- X509_LOOKUP_TYPE type, +- X509_NAME *name) +-{ +- X509_OBJECT *ret = X509_OBJECT_new(); +- +- if (ret == NULL) +- return NULL; +- if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) { +- X509_OBJECT_free(ret); +- return NULL; +- } +- return ret; +-} +- +-int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, +- X509_NAME *name, X509_OBJECT *ret) ++int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, ++ X509_OBJECT *ret) + { + X509_STORE *ctx = vs->ctx; + X509_LOOKUP *lu; + X509_OBJECT stmp, *tmp; + int i, j; + +- CRYPTO_THREAD_write_lock(ctx->lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); +- CRYPTO_THREAD_unlock(ctx->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + if (tmp == NULL || type == X509_LU_CRL) { +- for (i = 0; i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { ++ for (i = vs->current_method; ++ i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + j = X509_LOOKUP_by_subject(lu, type, name, &stmp); +- if (j) { ++ if (j < 0) { ++ vs->current_method = j; ++ return j; ++ } else if (j) { + tmp = &stmp; + break; + } + } ++ vs->current_method = 0; + if (tmp == NULL) + return 0; + } + ++/*- if (ret->data.ptr != NULL) ++ X509_OBJECT_free_contents(ret); */ ++ + ret->type = tmp->type; + ret->data.ptr = tmp->data.ptr; + +@@ -308,34 +338,32 @@ int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) + { + X509_OBJECT *obj; +- int ret = 1, added = 1; ++ int ret = 1; + + if (x == NULL) + return 0; +- obj = X509_OBJECT_new(); +- if (obj == NULL) ++ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); ++ if (obj == NULL) { ++ X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); + return 0; ++ } + obj->type = X509_LU_X509; + obj->data.x509 = x; +- X509_OBJECT_up_ref_count(obj); + +- CRYPTO_THREAD_write_lock(ctx->lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ ++ X509_OBJECT_up_ref_count(obj); + + if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { ++ X509_OBJECT_free_contents(obj); ++ OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CERT, + X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; +- } else { +- added = sk_X509_OBJECT_push(ctx->objs, obj); +- ret = added != 0; +- } +- +- CRYPTO_THREAD_unlock(ctx->lock); ++ } else ++ sk_X509_OBJECT_push(ctx->objs, obj); + +- if (!ret) /* obj not pushed */ +- X509_OBJECT_free(obj); +- if (!added) /* on push failure */ +- X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + return ret; + } +@@ -343,89 +371,50 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) + int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) + { + X509_OBJECT *obj; +- int ret = 1, added = 1; ++ int ret = 1; + + if (x == NULL) + return 0; +- obj = X509_OBJECT_new(); +- if (obj == NULL) ++ obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); ++ if (obj == NULL) { ++ X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); + return 0; ++ } + obj->type = X509_LU_CRL; + obj->data.crl = x; +- X509_OBJECT_up_ref_count(obj); + +- CRYPTO_THREAD_write_lock(ctx->lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ ++ X509_OBJECT_up_ref_count(obj); + + if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { ++ X509_OBJECT_free_contents(obj); ++ OPENSSL_free(obj); + X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; +- } else { +- added = sk_X509_OBJECT_push(ctx->objs, obj); +- ret = added != 0; +- } ++ } else ++ sk_X509_OBJECT_push(ctx->objs, obj); + +- CRYPTO_THREAD_unlock(ctx->lock); +- +- if (!ret) /* obj not pushed */ +- X509_OBJECT_free(obj); +- if (!added) /* on push failure */ +- X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + return ret; + } + +-int X509_OBJECT_up_ref_count(X509_OBJECT *a) ++void X509_OBJECT_up_ref_count(X509_OBJECT *a) + { + switch (a->type) { +- default: +- break; + case X509_LU_X509: +- return X509_up_ref(a->data.x509); ++ CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); ++ break; + case X509_LU_CRL: +- return X509_CRL_up_ref(a->data.crl); +- } +- return 1; +-} +- +-X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) +-{ +- if (a == NULL || a->type != X509_LU_X509) +- return NULL; +- return a->data.x509; +-} +- +-X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a) +-{ +- if (a == NULL || a->type != X509_LU_CRL) +- return NULL; +- return a->data.crl; +-} +- +-X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a) +-{ +- return a->type; +-} +- +-X509_OBJECT *X509_OBJECT_new() +-{ +- X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); +- +- if (ret == NULL) { +- X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE); +- return NULL; ++ CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL); ++ break; + } +- ret->type = X509_LU_NONE; +- return ret; + } + +- +-void X509_OBJECT_free(X509_OBJECT *a) ++void X509_OBJECT_free_contents(X509_OBJECT *a) + { +- if (a == NULL) +- return; + switch (a->type) { +- default: +- break; + case X509_LU_X509: + X509_free(a->data.x509); + break; +@@ -433,26 +422,29 @@ void X509_OBJECT_free(X509_OBJECT *a) + X509_CRL_free(a->data.crl); + break; + } +- OPENSSL_free(a); + } + +-static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, ++static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name, int *pnmatch) + { + X509_OBJECT stmp; + X509 x509_s; ++ X509_CINF cinf_s; + X509_CRL crl_s; ++ X509_CRL_INFO crl_info_s; + int idx; + + stmp.type = type; + switch (type) { + case X509_LU_X509: + stmp.data.x509 = &x509_s; +- x509_s.cert_info.subject = name; ++ x509_s.cert_info = &cinf_s; ++ cinf_s.subject = name; + break; + case X509_LU_CRL: + stmp.data.crl = &crl_s; +- crl_s.crl.issuer = name; ++ crl_s.crl = &crl_info_s; ++ crl_info_s.issuer = name; + break; + default: + /* abort(); */ +@@ -475,15 +467,14 @@ static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + return idx; + } + +-int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, ++int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name) + { + return x509_object_idx_cnt(h, type, name, NULL); + } + + X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, +- X509_LOOKUP_TYPE type, +- X509_NAME *name) ++ int type, X509_NAME *name) + { + int idx; + idx = X509_OBJECT_idx_by_subject(h, type, name); +@@ -492,78 +483,73 @@ X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + return sk_X509_OBJECT_value(h, idx); + } + +-STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v) +-{ +- return v->objs; +-} +- +-STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) ++STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) + { + int i, idx, cnt; +- STACK_OF(X509) *sk = NULL; ++ STACK_OF(X509) *sk; + X509 *x; + X509_OBJECT *obj; +- +- CRYPTO_THREAD_write_lock(ctx->ctx->lock); ++ sk = sk_X509_new_null(); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + if (idx < 0) { + /* + * Nothing found in cache: do lookup to possibly add new objects to + * cache + */ +- X509_OBJECT *xobj = X509_OBJECT_new(); +- +- CRYPTO_THREAD_unlock(ctx->ctx->lock); +- if (xobj == NULL) +- return NULL; +- if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) { +- X509_OBJECT_free(xobj); ++ X509_OBJECT xobj; ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { ++ sk_X509_free(sk); + return NULL; + } +- X509_OBJECT_free(xobj); +- CRYPTO_THREAD_write_lock(ctx->ctx->lock); ++ X509_OBJECT_free_contents(&xobj); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + if (idx < 0) { +- CRYPTO_THREAD_unlock(ctx->ctx->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ sk_X509_free(sk); + return NULL; + } + } +- +- sk = sk_X509_new_null(); + for (i = 0; i < cnt; i++, idx++) { + obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + x = obj->data.x509; +- X509_up_ref(x); ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + if (!sk_X509_push(sk, x)) { +- CRYPTO_THREAD_unlock(ctx->ctx->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_free(x); + sk_X509_pop_free(sk, X509_free); + return NULL; + } + } +- CRYPTO_THREAD_unlock(ctx->ctx->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; ++ + } + +-STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) ++STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) + { + int i, idx, cnt; +- STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null(); ++ STACK_OF(X509_CRL) *sk; + X509_CRL *x; +- X509_OBJECT *obj, *xobj = X509_OBJECT_new(); +- +- /* Always do lookup to possibly add new CRLs to cache */ +- if (sk == NULL || xobj == NULL || +- !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) { +- X509_OBJECT_free(xobj); ++ X509_OBJECT *obj, xobj; ++ sk = sk_X509_CRL_new_null(); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); ++ ++ /* ++ * Always do lookup to possibly add new CRLs to cache ++ */ ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); ++ if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { + sk_X509_CRL_free(sk); + return NULL; + } +- X509_OBJECT_free(xobj); +- CRYPTO_THREAD_write_lock(ctx->ctx->lock); ++ X509_OBJECT_free_contents(&xobj); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + if (idx < 0) { +- CRYPTO_THREAD_unlock(ctx->ctx->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + sk_X509_CRL_free(sk); + return NULL; + } +@@ -571,15 +557,15 @@ STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) + for (i = 0; i < cnt; i++, idx++) { + obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + x = obj->data.crl; +- X509_CRL_up_ref(x); ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); + if (!sk_X509_CRL_push(sk, x)) { +- CRYPTO_THREAD_unlock(ctx->ctx->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_CRL_free(x); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; + } + } +- CRYPTO_THREAD_unlock(ctx->ctx->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; + } + +@@ -625,32 +611,32 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, + int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) + { + X509_NAME *xn; +- X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL; ++ X509_OBJECT obj, *pobj; + int i, ok, idx, ret; +- +- if (obj == NULL) +- return -1; +- *issuer = NULL; + xn = X509_get_issuer_name(x); +- ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj); +- if (ok != 1) { +- X509_OBJECT_free(obj); ++ ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); ++ if (ok != X509_LU_X509) { ++ if (ok == X509_LU_RETRY) { ++ X509_OBJECT_free_contents(&obj); ++ X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY); ++ return -1; ++ } else if (ok != X509_LU_FAIL) { ++ X509_OBJECT_free_contents(&obj); ++ /* not good :-(, break anyway */ ++ return -1; ++ } + return 0; + } + /* If certificate matches all OK */ +- if (ctx->check_issued(ctx, x, obj->data.x509)) { +- if (x509_check_cert_time(ctx, obj->data.x509, -1)) { +- *issuer = obj->data.x509; +- X509_up_ref(*issuer); +- X509_OBJECT_free(obj); +- return 1; +- } ++ if (ctx->check_issued(ctx, x, obj.data.x509)) { ++ *issuer = obj.data.x509; ++ return 1; + } +- X509_OBJECT_free(obj); ++ X509_OBJECT_free_contents(&obj); + + /* Else find index of first cert accepted by 'check_issued' */ + ret = 0; +- CRYPTO_THREAD_write_lock(ctx->ctx->lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); + if (idx != -1) { /* should be true as we've had at least one + * match */ +@@ -664,22 +650,13 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) + break; + if (ctx->check_issued(ctx, x, pobj->data.x509)) { + *issuer = pobj->data.x509; ++ X509_OBJECT_up_ref_count(pobj); + ret = 1; +- /* +- * If times check, exit with match, +- * otherwise keep looking. Leave last +- * match in issuer so we return nearest +- * match if no certificate time is OK. +- */ +- +- if (x509_check_cert_time(ctx, *issuer, -1)) +- break; ++ break; + } + } + } +- CRYPTO_THREAD_unlock(ctx->ctx->lock); +- if (*issuer) +- X509_up_ref(*issuer); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return ret; + } + +@@ -709,153 +686,25 @@ int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) + return X509_VERIFY_PARAM_set1(ctx->param, param); + } + +-X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx) +-{ +- return ctx->param; +-} +- +-void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify) +-{ +- ctx->verify = verify; +-} +- +-X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx) +-{ +- return ctx->verify; +-} +- + void X509_STORE_set_verify_cb(X509_STORE *ctx, +- X509_STORE_CTX_verify_cb verify_cb) ++ int (*verify_cb) (int, X509_STORE_CTX *)) + { + ctx->verify_cb = verify_cb; + } + +-X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx) +-{ +- return ctx->verify_cb; +-} +- +-void X509_STORE_set_get_issuer(X509_STORE *ctx, +- X509_STORE_CTX_get_issuer_fn get_issuer) +-{ +- ctx->get_issuer = get_issuer; +-} +- +-X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx) +-{ +- return ctx->get_issuer; +-} +- +-void X509_STORE_set_check_issued(X509_STORE *ctx, +- X509_STORE_CTX_check_issued_fn check_issued) +-{ +- ctx->check_issued = check_issued; +-} +- +-X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx) +-{ +- return ctx->check_issued; +-} +- +-void X509_STORE_set_check_revocation(X509_STORE *ctx, +- X509_STORE_CTX_check_revocation_fn check_revocation) +-{ +- ctx->check_revocation = check_revocation; +-} +- +-X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx) +-{ +- return ctx->check_revocation; +-} +- +-void X509_STORE_set_get_crl(X509_STORE *ctx, +- X509_STORE_CTX_get_crl_fn get_crl) +-{ +- ctx->get_crl = get_crl; +-} +- +-X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx) +-{ +- return ctx->get_crl; +-} +- +-void X509_STORE_set_check_crl(X509_STORE *ctx, +- X509_STORE_CTX_check_crl_fn check_crl) +-{ +- ctx->check_crl = check_crl; +-} +- +-X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx) +-{ +- return ctx->check_crl; +-} +- +-void X509_STORE_set_cert_crl(X509_STORE *ctx, +- X509_STORE_CTX_cert_crl_fn cert_crl) ++void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, ++ STACK_OF(X509_CRL) *(*cb) (X509_STORE_CTX ++ *ctx, ++ X509_NAME *nm)) + { +- ctx->cert_crl = cert_crl; +-} +- +-X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx) +-{ +- return ctx->cert_crl; +-} +- +-void X509_STORE_set_check_policy(X509_STORE *ctx, +- X509_STORE_CTX_check_policy_fn check_policy) +-{ +- ctx->check_policy = check_policy; +-} +- +-X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx) +-{ +- return ctx->check_policy; +-} +- +-void X509_STORE_set_lookup_certs(X509_STORE *ctx, +- X509_STORE_CTX_lookup_certs_fn lookup_certs) +-{ +- ctx->lookup_certs = lookup_certs; +-} +- +-X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx) +-{ +- return ctx->lookup_certs; +-} +- +-void X509_STORE_set_lookup_crls(X509_STORE *ctx, +- X509_STORE_CTX_lookup_crls_fn lookup_crls) +-{ +- ctx->lookup_crls = lookup_crls; +-} +- +-X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx) +-{ +- return ctx->lookup_crls; +-} +- +-void X509_STORE_set_cleanup(X509_STORE *ctx, +- X509_STORE_CTX_cleanup_fn ctx_cleanup) +-{ +- ctx->cleanup = ctx_cleanup; +-} +- +-X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx) +-{ +- return ctx->cleanup; +-} +- +-int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data) +-{ +- return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); +-} +- +-void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx) +-{ +- return CRYPTO_get_ex_data(&ctx->ex_data, idx); ++ ctx->lookup_crls = cb; + } + + X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx) + { + return ctx->ctx; + } ++ ++IMPLEMENT_STACK_OF(X509_LOOKUP) ++ ++IMPLEMENT_STACK_OF(X509_OBJECT) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +index 55dc778..0a839f3 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c +@@ -1,30 +1,78 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_obj.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + + /* + * Limit to ensure we don't overflow: much greater than +- * anything encountered in practice. ++ * anything enountered in practice. + */ + + #define NAME_ONELINE_MAX (1024 * 1024) + +-char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) ++char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) + { +- const X509_NAME_ENTRY *ne; ++ X509_NAME_ENTRY *ne; + int i; + int n, lold, l, l1, l2, num, j, type; + const char *s; +@@ -35,7 +83,7 @@ char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len) + int gs_doit[4]; + char tmp_buf[80]; + #ifdef CHARSET_EBCDIC +- unsigned char ebcdic_buf[1024]; ++ char ebcdic_buf[1024]; + #endif + + if (buf == NULL) { +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c +index 3d72787..2879569 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c +@@ -1,19 +1,67 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_r2x.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + #include + #include + +@@ -23,6 +71,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) + X509_CINF *xi = NULL; + X509_NAME *xn; + EVP_PKEY *pubkey = NULL; ++ int res; + + if ((ret = X509_new()) == NULL) { + X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE); +@@ -30,10 +79,10 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) + } + + /* duplicate the request */ +- xi = &ret->cert_info; ++ xi = ret->cert_info; + +- if (sk_X509_ATTRIBUTE_num(r->req_info.attributes) != 0) { +- if ((xi->version = ASN1_INTEGER_new()) == NULL) ++ if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { ++ if ((xi->version = M_ASN1_INTEGER_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(xi->version, 2)) + goto err; +@@ -47,21 +96,22 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) + if (X509_set_issuer_name(ret, xn) == 0) + goto err; + +- if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL) ++ if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) + goto err; +- if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) == ++ if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) == + NULL) + goto err; + +- pubkey = X509_REQ_get0_pubkey(r); +- if (pubkey == NULL || !X509_set_pubkey(ret, pubkey)) +- goto err; ++ pubkey = X509_REQ_get_pubkey(r); ++ res = X509_set_pubkey(ret, pubkey); ++ EVP_PKEY_free(pubkey); + +- if (!X509_sign(ret, pkey, EVP_md5())) ++ if (!res || !X509_sign(ret, pkey, EVP_md5())) + goto err; +- return ret; +- ++ if (0) { + err: +- X509_free(ret); +- return NULL; ++ X509_free(ret); ++ ret = NULL; ++ } ++ return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +index 7b88dbc..01795f4 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_req.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_req.c +@@ -1,20 +1,68 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_req.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include "internal/x509_int.h" + #include + #include + #include +@@ -32,10 +80,10 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) + goto err; + } + +- ri = &ret->req_info; ++ ri = ret->req_info; + + ri->version->length = 1; +- ri->version->data = OPENSSL_malloc(1); ++ ri->version->data = (unsigned char *)OPENSSL_malloc(1); + if (ri->version->data == NULL) + goto err; + ri->version->data[0] = 0; /* version == 0 */ +@@ -43,10 +91,11 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) + if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) + goto err; + +- pktmp = X509_get0_pubkey(x); ++ pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; + i = X509_REQ_set_pubkey(ret, pktmp); ++ EVP_PKEY_free(pktmp); + if (!i) + goto err; + +@@ -62,21 +111,9 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) + + EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) + { +- if (req == NULL) ++ if ((req == NULL) || (req->req_info == NULL)) + return (NULL); +- return (X509_PUBKEY_get(req->req_info.pubkey)); +-} +- +-EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req) +-{ +- if (req == NULL) +- return NULL; +- return (X509_PUBKEY_get0(req->req_info.pubkey)); +-} +- +-X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req) +-{ +- return req->req_info.pubkey; ++ return (X509_PUBKEY_get(req->req_info->pubkey)); + } + + int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) +@@ -98,13 +135,13 @@ int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) + break; + case -2: + #ifndef OPENSSL_NO_EC +- if (EVP_PKEY_id(k) == EVP_PKEY_EC) { ++ if (k->type == EVP_PKEY_EC) { + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB); + break; + } + #endif + #ifndef OPENSSL_NO_DH +- if (EVP_PKEY_id(k) == EVP_PKEY_DH) { ++ if (k->type == EVP_PKEY_DH) { + /* No idea */ + X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, + X509_R_CANT_CHECK_DH_KEY); +@@ -157,14 +194,17 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) + int idx, *pnid; + const unsigned char *p; + +- if ((req == NULL) || !ext_nids) ++ if ((req == NULL) || (req->req_info == NULL) || !ext_nids) + return (NULL); + for (pnid = ext_nids; *pnid != NID_undef; pnid++) { + idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); + if (idx == -1) + continue; + attr = X509_REQ_get_attr(req, idx); +- ext = X509_ATTRIBUTE_get0_type(attr, 0); ++ if (attr->single) ++ ext = attr->value.single; ++ else if (sk_ASN1_TYPE_num(attr->value.set)) ++ ext = sk_ASN1_TYPE_value(attr->value.set, 0); + break; + } + if (!ext || (ext->type != V_ASN1_SEQUENCE)) +@@ -183,17 +223,37 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) + int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) + { +- int extlen; +- int rv = 0; +- unsigned char *ext = NULL; ++ ASN1_TYPE *at = NULL; ++ X509_ATTRIBUTE *attr = NULL; ++ if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new())) ++ goto err; ++ ++ at->type = V_ASN1_SEQUENCE; + /* Generate encoding of extensions */ +- extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext, +- ASN1_ITEM_rptr(X509_EXTENSIONS)); +- if (extlen <= 0) +- return 0; +- rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); +- OPENSSL_free(ext); +- return rv; ++ at->value.sequence->length = ++ ASN1_item_i2d((ASN1_VALUE *)exts, ++ &at->value.sequence->data, ++ ASN1_ITEM_rptr(X509_EXTENSIONS)); ++ if (!(attr = X509_ATTRIBUTE_new())) ++ goto err; ++ if (!(attr->value.set = sk_ASN1_TYPE_new_null())) ++ goto err; ++ if (!sk_ASN1_TYPE_push(attr->value.set, at)) ++ goto err; ++ at = NULL; ++ attr->single = 0; ++ attr->object = OBJ_nid2obj(nid); ++ if (!req->req_info->attributes) { ++ if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) ++ goto err; ++ } ++ if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) ++ goto err; ++ return 1; ++ err: ++ X509_ATTRIBUTE_free(attr); ++ ASN1_TYPE_free(at); ++ return 0; + } + + /* This is the normal usage: use the "official" OID */ +@@ -206,33 +266,33 @@ int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) + + int X509_REQ_get_attr_count(const X509_REQ *req) + { +- return X509at_get_attr_count(req->req_info.attributes); ++ return X509at_get_attr_count(req->req_info->attributes); + } + + int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) + { +- return X509at_get_attr_by_NID(req->req_info.attributes, nid, lastpos); ++ return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); + } + +-int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, ++int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, + int lastpos) + { +- return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos); ++ return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); + } + + X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) + { +- return X509at_get_attr(req->req_info.attributes, loc); ++ return X509at_get_attr(req->req_info->attributes, loc); + } + + X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) + { +- return X509at_delete_attr(req->req_info.attributes, loc); ++ return X509at_delete_attr(req->req_info->attributes, loc); + } + + int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) + { +- if (X509at_add1_attr(&req->req_info.attributes, attr)) ++ if (X509at_add1_attr(&req->req_info->attributes, attr)) + return 1; + return 0; + } +@@ -241,7 +301,7 @@ int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) + { +- if (X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj, ++ if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, + type, bytes, len)) + return 1; + return 0; +@@ -251,7 +311,7 @@ int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len) + { +- if (X509at_add1_attr_by_NID(&req->req_info.attributes, nid, ++ if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, + type, bytes, len)) + return 1; + return 0; +@@ -261,38 +321,8 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len) + { +- if (X509at_add1_attr_by_txt(&req->req_info.attributes, attrname, ++ if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, + type, bytes, len)) + return 1; + return 0; + } +- +-long X509_REQ_get_version(const X509_REQ *req) +-{ +- return ASN1_INTEGER_get(req->req_info.version); +-} +- +-X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req) +-{ +- return req->req_info.subject; +-} +- +-void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, +- const X509_ALGOR **palg) +-{ +- if (psig != NULL) +- *psig = req->signature; +- if (palg != NULL) +- *palg = &req->sig_alg; +-} +- +-int X509_REQ_get_signature_nid(const X509_REQ *req) +-{ +- return OBJ_obj2nid(req->sig_alg.algorithm); +-} +- +-int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) +-{ +- req->req_info.enc.modified = 1; +- return i2d_X509_REQ_INFO(&req->req_info, pp); +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +index c0ea418..5b802bd 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_set.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_set.c +@@ -1,34 +1,82 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_set.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + + int X509_set_version(X509 *x, long version) + { + if (x == NULL) + return (0); + if (version == 0) { +- ASN1_INTEGER_free(x->cert_info.version); +- x->cert_info.version = NULL; ++ M_ASN1_INTEGER_free(x->cert_info->version); ++ x->cert_info->version = NULL; + return (1); + } +- if (x->cert_info.version == NULL) { +- if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL) ++ if (x->cert_info->version == NULL) { ++ if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL) + return (0); + } +- return (ASN1_INTEGER_set(x->cert_info.version, version)); ++ return (ASN1_INTEGER_set(x->cert_info->version, version)); + } + + int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) +@@ -36,124 +84,69 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) + ASN1_INTEGER *in; + + if (x == NULL) +- return 0; +- in = &x->cert_info.serialNumber; +- if (in != serial) +- return ASN1_STRING_copy(in, serial); +- return 1; ++ return (0); ++ in = x->cert_info->serialNumber; ++ if (in != serial) { ++ in = M_ASN1_INTEGER_dup(serial); ++ if (in != NULL) { ++ M_ASN1_INTEGER_free(x->cert_info->serialNumber); ++ x->cert_info->serialNumber = in; ++ } ++ } ++ return (in != NULL); + } + + int X509_set_issuer_name(X509 *x, X509_NAME *name) + { +- if (x == NULL) ++ if ((x == NULL) || (x->cert_info == NULL)) + return (0); +- return (X509_NAME_set(&x->cert_info.issuer, name)); ++ return (X509_NAME_set(&x->cert_info->issuer, name)); + } + + int X509_set_subject_name(X509 *x, X509_NAME *name) + { +- if (x == NULL) ++ if ((x == NULL) || (x->cert_info == NULL)) + return (0); +- return (X509_NAME_set(&x->cert_info.subject, name)); ++ return (X509_NAME_set(&x->cert_info->subject, name)); + } + +-int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) ++int X509_set_notBefore(X509 *x, const ASN1_TIME *tm) + { + ASN1_TIME *in; +- in = *ptm; ++ ++ if ((x == NULL) || (x->cert_info->validity == NULL)) ++ return (0); ++ in = x->cert_info->validity->notBefore; + if (in != tm) { +- in = ASN1_STRING_dup(tm); ++ in = M_ASN1_TIME_dup(tm); + if (in != NULL) { +- ASN1_TIME_free(*ptm); +- *ptm = in; ++ M_ASN1_TIME_free(x->cert_info->validity->notBefore); ++ x->cert_info->validity->notBefore = in; + } + } + return (in != NULL); + } + +-int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) ++int X509_set_notAfter(X509 *x, const ASN1_TIME *tm) + { +- if (x == NULL) +- return 0; +- return x509_set1_time(&x->cert_info.validity.notBefore, tm); +-} ++ ASN1_TIME *in; + +-int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) +-{ +- if (x == NULL) +- return 0; +- return x509_set1_time(&x->cert_info.validity.notAfter, tm); ++ if ((x == NULL) || (x->cert_info->validity == NULL)) ++ return (0); ++ in = x->cert_info->validity->notAfter; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->cert_info->validity->notAfter); ++ x->cert_info->validity->notAfter = in; ++ } ++ } ++ return (in != NULL); + } + + int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) + { +- if (x == NULL) ++ if ((x == NULL) || (x->cert_info == NULL)) + return (0); +- return (X509_PUBKEY_set(&(x->cert_info.key), pkey)); +-} +- +-int X509_up_ref(X509 *x) +-{ +- int i; +- +- if (CRYPTO_atomic_add(&x->references, 1, &i, x->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("X509", x); +- REF_ASSERT_ISNT(i < 2); +- return ((i > 1) ? 1 : 0); +-} +- +-long X509_get_version(const X509 *x) +-{ +- return ASN1_INTEGER_get(x->cert_info.version); +-} +- +-const ASN1_TIME *X509_get0_notBefore(const X509 *x) +-{ +- return x->cert_info.validity.notBefore; +-} +- +-const ASN1_TIME *X509_get0_notAfter(const X509 *x) +-{ +- return x->cert_info.validity.notAfter; +-} +- +-ASN1_TIME *X509_getm_notBefore(const X509 *x) +-{ +- return x->cert_info.validity.notBefore; +-} +- +-ASN1_TIME *X509_getm_notAfter(const X509 *x) +-{ +- return x->cert_info.validity.notAfter; +-} +- +-int X509_get_signature_type(const X509 *x) +-{ +- return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm)); +-} +- +-X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x) +-{ +- return x->cert_info.key; +-} +- +-const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) +-{ +- return x->cert_info.extensions; +-} +- +-void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, +- const ASN1_BIT_STRING **psuid) +-{ +- if (piuid != NULL) +- *piuid = x->cert_info.issuerUID; +- if (psuid != NULL) +- *psuid = x->cert_info.subjectUID; +-} +- +-const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) +-{ +- return &x->cert_info.signature; ++ return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +index a9bb88d..11e0763 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c +@@ -1,16 +1,65 @@ ++/* x509_trs.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "internal/x509_int.h" + + static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); + static void trtable_free(X509_TRUST *p); +@@ -45,7 +94,9 @@ static X509_TRUST trstandard[] = { + {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} + }; + +-#define X509_TRUST_COUNT OSSL_NELEM(trstandard) ++#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) ++ ++IMPLEMENT_STACK_OF(X509_TRUST) + + static STACK_OF(X509_TRUST) *trtable = NULL; + +@@ -66,11 +117,16 @@ int X509_check_trust(X509 *x, int id, int flags) + { + X509_TRUST *pt; + int idx; +- ++ if (id == -1) ++ return 1; + /* We get this as a default value */ +- if (id == X509_TRUST_DEFAULT) +- return obj_trust(NID_anyExtendedKeyUsage, x, +- flags | X509_TRUST_DO_SS_COMPAT); ++ if (id == 0) { ++ int rv; ++ rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); ++ if (rv != X509_TRUST_UNTRUSTED) ++ return rv; ++ return trust_compat(NULL, x, 0); ++ } + idx = X509_TRUST_get_by_id(id); + if (idx == -1) + return default_trust(id, x, flags); +@@ -120,7 +176,7 @@ int X509_TRUST_set(int *t, int trust) + } + + int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), +- const char *name, int arg1, void *arg2) ++ char *name, int arg1, void *arg2) + { + int idx; + X509_TRUST *trtmp; +@@ -134,7 +190,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + idx = X509_TRUST_get_by_id(id); + /* Need a new entry */ + if (idx == -1) { +- if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) { ++ if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -146,9 +202,9 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) + OPENSSL_free(trtmp->name); + /* dup supplied name */ +- if ((trtmp->name = OPENSSL_strdup(name)) == NULL) { ++ if (!(trtmp->name = BUF_strdup(name))) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); +- goto err; ++ return 0; + } + /* Keep the dynamic flag of existing entry */ + trtmp->flags &= X509_TRUST_DYNAMIC; +@@ -162,23 +218,16 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), + + /* If its a new entry manage the dynamic table */ + if (idx == -1) { +- if (trtable == NULL +- && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) { ++ if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); +- goto err;; ++ return 0; + } + if (!sk_X509_TRUST_push(trtable, trtmp)) { + X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); +- goto err; ++ return 0; + } + } + return 1; +- err: +- if (idx == -1) { +- OPENSSL_free(trtmp->name); +- OPENSSL_free(trtmp); +- } +- return 0; + } + + static void trtable_free(X509_TRUST *p) +@@ -194,53 +243,50 @@ static void trtable_free(X509_TRUST *p) + + void X509_TRUST_cleanup(void) + { ++ unsigned int i; ++ for (i = 0; i < X509_TRUST_COUNT; i++) ++ trtable_free(trstandard + i); + sk_X509_TRUST_pop_free(trtable, trtable_free); + trtable = NULL; + } + +-int X509_TRUST_get_flags(const X509_TRUST *xp) ++int X509_TRUST_get_flags(X509_TRUST *xp) + { + return xp->flags; + } + +-char *X509_TRUST_get0_name(const X509_TRUST *xp) ++char *X509_TRUST_get0_name(X509_TRUST *xp) + { + return xp->name; + } + +-int X509_TRUST_get_trust(const X509_TRUST *xp) ++int X509_TRUST_get_trust(X509_TRUST *xp) + { + return xp->trust; + } + + static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) + { ++ if (x->aux && (x->aux->trust || x->aux->reject)) ++ return obj_trust(trust->arg1, x, flags); + /* +- * Declare the chain verified if the desired trust OID is not rejected in +- * any auxiliary trust info for this certificate, and the OID is either +- * expressly trusted, or else either "anyEKU" is trusted, or the +- * certificate is self-signed. ++ * we don't have any trust settings: for compatibility we return trusted ++ * if it is self signed + */ +- flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU; +- return obj_trust(trust->arg1, x, flags); ++ return trust_compat(trust, x, flags); + } + + static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) + { +- /* +- * Declare the chain verified only if the desired trust OID is not +- * rejected and is expressly trusted. Neither "anyEKU" nor "compat" +- * trust in self-signed certificates apply. +- */ +- flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU); +- return obj_trust(trust->arg1, x, flags); ++ if (x->aux) ++ return obj_trust(trust->arg1, x, flags); ++ return X509_TRUST_UNTRUSTED; + } + + static int trust_compat(X509_TRUST *trust, X509 *x, int flags) + { +- /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, 0); +- if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && x->ex_flags & EXFLAG_SS) ++ if (x->ex_flags & EXFLAG_SS) + return X509_TRUST_TRUSTED; + else + return X509_TRUST_UNTRUSTED; +@@ -248,51 +294,25 @@ static int trust_compat(X509_TRUST *trust, X509 *x, int flags) + + static int obj_trust(int id, X509 *x, int flags) + { +- X509_CERT_AUX *ax = x->aux; ++ ASN1_OBJECT *obj; + int i; +- +- if (ax && ax->reject) { ++ X509_CERT_AUX *ax; ++ ax = x->aux; ++ if (!ax) ++ return X509_TRUST_UNTRUSTED; ++ if (ax->reject) { + for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { +- ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i); +- int nid = OBJ_obj2nid(obj); +- +- if (nid == id || (nid == NID_anyExtendedKeyUsage && +- (flags & X509_TRUST_OK_ANY_EKU))) ++ obj = sk_ASN1_OBJECT_value(ax->reject, i); ++ if (OBJ_obj2nid(obj) == id) + return X509_TRUST_REJECTED; + } + } +- +- if (ax && ax->trust) { ++ if (ax->trust) { + for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { +- ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i); +- int nid = OBJ_obj2nid(obj); +- +- if (nid == id || (nid == NID_anyExtendedKeyUsage && +- (flags & X509_TRUST_OK_ANY_EKU))) ++ obj = sk_ASN1_OBJECT_value(ax->trust, i); ++ if (OBJ_obj2nid(obj) == id) + return X509_TRUST_TRUSTED; + } +- /* +- * Reject when explicit trust EKU are set and none match. +- * +- * Returning untrusted is enough for for full chains that end in +- * self-signed roots, because when explicit trust is specified it +- * suppresses the default blanket trust of self-signed objects. +- * +- * But for partial chains, this is not enough, because absent a similar +- * trust-self-signed policy, non matching EKUs are indistinguishable +- * from lack of EKU constraints. +- * +- * Therefore, failure to match any trusted purpose must trigger an +- * explicit reject. +- */ +- return X509_TRUST_REJECTED; + } +- +- if ((flags & X509_TRUST_DO_SS_COMPAT) == 0) +- return X509_TRUST_UNTRUSTED; +- +- /* +- * Not rejected, and there is no list of accepted uses, try compat. +- */ +- return trust_compat(NULL, x, flags); ++ return X509_TRUST_UNTRUSTED; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +index 66e5fcd..35db095 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c +@@ -1,17 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_txt.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -21,11 +70,11 @@ + + const char *X509_verify_cert_error_string(long n) + { ++ static char buf[100]; ++ + switch ((int)n) { + case X509_V_OK: + return ("ok"); +- case X509_V_ERR_UNSPECIFIED: +- return ("unspecified certificate verification error"); + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + return ("unable to get issuer certificate"); + case X509_V_ERR_UNABLE_TO_GET_CRL: +@@ -42,10 +91,10 @@ const char *X509_verify_cert_error_string(long n) + return ("CRL signature failure"); + case X509_V_ERR_CERT_NOT_YET_VALID: + return ("certificate is not yet valid"); +- case X509_V_ERR_CERT_HAS_EXPIRED: +- return ("certificate has expired"); + case X509_V_ERR_CRL_NOT_YET_VALID: + return ("CRL is not yet valid"); ++ case X509_V_ERR_CERT_HAS_EXPIRED: ++ return ("certificate has expired"); + case X509_V_ERR_CRL_HAS_EXPIRED: + return ("CRL has expired"); + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: +@@ -72,14 +121,23 @@ const char *X509_verify_cert_error_string(long n) + return ("certificate revoked"); + case X509_V_ERR_INVALID_CA: + return ("invalid CA certificate"); ++ case X509_V_ERR_INVALID_NON_CA: ++ return ("invalid non-CA certificate (has CA markings)"); + case X509_V_ERR_PATH_LENGTH_EXCEEDED: + return ("path length constraint exceeded"); ++ case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: ++ return ("proxy path length constraint exceeded"); ++ case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: ++ return ++ ("proxy certificates not allowed, please set the appropriate flag"); + case X509_V_ERR_INVALID_PURPOSE: + return ("unsupported certificate purpose"); + case X509_V_ERR_CERT_UNTRUSTED: + return ("certificate not trusted"); + case X509_V_ERR_CERT_REJECTED: + return ("certificate rejected"); ++ case X509_V_ERR_APPLICATION_VERIFICATION: ++ return ("application verification failure"); + case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: + return ("subject issuer mismatch"); + case X509_V_ERR_AKID_SKID_MISMATCH: +@@ -94,17 +152,10 @@ const char *X509_verify_cert_error_string(long n) + return ("unhandled critical extension"); + case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: + return ("key usage does not include CRL signing"); +- case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: +- return ("unhandled critical CRL extension"); +- case X509_V_ERR_INVALID_NON_CA: +- return ("invalid non-CA certificate (has CA markings)"); +- case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: +- return ("proxy path length constraint exceeded"); + case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: + return ("key usage does not include digital signature"); +- case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: +- return +- ("proxy certificates not allowed, please set the appropriate flag"); ++ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: ++ return ("unhandled critical CRL extension"); + case X509_V_ERR_INVALID_EXTENSION: + return ("invalid or inconsistent certificate extension"); + case X509_V_ERR_INVALID_POLICY_EXTENSION: +@@ -117,14 +168,13 @@ const char *X509_verify_cert_error_string(long n) + return ("Unsupported extension feature"); + case X509_V_ERR_UNNESTED_RESOURCE: + return ("RFC 3779 resource not subset of parent's resources"); ++ + case X509_V_ERR_PERMITTED_VIOLATION: + return ("permitted subtree violation"); + case X509_V_ERR_EXCLUDED_VIOLATION: + return ("excluded subtree violation"); + case X509_V_ERR_SUBTREE_MINMAX: + return ("name constraints minimum and maximum not supported"); +- case X509_V_ERR_APPLICATION_VERIFICATION: +- return ("application verification failure"); + case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: + return ("unsupported name constraint type"); + case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: +@@ -133,8 +183,7 @@ const char *X509_verify_cert_error_string(long n) + return ("unsupported or invalid name syntax"); + case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: + return ("CRL path validation error"); +- case X509_V_ERR_PATH_LOOP: +- return ("Path Loop"); ++ + case X509_V_ERR_SUITE_B_INVALID_VERSION: + return ("Suite B: certificate version invalid"); + case X509_V_ERR_SUITE_B_INVALID_ALGORITHM: +@@ -147,31 +196,23 @@ const char *X509_verify_cert_error_string(long n) + return ("Suite B: curve not allowed for this LOS"); + case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: + return ("Suite B: cannot sign P-384 with P-256"); ++ + case X509_V_ERR_HOSTNAME_MISMATCH: + return ("Hostname mismatch"); + case X509_V_ERR_EMAIL_MISMATCH: + return ("Email address mismatch"); + case X509_V_ERR_IP_ADDRESS_MISMATCH: + return ("IP address mismatch"); +- case X509_V_ERR_DANE_NO_MATCH: +- return ("No matching DANE TLSA records"); +- case X509_V_ERR_EE_KEY_TOO_SMALL: +- return ("EE certificate key too weak"); +- case X509_V_ERR_CA_KEY_TOO_SMALL: +- return ("CA certificate key too weak"); +- case X509_V_ERR_CA_MD_TOO_WEAK: +- return ("CA signature digest algorithm too weak"); ++ + case X509_V_ERR_INVALID_CALL: + return ("Invalid certificate verification context"); + case X509_V_ERR_STORE_LOOKUP: + return ("Issuer certificate lookup error"); +- case X509_V_ERR_NO_VALID_SCTS: +- return ("Certificate Transparency required, but no valid SCTs found"); + case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: + return ("proxy subject name violation"); + + default: +- /* Printing an error number into a static buffer is not thread-safe */ +- return ("unknown certificate verification error"); ++ BIO_snprintf(buf, sizeof buf, "error number %ld", n); ++ return (buf); + } + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c +index ad126ef..4a03445 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c +@@ -1,21 +1,69 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_v3.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include "x509_lcl.h" + + int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) + { +@@ -36,7 +84,7 @@ int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, + } + + int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, +- const ASN1_OBJECT *obj, int lastpos) ++ ASN1_OBJECT *obj, int lastpos) + { + int n; + X509_EXTENSION *ex; +@@ -127,8 +175,10 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + err: + X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE); + err2: +- X509_EXTENSION_free(new_ex); +- sk_X509_EXTENSION_free(sk); ++ if (new_ex != NULL) ++ X509_EXTENSION_free(new_ex); ++ if (sk != NULL) ++ sk_X509_EXTENSION_free(sk); + return (NULL); + } + +@@ -151,7 +201,7 @@ X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, + } + + X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, +- const ASN1_OBJECT *obj, int crit, ++ ASN1_OBJECT *obj, int crit, + ASN1_OCTET_STRING *data) + { + X509_EXTENSION *ret; +@@ -181,13 +231,13 @@ X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + return (NULL); + } + +-int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) ++int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) + { + if ((ex == NULL) || (obj == NULL)) + return (0); + ASN1_OBJECT_free(ex->object); + ex->object = OBJ_dup(obj); +- return ex->object != NULL; ++ return (1); + } + + int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) +@@ -204,7 +254,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) + + if (ex == NULL) + return (0); +- i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length); ++ i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length); + if (!i) + return (0); + return (1); +@@ -221,10 +271,10 @@ ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) + { + if (ex == NULL) + return (NULL); +- return &ex->value; ++ return (ex->value); + } + +-int X509_EXTENSION_get_critical(const X509_EXTENSION *ex) ++int X509_EXTENSION_get_critical(X509_EXTENSION *ex) + { + if (ex == NULL) + return (0); +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +index ebc4424..5bf3f07 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +@@ -1,18 +1,66 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509_vfy.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include + #include +-#include + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -21,9 +69,7 @@ + #include + #include + #include +-#include +-#include +-#include "x509_lcl.h" ++#include "vpm_int.h" + + /* CRL score values */ + +@@ -63,23 +109,16 @@ + + #define CRL_SCORE_TIME_DELTA 0x002 + +-static int build_chain(X509_STORE_CTX *ctx); +-static int verify_chain(X509_STORE_CTX *ctx); +-static int dane_verify(X509_STORE_CTX *ctx); + static int null_callback(int ok, X509_STORE_CTX *e); + static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); + static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); + static int check_chain_extensions(X509_STORE_CTX *ctx); + static int check_name_constraints(X509_STORE_CTX *ctx); + static int check_id(X509_STORE_CTX *ctx); +-static int check_trust(X509_STORE_CTX *ctx, int num_untrusted); ++static int check_trust(X509_STORE_CTX *ctx); + static int check_revocation(X509_STORE_CTX *ctx); + static int check_cert(X509_STORE_CTX *ctx); + static int check_policy(X509_STORE_CTX *ctx); +-static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); +-static int check_dane_issuer(X509_STORE_CTX *ctx, int depth); +-static int check_key_level(X509_STORE_CTX *ctx, X509 *cert); +-static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert); + + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, X509_CRL *crl, X509 *x); +@@ -98,20 +137,22 @@ static int check_crl_chain(X509_STORE_CTX *ctx, + STACK_OF(X509) *crl_path); + + static int internal_verify(X509_STORE_CTX *ctx); ++const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT; + + static int null_callback(int ok, X509_STORE_CTX *e) + { + return ok; + } + ++#if 0 ++static int x509_subject_cmp(X509 **a, X509 **b) ++{ ++ return X509_subject_name_cmp(*a, *b); ++} ++#endif + /* Return 1 is a certificate is self signed */ + static int cert_self_signed(X509 *x) + { +- /* +- * FIXME: x509v3_cache_extensions() needs to detect more failures and not +- * set EXFLAG_SET when that happens. Especially, if the failures are +- * parse errors, rather than memory pressure! +- */ + X509_check_purpose(x, -1, 0); + if (x->ex_flags & EXFLAG_SS) + return 1; +@@ -137,128 +178,30 @@ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) + break; + } + if (i < sk_X509_num(certs)) +- X509_up_ref(xtmp); ++ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); + else + xtmp = NULL; + sk_X509_pop_free(certs, X509_free); + return xtmp; + } + +-/*- +- * Inform the verify callback of an error. +- * If B is not NULL it is the error cert, otherwise use the chain cert at +- * B. +- * If B is not X509_V_OK, that's the error value, otherwise leave +- * unchanged (presumably set by the caller). +- * +- * Returns 0 to abort verification with an error, non-zero to continue. +- */ +-static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) +-{ +- ctx->error_depth = depth; +- ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); +- if (err != X509_V_OK) +- ctx->error = err; +- return ctx->verify_cb(0, ctx); +-} +- +-/*- +- * Inform the verify callback of an error, CRL-specific variant. Here, the +- * error depth and certificate are already set, we just specify the error +- * number. +- * +- * Returns 0 to abort verification with an error, non-zero to continue. +- */ +-static int verify_cb_crl(X509_STORE_CTX *ctx, int err) +-{ +- ctx->error = err; +- return ctx->verify_cb(0, ctx); +-} +- +-static int check_auth_level(X509_STORE_CTX *ctx) +-{ +- int i; +- int num = sk_X509_num(ctx->chain); +- +- if (ctx->param->auth_level <= 0) +- return 1; +- +- for (i = 0; i < num; ++i) { +- X509 *cert = sk_X509_value(ctx->chain, i); +- +- /* +- * We've already checked the security of the leaf key, so here we only +- * check the security of issuer keys. +- */ +- if (i > 0 && !check_key_level(ctx, cert) && +- verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL) == 0) +- return 0; +- /* +- * We also check the signature algorithm security of all certificates +- * except those of the trust anchor at index num-1. +- */ +- if (i < num - 1 && !check_sig_level(ctx, cert) && +- verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK) == 0) +- return 0; +- } +- return 1; +-} +- +-static int verify_chain(X509_STORE_CTX *ctx) +-{ +- int err; +- int ok; +- +- /* +- * Before either returning with an error, or continuing with CRL checks, +- * instantiate chain public key parameters. +- */ +- if ((ok = build_chain(ctx)) == 0 || +- (ok = check_chain_extensions(ctx)) == 0 || +- (ok = check_auth_level(ctx)) == 0 || +- (ok = check_name_constraints(ctx)) == 0 || +- (ok = check_id(ctx)) == 0 || 1) +- X509_get_pubkey_parameters(NULL, ctx->chain); +- if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0) +- return ok; +- +- err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, +- ctx->param->flags); +- if (err != X509_V_OK) { +- if ((ok = verify_cb_cert(ctx, NULL, ctx->error_depth, err)) == 0) +- return ok; +- } +- +- /* Verify chain signatures and expiration times */ +- ok = (ctx->verify != NULL) ? ctx->verify(ctx) : internal_verify(ctx); +- if (!ok) +- return ok; +- +-#ifndef OPENSSL_NO_RFC3779 +- /* RFC 3779 path validation, now that CRL check has been done */ +- if ((ok = X509v3_asid_validate_path(ctx)) == 0) +- return ok; +- if ((ok = X509v3_addr_validate_path(ctx)) == 0) +- return ok; +-#endif +- +- /* If we get this far evaluate policies */ +- if (ctx->param->flags & X509_V_FLAG_POLICY_CHECK) +- ok = ctx->check_policy(ctx); +- return ok; +-} +- + int X509_verify_cert(X509_STORE_CTX *ctx) + { +- SSL_DANE *dane = ctx->dane; +- int ret; ++ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; ++ int bad_chain = 0; ++ X509_VERIFY_PARAM *param = ctx->param; ++ int depth, i, ok = 0; ++ int num, j, retry; ++ int (*cb) (int xok, X509_STORE_CTX *xctx); ++ STACK_OF(X509) *sktmp = NULL; ++ int trust = X509_TRUST_UNTRUSTED; ++ int err; + + if (ctx->cert == NULL) { + X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + ctx->error = X509_V_ERR_INVALID_CALL; + return -1; + } +- + if (ctx->chain != NULL) { + /* + * This X509_STORE_CTX has already been used to verify a cert. We +@@ -269,6 +212,8 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + return -1; + } + ++ cb = ctx->verify_cb; ++ + /* + * first we make sure the chain we are going to build is present and that + * the first entry is in place +@@ -277,48 +222,332 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + (!sk_X509_push(ctx->chain, ctx->cert))) { + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; +- return -1; ++ ok = -1; ++ goto err; + } +- X509_up_ref(ctx->cert); +- ctx->num_untrusted = 1; ++ CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509); ++ ctx->last_untrusted = 1; + +- /* If the peer's public key is too weak, we can stop early. */ +- if (!check_key_level(ctx, ctx->cert) && +- !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL)) +- return 0; ++ /* We use a temporary STACK so we can chop and hack at it */ ++ if (ctx->untrusted != NULL ++ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ ctx->error = X509_V_ERR_OUT_OF_MEM; ++ ok = -1; ++ goto err; ++ } + +- if (DANETLS_ENABLED(dane)) +- ret = dane_verify(ctx); +- else +- ret = verify_chain(ctx); ++ num = sk_X509_num(ctx->chain); ++ x = sk_X509_value(ctx->chain, num - 1); ++ depth = param->depth; ++ ++ for (;;) { ++ /* If we have enough, we break */ ++ if (depth < num) ++ break; /* FIXME: If this happens, we should take ++ * note of it and, if appropriate, use the ++ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code ++ * later. */ ++ ++ /* If we are self signed, we break */ ++ if (cert_self_signed(x)) ++ break; ++ /* ++ * If asked see if we can find issuer in trusted store first ++ */ ++ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { ++ ok = ctx->get_issuer(&xtmp, ctx, x); ++ if (ok < 0) { ++ ctx->error = X509_V_ERR_STORE_LOOKUP; ++ goto err; ++ } ++ /* ++ * If successful for now free up cert so it will be picked up ++ * again later. ++ */ ++ if (ok > 0) { ++ X509_free(xtmp); ++ break; ++ } ++ } ++ ++ /* If we were passed a cert chain, use it first */ ++ if (ctx->untrusted != NULL) { ++ xtmp = find_issuer(ctx, sktmp, x); ++ if (xtmp != NULL) { ++ if (!sk_X509_push(ctx->chain, xtmp)) { ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ ctx->error = X509_V_ERR_OUT_OF_MEM; ++ ok = -1; ++ goto err; ++ } ++ CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509); ++ (void)sk_X509_delete_ptr(sktmp, xtmp); ++ ctx->last_untrusted++; ++ x = xtmp; ++ num++; ++ /* ++ * reparse the full chain for the next one ++ */ ++ continue; ++ } ++ } ++ break; ++ } ++ ++ /* Remember how many untrusted certs we have */ ++ j = num; ++ /* ++ * at this point, chain should contain a list of untrusted certificates. ++ * We now need to add at least one trusted one, if possible, otherwise we ++ * complain. ++ */ ++ ++ do { ++ /* ++ * Examine last certificate in chain and see if it is self signed. ++ */ ++ i = sk_X509_num(ctx->chain); ++ x = sk_X509_value(ctx->chain, i - 1); ++ if (cert_self_signed(x)) { ++ /* we have a self signed certificate */ ++ if (sk_X509_num(ctx->chain) == 1) { ++ /* ++ * We have a single self signed certificate: see if we can ++ * find it in the store. We must have an exact match to avoid ++ * possible impersonation. ++ */ ++ ok = ctx->get_issuer(&xtmp, ctx, x); ++ if ((ok <= 0) || X509_cmp(x, xtmp)) { ++ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; ++ ctx->current_cert = x; ++ ctx->error_depth = i - 1; ++ if (ok == 1) ++ X509_free(xtmp); ++ bad_chain = 1; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto err; ++ } else { ++ /* ++ * We have a match: replace certificate with store ++ * version so we get any trust settings. ++ */ ++ X509_free(x); ++ x = xtmp; ++ (void)sk_X509_set(ctx->chain, i - 1, x); ++ ctx->last_untrusted = 0; ++ } ++ } else { ++ /* ++ * extract and save self signed certificate for later use ++ */ ++ chain_ss = sk_X509_pop(ctx->chain); ++ ctx->last_untrusted--; ++ num--; ++ j--; ++ x = sk_X509_value(ctx->chain, num - 1); ++ } ++ } ++ /* We now lookup certs from the certificate store */ ++ for (;;) { ++ /* If we have enough, we break */ ++ if (depth < num) ++ break; ++ /* If we are self signed, we break */ ++ if (cert_self_signed(x)) ++ break; ++ ok = ctx->get_issuer(&xtmp, ctx, x); ++ ++ if (ok < 0) { ++ ctx->error = X509_V_ERR_STORE_LOOKUP; ++ goto err; ++ } ++ if (ok == 0) ++ break; ++ x = xtmp; ++ if (!sk_X509_push(ctx->chain, x)) { ++ X509_free(xtmp); ++ X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); ++ ctx->error = X509_V_ERR_OUT_OF_MEM; ++ ok = -1; ++ goto err; ++ } ++ num++; ++ } ++ ++ /* we now have our chain, lets check it... */ ++ if ((trust = check_trust(ctx)) == X509_TRUST_REJECTED) { ++ /* Callback already issued */ ++ ok = 0; ++ goto err; ++ } ++ ++ /* ++ * If it's not explicitly trusted then check if there is an alternative ++ * chain that could be used. We only do this if we haven't already ++ * checked via TRUSTED_FIRST and the user hasn't switched off alternate ++ * chain checking ++ */ ++ retry = 0; ++ if (trust != X509_TRUST_TRUSTED ++ && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) ++ && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { ++ while (j-- > 1) { ++ xtmp2 = sk_X509_value(ctx->chain, j - 1); ++ ok = ctx->get_issuer(&xtmp, ctx, xtmp2); ++ if (ok < 0) { ++ ctx->error = X509_V_ERR_STORE_LOOKUP; ++ goto err; ++ } ++ /* Check if we found an alternate chain */ ++ if (ok > 0) { ++ /* ++ * Free up the found cert we'll add it again later ++ */ ++ X509_free(xtmp); ++ ++ /* ++ * Dump all the certs above this point - we've found an ++ * alternate chain ++ */ ++ while (num > j) { ++ xtmp = sk_X509_pop(ctx->chain); ++ X509_free(xtmp); ++ num--; ++ } ++ ctx->last_untrusted = sk_X509_num(ctx->chain); ++ retry = 1; ++ break; ++ } ++ } ++ } ++ } while (retry); ++ ++ /* ++ * If not explicitly trusted then indicate error unless it's a single ++ * self signed certificate in which case we've indicated an error already ++ * and set bad_chain == 1 ++ */ ++ if (trust != X509_TRUST_TRUSTED && !bad_chain) { ++ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { ++ if (ctx->last_untrusted >= num) ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; ++ else ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; ++ ctx->current_cert = x; ++ } else { ++ ++ sk_X509_push(ctx->chain, chain_ss); ++ num++; ++ ctx->last_untrusted = num; ++ ctx->current_cert = chain_ss; ++ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; ++ chain_ss = NULL; ++ } ++ ++ ctx->error_depth = num - 1; ++ bad_chain = 1; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ ++ /* We have the chain complete: now we need to check its purpose */ ++ ok = check_chain_extensions(ctx); ++ ++ if (!ok) ++ goto err; ++ ++ /* Check name constraints */ ++ ++ ok = check_name_constraints(ctx); ++ ++ if (!ok) ++ goto err; ++ ++ ok = check_id(ctx); ++ ++ if (!ok) ++ goto err; ++ ++ /* We may as well copy down any DSA parameters that are required */ ++ X509_get_pubkey_parameters(NULL, ctx->chain); + + /* +- * Safety-net. If we are returning an error, we must also set ctx->error, +- * so that the chain is not considered verified should the error be ignored +- * (e.g. TLS with SSL_VERIFY_NONE). ++ * Check revocation status: we do this after copying parameters because ++ * they may be needed for CRL signature verification. + */ +- if (ret <= 0 && ctx->error == X509_V_OK) ++ ++ ok = ctx->check_revocation(ctx); ++ if (!ok) ++ goto err; ++ ++ err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain, ++ ctx->param->flags); ++ if (err != X509_V_OK) { ++ ctx->error = err; ++ ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth); ++ ok = cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ ++ /* At this point, we have a chain and need to verify it */ ++ if (ctx->verify != NULL) ++ ok = ctx->verify(ctx); ++ else ++ ok = internal_verify(ctx); ++ if (!ok) ++ goto err; ++ ++#ifndef OPENSSL_NO_RFC3779 ++ /* RFC 3779 path validation, now that CRL check has been done */ ++ ok = v3_asid_validate_path(ctx); ++ if (!ok) ++ goto err; ++ ok = v3_addr_validate_path(ctx); ++ if (!ok) ++ goto err; ++#endif ++ ++ /* If we get this far evaluate policies */ ++ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) ++ ok = ctx->check_policy(ctx); ++ if (!ok) ++ goto err; ++ if (0) { ++ err: ++ /* Ensure we return an error */ ++ if (ok > 0) ++ ok = 0; ++ X509_get_pubkey_parameters(NULL, ctx->chain); ++ } ++ if (sktmp != NULL) ++ sk_X509_free(sktmp); ++ if (chain_ss != NULL) ++ X509_free(chain_ss); ++ ++ /* Safety net, error returns must set ctx->error */ ++ if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; +- return ret; ++ return ok; + } + + /* + * Given a STACK_OF(X509) find the issuer of cert (if any) + */ ++ + static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) + { + int i; +- X509 *issuer, *rv = NULL; +- ++ X509 *issuer; + for (i = 0; i < sk_X509_num(sk); i++) { + issuer = sk_X509_value(sk, i); +- if (ctx->check_issued(ctx, x, issuer)) { +- rv = issuer; +- if (x509_check_cert_time(ctx, rv, -1)) +- break; +- } ++ if (ctx->check_issued(ctx, x, issuer)) ++ return issuer; + } +- return rv; ++ return NULL; + } + + /* Given a possible certificate and issuer check them */ +@@ -326,25 +555,17 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) + static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) + { + int ret; +- if (x == issuer) +- return cert_self_signed(x); + ret = X509_check_issued(issuer, x); +- if (ret == X509_V_OK) { +- int i; +- X509 *ch; +- /* Special case: single self signed certificate */ +- if (cert_self_signed(x) && sk_X509_num(ctx->chain) == 1) +- return 1; +- for (i = 0; i < sk_X509_num(ctx->chain); i++) { +- ch = sk_X509_value(ctx->chain, i); +- if (ch == issuer || !X509_cmp(ch, issuer)) { +- ret = X509_V_ERR_PATH_LOOP; +- break; +- } +- } +- } ++ if (ret == X509_V_OK) ++ return 1; ++ /* If we haven't asked for issuer errors don't set ctx */ ++ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) ++ return 0; + +- return (ret == X509_V_OK); ++ ctx->error = ret; ++ ctx->current_cert = x; ++ ctx->current_issuer = issuer; ++ return ctx->verify_cb(0, ctx); + } + + /* Alternative lookup method: look from a STACK stored in other_ctx */ +@@ -353,83 +574,12 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) + { + *issuer = find_issuer(ctx, ctx->other_ctx, x); + if (*issuer) { +- X509_up_ref(*issuer); ++ CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); + return 1; + } else + return 0; + } + +-static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm) +-{ +- STACK_OF(X509) *sk = NULL; +- X509 *x; +- int i; +- for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) { +- x = sk_X509_value(ctx->other_ctx, i); +- if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) { +- if (sk == NULL) +- sk = sk_X509_new_null(); +- if (sk == NULL || sk_X509_push(sk, x) == 0) { +- sk_X509_pop_free(sk, X509_free); +- return NULL; +- } +- X509_up_ref(x); +- } +- } +- return sk; +-} +- +-/* +- * Check EE or CA certificate purpose. For trusted certificates explicit local +- * auxiliary trust can be used to override EKU-restrictions. +- */ +-static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth, +- int must_be_ca) +-{ +- int tr_ok = X509_TRUST_UNTRUSTED; +- +- /* +- * For trusted certificates we want to see whether any auxiliary trust +- * settings trump the purpose constraints. +- * +- * This is complicated by the fact that the trust ordinals in +- * ctx->param->trust are entirely independent of the purpose ordinals in +- * ctx->param->purpose! +- * +- * What connects them is their mutual initialization via calls from +- * X509_STORE_CTX_set_default() into X509_VERIFY_PARAM_lookup() which sets +- * related values of both param->trust and param->purpose. It is however +- * typically possible to infer associated trust values from a purpose value +- * via the X509_PURPOSE API. +- * +- * Therefore, we can only check for trust overrides when the purpose we're +- * checking is the same as ctx->param->purpose and ctx->param->trust is +- * also set. +- */ +- if (depth >= ctx->num_untrusted && purpose == ctx->param->purpose) +- tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT); +- +- switch (tr_ok) { +- case X509_TRUST_TRUSTED: +- return 1; +- case X509_TRUST_REJECTED: +- break; +- default: +- switch (X509_check_purpose(x, purpose, must_be_ca > 0)) { +- case 1: +- return 1; +- case 0: +- break; +- default: +- if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) == 0) +- return 1; +- } +- break; +- } +- +- return verify_cb_cert(ctx, x, depth, X509_V_ERR_INVALID_PURPOSE); +-} +- + /* + * Check a certificate chains extensions for consistency with the supplied + * purpose +@@ -437,12 +587,16 @@ static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth, + + static int check_chain_extensions(X509_STORE_CTX *ctx) + { +- int i, must_be_ca, plen = 0; ++#ifdef OPENSSL_NO_CHAIN_VERIFY ++ return 1; ++#else ++ int i, ok = 0, must_be_ca, plen = 0; + X509 *x; ++ int (*cb) (int xok, X509_STORE_CTX *xctx); + int proxy_path_length = 0; + int purpose; + int allow_proxy_certs; +- int num = sk_X509_num(ctx->chain); ++ cb = ctx->verify_cb; + + /*- + * must_be_ca can have 1 of 3 values: +@@ -462,22 +616,35 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + } else { + allow_proxy_certs = + ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); ++ /* ++ * A hack to keep people who don't want to modify their software ++ * happy ++ */ ++ if (getenv("OPENSSL_ALLOW_PROXY_CERTS")) ++ allow_proxy_certs = 1; + purpose = ctx->param->purpose; + } + +- for (i = 0; i < num; i++) { ++ /* Check all untrusted certificates */ ++ for (i = 0; i < ctx->last_untrusted; i++) { + int ret; + x = sk_X509_value(ctx->chain, i); + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + && (x->ex_flags & EXFLAG_CRITICAL)) { +- if (!verify_cb_cert(ctx, x, i, +- X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION)) +- return 0; ++ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; + } + if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { +- if (!verify_cb_cert(ctx, x, i, +- X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED)) +- return 0; ++ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; + } + ret = X509_check_ca(x); + switch (must_be_ca) { +@@ -497,9 +664,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + ret = 1; + break; + default: +- /* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */ + if ((ret == 0) +- || ((i + 1 < num || ctx->param->flags & X509_V_FLAG_X509_STRICT) ++ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) + && (ret != 1))) { + ret = 0; + ctx->error = X509_V_ERR_INVALID_CA; +@@ -507,17 +673,36 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + ret = 1; + break; + } +- if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK)) +- return 0; +- /* check_purpose() makes the callback as needed */ +- if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca)) +- return 0; +- /* Check pathlen if not self issued */ +- if ((i > 1) && !(x->ex_flags & EXFLAG_SI) ++ if (ret == 0) { ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ if (ctx->param->purpose > 0) { ++ ret = X509_check_purpose(x, purpose, must_be_ca > 0); ++ if ((ret == 0) ++ || ((ctx->param->flags & X509_V_FLAG_X509_STRICT) ++ && (ret != 1))) { ++ ctx->error = X509_V_ERR_INVALID_PURPOSE; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; ++ } ++ } ++ /* Check pathlen if not self issued */ ++ if ((i > 1) && !(x->ex_flags & EXFLAG_SI) + && (x->ex_pathlen != -1) + && (plen > (x->ex_pathlen + proxy_path_length + 1))) { +- if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED)) +- return 0; ++ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; + } + /* Increment path length if not self issued */ + if (!(x->ex_flags & EXFLAG_SI)) +@@ -541,9 +726,12 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + */ + if (x->ex_pcpathlen != -1) { + if (proxy_path_length > x->ex_pcpathlen) { +- if (!verify_cb_cert(ctx, x, i, +- X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED)) +- return 0; ++ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ok = cb(0, ctx); ++ if (!ok) ++ goto end; + } + proxy_path_length = x->ex_pcpathlen; + } +@@ -552,18 +740,19 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) + } else + must_be_ca = 1; + } +- return 1; ++ ok = 1; ++ end: ++ return ok; ++#endif + } + + static int check_name_constraints(X509_STORE_CTX *ctx) + { +- int i; +- ++ X509 *x; ++ int i, j, rv; + /* Check name constraints for all certificates */ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { +- X509 *x = sk_X509_value(ctx->chain, i); +- int j; +- ++ x = sk_X509_value(ctx->chain, i); + /* Ignore self issued certs unless last in chain */ + if (i && (x->ex_flags & EXFLAG_SI)) + continue; +@@ -602,10 +791,8 @@ static int check_name_constraints(X509_STORE_CTX *ctx) + * Check that the last subject component isn't part of a + * multivalued RDN + */ +- if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject, +- last_object_loc)) +- == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject, +- last_object_loc - 1))) { ++ if (X509_NAME_get_entry(tmpsubject, last_object_loc)->set ++ == X509_NAME_get_entry(tmpsubject, last_object_loc - 1)->set) { + err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION; + goto proxy_name_done; + } +@@ -635,9 +822,13 @@ static int check_name_constraints(X509_STORE_CTX *ctx) + X509_NAME_free(tmpsubject); + + proxy_name_done: +- if (err != X509_V_OK +- && !verify_cb_cert(ctx, x, i, err)) +- return 0; ++ if (err != X509_V_OK) { ++ ctx->error = err; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } + } + + /* +@@ -648,21 +839,19 @@ static int check_name_constraints(X509_STORE_CTX *ctx) + */ + for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { + NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; +- + if (nc) { +- int rv = NAME_CONSTRAINTS_check(x, nc); +- +- /* If EE certificate check commonName too */ +- if (rv == X509_V_OK && i == 0) +- rv = NAME_CONSTRAINTS_check_CN(x, nc); +- ++ rv = NAME_CONSTRAINTS_check(x, nc); + switch (rv) { + case X509_V_OK: +- break; ++ continue; + case X509_V_ERR_OUT_OF_MEM: ++ ctx->error = rv; + return 0; + default: +- if (!verify_cb_cert(ctx, x, i, rv)) ++ ctx->error = rv; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) + return 0; + break; + } +@@ -674,22 +863,25 @@ static int check_name_constraints(X509_STORE_CTX *ctx) + + static int check_id_error(X509_STORE_CTX *ctx, int errcode) + { +- return verify_cb_cert(ctx, ctx->cert, 0, errcode); ++ ctx->error = errcode; ++ ctx->current_cert = ctx->cert; ++ ctx->error_depth = 0; ++ return ctx->verify_cb(0, ctx); + } + +-static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) ++static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) + { + int i; +- int n = sk_OPENSSL_STRING_num(vpm->hosts); ++ int n = sk_OPENSSL_STRING_num(id->hosts); + char *name; + +- if (vpm->peername != NULL) { +- OPENSSL_free(vpm->peername); +- vpm->peername = NULL; ++ if (id->peername != NULL) { ++ OPENSSL_free(id->peername); ++ id->peername = NULL; + } + for (i = 0; i < n; ++i) { +- name = sk_OPENSSL_STRING_value(vpm->hosts, i); +- if (X509_check_host(x, name, 0, vpm->hostflags, &vpm->peername) > 0) ++ name = sk_OPENSSL_STRING_value(id->hosts, i); ++ if (X509_check_host(x, name, 0, id->hostflags, &id->peername) > 0) + return 1; + } + return n == 0; +@@ -698,95 +890,65 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm) + static int check_id(X509_STORE_CTX *ctx) + { + X509_VERIFY_PARAM *vpm = ctx->param; ++ X509_VERIFY_PARAM_ID *id = vpm->id; + X509 *x = ctx->cert; +- if (vpm->hosts && check_hosts(x, vpm) <= 0) { ++ if (id->hosts && check_hosts(x, id) <= 0) { + if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) + return 0; + } +- if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) { ++ if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) { + if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) + return 0; + } +- if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) { ++ if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { + if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) + return 0; + } + return 1; + } + +-static int check_trust(X509_STORE_CTX *ctx, int num_untrusted) ++static int check_trust(X509_STORE_CTX *ctx) + { +- int i; ++ int i, ok; + X509 *x = NULL; +- X509 *mx; +- SSL_DANE *dane = ctx->dane; +- int num = sk_X509_num(ctx->chain); +- int trust; +- +- /* +- * Check for a DANE issuer at depth 1 or greater, if it is a DANE-TA(2) +- * match, we're done, otherwise we'll merely record the match depth. +- */ +- if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) { +- switch (trust = check_dane_issuer(ctx, num_untrusted)) { +- case X509_TRUST_TRUSTED: +- case X509_TRUST_REJECTED: +- return trust; +- } +- } +- +- /* +- * Check trusted certificates in chain at depth num_untrusted and up. +- * Note, that depths 0..num_untrusted-1 may also contain trusted +- * certificates, but the caller is expected to have already checked those, +- * and wants to incrementally check just any added since. +- */ +- for (i = num_untrusted; i < num; i++) { ++ int (*cb) (int xok, X509_STORE_CTX *xctx); ++ cb = ctx->verify_cb; ++ /* Check all trusted certificates in chain */ ++ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { + x = sk_X509_value(ctx->chain, i); +- trust = X509_check_trust(x, ctx->param->trust, 0); ++ ok = X509_check_trust(x, ctx->param->trust, 0); + /* If explicitly trusted return trusted */ +- if (trust == X509_TRUST_TRUSTED) +- goto trusted; +- if (trust == X509_TRUST_REJECTED) +- goto rejected; ++ if (ok == X509_TRUST_TRUSTED) ++ return X509_TRUST_TRUSTED; ++ /* ++ * If explicitly rejected notify callback and reject if not ++ * overridden. ++ */ ++ if (ok == X509_TRUST_REJECTED) { ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ ctx->error = X509_V_ERR_CERT_REJECTED; ++ ok = cb(0, ctx); ++ if (!ok) ++ return X509_TRUST_REJECTED; ++ } + } +- + /* +- * If we are looking at a trusted certificate, and accept partial chains, +- * the chain is PKIX trusted. ++ * If we accept partial chains and have at least one trusted certificate ++ * return success. + */ +- if (num_untrusted < num) { +- if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) +- goto trusted; +- return X509_TRUST_UNTRUSTED; +- } +- +- if (num_untrusted == num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { +- /* +- * Last-resort call with no new trusted certificates, check the leaf +- * for a direct trust store match. +- */ +- i = 0; +- x = sk_X509_value(ctx->chain, i); ++ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { ++ X509 *mx; ++ if (ctx->last_untrusted < sk_X509_num(ctx->chain)) ++ return X509_TRUST_TRUSTED; ++ x = sk_X509_value(ctx->chain, 0); + mx = lookup_cert_match(ctx, x); +- if (!mx) +- return X509_TRUST_UNTRUSTED; +- +- /* +- * Check explicit auxiliary trust/reject settings. If none are set, +- * we'll accept X509_TRUST_UNTRUSTED when not self-signed. +- */ +- trust = X509_check_trust(mx, ctx->param->trust, 0); +- if (trust == X509_TRUST_REJECTED) { +- X509_free(mx); +- goto rejected; ++ if (mx) { ++ (void)sk_X509_set(ctx->chain, 0, mx); ++ X509_free(x); ++ ctx->last_untrusted = 0; ++ return X509_TRUST_TRUSTED; + } +- +- /* Replace leaf with trusted match */ +- (void) sk_X509_set(ctx->chain, 0, mx); +- X509_free(x); +- ctx->num_untrusted = 0; +- goto trusted; + } + + /* +@@ -794,26 +956,11 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted) + * standard (no issuer cert) etc errors to be indicated. + */ + return X509_TRUST_UNTRUSTED; +- +- rejected: +- if (!verify_cb_cert(ctx, x, i, X509_V_ERR_CERT_REJECTED)) +- return X509_TRUST_REJECTED; +- return X509_TRUST_UNTRUSTED; +- +- trusted: +- if (!DANETLS_ENABLED(dane)) +- return X509_TRUST_TRUSTED; +- if (dane->pdpth < 0) +- dane->pdpth = num_untrusted; +- /* With DANE, PKIX alone is not trusted until we have both */ +- if (dane->mdpth >= 0) +- return X509_TRUST_TRUSTED; +- return X509_TRUST_UNTRUSTED; + } + + static int check_revocation(X509_STORE_CTX *ctx) + { +- int i = 0, last = 0, ok = 0; ++ int i, last, ok; + if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) + return 1; + if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) +@@ -836,21 +983,19 @@ static int check_revocation(X509_STORE_CTX *ctx) + static int check_cert(X509_STORE_CTX *ctx) + { + X509_CRL *crl = NULL, *dcrl = NULL; +- int ok = 0; +- int cnum = ctx->error_depth; +- X509 *x = sk_X509_value(ctx->chain, cnum); +- ++ X509 *x; ++ int ok, cnum; ++ unsigned int last_reasons; ++ cnum = ctx->error_depth; ++ x = sk_X509_value(ctx->chain, cnum); + ctx->current_cert = x; + ctx->current_issuer = NULL; + ctx->current_crl_score = 0; + ctx->current_reasons = 0; +- + if (x->ex_flags & EXFLAG_PROXY) + return 1; +- + while (ctx->current_reasons != CRLDP_ALL_REASONS) { +- unsigned int last_reasons = ctx->current_reasons; +- ++ last_reasons = ctx->current_reasons; + /* Try to retrieve relevant CRL */ + if (ctx->get_crl) + ok = ctx->get_crl(ctx, &crl, x); +@@ -860,21 +1005,22 @@ static int check_cert(X509_STORE_CTX *ctx) + * If error looking up CRL, nothing we can do except notify callback + */ + if (!ok) { +- ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL); +- goto done; ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; ++ ok = ctx->verify_cb(0, ctx); ++ goto err; + } + ctx->current_crl = crl; + ok = ctx->check_crl(ctx, crl); + if (!ok) +- goto done; ++ goto err; + + if (dcrl) { + ok = ctx->check_crl(ctx, dcrl); + if (!ok) +- goto done; ++ goto err; + ok = ctx->cert_crl(ctx, dcrl, x); + if (!ok) +- goto done; ++ goto err; + } else + ok = 1; + +@@ -882,7 +1028,7 @@ static int check_cert(X509_STORE_CTX *ctx) + if (ok != 2) { + ok = ctx->cert_crl(ctx, crl, x); + if (!ok) +- goto done; ++ goto err; + } + + X509_CRL_free(crl); +@@ -890,20 +1036,22 @@ static int check_cert(X509_STORE_CTX *ctx) + crl = NULL; + dcrl = NULL; + /* +- * If reasons not updated we won't get anywhere by another iteration, ++ * If reasons not updated we wont get anywhere by another iteration, + * so exit loop. + */ + if (last_reasons == ctx->current_reasons) { +- ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL); +- goto done; ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; ++ ok = ctx->verify_cb(0, ctx); ++ goto err; + } + } +- done: ++ err: + X509_CRL_free(crl); + X509_CRL_free(dcrl); + + ctx->current_crl = NULL; + return ok; ++ + } + + /* Check CRL times against values in X509_STORE_CTX */ +@@ -912,7 +1060,6 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) + { + time_t *ptime; + int i; +- + if (notify) + ctx->current_crl = crl; + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) +@@ -922,35 +1069,39 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) + else + ptime = NULL; + +- i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime); ++ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); + if (i == 0) { + if (!notify) + return 0; +- if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD)) ++ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; ++ if (!ctx->verify_cb(0, ctx)) + return 0; + } + + if (i > 0) { + if (!notify) + return 0; +- if (!verify_cb_crl(ctx, X509_V_ERR_CRL_NOT_YET_VALID)) ++ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; ++ if (!ctx->verify_cb(0, ctx)) + return 0; + } + +- if (X509_CRL_get0_nextUpdate(crl)) { +- i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime); ++ if (X509_CRL_get_nextUpdate(crl)) { ++ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); + + if (i == 0) { + if (!notify) + return 0; +- if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD)) ++ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; ++ if (!ctx->verify_cb(0, ctx)) + return 0; + } + /* Ignore expiry of base CRL is delta is valid */ + if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { + if (!notify) + return 0; +- if (!verify_cb_crl(ctx, X509_V_ERR_CRL_HAS_EXPIRED)) ++ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; ++ if (!ctx->verify_cb(0, ctx)) + return 0; + } + } +@@ -980,8 +1131,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + /* If current CRL is equivalent use it if it is newer */ + if (crl_score == best_score && best_crl != NULL) { + int day, sec; +- if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl), +- X509_CRL_get0_lastUpdate(crl)) == 0) ++ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl), ++ X509_CRL_get_lastUpdate(crl)) == 0) + continue; + /* + * ASN1_TIME_diff never returns inconsistent signs for |day| +@@ -997,14 +1148,17 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + } + + if (best_crl) { +- X509_CRL_free(*pcrl); ++ if (*pcrl) ++ X509_CRL_free(*pcrl); + *pcrl = best_crl; + *pissuer = best_crl_issuer; + *pscore = best_score; + *preasons = best_reasons; +- X509_CRL_up_ref(best_crl); +- X509_CRL_free(*pdcrl); +- *pdcrl = NULL; ++ CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); ++ if (*pdcrl) { ++ X509_CRL_free(*pdcrl); ++ *pdcrl = NULL; ++ } + get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); + } + +@@ -1100,7 +1254,7 @@ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, + if (check_delta_base(delta, base)) { + if (check_crl_time(ctx, delta, 0)) + *pscore |= CRL_SCORE_TIME_DELTA; +- X509_CRL_up_ref(delta); ++ CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); + *dcrl = delta; + return; + } +@@ -1242,7 +1396,6 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) + { + X509_STORE_CTX crl_ctx; + int ret; +- + /* Don't allow recursive CRL path validation */ + if (ctx->parent) + return 0; +@@ -1258,10 +1411,12 @@ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) + + /* Verify CRL issuer */ + ret = X509_verify_cert(&crl_ctx); ++ + if (ret <= 0) + goto err; + + /* Check chain is acceptable */ ++ + ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); + err: + X509_STORE_CTX_cleanup(&crl_ctx); +@@ -1418,10 +1573,10 @@ static int get_crl_delta(X509_STORE_CTX *ctx, + X509_CRL *crl = NULL, *dcrl = NULL; + STACK_OF(X509_CRL) *skcrl; + X509_NAME *nm = X509_get_issuer_name(x); +- + reasons = ctx->current_reasons; + ok = get_crl_sk(ctx, &crl, &dcrl, + &issuer, &crl_score, &reasons, ctx->crls); ++ + if (ok) + goto done; + +@@ -1438,6 +1593,7 @@ static int get_crl_delta(X509_STORE_CTX *ctx, + sk_X509_CRL_pop_free(skcrl, X509_CRL_free); + + done: ++ + /* If we got any kind of CRL use it and return success */ + if (crl) { + ctx->current_issuer = issuer; +@@ -1447,6 +1603,7 @@ static int get_crl_delta(X509_STORE_CTX *ctx, + *pdcrl = dcrl; + return 1; + } ++ + return 0; + } + +@@ -1455,12 +1612,13 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + { + X509 *issuer = NULL; + EVP_PKEY *ikey = NULL; +- int cnum = ctx->error_depth; +- int chnum = sk_X509_num(ctx->chain) - 1; +- ++ int ok = 0, chnum, cnum; ++ cnum = ctx->error_depth; ++ chnum = sk_X509_num(ctx->chain) - 1; + /* if we have an alternative CRL issuer cert use that */ + if (ctx->current_issuer) + issuer = ctx->current_issuer; ++ + /* + * Else find CRL issuer: if not last certificate then issuer is next + * certificate in chain. +@@ -1470,85 +1628,121 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) + else { + issuer = sk_X509_value(ctx->chain, chnum); + /* If not self signed, can't check signature */ +- if (!ctx->check_issued(ctx, issuer, issuer) && +- !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER)) +- return 0; ++ if (!ctx->check_issued(ctx, issuer, issuer)) { ++ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } + } + +- if (issuer == NULL) +- return 1; ++ if (issuer) { ++ /* ++ * Skip most tests for deltas because they have already been done ++ */ ++ if (!crl->base_crl_number) { ++ /* Check for cRLSign bit if keyUsage present */ ++ if ((issuer->ex_flags & EXFLAG_KUSAGE) && ++ !(issuer->ex_kusage & KU_CRL_SIGN)) { ++ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } + +- /* +- * Skip most tests for deltas because they have already been done +- */ +- if (!crl->base_crl_number) { +- /* Check for cRLSign bit if keyUsage present */ +- if ((issuer->ex_flags & EXFLAG_KUSAGE) && +- !(issuer->ex_kusage & KU_CRL_SIGN) && +- !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN)) +- return 0; ++ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { ++ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } + +- if (!(ctx->current_crl_score & CRL_SCORE_SCOPE) && +- !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE)) +- return 0; ++ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { ++ if (check_crl_path(ctx, ctx->current_issuer) <= 0) { ++ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ } + +- if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH) && +- check_crl_path(ctx, ctx->current_issuer) <= 0 && +- !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR)) +- return 0; ++ if (crl->idp_flags & IDP_INVALID) { ++ ctx->error = X509_V_ERR_INVALID_EXTENSION; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } + +- if ((crl->idp_flags & IDP_INVALID) && +- !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION)) +- return 0; +- } ++ } + +- if (!(ctx->current_crl_score & CRL_SCORE_TIME) && +- !check_crl_time(ctx, crl, 1)) +- return 0; ++ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { ++ ok = check_crl_time(ctx, crl, 1); ++ if (!ok) ++ goto err; ++ } + +- /* Attempt to get issuer certificate public key */ +- ikey = X509_get0_pubkey(issuer); ++ /* Attempt to get issuer certificate public key */ ++ ikey = X509_get_pubkey(issuer); + +- if (!ikey && +- !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) +- return 0; ++ if (!ikey) { ++ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } else { ++ int rv; ++ rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); ++ if (rv != X509_V_OK) { ++ ctx->error = rv; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ /* Verify CRL signature */ ++ if (X509_CRL_verify(crl, ikey) <= 0) { ++ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ goto err; ++ } ++ } ++ } + +- if (ikey) { +- int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags); ++ ok = 1; + +- if (rv != X509_V_OK && !verify_cb_crl(ctx, rv)) +- return 0; +- /* Verify CRL signature */ +- if (X509_CRL_verify(crl, ikey) <= 0 && +- !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE)) +- return 0; +- } +- return 1; ++ err: ++ EVP_PKEY_free(ikey); ++ return ok; + } + + /* Check certificate against CRL */ + static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) + { ++ int ok; + X509_REVOKED *rev; +- + /* + * The rules changed for this... previously if a CRL contained unhandled + * critical extensions it could still be used to indicate a certificate +- * was revoked. This has since been changed since critical extensions can ++ * was revoked. This has since been changed since critical extension can + * change the meaning of CRL entries. + */ + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) +- && (crl->flags & EXFLAG_CRITICAL) && +- !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION)) +- return 0; ++ && (crl->flags & EXFLAG_CRITICAL)) { ++ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) ++ return 0; ++ } + /* +- * Look for serial number of certificate in CRL. If found, make sure +- * reason is not removeFromCRL. ++ * Look for serial number of certificate in CRL If found make sure reason ++ * is not removeFromCRL. + */ + if (X509_CRL_get0_by_cert(crl, &rev, x)) { + if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) + return 2; +- if (!verify_cb_crl(ctx, X509_V_ERR_CERT_REVOKED)) ++ ctx->error = X509_V_ERR_CERT_REVOKED; ++ ok = ctx->verify_cb(0, ctx); ++ if (!ok) + return 0; + } + +@@ -1558,60 +1752,38 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) + static int check_policy(X509_STORE_CTX *ctx) + { + int ret; +- + if (ctx->parent) + return 1; +- /* +- * With DANE, the trust anchor might be a bare public key, not a +- * certificate! In that case our chain does not have the trust anchor +- * certificate as a top-most element. This comports well with RFC5280 +- * chain verification, since there too, the trust anchor is not part of the +- * chain to be verified. In particular, X509_policy_check() does not look +- * at the TA cert, but assumes that it is present as the top-most chain +- * element. We therefore temporarily push a NULL cert onto the chain if it +- * was verified via a bare public key, and pop it off right after the +- * X509_policy_check() call. +- */ +- if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) { +- X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); +- ctx->error = X509_V_ERR_OUT_OF_MEM; +- return 0; +- } + ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, + ctx->param->policies, ctx->param->flags); +- if (ctx->bare_ta_signed) +- sk_X509_pop(ctx->chain); +- +- if (ret == X509_PCY_TREE_INTERNAL) { ++ if (ret == 0) { + X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + return 0; + } + /* Invalid or inconsistent extensions */ +- if (ret == X509_PCY_TREE_INVALID) { ++ if (ret == -1) { ++ /* ++ * Locate certificates with bad extensions and notify callback. ++ */ ++ X509 *x; + int i; +- +- /* Locate certificates with bad extensions and notify callback. */ + for (i = 1; i < sk_X509_num(ctx->chain); i++) { +- X509 *x = sk_X509_value(ctx->chain, i); +- ++ x = sk_X509_value(ctx->chain, i); + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; +- if (!verify_cb_cert(ctx, x, i, +- X509_V_ERR_INVALID_POLICY_EXTENSION)) ++ ctx->current_cert = x; ++ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; ++ if (!ctx->verify_cb(0, ctx)) + return 0; + } + return 1; + } +- if (ret == X509_PCY_TREE_FAILURE) { ++ if (ret == -2) { + ctx->current_cert = NULL; + ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; + return ctx->verify_cb(0, ctx); + } +- if (ret != X509_PCY_TREE_VALID) { +- X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); +- return 0; +- } + + if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { + ctx->current_cert = NULL; +@@ -1628,14 +1800,7 @@ static int check_policy(X509_STORE_CTX *ctx) + return 1; + } + +-/*- +- * Check certificate validity times. +- * If depth >= 0, invoke verification callbacks on error, otherwise just return +- * the validation status. +- * +- * Return 1 on success, 0 otherwise. +- */ +-int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) ++static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) + { + time_t *ptime; + int i; +@@ -1647,42 +1812,52 @@ int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) + else + ptime = NULL; + +- i = X509_cmp_time(X509_get0_notBefore(x), ptime); +- if (i >= 0 && depth < 0) +- return 0; +- if (i == 0 && !verify_cb_cert(ctx, x, depth, +- X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) +- return 0; +- if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID)) +- return 0; ++ i = X509_cmp_time(X509_get_notBefore(x), ptime); ++ if (i == 0) { ++ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (i > 0) { ++ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ i = X509_cmp_time(X509_get_notAfter(x), ptime); ++ if (i == 0) { ++ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } ++ ++ if (i < 0) { ++ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0, ctx)) ++ return 0; ++ } + +- i = X509_cmp_time(X509_get0_notAfter(x), ptime); +- if (i <= 0 && depth < 0) +- return 0; +- if (i == 0 && !verify_cb_cert(ctx, x, depth, +- X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) +- return 0; +- if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED)) +- return 0; + return 1; + } + + static int internal_verify(X509_STORE_CTX *ctx) + { +- int n = sk_X509_num(ctx->chain) - 1; +- X509 *xi = sk_X509_value(ctx->chain, n); +- X509 *xs; ++ int ok = 0, n; ++ X509 *xs, *xi; ++ EVP_PKEY *pkey = NULL; ++ int (*cb) (int xok, X509_STORE_CTX *xctx); + +- /* +- * With DANE-verified bare public key TA signatures, it remains only to +- * check the timestamps of the top certificate. We report the issuer as +- * NULL, since all we have is a bare key. +- */ +- if (ctx->bare_ta_signed) { +- xs = xi; +- xi = NULL; +- goto check_cert; +- } ++ cb = ctx->verify_cb; ++ ++ n = sk_X509_num(ctx->chain); ++ ctx->error_depth = n - 1; ++ n--; ++ xi = sk_X509_value(ctx->chain, n); + + if (ctx->check_issued(ctx, xi, xi)) + xs = xi; +@@ -1691,60 +1866,72 @@ static int internal_verify(X509_STORE_CTX *ctx) + xs = xi; + goto check_cert; + } +- if (n <= 0) +- return verify_cb_cert(ctx, xi, 0, +- X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); +- n--; +- ctx->error_depth = n; +- xs = sk_X509_value(ctx->chain, n); ++ if (n <= 0) { ++ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; ++ ctx->current_cert = xi; ++ ok = cb(0, ctx); ++ goto end; ++ } else { ++ n--; ++ ctx->error_depth = n; ++ xs = sk_X509_value(ctx->chain, n); ++ } + } + +- /* +- * Do not clear ctx->error=0, it must be "sticky", only the user's callback +- * is allowed to reset errors (at its own peril). +- */ ++/* ctx->error=0; not needed */ + while (n >= 0) { +- EVP_PKEY *pkey; ++ ctx->error_depth = n; + + /* +- * Skip signature check for self signed certificates unless explicitly +- * asked for. It doesn't add any security and just wastes time. If +- * the issuer's public key is unusable, report the issuer certificate +- * and its depth (rather than the depth of the subject). ++ * Skip signature check for self signed certificates unless ++ * explicitly asked for. It doesn't add any security and just wastes ++ * time. + */ +- if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) { +- if ((pkey = X509_get0_pubkey(xi)) == NULL) { +- if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, +- X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) +- return 0; ++ if (!xs->valid ++ && (xs != xi ++ || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) { ++ if ((pkey = X509_get_pubkey(xi)) == NULL) { ++ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ++ ctx->current_cert = xi; ++ ok = (*cb) (0, ctx); ++ if (!ok) ++ goto end; + } else if (X509_verify(xs, pkey) <= 0) { +- if (!verify_cb_cert(ctx, xs, n, +- X509_V_ERR_CERT_SIGNATURE_FAILURE)) +- return 0; ++ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; ++ ctx->current_cert = xs; ++ ok = (*cb) (0, ctx); ++ if (!ok) { ++ EVP_PKEY_free(pkey); ++ goto end; ++ } + } ++ EVP_PKEY_free(pkey); ++ pkey = NULL; + } + ++ xs->valid = 1; ++ + check_cert: +- /* Calls verify callback as needed */ +- if (!x509_check_cert_time(ctx, xs, n)) +- return 0; ++ ok = check_cert_time(ctx, xs); ++ if (!ok) ++ goto end; + +- /* +- * Signal success at this depth. However, the previous error (if any) +- * is retained. +- */ ++ /* The last error (if any) is still in the error value */ + ctx->current_issuer = xi; + ctx->current_cert = xs; +- ctx->error_depth = n; +- if (!ctx->verify_cb(1, ctx)) +- return 0; ++ ok = (*cb) (1, ctx); ++ if (!ok) ++ goto end; + +- if (--n >= 0) { ++ n--; ++ if (n >= 0) { + xi = xs; + xs = sk_X509_value(ctx->chain, n); + } + } +- return 1; ++ ok = 1; ++ end: ++ return ok; + } + + int X509_cmp_current_time(const ASN1_TIME *ctm) +@@ -1907,7 +2094,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) + return 1; + + for (i = 0; i < sk_X509_num(chain); i++) { +- ktmp = X509_get0_pubkey(sk_X509_value(chain, i)); ++ ktmp = X509_get_pubkey(sk_X509_value(chain, i)); + if (ktmp == NULL) { + X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, + X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); +@@ -1915,6 +2102,10 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) + } + if (!EVP_PKEY_missing_parameters(ktmp)) + break; ++ else { ++ EVP_PKEY_free(ktmp); ++ ktmp = NULL; ++ } + } + if (ktmp == NULL) { + X509err(X509_F_X509_GET_PUBKEY_PARAMETERS, +@@ -1924,12 +2115,14 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) + + /* first, populate the other certs */ + for (j = i - 1; j >= 0; j--) { +- ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j)); ++ ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); + EVP_PKEY_copy_parameters(ktmp2, ktmp); ++ EVP_PKEY_free(ktmp2); + } + + if (pkey != NULL) + EVP_PKEY_copy_parameters(pkey, ktmp); ++ EVP_PKEY_free(ktmp); + return 1; + } + +@@ -1978,15 +2171,15 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + } + /* Create new CRL */ + crl = X509_CRL_new(); +- if (crl == NULL || !X509_CRL_set_version(crl, 1)) ++ if (!crl || !X509_CRL_set_version(crl, 1)) + goto memerr; + /* Set issuer name */ + if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) + goto memerr; + +- if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) ++ if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer))) + goto memerr; +- if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) ++ if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer))) + goto memerr; + + /* Set base CRL number: must be critical */ +@@ -2017,7 +2210,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + * Add only if not also in base. TODO: need something cleverer here + * for some more complex CRLs covering multiple CAs. + */ +- if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) { ++ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) { + rvtmp = X509_REVOKED_dup(rvn); + if (!rvtmp) + goto memerr; +@@ -2036,10 +2229,24 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, + + memerr: + X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE); +- X509_CRL_free(crl); ++ if (crl) ++ X509_CRL_free(crl); + return NULL; + } + ++int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, ++ CRYPTO_EX_new *new_func, ++ CRYPTO_EX_dup *dup_func, ++ CRYPTO_EX_free *free_func) ++{ ++ /* ++ * This function is (usually) called only once, by ++ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). ++ */ ++ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, ++ new_func, dup_func, free_func); ++} ++ + int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) + { + return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); +@@ -2065,22 +2272,12 @@ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) + return ctx->error_depth; + } + +-void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth) +-{ +- ctx->error_depth = depth; +-} +- + X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) + { + return ctx->current_cert; + } + +-void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) +-{ +- ctx->current_cert = x; +-} +- +-STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) ++STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) + { + return ctx->chain; + } +@@ -2112,6 +2309,11 @@ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) + ctx->cert = x; + } + ++void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) ++{ ++ ctx->untrusted = sk; ++} ++ + void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) + { + ctx->crls = sk; +@@ -2119,20 +2321,11 @@ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) + + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) + { +- /* +- * XXX: Why isn't this function always used to set the associated trust? +- * Should there even be a VPM->trust field at all? Or should the trust +- * always be inferred from the purpose by X509_STORE_CTX_init(). +- */ + return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); + } + + int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) + { +- /* +- * XXX: See above, this function would only be needed when the default +- * trust for the purpose needs an override in a corner case. +- */ + return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); + } + +@@ -2166,11 +2359,6 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + ptmp = X509_PURPOSE_get0(idx); + if (ptmp->trust == X509_TRUST_DEFAULT) { + idx = X509_PURPOSE_get_by_id(def_purpose); +- /* +- * XXX: In the two callers above def_purpose is always 0, which is +- * not a known value, so idx will always be -1. How is the +- * X509_TRUST_DEFAULT case actually supposed to be handled? +- */ + if (idx == -1) { + X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, + X509_R_UNKNOWN_PURPOSE_ID); +@@ -2200,20 +2388,20 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + + X509_STORE_CTX *X509_STORE_CTX_new(void) + { +- X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); +- +- if (ctx == NULL) { ++ X509_STORE_CTX *ctx; ++ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); ++ if (!ctx) { + X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } ++ memset(ctx, 0, sizeof(X509_STORE_CTX)); + return ctx; + } + + void X509_STORE_CTX_free(X509_STORE_CTX *ctx) + { +- if (ctx == NULL) ++ if (!ctx) + return; +- + X509_STORE_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +@@ -2222,12 +2410,12 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + STACK_OF(X509) *chain) + { + int ret = 1; +- + ctx->ctx = store; ++ ctx->current_method = 0; + ctx->cert = x509; + ctx->untrusted = chain; + ctx->crls = NULL; +- ctx->num_untrusted = 0; ++ ctx->last_untrusted = 0; + ctx->other_ctx = NULL; + ctx->valid = 0; + ctx->chain = NULL; +@@ -2241,17 +2429,39 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + ctx->current_reasons = 0; + ctx->tree = NULL; + ctx->parent = NULL; +- ctx->dane = NULL; +- ctx->bare_ta_signed = 0; + /* Zero ex_data to make sure we're cleanup-safe */ + memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); + +- /* store->cleanup is always 0 in OpenSSL, if set must be idempotent */ ++ ctx->param = X509_VERIFY_PARAM_new(); ++ if (!ctx->param) { ++ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ ++ /* ++ * Inherit callbacks and flags from X509_STORE if not set use defaults. ++ */ + if (store) +- ctx->cleanup = store->cleanup; ++ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); + else ++ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; ++ ++ if (store) { ++ ctx->verify_cb = store->verify_cb; ++ /* Seems to always be 0 in OpenSSL, else must be idempotent */ ++ ctx->cleanup = store->cleanup; ++ } else + ctx->cleanup = 0; + ++ if (ret) ++ ret = X509_VERIFY_PARAM_inherit(ctx->param, ++ X509_VERIFY_PARAM_lookup("default")); ++ ++ if (ret == 0) { ++ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ + if (store && store->check_issued) + ctx->check_issued = store->check_issued; + else +@@ -2292,79 +2502,41 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + else + ctx->cert_crl = cert_crl; + +- if (store && store->check_policy) +- ctx->check_policy = store->check_policy; +- else +- ctx->check_policy = check_policy; +- + if (store && store->lookup_certs) + ctx->lookup_certs = store->lookup_certs; + else +- ctx->lookup_certs = X509_STORE_CTX_get1_certs; ++ ctx->lookup_certs = X509_STORE_get1_certs; + + if (store && store->lookup_crls) + ctx->lookup_crls = store->lookup_crls; + else +- ctx->lookup_crls = X509_STORE_CTX_get1_crls; ++ ctx->lookup_crls = X509_STORE_get1_crls; + +- ctx->param = X509_VERIFY_PARAM_new(); +- if (ctx->param == NULL) { +- X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); +- goto err; +- } ++ ctx->check_policy = check_policy; ++ ++ if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, ++ &ctx->ex_data)) ++ return 1; ++ X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); + ++ err: + /* +- * Inherit callbacks and flags from X509_STORE if not set use defaults. ++ * On error clean up allocated storage, if the store context was not ++ * allocated with X509_STORE_CTX_new() this is our last chance to do so. + */ +- if (store) +- ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); +- else +- ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; +- +- if (ret) +- ret = X509_VERIFY_PARAM_inherit(ctx->param, +- X509_VERIFY_PARAM_lookup("default")); +- +- if (ret == 0) { +- X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- +- /* +- * XXX: For now, continue to inherit trust from VPM, but infer from the +- * purpose if this still yields the default value. +- */ +- if (ctx->param->trust == X509_TRUST_DEFAULT) { +- int idx = X509_PURPOSE_get_by_id(ctx->param->purpose); +- X509_PURPOSE *xp = X509_PURPOSE_get0(idx); +- +- if (xp != NULL) +- ctx->param->trust = X509_PURPOSE_get_trust(xp); +- } +- +- if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, +- &ctx->ex_data)) +- return 1; +- X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE); +- +- err: +- /* +- * On error clean up allocated storage, if the store context was not +- * allocated with X509_STORE_CTX_new() this is our last chance to do so. +- */ +- X509_STORE_CTX_cleanup(ctx); +- return 0; +-} ++ X509_STORE_CTX_cleanup(ctx); ++ return 0; ++} + + /* + * Set alternative lookup method: just a STACK of trusted certificates. This + * avoids X509_STORE nastiness where it isn't needed. + */ +-void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) ++ ++void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) + { + ctx->other_ctx = sk; + ctx->get_issuer = get_issuer_sk; +- ctx->lookup_certs = lookup_certs_sk; + } + + void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) +@@ -2385,12 +2557,16 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) + X509_VERIFY_PARAM_free(ctx->param); + ctx->param = NULL; + } +- X509_policy_tree_free(ctx->tree); +- ctx->tree = NULL; +- sk_X509_pop_free(ctx->chain, X509_free); +- ctx->chain = NULL; ++ if (ctx->tree != NULL) { ++ X509_policy_tree_free(ctx->tree); ++ ctx->tree = NULL; ++ } ++ if (ctx->chain != NULL) { ++ sk_X509_pop_free(ctx->chain, X509_free); ++ ctx->chain = NULL; ++ } + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); +- memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); ++ memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); + } + + void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) +@@ -2409,99 +2585,12 @@ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + X509_VERIFY_PARAM_set_time(ctx->param, t); + } + +-X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) +-{ +- return ctx->cert; +-} +- +-STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) +-{ +- return ctx->untrusted; +-} +- +-void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +-{ +- ctx->untrusted = sk; +-} +- +-void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +-{ +- sk_X509_pop_free(ctx->chain, X509_free); +- ctx->chain = sk; +-} +- + void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, +- X509_STORE_CTX_verify_cb verify_cb) ++ int (*verify_cb) (int, X509_STORE_CTX *)) + { + ctx->verify_cb = verify_cb; + } + +-X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx) +-{ +- return ctx->verify_cb; +-} +- +-void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, +- X509_STORE_CTX_verify_fn verify) +-{ +- ctx->verify = verify; +-} +- +-X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx) +-{ +- return ctx->verify; +-} +- +-X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx) +-{ +- return ctx->get_issuer; +-} +- +-X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx) +-{ +- return ctx->check_issued; +-} +- +-X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx) +-{ +- return ctx->check_revocation; +-} +- +-X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx) +-{ +- return ctx->get_crl; +-} +- +-X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx) +-{ +- return ctx->check_crl; +-} +- +-X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx) +-{ +- return ctx->cert_crl; +-} +- +-X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx) +-{ +- return ctx->check_policy; +-} +- +-X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx) +-{ +- return ctx->lookup_certs; +-} +- +-X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx) +-{ +- return ctx->lookup_crls; +-} +- +-X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx) +-{ +- return ctx->cleanup; +-} +- + X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) + { + return ctx->tree; +@@ -2512,11 +2601,6 @@ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) + return ctx->explicit_policy; + } + +-int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx) +-{ +- return ctx->num_untrusted; +-} +- + int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) + { + const X509_VERIFY_PARAM *param; +@@ -2533,743 +2617,17 @@ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) + + void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) + { +- X509_VERIFY_PARAM_free(ctx->param); ++ if (ctx->param) ++ X509_VERIFY_PARAM_free(ctx->param); + ctx->param = param; + } + +-void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane) +-{ +- ctx->dane = dane; +-} +- +-static unsigned char *dane_i2d( +- X509 *cert, +- uint8_t selector, +- unsigned int *i2dlen) +-{ +- unsigned char *buf = NULL; +- int len; +- +- /* +- * Extract ASN.1 DER form of certificate or public key. +- */ +- switch (selector) { +- case DANETLS_SELECTOR_CERT: +- len = i2d_X509(cert, &buf); +- break; +- case DANETLS_SELECTOR_SPKI: +- len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf); +- break; +- default: +- X509err(X509_F_DANE_I2D, X509_R_BAD_SELECTOR); +- return NULL; +- } +- +- if (len < 0 || buf == NULL) { +- X509err(X509_F_DANE_I2D, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- *i2dlen = (unsigned int)len; +- return buf; +-} +- +-#define DANETLS_NONE 256 /* impossible uint8_t */ +- +-static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth) +-{ +- SSL_DANE *dane = ctx->dane; +- unsigned usage = DANETLS_NONE; +- unsigned selector = DANETLS_NONE; +- unsigned ordinal = DANETLS_NONE; +- unsigned mtype = DANETLS_NONE; +- unsigned char *i2dbuf = NULL; +- unsigned int i2dlen = 0; +- unsigned char mdbuf[EVP_MAX_MD_SIZE]; +- unsigned char *cmpbuf = NULL; +- unsigned int cmplen = 0; +- int i; +- int recnum; +- int matched = 0; +- danetls_record *t = NULL; +- uint32_t mask; +- +- mask = (depth == 0) ? DANETLS_EE_MASK : DANETLS_TA_MASK; +- +- /* +- * The trust store is not applicable with DANE-TA(2) +- */ +- if (depth >= ctx->num_untrusted) +- mask &= DANETLS_PKIX_MASK; +- +- /* +- * If we've previously matched a PKIX-?? record, no need to test any +- * further PKIX-?? records, it remains to just build the PKIX chain. +- * Had the match been a DANE-?? record, we'd be done already. +- */ +- if (dane->mdpth >= 0) +- mask &= ~DANETLS_PKIX_MASK; +- +- /*- +- * https://tools.ietf.org/html/rfc7671#section-5.1 +- * https://tools.ietf.org/html/rfc7671#section-5.2 +- * https://tools.ietf.org/html/rfc7671#section-5.3 +- * https://tools.ietf.org/html/rfc7671#section-5.4 +- * +- * We handle DANE-EE(3) records first as they require no chain building +- * and no expiration or hostname checks. We also process digests with +- * higher ordinals first and ignore lower priorities except Full(0) which +- * is always processed (last). If none match, we then process PKIX-EE(1). +- * +- * NOTE: This relies on DANE usages sorting before the corresponding PKIX +- * usages in SSL_dane_tlsa_add(), and also on descending sorting of digest +- * priorities. See twin comment in ssl/ssl_lib.c. +- * +- * We expect that most TLSA RRsets will have just a single usage, so we +- * don't go out of our way to cache multiple selector-specific i2d buffers +- * across usages, but if the selector happens to remain the same as switch +- * usages, that's OK. Thus, a set of "3 1 1", "3 0 1", "1 1 1", "1 0 1", +- * records would result in us generating each of the certificate and public +- * key DER forms twice, but more typically we'd just see multiple "3 1 1" +- * or multiple "3 0 1" records. +- * +- * As soon as we find a match at any given depth, we stop, because either +- * we've matched a DANE-?? record and the peer is authenticated, or, after +- * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is +- * sufficient for DANE, and what remains to do is ordinary PKIX validation. +- */ +- recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0; +- for (i = 0; matched == 0 && i < recnum; ++i) { +- t = sk_danetls_record_value(dane->trecs, i); +- if ((DANETLS_USAGE_BIT(t->usage) & mask) == 0) +- continue; +- if (t->usage != usage) { +- usage = t->usage; +- +- /* Reset digest agility for each usage/selector pair */ +- mtype = DANETLS_NONE; +- ordinal = dane->dctx->mdord[t->mtype]; +- } +- if (t->selector != selector) { +- selector = t->selector; +- +- /* Update per-selector state */ +- OPENSSL_free(i2dbuf); +- i2dbuf = dane_i2d(cert, selector, &i2dlen); +- if (i2dbuf == NULL) +- return -1; +- +- /* Reset digest agility for each usage/selector pair */ +- mtype = DANETLS_NONE; +- ordinal = dane->dctx->mdord[t->mtype]; +- } else if (t->mtype != DANETLS_MATCHING_FULL) { +- /*- +- * Digest agility: +- * +- * +- * +- * For a fixed selector, after processing all records with the +- * highest mtype ordinal, ignore all mtypes with lower ordinals +- * other than "Full". +- */ +- if (dane->dctx->mdord[t->mtype] < ordinal) +- continue; +- } +- +- /* +- * Each time we hit a (new selector or) mtype, re-compute the relevant +- * digest, more complex caching is not worth the code space. +- */ +- if (t->mtype != mtype) { +- const EVP_MD *md = dane->dctx->mdevp[mtype = t->mtype]; +- cmpbuf = i2dbuf; +- cmplen = i2dlen; +- +- if (md != NULL) { +- cmpbuf = mdbuf; +- if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) { +- matched = -1; +- break; +- } +- } +- } +- +- /* +- * Squirrel away the certificate and depth if we have a match. Any +- * DANE match is dispositive, but with PKIX we still need to build a +- * full chain. +- */ +- if (cmplen == t->dlen && +- memcmp(cmpbuf, t->data, cmplen) == 0) { +- if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK) +- matched = 1; +- if (matched || dane->mdpth < 0) { +- dane->mdpth = depth; +- dane->mtlsa = t; +- OPENSSL_free(dane->mcert); +- dane->mcert = cert; +- X509_up_ref(cert); +- } +- break; +- } +- } +- +- /* Clear the one-element DER cache */ +- OPENSSL_free(i2dbuf); +- return matched; +-} +- +-static int check_dane_issuer(X509_STORE_CTX *ctx, int depth) +-{ +- SSL_DANE *dane = ctx->dane; +- int matched = 0; +- X509 *cert; ++IMPLEMENT_STACK_OF(X509) + +- if (!DANETLS_HAS_TA(dane) || depth == 0) +- return X509_TRUST_UNTRUSTED; ++IMPLEMENT_ASN1_SET_OF(X509) + +- /* +- * Record any DANE trust-anchor matches, for the first depth to test, if +- * there's one at that depth. (This'll be false for length 1 chains looking +- * for an exact match for the leaf certificate). +- */ +- cert = sk_X509_value(ctx->chain, depth); +- if (cert != NULL && (matched = dane_match(ctx, cert, depth)) < 0) +- return X509_TRUST_REJECTED; +- if (matched > 0) { +- ctx->num_untrusted = depth - 1; +- return X509_TRUST_TRUSTED; +- } +- +- return X509_TRUST_UNTRUSTED; +-} +- +-static int check_dane_pkeys(X509_STORE_CTX *ctx) +-{ +- SSL_DANE *dane = ctx->dane; +- danetls_record *t; +- int num = ctx->num_untrusted; +- X509 *cert = sk_X509_value(ctx->chain, num - 1); +- int recnum = sk_danetls_record_num(dane->trecs); +- int i; +- +- for (i = 0; i < recnum; ++i) { +- t = sk_danetls_record_value(dane->trecs, i); +- if (t->usage != DANETLS_USAGE_DANE_TA || +- t->selector != DANETLS_SELECTOR_SPKI || +- t->mtype != DANETLS_MATCHING_FULL || +- X509_verify(cert, t->spki) <= 0) +- continue; ++IMPLEMENT_STACK_OF(X509_NAME) + +- /* Clear any PKIX-?? matches that failed to extend to a full chain */ +- X509_free(dane->mcert); +- dane->mcert = NULL; ++IMPLEMENT_STACK_OF(X509_ATTRIBUTE) + +- /* Record match via a bare TA public key */ +- ctx->bare_ta_signed = 1; +- dane->mdpth = num - 1; +- dane->mtlsa = t; +- +- /* Prune any excess chain certificates */ +- num = sk_X509_num(ctx->chain); +- for (; num > ctx->num_untrusted; --num) +- X509_free(sk_X509_pop(ctx->chain)); +- +- return X509_TRUST_TRUSTED; +- } +- +- return X509_TRUST_UNTRUSTED; +-} +- +-static void dane_reset(SSL_DANE *dane) +-{ +- /* +- * Reset state to verify another chain, or clear after failure. +- */ +- X509_free(dane->mcert); +- dane->mcert = NULL; +- dane->mtlsa = NULL; +- dane->mdpth = -1; +- dane->pdpth = -1; +-} +- +-static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert) +-{ +- int err = X509_chain_check_suiteb(NULL, cert, NULL, ctx->param->flags); +- +- if (err == X509_V_OK) +- return 1; +- return verify_cb_cert(ctx, cert, 0, err); +-} +- +-static int dane_verify(X509_STORE_CTX *ctx) +-{ +- X509 *cert = ctx->cert; +- SSL_DANE *dane = ctx->dane; +- int matched; +- int done; +- +- dane_reset(dane); +- +- /*- +- * When testing the leaf certificate, if we match a DANE-EE(3) record, +- * dane_match() returns 1 and we're done. If however we match a PKIX-EE(1) +- * record, the match depth and matching TLSA record are recorded, but the +- * return value is 0, because we still need to find a PKIX trust-anchor. +- * Therefore, when DANE authentication is enabled (required), we're done +- * if: +- * + matched < 0, internal error. +- * + matched == 1, we matched a DANE-EE(3) record +- * + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no +- * DANE-TA(2) or PKIX-TA(0) to test. +- */ +- matched = dane_match(ctx, ctx->cert, 0); +- done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0); +- +- if (done) +- X509_get_pubkey_parameters(NULL, ctx->chain); +- +- if (matched > 0) { +- /* Callback invoked as needed */ +- if (!check_leaf_suiteb(ctx, cert)) +- return 0; +- /* Callback invoked as needed */ +- if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 && +- !check_id(ctx)) +- return 0; +- /* Bypass internal_verify(), issue depth 0 success callback */ +- ctx->error_depth = 0; +- ctx->current_cert = cert; +- return ctx->verify_cb(1, ctx); +- } +- +- if (matched < 0) { +- ctx->error_depth = 0; +- ctx->current_cert = cert; +- ctx->error = X509_V_ERR_OUT_OF_MEM; +- return -1; +- } +- +- if (done) { +- /* Fail early, TA-based success is not possible */ +- if (!check_leaf_suiteb(ctx, cert)) +- return 0; +- return verify_cb_cert(ctx, cert, 0, X509_V_ERR_DANE_NO_MATCH); +- } +- +- /* +- * Chain verification for usages 0/1/2. TLSA record matching of depth > 0 +- * certificates happens in-line with building the rest of the chain. +- */ +- return verify_chain(ctx); +-} +- +-/* Get issuer, without duplicate suppression */ +-static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert) +-{ +- STACK_OF(X509) *saved_chain = ctx->chain; +- int ok; +- +- ctx->chain = NULL; +- ok = ctx->get_issuer(issuer, ctx, cert); +- ctx->chain = saved_chain; +- +- return ok; +-} +- +-static int build_chain(X509_STORE_CTX *ctx) +-{ +- SSL_DANE *dane = ctx->dane; +- int num = sk_X509_num(ctx->chain); +- X509 *cert = sk_X509_value(ctx->chain, num - 1); +- int ss = cert_self_signed(cert); +- STACK_OF(X509) *sktmp = NULL; +- unsigned int search; +- int may_trusted = 0; +- int may_alternate = 0; +- int trust = X509_TRUST_UNTRUSTED; +- int alt_untrusted = 0; +- int depth; +- int ok = 0; +- int i; +- +- /* Our chain starts with a single untrusted element. */ +- OPENSSL_assert(num == 1 && ctx->num_untrusted == num); +- +-#define S_DOUNTRUSTED (1 << 0) /* Search untrusted chain */ +-#define S_DOTRUSTED (1 << 1) /* Search trusted store */ +-#define S_DOALTERNATE (1 << 2) /* Retry with pruned alternate chain */ +- /* +- * Set up search policy, untrusted if possible, trusted-first if enabled. +- * If we're doing DANE and not doing PKIX-TA/PKIX-EE, we never look in the +- * trust_store, otherwise we might look there first. If not trusted-first, +- * and alternate chains are not disabled, try building an alternate chain +- * if no luck with untrusted first. +- */ +- search = (ctx->untrusted != NULL) ? S_DOUNTRUSTED : 0; +- if (DANETLS_HAS_PKIX(dane) || !DANETLS_HAS_DANE(dane)) { +- if (search == 0 || ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) +- search |= S_DOTRUSTED; +- else if (!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) +- may_alternate = 1; +- may_trusted = 1; +- } +- +- /* +- * Shallow-copy the stack of untrusted certificates (with TLS, this is +- * typically the content of the peer's certificate message) so can make +- * multiple passes over it, while free to remove elements as we go. +- */ +- if (ctx->untrusted && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { +- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); +- ctx->error = X509_V_ERR_OUT_OF_MEM; +- return 0; +- } +- +- /* +- * If we got any "DANE-TA(2) Cert(0) Full(0)" trust-anchors from DNS, add +- * them to our working copy of the untrusted certificate stack. Since the +- * caller of X509_STORE_CTX_init() may have provided only a leaf cert with +- * no corresponding stack of untrusted certificates, we may need to create +- * an empty stack first. [ At present only the ssl library provides DANE +- * support, and ssl_verify_cert_chain() always provides a non-null stack +- * containing at least the leaf certificate, but we must be prepared for +- * this to change. ] +- */ +- if (DANETLS_ENABLED(dane) && dane->certs != NULL) { +- if (sktmp == NULL && (sktmp = sk_X509_new_null()) == NULL) { +- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); +- ctx->error = X509_V_ERR_OUT_OF_MEM; +- return 0; +- } +- for (i = 0; i < sk_X509_num(dane->certs); ++i) { +- if (!sk_X509_push(sktmp, sk_X509_value(dane->certs, i))) { +- sk_X509_free(sktmp); +- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); +- ctx->error = X509_V_ERR_OUT_OF_MEM; +- return 0; +- } +- } +- } +- +- /* +- * Still absurdly large, but arithmetically safe, a lower hard upper bound +- * might be reasonable. +- */ +- if (ctx->param->depth > INT_MAX/2) +- ctx->param->depth = INT_MAX/2; +- +- /* +- * Try to Extend the chain until we reach an ultimately trusted issuer. +- * Build chains up to one longer the limit, later fail if we hit the limit, +- * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code. +- */ +- depth = ctx->param->depth + 1; +- +- while (search != 0) { +- X509 *x; +- X509 *xtmp = NULL; +- +- /* +- * Look in the trust store if enabled for first lookup, or we've run +- * out of untrusted issuers and search here is not disabled. When we +- * reach the depth limit, we stop extending the chain, if by that point +- * we've not found a trust-anchor, any trusted chain would be too long. +- * +- * The error reported to the application verify callback is at the +- * maximal valid depth with the current certificate equal to the last +- * not ultimately-trusted issuer. For example, with verify_depth = 0, +- * the callback will report errors at depth=1 when the immediate issuer +- * of the leaf certificate is not a trust anchor. No attempt will be +- * made to locate an issuer for that certificate, since such a chain +- * would be a-priori too long. +- */ +- if ((search & S_DOTRUSTED) != 0) { +- i = num = sk_X509_num(ctx->chain); +- if ((search & S_DOALTERNATE) != 0) { +- /* +- * As high up the chain as we can, look for an alternative +- * trusted issuer of an untrusted certificate that currently +- * has an untrusted issuer. We use the alt_untrusted variable +- * to track how far up the chain we find the first match. It +- * is only if and when we find a match, that we prune the chain +- * and reset ctx->num_untrusted to the reduced count of +- * untrusted certificates. While we're searching for such a +- * match (which may never be found), it is neither safe nor +- * wise to preemptively modify either the chain or +- * ctx->num_untrusted. +- * +- * Note, like ctx->num_untrusted, alt_untrusted is a count of +- * untrusted certificates, not a "depth". +- */ +- i = alt_untrusted; +- } +- x = sk_X509_value(ctx->chain, i-1); +- +- ok = (depth < num) ? 0 : get_issuer(&xtmp, ctx, x); +- +- if (ok < 0) { +- trust = X509_TRUST_REJECTED; +- ctx->error = X509_V_ERR_STORE_LOOKUP; +- search = 0; +- continue; +- } +- +- if (ok > 0) { +- /* +- * Alternative trusted issuer for a mid-chain untrusted cert? +- * Pop the untrusted cert's successors and retry. We might now +- * be able to complete a valid chain via the trust store. Note +- * that despite the current trust-store match we might still +- * fail complete the chain to a suitable trust-anchor, in which +- * case we may prune some more untrusted certificates and try +- * again. Thus the S_DOALTERNATE bit may yet be turned on +- * again with an even shorter untrusted chain! +- * +- * If in the process we threw away our matching PKIX-TA trust +- * anchor, reset DANE trust. We might find a suitable trusted +- * certificate among the ones from the trust store. +- */ +- if ((search & S_DOALTERNATE) != 0) { +- OPENSSL_assert(num > i && i > 0 && ss == 0); +- search &= ~S_DOALTERNATE; +- for (; num > i; --num) +- X509_free(sk_X509_pop(ctx->chain)); +- ctx->num_untrusted = num; +- +- if (DANETLS_ENABLED(dane) && +- dane->mdpth >= ctx->num_untrusted) { +- dane->mdpth = -1; +- X509_free(dane->mcert); +- dane->mcert = NULL; +- } +- if (DANETLS_ENABLED(dane) && +- dane->pdpth >= ctx->num_untrusted) +- dane->pdpth = -1; +- } +- +- /* +- * Self-signed untrusted certificates get replaced by their +- * trusted matching issuer. Otherwise, grow the chain. +- */ +- if (ss == 0) { +- if (!sk_X509_push(ctx->chain, x = xtmp)) { +- X509_free(xtmp); +- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); +- trust = X509_TRUST_REJECTED; +- ctx->error = X509_V_ERR_OUT_OF_MEM; +- search = 0; +- continue; +- } +- ss = cert_self_signed(x); +- } else if (num == ctx->num_untrusted) { +- /* +- * We have a self-signed certificate that has the same +- * subject name (and perhaps keyid and/or serial number) as +- * a trust-anchor. We must have an exact match to avoid +- * possible impersonation via key substitution etc. +- */ +- if (X509_cmp(x, xtmp) != 0) { +- /* Self-signed untrusted mimic. */ +- X509_free(xtmp); +- ok = 0; +- } else { +- X509_free(x); +- ctx->num_untrusted = --num; +- (void) sk_X509_set(ctx->chain, num, x = xtmp); +- } +- } +- +- /* +- * We've added a new trusted certificate to the chain, recheck +- * trust. If not done, and not self-signed look deeper. +- * Whether or not we're doing "trusted first", we no longer +- * look for untrusted certificates from the peer's chain. +- * +- * At this point ctx->num_trusted and num must reflect the +- * correct number of untrusted certificates, since the DANE +- * logic in check_trust() depends on distinguishing CAs from +- * "the wire" from CAs from the trust store. In particular, the +- * certificate at depth "num" should be the new trusted +- * certificate with ctx->num_untrusted <= num. +- */ +- if (ok) { +- OPENSSL_assert(ctx->num_untrusted <= num); +- search &= ~S_DOUNTRUSTED; +- switch (trust = check_trust(ctx, num)) { +- case X509_TRUST_TRUSTED: +- case X509_TRUST_REJECTED: +- search = 0; +- continue; +- } +- if (ss == 0) +- continue; +- } +- } +- +- /* +- * No dispositive decision, and either self-signed or no match, if +- * we were doing untrusted-first, and alt-chains are not disabled, +- * do that, by repeatedly losing one untrusted element at a time, +- * and trying to extend the shorted chain. +- */ +- if ((search & S_DOUNTRUSTED) == 0) { +- /* Continue search for a trusted issuer of a shorter chain? */ +- if ((search & S_DOALTERNATE) != 0 && --alt_untrusted > 0) +- continue; +- /* Still no luck and no fallbacks left? */ +- if (!may_alternate || (search & S_DOALTERNATE) != 0 || +- ctx->num_untrusted < 2) +- break; +- /* Search for a trusted issuer of a shorter chain */ +- search |= S_DOALTERNATE; +- alt_untrusted = ctx->num_untrusted - 1; +- ss = 0; +- } +- } +- +- /* +- * Extend chain with peer-provided certificates +- */ +- if ((search & S_DOUNTRUSTED) != 0) { +- num = sk_X509_num(ctx->chain); +- OPENSSL_assert(num == ctx->num_untrusted); +- x = sk_X509_value(ctx->chain, num-1); +- +- /* +- * Once we run out of untrusted issuers, we stop looking for more +- * and start looking only in the trust store if enabled. +- */ +- xtmp = (ss || depth < num) ? NULL : find_issuer(ctx, sktmp, x); +- if (xtmp == NULL) { +- search &= ~S_DOUNTRUSTED; +- if (may_trusted) +- search |= S_DOTRUSTED; +- continue; +- } +- +- /* Drop this issuer from future consideration */ +- (void) sk_X509_delete_ptr(sktmp, xtmp); +- +- if (!sk_X509_push(ctx->chain, xtmp)) { +- X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE); +- trust = X509_TRUST_REJECTED; +- ctx->error = X509_V_ERR_OUT_OF_MEM; +- search = 0; +- continue; +- } +- +- X509_up_ref(x = xtmp); +- ++ctx->num_untrusted; +- ss = cert_self_signed(xtmp); +- +- /* +- * Check for DANE-TA trust of the topmost untrusted certificate. +- */ +- switch (trust = check_dane_issuer(ctx, ctx->num_untrusted - 1)) { +- case X509_TRUST_TRUSTED: +- case X509_TRUST_REJECTED: +- search = 0; +- continue; +- } +- } +- } +- sk_X509_free(sktmp); +- +- /* +- * Last chance to make a trusted chain, either bare DANE-TA public-key +- * signers, or else direct leaf PKIX trust. +- */ +- num = sk_X509_num(ctx->chain); +- if (num <= depth) { +- if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane)) +- trust = check_dane_pkeys(ctx); +- if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted) +- trust = check_trust(ctx, num); +- } +- +- switch (trust) { +- case X509_TRUST_TRUSTED: +- return 1; +- case X509_TRUST_REJECTED: +- /* Callback already issued */ +- return 0; +- case X509_TRUST_UNTRUSTED: +- default: +- num = sk_X509_num(ctx->chain); +- if (num > depth) +- return verify_cb_cert(ctx, NULL, num-1, +- X509_V_ERR_CERT_CHAIN_TOO_LONG); +- if (DANETLS_ENABLED(dane) && +- (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0)) +- return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DANE_NO_MATCH); +- if (ss && sk_X509_num(ctx->chain) == 1) +- return verify_cb_cert(ctx, NULL, num-1, +- X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT); +- if (ss) +- return verify_cb_cert(ctx, NULL, num-1, +- X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN); +- if (ctx->num_untrusted < num) +- return verify_cb_cert(ctx, NULL, num-1, +- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT); +- return verify_cb_cert(ctx, NULL, num-1, +- X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY); +- } +-} +- +-static const int minbits_table[] = { 80, 112, 128, 192, 256 }; +-static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); +- +-/* +- * Check whether the public key of ``cert`` meets the security level of +- * ``ctx``. +- * +- * Returns 1 on success, 0 otherwise. +- */ +-static int check_key_level(X509_STORE_CTX *ctx, X509 *cert) +-{ +- EVP_PKEY *pkey = X509_get0_pubkey(cert); +- int level = ctx->param->auth_level; +- +- /* Unsupported or malformed keys are not secure */ +- if (pkey == NULL) +- return 0; +- +- if (level <= 0) +- return 1; +- if (level > NUM_AUTH_LEVELS) +- level = NUM_AUTH_LEVELS; +- +- return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1]; +-} +- +-/* +- * Check whether the signature digest algorithm of ``cert`` meets the security +- * level of ``ctx``. Should not be checked for trust anchors (whether +- * self-signed or otherwise). +- * +- * Returns 1 on success, 0 otherwise. +- */ +-static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) +-{ +- int nid = X509_get_signature_nid(cert); +- int mdnid = NID_undef; +- int secbits = -1; +- int level = ctx->param->auth_level; +- +- if (level <= 0) +- return 1; +- if (level > NUM_AUTH_LEVELS) +- level = NUM_AUTH_LEVELS; +- +- /* Lookup signature algorithm digest */ +- if (nid && OBJ_find_sigid_algs(nid, &mdnid, NULL)) { +- const EVP_MD *md; +- +- /* Assume 4 bits of collision resistance for each hash octet */ +- if (mdnid != NID_undef && (md = EVP_get_digestbynid(mdnid)) != NULL) +- secbits = EVP_MD_size(md) * 4; +- } +- +- return secbits >= minbits_table[level - 1]; +-} ++IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +index b506722..1ac15a8 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c +@@ -1,23 +1,72 @@ ++/* x509_vpm.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include "internal/x509_int.h" + +-#include "x509_lcl.h" ++#include "vpm_int.h" + + /* X509_VERIFY_PARAM functions */ + +@@ -34,7 +83,9 @@ static void str_free(char *s) + OPENSSL_free(s); + } + +-static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, ++#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) ++ ++static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, + const char *name, size_t namelen) + { + char *copy; +@@ -50,28 +101,28 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, + if (namelen > 0 && name[namelen - 1] == '\0') + --namelen; + +- if (mode == SET_HOST) { +- sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free); +- vpm->hosts = NULL; ++ if (mode == SET_HOST && id->hosts) { ++ string_stack_free(id->hosts); ++ id->hosts = NULL; + } + if (name == NULL || namelen == 0) + return 1; + +- copy = OPENSSL_strndup(name, namelen); ++ copy = BUF_strndup(name, namelen); + if (copy == NULL) + return 0; + +- if (vpm->hosts == NULL && +- (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { ++ if (id->hosts == NULL && ++ (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { + OPENSSL_free(copy); + return 0; + } + +- if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) { ++ if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { + OPENSSL_free(copy); +- if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) { +- sk_OPENSSL_STRING_free(vpm->hosts); +- vpm->hosts = NULL; ++ if (sk_OPENSSL_STRING_num(id->hosts) == 0) { ++ sk_OPENSSL_STRING_free(id->hosts); ++ id->hosts = NULL; + } + return 0; + } +@@ -81,48 +132,75 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode, + + static void x509_verify_param_zero(X509_VERIFY_PARAM *param) + { ++ X509_VERIFY_PARAM_ID *paramid; + if (!param) + return; + param->name = NULL; + param->purpose = 0; +- param->trust = X509_TRUST_DEFAULT; ++ param->trust = 0; + /* + * param->inh_flags = X509_VP_FLAG_DEFAULT; + */ + param->inh_flags = 0; + param->flags = 0; + param->depth = -1; +- param->auth_level = -1; /* -1 means unset, 0 is explicit */ +- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); +- param->policies = NULL; +- sk_OPENSSL_STRING_pop_free(param->hosts, str_free); +- param->hosts = NULL; +- OPENSSL_free(param->peername); +- param->peername = NULL; +- OPENSSL_free(param->email); +- param->email = NULL; +- param->emaillen = 0; +- OPENSSL_free(param->ip); +- param->ip = NULL; +- param->iplen = 0; ++ if (param->policies) { ++ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); ++ param->policies = NULL; ++ } ++ paramid = param->id; ++ if (paramid->hosts) { ++ string_stack_free(paramid->hosts); ++ paramid->hosts = NULL; ++ } ++ if (paramid->peername) ++ OPENSSL_free(paramid->peername); ++ paramid->peername = NULL; ++ if (paramid->email) { ++ OPENSSL_free(paramid->email); ++ paramid->email = NULL; ++ paramid->emaillen = 0; ++ } ++ if (paramid->ip) { ++ OPENSSL_free(paramid->ip); ++ paramid->ip = NULL; ++ paramid->iplen = 0; ++ } + } + + X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) + { + X509_VERIFY_PARAM *param; ++ X509_VERIFY_PARAM_ID *paramid; + +- param = OPENSSL_zalloc(sizeof(*param)); +- if (param == NULL) ++ param = OPENSSL_malloc(sizeof *param); ++ if (!param) + return NULL; ++ memset(param, 0, sizeof(*param)); ++ ++ paramid = OPENSSL_malloc(sizeof(*paramid)); ++ if (!paramid) { ++ OPENSSL_free(param); ++ return NULL; ++ } ++ memset(paramid, 0, sizeof(*paramid)); ++ /* Exotic platforms may have non-zero bit representation of NULL */ ++ paramid->hosts = NULL; ++ paramid->peername = NULL; ++ paramid->email = NULL; ++ paramid->ip = NULL; ++ ++ param->id = paramid; + x509_verify_param_zero(param); + return param; + } + + void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) + { +- if (!param) ++ if (param == NULL) + return; + x509_verify_param_zero(param); ++ OPENSSL_free(param->id); + OPENSSL_free(param); + } + +@@ -164,6 +242,11 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) + (to_overwrite || \ + ((src->field != def) && (to_default || (dest->field == def)))) + ++/* As above but for ID fields */ ++ ++#define test_x509_verify_param_copy_id(idf, def) \ ++ test_x509_verify_param_copy(id->idf, def) ++ + /* Macro to test and copy a field if necessary */ + + #define x509_verify_param_copy(field, def) \ +@@ -175,8 +258,10 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, + { + unsigned long inh_flags; + int to_default, to_overwrite; ++ X509_VERIFY_PARAM_ID *id; + if (!src) + return 1; ++ id = src->id; + inh_flags = dest->inh_flags | src->inh_flags; + + if (inh_flags & X509_VP_FLAG_ONCE) +@@ -196,9 +281,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, + to_overwrite = 0; + + x509_verify_param_copy(purpose, 0); +- x509_verify_param_copy(trust, X509_TRUST_DEFAULT); ++ x509_verify_param_copy(trust, 0); + x509_verify_param_copy(depth, -1); +- x509_verify_param_copy(auth_level, -1); + + /* If overwrite or check time not set, copy across */ + +@@ -219,25 +303,27 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, + } + + /* Copy the host flags if and only if we're copying the host list */ +- if (test_x509_verify_param_copy(hosts, NULL)) { +- sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); +- dest->hosts = NULL; +- if (src->hosts) { +- dest->hosts = +- sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); +- if (dest->hosts == NULL) ++ if (test_x509_verify_param_copy_id(hosts, NULL)) { ++ if (dest->id->hosts) { ++ string_stack_free(dest->id->hosts); ++ dest->id->hosts = NULL; ++ } ++ if (id->hosts) { ++ dest->id->hosts = ++ sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free); ++ if (dest->id->hosts == NULL) + return 0; +- dest->hostflags = src->hostflags; ++ dest->id->hostflags = id->hostflags; + } + } + +- if (test_x509_verify_param_copy(email, NULL)) { +- if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen)) ++ if (test_x509_verify_param_copy_id(email, NULL)) { ++ if (!X509_VERIFY_PARAM_set1_email(dest, id->email, id->emaillen)) + return 0; + } + +- if (test_x509_verify_param_copy(ip, NULL)) { +- if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen)) ++ if (test_x509_verify_param_copy_id(ip, NULL)) { ++ if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) + return 0; + } + +@@ -260,27 +346,30 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen, + { + void *tmp; + if (src) { +- if (srclen == 0) ++ if (srclen == 0) { ++ tmp = BUF_strdup(src); + srclen = strlen(src); +- +- tmp = OPENSSL_memdup(src, srclen); +- if (tmp == NULL) ++ } else ++ tmp = BUF_memdup(src, srclen); ++ if (!tmp) + return 0; + } else { + tmp = NULL; + srclen = 0; + } +- OPENSSL_free(*pdest); ++ if (*pdest) ++ OPENSSL_free(*pdest); + *pdest = tmp; +- if (pdestlen != NULL) ++ if (pdestlen) + *pdestlen = srclen; + return 1; + } + + int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) + { +- OPENSSL_free(param->name); +- param->name = OPENSSL_strdup(name); ++ if (param->name) ++ OPENSSL_free(param->name); ++ param->name = BUF_strdup(name); + if (param->name) + return 1; + return 0; +@@ -306,17 +395,6 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) + return param->flags; + } + +-uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param) +-{ +- return param->inh_flags; +-} +- +-int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags) +-{ +- param->inh_flags = flags; +- return 1; +-} +- + int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) + { + return X509_PURPOSE_set(¶m->purpose, purpose); +@@ -332,16 +410,6 @@ void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) + param->depth = depth; + } + +-void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level) +-{ +- param->auth_level = auth_level; +-} +- +-time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param) +-{ +- return param->check_time; +-} +- + void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) + { + param->check_time = t; +@@ -366,10 +434,10 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + { + int i; + ASN1_OBJECT *oid, *doid; +- + if (!param) + return 0; +- sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); ++ if (param->policies) ++ sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + + if (!policies) { + param->policies = NULL; +@@ -397,48 +465,30 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen) + { +- return int_x509_param_set_hosts(param, SET_HOST, name, namelen); ++ return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen); + } + + int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen) + { +- return int_x509_param_set_hosts(param, ADD_HOST, name, namelen); ++ return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen); + } + + void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags) + { +- param->hostflags = flags; ++ param->id->hostflags = flags; + } + + char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) + { +- return param->peername; +-} +- +-/* +- * Move peername from one param structure to another, freeing any name present +- * at the target. If the source is a NULL parameter structure, free and zero +- * the target peername. +- */ +-void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to, +- X509_VERIFY_PARAM *from) +-{ +- char *peername = (from != NULL) ? from->peername : NULL; +- +- if (to->peername != peername) { +- OPENSSL_free(to->peername); +- to->peername = peername; +- } +- if (from) +- from->peername = NULL; ++ return param->id->peername; + } + + int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, + const char *email, size_t emaillen) + { +- return int_x509_param_set1(¶m->email, ¶m->emaillen, ++ return int_x509_param_set1(¶m->id->email, ¶m->id->emaillen, + email, emaillen); + } + +@@ -447,7 +497,7 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, + { + if (iplen != 0 && iplen != 4 && iplen != 16) + return 0; +- return int_x509_param_set1((char **)¶m->ip, ¶m->iplen, ++ return int_x509_param_set1((char **)¶m->id->ip, ¶m->id->iplen, + (char *)ip, iplen); + } + +@@ -467,17 +517,14 @@ int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) + return param->depth; + } + +-int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param) +-{ +- return param->auth_level; +-} +- + const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) + { + return param->name; + } + +-#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0 ++static X509_VERIFY_PARAM_ID _empty_id = { NULL, 0U, NULL, NULL, 0, NULL, 0 }; ++ ++#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id + + /* + * Default verify parameters: these are used for various applications and can +@@ -490,11 +537,10 @@ static const X509_VERIFY_PARAM default_table[] = { + "default", /* X509 default parameters */ + 0, /* Check time */ + 0, /* internal flags */ +- X509_V_FLAG_TRUSTED_FIRST, /* flags */ ++ 0, /* flags */ + 0, /* purpose */ + 0, /* trust */ + 100, /* depth */ +- -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id}, + { +@@ -505,7 +551,6 @@ static const X509_VERIFY_PARAM default_table[] = { + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ +- -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id}, + { +@@ -516,7 +561,6 @@ static const X509_VERIFY_PARAM default_table[] = { + X509_PURPOSE_SMIME_SIGN, /* purpose */ + X509_TRUST_EMAIL, /* trust */ + -1, /* depth */ +- -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id}, + { +@@ -527,7 +571,6 @@ static const X509_VERIFY_PARAM default_table[] = { + X509_PURPOSE_SSL_CLIENT, /* purpose */ + X509_TRUST_SSL_CLIENT, /* trust */ + -1, /* depth */ +- -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id}, + { +@@ -538,7 +581,6 @@ static const X509_VERIFY_PARAM default_table[] = { + X509_PURPOSE_SSL_SERVER, /* purpose */ + X509_TRUST_SSL_SERVER, /* trust */ + -1, /* depth */ +- -1, /* auth_level */ + NULL, /* policies */ + vpm_empty_id} + }; +@@ -563,9 +605,9 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) + { + int idx; + X509_VERIFY_PARAM *ptmp; +- if (param_table == NULL) { ++ if (!param_table) { + param_table = sk_X509_VERIFY_PARAM_new(param_cmp); +- if (param_table == NULL) ++ if (!param_table) + return 0; + } else { + idx = sk_X509_VERIFY_PARAM_find(param_table, param); +@@ -582,7 +624,7 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) + + int X509_VERIFY_PARAM_get_count(void) + { +- int num = OSSL_NELEM(default_table); ++ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); + if (param_table) + num += sk_X509_VERIFY_PARAM_num(param_table); + return num; +@@ -590,7 +632,7 @@ int X509_VERIFY_PARAM_get_count(void) + + const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) + { +- int num = OSSL_NELEM(default_table); ++ int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); + if (id < num) + return default_table + id; + return sk_X509_VERIFY_PARAM_value(param_table, id - num); +@@ -607,11 +649,14 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) + if (idx != -1) + return sk_X509_VERIFY_PARAM_value(param_table, idx); + } +- return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table)); ++ return OBJ_bsearch_table(&pm, default_table, ++ sizeof(default_table) / ++ sizeof(X509_VERIFY_PARAM)); + } + + void X509_VERIFY_PARAM_table_cleanup(void) + { +- sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); ++ if (param_table) ++ sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free); + param_table = NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +index 2057859..24ca35b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509cset.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509cset.c +@@ -1,50 +1,119 @@ ++/* crypto/x509/x509cset.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2001 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + + int X509_CRL_set_version(X509_CRL *x, long version) + { + if (x == NULL) + return (0); +- if (x->crl.version == NULL) { +- if ((x->crl.version = ASN1_INTEGER_new()) == NULL) ++ if (x->crl->version == NULL) { ++ if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL) + return (0); + } +- return (ASN1_INTEGER_set(x->crl.version, version)); ++ return (ASN1_INTEGER_set(x->crl->version, version)); + } + + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) + { +- if (x == NULL) ++ if ((x == NULL) || (x->crl == NULL)) + return (0); +- return (X509_NAME_set(&x->crl.issuer, name)); ++ return (X509_NAME_set(&x->crl->issuer, name)); + } + +-int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) ++int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) + { ++ ASN1_TIME *in; ++ + if (x == NULL) +- return 0; +- return x509_set1_time(&x->crl.lastUpdate, tm); ++ return (0); ++ in = x->crl->lastUpdate; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->crl->lastUpdate); ++ x->crl->lastUpdate = in; ++ } ++ } ++ return (in != NULL); + } + +-int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) ++int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) + { ++ ASN1_TIME *in; ++ + if (x == NULL) +- return 0; +- return x509_set1_time(&x->crl.nextUpdate, tm); ++ return (0); ++ in = x->crl->nextUpdate; ++ if (in != tm) { ++ in = M_ASN1_TIME_dup(tm); ++ if (in != NULL) { ++ M_ASN1_TIME_free(x->crl->nextUpdate); ++ x->crl->nextUpdate = in; ++ } ++ } ++ return (in != NULL); + } + + int X509_CRL_sort(X509_CRL *c) +@@ -54,88 +123,15 @@ int X509_CRL_sort(X509_CRL *c) + /* + * sort the data so it will be written in serial number order + */ +- sk_X509_REVOKED_sort(c->crl.revoked); +- for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) { +- r = sk_X509_REVOKED_value(c->crl.revoked, i); ++ sk_X509_REVOKED_sort(c->crl->revoked); ++ for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { ++ r = sk_X509_REVOKED_value(c->crl->revoked, i); + r->sequence = i; + } +- c->crl.enc.modified = 1; ++ c->crl->enc.modified = 1; + return 1; + } + +-int X509_CRL_up_ref(X509_CRL *crl) +-{ +- int i; +- +- if (CRYPTO_atomic_add(&crl->references, 1, &i, crl->lock) <= 0) +- return 0; +- +- REF_PRINT_COUNT("X509_CRL", crl); +- REF_ASSERT_ISNT(i < 2); +- return ((i > 1) ? 1 : 0); +-} +- +-long X509_CRL_get_version(const X509_CRL *crl) +-{ +- return ASN1_INTEGER_get(crl->crl.version); +-} +- +-const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl) +-{ +- return crl->crl.lastUpdate; +-} +- +-const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) +-{ +- return crl->crl.nextUpdate; +-} +- +-#if OPENSSL_API_COMPAT < 0x10100000L +-ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl) +-{ +- return crl->crl.lastUpdate; +-} +- +-ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl) +-{ +- return crl->crl.nextUpdate; +-} +-#endif +- +-X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl) +-{ +- return crl->crl.issuer; +-} +- +-const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl) +-{ +- return crl->crl.extensions; +-} +- +-STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl) +-{ +- return crl->crl.revoked; +-} +- +-void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, +- const X509_ALGOR **palg) +-{ +- if (psig != NULL) +- *psig = &crl->signature; +- if (palg != NULL) +- *palg = &crl->sig_alg; +-} +- +-int X509_CRL_get_signature_nid(const X509_CRL *crl) +-{ +- return OBJ_obj2nid(crl->sig_alg.algorithm); +-} +- +-const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) +-{ +- return x->revocationDate; +-} +- + int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) + { + ASN1_TIME *in; +@@ -144,39 +140,28 @@ int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) + return (0); + in = x->revocationDate; + if (in != tm) { +- in = ASN1_STRING_dup(tm); ++ in = M_ASN1_TIME_dup(tm); + if (in != NULL) { +- ASN1_TIME_free(x->revocationDate); ++ M_ASN1_TIME_free(x->revocationDate); + x->revocationDate = in; + } + } + return (in != NULL); + } + +-const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +-{ +- return &x->serialNumber; +-} +- + int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) + { + ASN1_INTEGER *in; + + if (x == NULL) + return (0); +- in = &x->serialNumber; +- if (in != serial) +- return ASN1_STRING_copy(in, serial); +- return 1; +-} +- +-const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r) +-{ +- return r->extensions; +-} +- +-int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp) +-{ +- crl->crl.enc.modified = 1; +- return i2d_X509_CRL_INFO(&crl->crl, pp); ++ in = x->serialNumber; ++ if (in != serial) { ++ in = M_ASN1_INTEGER_dup(serial); ++ if (in != NULL) { ++ M_ASN1_INTEGER_free(x->serialNumber); ++ x->serialNumber = in; ++ } ++ } ++ return (in != NULL); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c +index 919d8c1..6ea601f 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509name.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509name.c +@@ -1,20 +1,68 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509name.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + + int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) + { +@@ -26,11 +74,11 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) + return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); + } + +-int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, ++int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, + int len) + { + int i; +- const ASN1_STRING *data; ++ ASN1_STRING *data; + + i = X509_NAME_get_index_by_OBJ(name, obj, -1); + if (i < 0) +@@ -44,7 +92,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf + return (i); + } + +-int X509_NAME_entry_count(const X509_NAME *name) ++int X509_NAME_entry_count(X509_NAME *name) + { + if (name == NULL) + return (0); +@@ -61,8 +109,8 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) + return (X509_NAME_get_index_by_OBJ(name, obj, lastpos)); + } + +-/* NOTE: you should be passing -1, not 0 as lastpos */ +-int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos) ++/* NOTE: you should be passsing -1, not 0 as lastpos */ ++int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos) + { + int n; + X509_NAME_ENTRY *ne; +@@ -82,7 +130,7 @@ int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int last + return (-1); + } + +-X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc) ++X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) + { + if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc + || loc < 0) +@@ -130,8 +178,8 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) + return (ret); + } + +-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, +- const unsigned char *bytes, int len, int loc, ++int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, ++ unsigned char *bytes, int len, int loc, + int set) + { + X509_NAME_ENTRY *ne; +@@ -145,7 +193,7 @@ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type + } + + int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, +- const unsigned char *bytes, int len, int loc, ++ unsigned char *bytes, int len, int loc, + int set) + { + X509_NAME_ENTRY *ne; +@@ -176,7 +224,7 @@ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the + * guy we are about to stomp on. + */ +-int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, ++int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, + int set) + { + X509_NAME_ENTRY *new_name = NULL; +@@ -214,11 +262,7 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, + inc = (set == 0) ? 1 : 0; + } + +- /* +- * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily +- * const'ified; harmless cast as dup() don't modify its input. +- */ +- if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL) ++ if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL) + goto err; + new_name->set = set; + if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { +@@ -232,7 +276,8 @@ int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, + } + return (1); + err: +- X509_NAME_ENTRY_free(new_name); ++ if (new_name != NULL) ++ X509_NAME_ENTRY_free(new_name); + return (0); + } + +@@ -257,8 +302,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + } + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, +- int type, +- const unsigned char *bytes, ++ int type, unsigned char *bytes, + int len) + { + ASN1_OBJECT *obj; +@@ -275,7 +319,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + } + + X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, +- const ASN1_OBJECT *obj, int type, ++ ASN1_OBJECT *obj, int type, + const unsigned char *bytes, + int len) + { +@@ -301,7 +345,7 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + return (NULL); + } + +-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) ++int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) + { + if ((ne == NULL) || (obj == NULL)) { + X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT, +@@ -338,21 +382,16 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + return (1); + } + +-ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) ++ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) + { + if (ne == NULL) + return (NULL); + return (ne->object); + } + +-ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) ++ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) + { + if (ne == NULL) + return (NULL); + return (ne->value); + } +- +-int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) +-{ +- return ne->set; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c +index 6dee297..80e273e 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509rset.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509rset.c +@@ -1,40 +1,85 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509rset.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + + int X509_REQ_set_version(X509_REQ *x, long version) + { + if (x == NULL) + return (0); +- x->req_info.enc.modified = 1; +- return (ASN1_INTEGER_set(x->req_info.version, version)); ++ return (ASN1_INTEGER_set(x->req_info->version, version)); + } + + int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) + { +- if (x == NULL) ++ if ((x == NULL) || (x->req_info == NULL)) + return (0); +- x->req_info.enc.modified = 1; +- return (X509_NAME_set(&x->req_info.subject, name)); ++ return (X509_NAME_set(&x->req_info->subject, name)); + } + + int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) + { +- if (x == NULL) ++ if ((x == NULL) || (x->req_info == NULL)) + return (0); +- x->req_info.enc.modified = 1; +- return (X509_PUBKEY_set(&x->req_info.pubkey, pkey)); ++ return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c +index b142485..5ae5d30 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509spki.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509spki.c +@@ -1,14 +1,64 @@ ++/* x509spki.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + + int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) +@@ -35,7 +85,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len) + NETSCAPE_SPKI *spki; + if (len <= 0) + len = strlen(str); +- if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) { ++ if (!(spki_der = OPENSSL_malloc(len + 1))) { + X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -61,10 +111,10 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) + der_len = i2d_NETSCAPE_SPKI(spki, NULL); + der_spki = OPENSSL_malloc(der_len); + b64_str = OPENSSL_malloc(der_len * 2); +- if (der_spki == NULL || b64_str == NULL) { +- X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); ++ if (!der_spki || !b64_str) { + OPENSSL_free(der_spki); + OPENSSL_free(b64_str); ++ X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); + return NULL; + } + p = der_spki; +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c +index aca8355..9219f75 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509type.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509type.c +@@ -1,35 +1,84 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x509type.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + +-int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) ++int X509_certificate_type(X509 *x, EVP_PKEY *pkey) + { +- const EVP_PKEY *pk; ++ EVP_PKEY *pk; + int ret = 0, i; + + if (x == NULL) + return (0); + + if (pkey == NULL) +- pk = X509_get0_pubkey(x); ++ pk = X509_get_pubkey(x); + else + pk = pkey; + + if (pk == NULL) + return (0); + +- switch (EVP_PKEY_id(pk)) { ++ switch (pk->type) { + case EVP_PKEY_RSA: + ret = EVP_PK_RSA | EVP_PKT_SIGN; + /* if (!sign only extension) */ +@@ -44,16 +93,15 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) + case EVP_PKEY_DH: + ret = EVP_PK_DH | EVP_PKT_EXCH; + break; ++ case NID_id_GostR3410_94: + case NID_id_GostR3410_2001: +- case NID_id_GostR3410_2012_256: +- case NID_id_GostR3410_2012_512: + ret = EVP_PKT_EXCH | EVP_PKT_SIGN; + break; + default: + break; + } + +- i = X509_get_signature_nid(x); ++ i = OBJ_obj2nid(x->sig_alg->algorithm); + if (i && OBJ_find_sigid_algs(i, NULL, &i)) { + + switch (i) { +@@ -73,5 +121,7 @@ int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) + } + } + ++ if (pkey == NULL) ++ EVP_PKEY_free(pk); + return (ret); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c +index 124dd2d..0f26c54 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x_all.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c +@@ -1,113 +1,159 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509/x_all.c */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "internal/x509_int.h" + #include +-#include +-#include +-#include ++#ifndef OPENSSL_NO_RSA ++# include ++#endif ++#ifndef OPENSSL_NO_DSA ++# include ++#endif + + int X509_verify(X509 *a, EVP_PKEY *r) + { +- if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) ++ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; +- return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, +- &a->signature, &a->cert_info, r)); ++ return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg, ++ a->signature, a->cert_info, r)); + } + + int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) + { + return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), +- &a->sig_alg, a->signature, &a->req_info, r)); ++ a->sig_alg, a->signature, a->req_info, r)); + } + + int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) + { + return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), +- &a->sig_algor, a->signature, a->spkac, r)); ++ a->sig_algor, a->signature, a->spkac, r)); + } + + int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) + { +- x->cert_info.enc.modified = 1; +- return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, +- &x->sig_alg, &x->signature, &x->cert_info, pkey, +- md)); ++ x->cert_info->enc.modified = 1; ++ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, ++ x->sig_alg, x->signature, x->cert_info, pkey, md)); + } + + int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) + { +- x->cert_info.enc.modified = 1; ++ x->cert_info->enc.modified = 1; + return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), +- &x->cert_info.signature, +- &x->sig_alg, &x->signature, &x->cert_info, ctx); ++ x->cert_info->signature, ++ x->sig_alg, x->signature, x->cert_info, ctx); + } + +-#ifndef OPENSSL_NO_OCSP + int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert) + { + return OCSP_REQ_CTX_nbio_d2i(rctx, + (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509)); + } +-#endif + + int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) + { +- return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, +- x->signature, &x->req_info, pkey, md)); ++ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL, ++ x->signature, x->req_info, pkey, md)); + } + + int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) + { + return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), +- &x->sig_alg, NULL, x->signature, &x->req_info, ++ x->sig_alg, NULL, x->signature, x->req_info, + ctx); + } + + int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) + { +- x->crl.enc.modified = 1; +- return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, +- &x->sig_alg, &x->signature, &x->crl, pkey, md)); ++ x->crl->enc.modified = 1; ++ return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg, ++ x->sig_alg, x->signature, x->crl, pkey, md)); + } + + int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) + { +- x->crl.enc.modified = 1; ++ x->crl->enc.modified = 1; + return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), +- &x->crl.sig_alg, &x->sig_alg, &x->signature, +- &x->crl, ctx); ++ x->crl->sig_alg, x->sig_alg, x->signature, ++ x->crl, ctx); + } + +-#ifndef OPENSSL_NO_OCSP + int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) + { + return OCSP_REQ_CTX_nbio_d2i(rctx, + (ASN1_VALUE **)pcrl, + ASN1_ITEM_rptr(X509_CRL)); + } +-#endif + + int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) + { +- return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, ++ return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL, + x->signature, x->spkac, pkey, md)); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + X509 *d2i_X509_fp(FILE *fp, X509 **x509) + { + return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); +@@ -129,7 +175,7 @@ int i2d_X509_bio(BIO *bp, X509 *x509) + return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) + { + return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); +@@ -151,7 +197,7 @@ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) + return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) + { + return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); +@@ -173,7 +219,7 @@ int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) + return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) + { + return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); +@@ -197,7 +243,7 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) + + #ifndef OPENSSL_NO_RSA + +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) + { + return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); +@@ -263,7 +309,7 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) + #endif + + #ifndef OPENSSL_NO_DSA +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) + { + return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa); +@@ -308,7 +354,7 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) + #endif + + #ifndef OPENSSL_NO_EC +-# ifndef OPENSSL_NO_STDIO ++# ifndef OPENSSL_NO_FP_API + EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) + { + return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); +@@ -363,13 +409,6 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, + int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) + { +- if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0) { +- /* Asking for SHA1 and we already computed it. */ +- if (len != NULL) +- *len = sizeof(data->sha1_hash); +- memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); +- return 1; +- } + return (ASN1_item_digest + (ASN1_ITEM_rptr(X509), type, (char *)data, md, len)); + } +@@ -377,13 +416,6 @@ int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, + int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, + unsigned char *md, unsigned int *len) + { +- if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0) { +- /* Asking for SHA1; always computed in CRL d2i. */ +- if (len != NULL) +- *len = sizeof(data->sha1_hash); +- memcpy(md, data->sha1_hash, sizeof(data->sha1_hash)); +- return 1; +- } + return (ASN1_item_digest + (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len)); + } +@@ -410,7 +442,7 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + (char *)data, md, len)); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) + { + return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8); +@@ -432,7 +464,7 @@ int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) + return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8); + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf) + { +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_attrib.c b/Cryptlib/OpenSSL/crypto/x509/x_attrib.c +deleted file mode 100644 +index 35f4aee..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_attrib.c ++++ /dev/null +@@ -1,55 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include "x509_lcl.h" +- +-/*- +- * X509_ATTRIBUTE: this has the following form: +- * +- * typedef struct x509_attributes_st +- * { +- * ASN1_OBJECT *object; +- * STACK_OF(ASN1_TYPE) *set; +- * } X509_ATTRIBUTE; +- * +- */ +- +-ASN1_SEQUENCE(X509_ATTRIBUTE) = { +- ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), +- ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY) +-} ASN1_SEQUENCE_END(X509_ATTRIBUTE) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) +-IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) +- +-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) +-{ +- X509_ATTRIBUTE *ret = NULL; +- ASN1_TYPE *val = NULL; +- +- if ((ret = X509_ATTRIBUTE_new()) == NULL) +- return (NULL); +- ret->object = OBJ_nid2obj(nid); +- if ((val = ASN1_TYPE_new()) == NULL) +- goto err; +- if (!sk_ASN1_TYPE_push(ret->set, val)) +- goto err; +- +- ASN1_TYPE_set(val, atrtype, value); +- return (ret); +- err: +- X509_ATTRIBUTE_free(ret); +- ASN1_TYPE_free(val); +- return (NULL); +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_crl.c b/Cryptlib/OpenSSL/crypto/x509/x_crl.c +deleted file mode 100644 +index dbed850..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_crl.c ++++ /dev/null +@@ -1,459 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include "internal/x509_int.h" +-#include +-#include "x509_lcl.h" +- +-static int X509_REVOKED_cmp(const X509_REVOKED *const *a, +- const X509_REVOKED *const *b); +-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); +- +-ASN1_SEQUENCE(X509_REVOKED) = { +- ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER), +- ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), +- ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) +-} ASN1_SEQUENCE_END(X509_REVOKED) +- +-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); +-static int def_crl_lookup(X509_CRL *crl, +- X509_REVOKED **ret, ASN1_INTEGER *serial, +- X509_NAME *issuer); +- +-static X509_CRL_METHOD int_crl_meth = { +- 0, +- 0, 0, +- def_crl_lookup, +- def_crl_verify +-}; +- +-static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; +- +-/* +- * The X509_CRL_INFO structure needs a bit of customisation. Since we cache +- * the original encoding the signature won't be affected by reordering of the +- * revoked field. +- */ +-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, +- void *exarg) +-{ +- X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; +- +- if (!a || !a->revoked) +- return 1; +- switch (operation) { +- /* +- * Just set cmp function here. We don't sort because that would +- * affect the output of X509_CRL_print(). +- */ +- case ASN1_OP_D2I_POST: +- (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); +- break; +- } +- return 1; +-} +- +- +-ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = { +- ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), +- ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR), +- ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), +- ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), +- ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), +- ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), +- ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) +-} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO) +- +-/* +- * Set CRL entry issuer according to CRL certificate issuer extension. Check +- * for unhandled critical CRL entry extensions. +- */ +- +-static int crl_set_issuers(X509_CRL *crl) +-{ +- +- int i, j; +- GENERAL_NAMES *gens, *gtmp; +- STACK_OF(X509_REVOKED) *revoked; +- +- revoked = X509_CRL_get_REVOKED(crl); +- +- gens = NULL; +- for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { +- X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); +- STACK_OF(X509_EXTENSION) *exts; +- ASN1_ENUMERATED *reason; +- X509_EXTENSION *ext; +- gtmp = X509_REVOKED_get_ext_d2i(rev, +- NID_certificate_issuer, &j, NULL); +- if (!gtmp && (j != -1)) { +- crl->flags |= EXFLAG_INVALID; +- return 1; +- } +- +- if (gtmp) { +- gens = gtmp; +- if (!crl->issuers) { +- crl->issuers = sk_GENERAL_NAMES_new_null(); +- if (!crl->issuers) +- return 0; +- } +- if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) +- return 0; +- } +- rev->issuer = gens; +- +- reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL); +- if (!reason && (j != -1)) { +- crl->flags |= EXFLAG_INVALID; +- return 1; +- } +- +- if (reason) { +- rev->reason = ASN1_ENUMERATED_get(reason); +- ASN1_ENUMERATED_free(reason); +- } else +- rev->reason = CRL_REASON_NONE; +- +- /* Check for critical CRL entry extensions */ +- +- exts = rev->extensions; +- +- for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { +- ext = sk_X509_EXTENSION_value(exts, j); +- if (X509_EXTENSION_get_critical(ext)) { +- if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer) +- continue; +- crl->flags |= EXFLAG_CRITICAL; +- break; +- } +- } +- +- } +- +- return 1; +- +-} +- +-/* +- * The X509_CRL structure needs a bit of customisation. Cache some extensions +- * and hash of the whole CRL. +- */ +-static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, +- void *exarg) +-{ +- X509_CRL *crl = (X509_CRL *)*pval; +- STACK_OF(X509_EXTENSION) *exts; +- X509_EXTENSION *ext; +- int idx; +- +- switch (operation) { +- case ASN1_OP_NEW_POST: +- crl->idp = NULL; +- crl->akid = NULL; +- crl->flags = 0; +- crl->idp_flags = 0; +- crl->idp_reasons = CRLDP_ALL_REASONS; +- crl->meth = default_crl_method; +- crl->meth_data = NULL; +- crl->issuers = NULL; +- crl->crl_number = NULL; +- crl->base_crl_number = NULL; +- break; +- +- case ASN1_OP_D2I_POST: +- X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); +- crl->idp = X509_CRL_get_ext_d2i(crl, +- NID_issuing_distribution_point, NULL, +- NULL); +- if (crl->idp) +- setup_idp(crl, crl->idp); +- +- crl->akid = X509_CRL_get_ext_d2i(crl, +- NID_authority_key_identifier, NULL, +- NULL); +- +- crl->crl_number = X509_CRL_get_ext_d2i(crl, +- NID_crl_number, NULL, NULL); +- +- crl->base_crl_number = X509_CRL_get_ext_d2i(crl, +- NID_delta_crl, NULL, +- NULL); +- /* Delta CRLs must have CRL number */ +- if (crl->base_crl_number && !crl->crl_number) +- crl->flags |= EXFLAG_INVALID; +- +- /* +- * See if we have any unhandled critical CRL extensions and indicate +- * this in a flag. We only currently handle IDP so anything else +- * critical sets the flag. This code accesses the X509_CRL structure +- * directly: applications shouldn't do this. +- */ +- +- exts = crl->crl.extensions; +- +- for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { +- int nid; +- ext = sk_X509_EXTENSION_value(exts, idx); +- nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext)); +- if (nid == NID_freshest_crl) +- crl->flags |= EXFLAG_FRESHEST; +- if (X509_EXTENSION_get_critical(ext)) { +- /* We handle IDP and deltas */ +- if ((nid == NID_issuing_distribution_point) +- || (nid == NID_authority_key_identifier) +- || (nid == NID_delta_crl)) +- continue; +- crl->flags |= EXFLAG_CRITICAL; +- break; +- } +- } +- +- if (!crl_set_issuers(crl)) +- return 0; +- +- if (crl->meth->crl_init) { +- if (crl->meth->crl_init(crl) == 0) +- return 0; +- } +- +- crl->flags |= EXFLAG_SET; +- break; +- +- case ASN1_OP_FREE_POST: +- if (crl->meth->crl_free) { +- if (!crl->meth->crl_free(crl)) +- return 0; +- } +- AUTHORITY_KEYID_free(crl->akid); +- ISSUING_DIST_POINT_free(crl->idp); +- ASN1_INTEGER_free(crl->crl_number); +- ASN1_INTEGER_free(crl->base_crl_number); +- sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); +- break; +- } +- return 1; +-} +- +-/* Convert IDP into a more convenient form */ +- +-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) +-{ +- int idp_only = 0; +- /* Set various flags according to IDP */ +- crl->idp_flags |= IDP_PRESENT; +- if (idp->onlyuser > 0) { +- idp_only++; +- crl->idp_flags |= IDP_ONLYUSER; +- } +- if (idp->onlyCA > 0) { +- idp_only++; +- crl->idp_flags |= IDP_ONLYCA; +- } +- if (idp->onlyattr > 0) { +- idp_only++; +- crl->idp_flags |= IDP_ONLYATTR; +- } +- +- if (idp_only > 1) +- crl->idp_flags |= IDP_INVALID; +- +- if (idp->indirectCRL > 0) +- crl->idp_flags |= IDP_INDIRECT; +- +- if (idp->onlysomereasons) { +- crl->idp_flags |= IDP_REASONS; +- if (idp->onlysomereasons->length > 0) +- crl->idp_reasons = idp->onlysomereasons->data[0]; +- if (idp->onlysomereasons->length > 1) +- crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8); +- crl->idp_reasons &= CRLDP_ALL_REASONS; +- } +- +- DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); +-} +- +-ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = { +- ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO), +- ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR), +- ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING) +-} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) +- +-IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) +- +-IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) +- +-static int X509_REVOKED_cmp(const X509_REVOKED *const *a, +- const X509_REVOKED *const *b) +-{ +- return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber, +- (ASN1_STRING *)&(*b)->serialNumber)); +-} +- +-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) +-{ +- X509_CRL_INFO *inf; +- inf = &crl->crl; +- if (inf->revoked == NULL) +- inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); +- if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) { +- ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- inf->enc.modified = 1; +- return 1; +-} +- +-int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) +-{ +- if (crl->meth->crl_verify) +- return crl->meth->crl_verify(crl, r); +- return 0; +-} +- +-int X509_CRL_get0_by_serial(X509_CRL *crl, +- X509_REVOKED **ret, ASN1_INTEGER *serial) +-{ +- if (crl->meth->crl_lookup) +- return crl->meth->crl_lookup(crl, ret, serial, NULL); +- return 0; +-} +- +-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) +-{ +- if (crl->meth->crl_lookup) +- return crl->meth->crl_lookup(crl, ret, +- X509_get_serialNumber(x), +- X509_get_issuer_name(x)); +- return 0; +-} +- +-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r) +-{ +- return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), +- &crl->sig_alg, &crl->signature, &crl->crl, r)); +-} +- +-static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, +- X509_REVOKED *rev) +-{ +- int i; +- +- if (!rev->issuer) { +- if (!nm) +- return 1; +- if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) +- return 1; +- return 0; +- } +- +- if (!nm) +- nm = X509_CRL_get_issuer(crl); +- +- for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { +- GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); +- if (gen->type != GEN_DIRNAME) +- continue; +- if (!X509_NAME_cmp(nm, gen->d.directoryName)) +- return 1; +- } +- return 0; +- +-} +- +-static int def_crl_lookup(X509_CRL *crl, +- X509_REVOKED **ret, ASN1_INTEGER *serial, +- X509_NAME *issuer) +-{ +- X509_REVOKED rtmp, *rev; +- int idx; +- rtmp.serialNumber = *serial; +- /* +- * Sort revoked into serial number order if not already sorted. Do this +- * under a lock to avoid race condition. +- */ +- if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) { +- CRYPTO_THREAD_write_lock(crl->lock); +- sk_X509_REVOKED_sort(crl->crl.revoked); +- CRYPTO_THREAD_unlock(crl->lock); +- } +- idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp); +- if (idx < 0) +- return 0; +- /* Need to look for matching name */ +- for (; idx < sk_X509_REVOKED_num(crl->crl.revoked); idx++) { +- rev = sk_X509_REVOKED_value(crl->crl.revoked, idx); +- if (ASN1_INTEGER_cmp(&rev->serialNumber, serial)) +- return 0; +- if (crl_revoked_issuer_match(crl, issuer, rev)) { +- if (ret) +- *ret = rev; +- if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) +- return 2; +- return 1; +- } +- } +- return 0; +-} +- +-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth) +-{ +- if (meth == NULL) +- default_crl_method = &int_crl_meth; +- else +- default_crl_method = meth; +-} +- +-X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), +- int (*crl_free) (X509_CRL *crl), +- int (*crl_lookup) (X509_CRL *crl, +- X509_REVOKED **ret, +- ASN1_INTEGER *ser, +- X509_NAME *issuer), +- int (*crl_verify) (X509_CRL *crl, +- EVP_PKEY *pk)) +-{ +- X509_CRL_METHOD *m; +- m = OPENSSL_malloc(sizeof(*m)); +- if (m == NULL) +- return NULL; +- m->crl_init = crl_init; +- m->crl_free = crl_free; +- m->crl_lookup = crl_lookup; +- m->crl_verify = crl_verify; +- m->flags = X509_CRL_METHOD_DYNAMIC; +- return m; +-} +- +-void X509_CRL_METHOD_free(X509_CRL_METHOD *m) +-{ +- if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC)) +- return; +- OPENSSL_free(m); +-} +- +-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat) +-{ +- crl->meth_data = dat; +-} +- +-void *X509_CRL_get_meth_data(X509_CRL *crl) +-{ +- return crl->meth_data; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_exten.c b/Cryptlib/OpenSSL/crypto/x509/x_exten.c +deleted file mode 100644 +index f10f4a4..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_exten.c ++++ /dev/null +@@ -1,28 +0,0 @@ +-/* +- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include +-#include +-#include "x509_lcl.h" +- +-ASN1_SEQUENCE(X509_EXTENSION) = { +- ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), +- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), +- ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING) +-} ASN1_SEQUENCE_END(X509_EXTENSION) +- +-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION) +-ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) +-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS) +-IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_name.c b/Cryptlib/OpenSSL/crypto/x509/x_name.c +deleted file mode 100644 +index 97d735f..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_name.c ++++ /dev/null +@@ -1,557 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include "internal/x509_int.h" +-#include "internal/asn1_int.h" +-#include "x509_lcl.h" +- +-/* +- * Maximum length of X509_NAME: much larger than anything we should +- * ever see in practice. +- */ +- +-#define X509_NAME_MAX (1024 * 1024) +- +-static int x509_name_ex_d2i(ASN1_VALUE **val, +- const unsigned char **in, long len, +- const ASN1_ITEM *it, +- int tag, int aclass, char opt, ASN1_TLC *ctx); +- +-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, +- const ASN1_ITEM *it, int tag, int aclass); +-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); +-static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); +- +-static int x509_name_encode(X509_NAME *a); +-static int x509_name_canon(X509_NAME *a); +-static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in); +-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname, +- unsigned char **in); +- +-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, +- int indent, +- const char *fname, const ASN1_PCTX *pctx); +- +-ASN1_SEQUENCE(X509_NAME_ENTRY) = { +- ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), +- ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) +-} ASN1_SEQUENCE_END(X509_NAME_ENTRY) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) +-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) +- +-/* +- * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so +- * declare two template wrappers for this +- */ +- +-ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) +-static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) +- +-ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) +-static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) +- +-/* +- * Normally that's where it would end: we'd have two nested STACK structures +- * representing the ASN1. Unfortunately X509_NAME uses a completely different +- * form and caches encodings so we have to process the internal form and +- * convert to the external form. +- */ +- +-static const ASN1_EXTERN_FUNCS x509_name_ff = { +- NULL, +- x509_name_ex_new, +- x509_name_ex_free, +- 0, /* Default clear behaviour is OK */ +- x509_name_ex_d2i, +- x509_name_ex_i2d, +- x509_name_ex_print +-}; +- +-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) +- +-IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) +- +-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) +-{ +- X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret)); +- +- if (ret == NULL) +- goto memerr; +- if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) +- goto memerr; +- if ((ret->bytes = BUF_MEM_new()) == NULL) +- goto memerr; +- ret->modified = 1; +- *val = (ASN1_VALUE *)ret; +- return 1; +- +- memerr: +- ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE); +- if (ret) { +- sk_X509_NAME_ENTRY_free(ret->entries); +- OPENSSL_free(ret); +- } +- return 0; +-} +- +-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +-{ +- X509_NAME *a; +- +- if (!pval || !*pval) +- return; +- a = (X509_NAME *)*pval; +- +- BUF_MEM_free(a->bytes); +- sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); +- OPENSSL_free(a->canon_enc); +- OPENSSL_free(a); +- *pval = NULL; +-} +- +-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) +-{ +- sk_X509_NAME_ENTRY_free(ne); +-} +- +-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) +-{ +- sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); +-} +- +-static int x509_name_ex_d2i(ASN1_VALUE **val, +- const unsigned char **in, long len, +- const ASN1_ITEM *it, int tag, int aclass, +- char opt, ASN1_TLC *ctx) +-{ +- const unsigned char *p = *in, *q; +- union { +- STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; +- ASN1_VALUE *a; +- } intname = { +- NULL +- }; +- union { +- X509_NAME *x; +- ASN1_VALUE *a; +- } nm = { +- NULL +- }; +- int i, j, ret; +- STACK_OF(X509_NAME_ENTRY) *entries; +- X509_NAME_ENTRY *entry; +- if (len > X509_NAME_MAX) +- len = X509_NAME_MAX; +- q = p; +- +- /* Get internal representation of Name */ +- ret = ASN1_item_ex_d2i(&intname.a, +- &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), +- tag, aclass, opt, ctx); +- +- if (ret <= 0) +- return ret; +- +- if (*val) +- x509_name_ex_free(val, NULL); +- if (!x509_name_ex_new(&nm.a, NULL)) +- goto err; +- /* We've decoded it: now cache encoding */ +- if (!BUF_MEM_grow(nm.x->bytes, p - q)) +- goto err; +- memcpy(nm.x->bytes->data, q, p - q); +- +- /* Convert internal representation to X509_NAME structure */ +- for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { +- entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); +- for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { +- entry = sk_X509_NAME_ENTRY_value(entries, j); +- entry->set = i; +- if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) +- goto err; +- sk_X509_NAME_ENTRY_set(entries, j, NULL); +- } +- } +- ret = x509_name_canon(nm.x); +- if (!ret) +- goto err; +- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, +- local_sk_X509_NAME_ENTRY_free); +- nm.x->modified = 0; +- *val = nm.a; +- *in = p; +- return ret; +- +- err: +- if (nm.x != NULL) +- X509_NAME_free(nm.x); +- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, +- local_sk_X509_NAME_ENTRY_pop_free); +- ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR); +- return 0; +-} +- +-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, +- const ASN1_ITEM *it, int tag, int aclass) +-{ +- int ret; +- X509_NAME *a = (X509_NAME *)*val; +- if (a->modified) { +- ret = x509_name_encode(a); +- if (ret < 0) +- return ret; +- ret = x509_name_canon(a); +- if (ret < 0) +- return ret; +- } +- ret = a->bytes->length; +- if (out != NULL) { +- memcpy(*out, a->bytes->data, ret); +- *out += ret; +- } +- return ret; +-} +- +-static int x509_name_encode(X509_NAME *a) +-{ +- union { +- STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; +- ASN1_VALUE *a; +- } intname = { +- NULL +- }; +- int len; +- unsigned char *p; +- STACK_OF(X509_NAME_ENTRY) *entries = NULL; +- X509_NAME_ENTRY *entry; +- int i, set = -1; +- intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); +- if (!intname.s) +- goto memerr; +- for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { +- entry = sk_X509_NAME_ENTRY_value(a->entries, i); +- if (entry->set != set) { +- entries = sk_X509_NAME_ENTRY_new_null(); +- if (!entries) +- goto memerr; +- if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) { +- sk_X509_NAME_ENTRY_free(entries); +- goto memerr; +- } +- set = entry->set; +- } +- if (!sk_X509_NAME_ENTRY_push(entries, entry)) +- goto memerr; +- } +- len = ASN1_item_ex_i2d(&intname.a, NULL, +- ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); +- if (!BUF_MEM_grow(a->bytes, len)) +- goto memerr; +- p = (unsigned char *)a->bytes->data; +- ASN1_item_ex_i2d(&intname.a, +- &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); +- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, +- local_sk_X509_NAME_ENTRY_free); +- a->modified = 0; +- return len; +- memerr: +- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, +- local_sk_X509_NAME_ENTRY_free); +- ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE); +- return -1; +-} +- +-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, +- int indent, +- const char *fname, const ASN1_PCTX *pctx) +-{ +- if (X509_NAME_print_ex(out, (const X509_NAME *)*pval, +- indent, pctx->nm_flags) <= 0) +- return 0; +- return 2; +-} +- +-/* +- * This function generates the canonical encoding of the Name structure. In +- * it all strings are converted to UTF8, leading, trailing and multiple +- * spaces collapsed, converted to lower case and the leading SEQUENCE header +- * removed. In future we could also normalize the UTF8 too. By doing this +- * comparison of Name structures can be rapidly performed by just using +- * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name +- * constraints of type dirName can also be checked with a simple memcmp(). +- */ +- +-static int x509_name_canon(X509_NAME *a) +-{ +- unsigned char *p; +- STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; +- STACK_OF(X509_NAME_ENTRY) *entries = NULL; +- X509_NAME_ENTRY *entry, *tmpentry = NULL; +- int i, set = -1, ret = 0, len; +- +- OPENSSL_free(a->canon_enc); +- a->canon_enc = NULL; +- /* Special case: empty X509_NAME => null encoding */ +- if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { +- a->canon_enclen = 0; +- return 1; +- } +- intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); +- if (!intname) +- goto err; +- for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { +- entry = sk_X509_NAME_ENTRY_value(a->entries, i); +- if (entry->set != set) { +- entries = sk_X509_NAME_ENTRY_new_null(); +- if (!entries) +- goto err; +- if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) { +- sk_X509_NAME_ENTRY_free(entries); +- goto err; +- } +- set = entry->set; +- } +- tmpentry = X509_NAME_ENTRY_new(); +- if (tmpentry == NULL) +- goto err; +- tmpentry->object = OBJ_dup(entry->object); +- if (tmpentry->object == NULL) +- goto err; +- if (!asn1_string_canon(tmpentry->value, entry->value)) +- goto err; +- if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) +- goto err; +- tmpentry = NULL; +- } +- +- /* Finally generate encoding */ +- +- len = i2d_name_canon(intname, NULL); +- if (len < 0) +- goto err; +- a->canon_enclen = len; +- +- p = OPENSSL_malloc(a->canon_enclen); +- +- if (p == NULL) +- goto err; +- +- a->canon_enc = p; +- +- i2d_name_canon(intname, &p); +- +- ret = 1; +- +- err: +- +- X509_NAME_ENTRY_free(tmpentry); +- sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, +- local_sk_X509_NAME_ENTRY_pop_free); +- return ret; +-} +- +-/* Bitmap of all the types of string that will be canonicalized. */ +- +-#define ASN1_MASK_CANON \ +- (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ +- | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ +- | B_ASN1_VISIBLESTRING) +- +-static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in) +-{ +- unsigned char *to, *from; +- int len, i; +- +- /* If type not in bitmask just copy string across */ +- if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) { +- if (!ASN1_STRING_copy(out, in)) +- return 0; +- return 1; +- } +- +- out->type = V_ASN1_UTF8STRING; +- out->length = ASN1_STRING_to_UTF8(&out->data, in); +- if (out->length == -1) +- return 0; +- +- to = out->data; +- from = to; +- +- len = out->length; +- +- /* +- * Convert string in place to canonical form. Ultimately we may need to +- * handle a wider range of characters but for now ignore anything with +- * MSB set and rely on the isspace() and tolower() functions. +- */ +- +- /* Ignore leading spaces */ +- while ((len > 0) && !(*from & 0x80) && isspace(*from)) { +- from++; +- len--; +- } +- +- to = from + len; +- +- /* Ignore trailing spaces */ +- while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) { +- to--; +- len--; +- } +- +- to = out->data; +- +- i = 0; +- while (i < len) { +- /* If MSB set just copy across */ +- if (*from & 0x80) { +- *to++ = *from++; +- i++; +- } +- /* Collapse multiple spaces */ +- else if (isspace(*from)) { +- /* Copy one space across */ +- *to++ = ' '; +- /* +- * Ignore subsequent spaces. Note: don't need to check len here +- * because we know the last character is a non-space so we can't +- * overflow. +- */ +- do { +- from++; +- i++; +- } +- while (!(*from & 0x80) && isspace(*from)); +- } else { +- *to++ = tolower(*from); +- from++; +- i++; +- } +- } +- +- out->length = to - out->data; +- +- return 1; +- +-} +- +-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname, +- unsigned char **in) +-{ +- int i, len, ltmp; +- ASN1_VALUE *v; +- STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; +- +- len = 0; +- for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { +- v = sk_ASN1_VALUE_value(intname, i); +- ltmp = ASN1_item_ex_i2d(&v, in, +- ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1); +- if (ltmp < 0) +- return ltmp; +- len += ltmp; +- } +- return len; +-} +- +-int X509_NAME_set(X509_NAME **xn, X509_NAME *name) +-{ +- X509_NAME *in; +- +- if (!xn || !name) +- return (0); +- +- if (*xn != name) { +- in = X509_NAME_dup(name); +- if (in != NULL) { +- X509_NAME_free(*xn); +- *xn = in; +- } +- } +- return (*xn != NULL); +-} +- +-int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) +-{ +- char *s, *c, *b; +- int l, i; +- +- l = 80 - 2 - obase; +- +- b = X509_NAME_oneline(name, NULL, 0); +- if (!b) +- return 0; +- if (!*b) { +- OPENSSL_free(b); +- return 1; +- } +- s = b + 1; /* skip the first slash */ +- +- c = s; +- for (;;) { +-#ifndef CHARSET_EBCDIC +- if (((*s == '/') && +- ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') || +- ((s[2] >= 'A') +- && (s[2] <= 'Z') +- && (s[3] == '=')) +- ))) || (*s == '\0')) +-#else +- if (((*s == '/') && +- (isupper(s[1]) && ((s[2] == '=') || +- (isupper(s[2]) && (s[3] == '=')) +- ))) || (*s == '\0')) +-#endif +- { +- i = s - c; +- if (BIO_write(bp, c, i) != i) +- goto err; +- c = s + 1; /* skip following slash */ +- if (*s != '\0') { +- if (BIO_write(bp, ", ", 2) != 2) +- goto err; +- } +- l--; +- } +- if (*s == '\0') +- break; +- s++; +- l--; +- } +- +- OPENSSL_free(b); +- return 1; +- err: +- X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); +- OPENSSL_free(b); +- return 0; +-} +- +-int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, +- size_t *pderlen) +-{ +- /* Make sure encoding is valid */ +- if (i2d_X509_NAME(nm, NULL) <= 0) +- return 0; +- if (pder != NULL) +- *pder = (unsigned char *)nm->bytes->data; +- if (pderlen != NULL) +- *pderlen = nm->bytes->length; +- return 1; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_pubkey.c b/Cryptlib/OpenSSL/crypto/x509/x_pubkey.c +deleted file mode 100644 +index cc69283..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_pubkey.c ++++ /dev/null +@@ -1,374 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include "internal/asn1_int.h" +-#include "internal/evp_int.h" +-#include "internal/x509_int.h" +-#include +-#include +- +-struct X509_pubkey_st { +- X509_ALGOR *algor; +- ASN1_BIT_STRING *public_key; +- EVP_PKEY *pkey; +-}; +- +-static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key); +- +-/* Minor tweak to operation: free up EVP_PKEY */ +-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, +- void *exarg) +-{ +- if (operation == ASN1_OP_FREE_POST) { +- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; +- EVP_PKEY_free(pubkey->pkey); +- } else if (operation == ASN1_OP_D2I_POST) { +- /* Attempt to decode public key and cache in pubkey structure. */ +- X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; +- EVP_PKEY_free(pubkey->pkey); +- /* +- * Opportunistically decode the key but remove any non fatal errors +- * from the queue. Subsequent explicit attempts to decode/use the key +- * will return an appropriate error. +- */ +- ERR_set_mark(); +- if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1) +- return 0; +- ERR_pop_to_mark(); +- } +- return 1; +-} +- +-ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { +- ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), +- ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) +-} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) +- +-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) +-{ +- X509_PUBKEY *pk = NULL; +- +- if (x == NULL) +- return (0); +- +- if ((pk = X509_PUBKEY_new()) == NULL) +- goto error; +- +- if (pkey->ameth) { +- if (pkey->ameth->pub_encode) { +- if (!pkey->ameth->pub_encode(pk, pkey)) { +- X509err(X509_F_X509_PUBKEY_SET, +- X509_R_PUBLIC_KEY_ENCODE_ERROR); +- goto error; +- } +- } else { +- X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED); +- goto error; +- } +- } else { +- X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM); +- goto error; +- } +- +- X509_PUBKEY_free(*x); +- *x = pk; +- pk->pkey = pkey; +- EVP_PKEY_up_ref(pkey); +- return 1; +- +- error: +- X509_PUBKEY_free(pk); +- return 0; +-} +- +-/* +- * Attempt to decode a public key. +- * Returns 1 on success, 0 for a decode failure and -1 for a fatal +- * error e.g. malloc failure. +- */ +- +- +-static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key) +- { +- EVP_PKEY *pkey = EVP_PKEY_new(); +- +- if (pkey == NULL) { +- X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE); +- return -1; +- } +- +- if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) { +- X509err(X509_F_X509_PUBKEY_DECODE, X509_R_UNSUPPORTED_ALGORITHM); +- goto error; +- } +- +- if (pkey->ameth->pub_decode) { +- /* +- * Treat any failure of pub_decode as a decode error. In +- * future we could have different return codes for decode +- * errors and fatal errors such as malloc failure. +- */ +- if (!pkey->ameth->pub_decode(pkey, key)) { +- X509err(X509_F_X509_PUBKEY_DECODE, X509_R_PUBLIC_KEY_DECODE_ERROR); +- goto error; +- } +- } else { +- X509err(X509_F_X509_PUBKEY_DECODE, X509_R_METHOD_NOT_SUPPORTED); +- goto error; +- } +- +- *ppkey = pkey; +- return 1; +- +- error: +- EVP_PKEY_free(pkey); +- return 0; +-} +- +-EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key) +-{ +- EVP_PKEY *ret = NULL; +- +- if (key == NULL || key->public_key == NULL) +- return NULL; +- +- if (key->pkey != NULL) +- return key->pkey; +- +- /* +- * When the key ASN.1 is initially parsed an attempt is made to +- * decode the public key and cache the EVP_PKEY structure. If this +- * operation fails the cached value will be NULL. Parsing continues +- * to allow parsing of unknown key types or unsupported forms. +- * We repeat the decode operation so the appropriate errors are left +- * in the queue. +- */ +- x509_pubkey_decode(&ret, key); +- /* If decode doesn't fail something bad happened */ +- if (ret != NULL) { +- X509err(X509_F_X509_PUBKEY_GET0, ERR_R_INTERNAL_ERROR); +- EVP_PKEY_free(ret); +- } +- +- return NULL; +-} +- +-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) +-{ +- EVP_PKEY *ret = X509_PUBKEY_get0(key); +- if (ret != NULL) +- EVP_PKEY_up_ref(ret); +- return ret; +-} +- +-/* +- * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or +- * decode as X509_PUBKEY +- */ +- +-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) +-{ +- X509_PUBKEY *xpk; +- EVP_PKEY *pktmp; +- const unsigned char *q; +- q = *pp; +- xpk = d2i_X509_PUBKEY(NULL, &q, length); +- if (!xpk) +- return NULL; +- pktmp = X509_PUBKEY_get(xpk); +- X509_PUBKEY_free(xpk); +- if (!pktmp) +- return NULL; +- *pp = q; +- if (a) { +- EVP_PKEY_free(*a); +- *a = pktmp; +- } +- return pktmp; +-} +- +-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) +-{ +- X509_PUBKEY *xpk = NULL; +- int ret; +- if (!a) +- return 0; +- if (!X509_PUBKEY_set(&xpk, a)) +- return 0; +- ret = i2d_X509_PUBKEY(xpk, pp); +- X509_PUBKEY_free(xpk); +- return ret; +-} +- +-/* +- * The following are equivalents but which return RSA and DSA keys +- */ +-#ifndef OPENSSL_NO_RSA +-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) +-{ +- EVP_PKEY *pkey; +- RSA *key; +- const unsigned char *q; +- q = *pp; +- pkey = d2i_PUBKEY(NULL, &q, length); +- if (!pkey) +- return NULL; +- key = EVP_PKEY_get1_RSA(pkey); +- EVP_PKEY_free(pkey); +- if (!key) +- return NULL; +- *pp = q; +- if (a) { +- RSA_free(*a); +- *a = key; +- } +- return key; +-} +- +-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) +-{ +- EVP_PKEY *pktmp; +- int ret; +- if (!a) +- return 0; +- pktmp = EVP_PKEY_new(); +- if (pktmp == NULL) { +- ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- EVP_PKEY_set1_RSA(pktmp, a); +- ret = i2d_PUBKEY(pktmp, pp); +- EVP_PKEY_free(pktmp); +- return ret; +-} +-#endif +- +-#ifndef OPENSSL_NO_DSA +-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) +-{ +- EVP_PKEY *pkey; +- DSA *key; +- const unsigned char *q; +- q = *pp; +- pkey = d2i_PUBKEY(NULL, &q, length); +- if (!pkey) +- return NULL; +- key = EVP_PKEY_get1_DSA(pkey); +- EVP_PKEY_free(pkey); +- if (!key) +- return NULL; +- *pp = q; +- if (a) { +- DSA_free(*a); +- *a = key; +- } +- return key; +-} +- +-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) +-{ +- EVP_PKEY *pktmp; +- int ret; +- if (!a) +- return 0; +- pktmp = EVP_PKEY_new(); +- if (pktmp == NULL) { +- ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); +- return 0; +- } +- EVP_PKEY_set1_DSA(pktmp, a); +- ret = i2d_PUBKEY(pktmp, pp); +- EVP_PKEY_free(pktmp); +- return ret; +-} +-#endif +- +-#ifndef OPENSSL_NO_EC +-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) +-{ +- EVP_PKEY *pkey; +- EC_KEY *key; +- const unsigned char *q; +- q = *pp; +- pkey = d2i_PUBKEY(NULL, &q, length); +- if (!pkey) +- return (NULL); +- key = EVP_PKEY_get1_EC_KEY(pkey); +- EVP_PKEY_free(pkey); +- if (!key) +- return (NULL); +- *pp = q; +- if (a) { +- EC_KEY_free(*a); +- *a = key; +- } +- return (key); +-} +- +-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) +-{ +- EVP_PKEY *pktmp; +- int ret; +- if (!a) +- return (0); +- if ((pktmp = EVP_PKEY_new()) == NULL) { +- ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE); +- return (0); +- } +- EVP_PKEY_set1_EC_KEY(pktmp, a); +- ret = i2d_PUBKEY(pktmp, pp); +- EVP_PKEY_free(pktmp); +- return (ret); +-} +-#endif +- +-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, +- int ptype, void *pval, +- unsigned char *penc, int penclen) +-{ +- if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) +- return 0; +- if (penc) { +- OPENSSL_free(pub->public_key->data); +- pub->public_key->data = penc; +- pub->public_key->length = penclen; +- /* Set number of unused bits to zero */ +- pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); +- pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; +- } +- return 1; +-} +- +-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, +- const unsigned char **pk, int *ppklen, +- X509_ALGOR **pa, X509_PUBKEY *pub) +-{ +- if (ppkalg) +- *ppkalg = pub->algor->algorithm; +- if (pk) { +- *pk = pub->public_key->data; +- *ppklen = pub->public_key->length; +- } +- if (pa) +- *pa = pub->algor; +- return 1; +-} +- +-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) +-{ +- if (x == NULL) +- return NULL; +- return x->cert_info.key->public_key; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_req.c b/Cryptlib/OpenSSL/crypto/x509/x_req.c +deleted file mode 100644 +index c2da95a..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_req.c ++++ /dev/null +@@ -1,68 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include "internal/x509_int.h" +- +-/*- +- * X509_REQ_INFO is handled in an unusual way to get round +- * invalid encodings. Some broken certificate requests don't +- * encode the attributes field if it is empty. This is in +- * violation of PKCS#10 but we need to tolerate it. We do +- * this by making the attributes field OPTIONAL then using +- * the callback to initialise it to an empty STACK. +- * +- * This means that the field will be correctly encoded unless +- * we NULL out the field. +- * +- * As a result we no longer need the req_kludge field because +- * the information is now contained in the attributes field: +- * 1. If it is NULL then it's the invalid omission. +- * 2. If it is empty it is the correct encoding. +- * 3. If it is not empty then some attributes are present. +- * +- */ +- +-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, +- void *exarg) +-{ +- X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; +- +- if (operation == ASN1_OP_NEW_POST) { +- rinf->attributes = sk_X509_ATTRIBUTE_new_null(); +- if (!rinf->attributes) +- return 0; +- } +- return 1; +-} +- +-ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { +- ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), +- ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), +- ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), +- /* This isn't really OPTIONAL but it gets round invalid +- * encodings +- */ +- ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) +-} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) +- +-ASN1_SEQUENCE_ref(X509_REQ, 0) = { +- ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO), +- ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR), +- ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) +-} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) +- +-IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_x509.c b/Cryptlib/OpenSSL/crypto/x509/x_x509.c +deleted file mode 100644 +index 6783fd8..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_x509.c ++++ /dev/null +@@ -1,224 +0,0 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include +-#include "internal/x509_int.h" +- +-ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = { +- ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), +- ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER), +- ASN1_EMBED(X509_CINF, signature, X509_ALGOR), +- ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), +- ASN1_EMBED(X509_CINF, validity, X509_VAL), +- ASN1_SIMPLE(X509_CINF, subject, X509_NAME), +- ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), +- ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), +- ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), +- ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) +-} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) +-/* X509 top level structure needs a bit of customisation */ +- +-extern void policy_cache_free(X509_POLICY_CACHE *cache); +- +-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, +- void *exarg) +-{ +- X509 *ret = (X509 *)*pval; +- +- switch (operation) { +- +- case ASN1_OP_NEW_POST: +- ret->ex_flags = 0; +- ret->ex_pathlen = -1; +- ret->ex_pcpathlen = -1; +- ret->skid = NULL; +- ret->akid = NULL; +-#ifndef OPENSSL_NO_RFC3779 +- ret->rfc3779_addr = NULL; +- ret->rfc3779_asid = NULL; +-#endif +- ret->aux = NULL; +- ret->crldp = NULL; +- if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data)) +- return 0; +- break; +- +- case ASN1_OP_FREE_POST: +- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); +- X509_CERT_AUX_free(ret->aux); +- ASN1_OCTET_STRING_free(ret->skid); +- AUTHORITY_KEYID_free(ret->akid); +- CRL_DIST_POINTS_free(ret->crldp); +- policy_cache_free(ret->policy_cache); +- GENERAL_NAMES_free(ret->altname); +- NAME_CONSTRAINTS_free(ret->nc); +-#ifndef OPENSSL_NO_RFC3779 +- sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); +- ASIdentifiers_free(ret->rfc3779_asid); +-#endif +- break; +- +- } +- +- return 1; +- +-} +- +-ASN1_SEQUENCE_ref(X509, x509_cb) = { +- ASN1_EMBED(X509, cert_info, X509_CINF), +- ASN1_EMBED(X509, sig_alg, X509_ALGOR), +- ASN1_EMBED(X509, signature, ASN1_BIT_STRING) +-} ASN1_SEQUENCE_END_ref(X509, X509) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509) +- +-IMPLEMENT_ASN1_DUP_FUNCTION(X509) +- +-int X509_set_ex_data(X509 *r, int idx, void *arg) +-{ +- return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); +-} +- +-void *X509_get_ex_data(X509 *r, int idx) +-{ +- return (CRYPTO_get_ex_data(&r->ex_data, idx)); +-} +- +-/* +- * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with +- * extra info tagged on the end. Since these functions set how a certificate +- * is trusted they should only be used when the certificate comes from a +- * reliable source such as local storage. +- */ +- +-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) +-{ +- const unsigned char *q; +- X509 *ret; +- int freeret = 0; +- +- /* Save start position */ +- q = *pp; +- +- if (a == NULL || *a == NULL) +- freeret = 1; +- ret = d2i_X509(a, &q, length); +- /* If certificate unreadable then forget it */ +- if (ret == NULL) +- return NULL; +- /* update length */ +- length -= q - *pp; +- if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length)) +- goto err; +- *pp = q; +- return ret; +- err: +- if (freeret) { +- X509_free(ret); +- if (a) +- *a = NULL; +- } +- return NULL; +-} +- +-/* +- * Serialize trusted certificate to *pp or just return the required buffer +- * length if pp == NULL. We ultimately want to avoid modifying *pp in the +- * error path, but that depends on similar hygiene in lower-level functions. +- * Here we avoid compounding the problem. +- */ +-static int i2d_x509_aux_internal(X509 *a, unsigned char **pp) +-{ +- int length, tmplen; +- unsigned char *start = pp != NULL ? *pp : NULL; +- +- OPENSSL_assert(pp == NULL || *pp != NULL); +- +- /* +- * This might perturb *pp on error, but fixing that belongs in i2d_X509() +- * not here. It should be that if a == NULL length is zero, but we check +- * both just in case. +- */ +- length = i2d_X509(a, pp); +- if (length <= 0 || a == NULL) +- return length; +- +- tmplen = i2d_X509_CERT_AUX(a->aux, pp); +- if (tmplen < 0) { +- if (start != NULL) +- *pp = start; +- return tmplen; +- } +- length += tmplen; +- +- return length; +-} +- +-/* +- * Serialize trusted certificate to *pp, or just return the required buffer +- * length if pp == NULL. +- * +- * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since +- * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do +- * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the +- * allocated buffer. +- */ +-int i2d_X509_AUX(X509 *a, unsigned char **pp) +-{ +- int length; +- unsigned char *tmp; +- +- /* Buffer provided by caller */ +- if (pp == NULL || *pp != NULL) +- return i2d_x509_aux_internal(a, pp); +- +- /* Obtain the combined length */ +- if ((length = i2d_x509_aux_internal(a, NULL)) <= 0) +- return length; +- +- /* Allocate requisite combined storage */ +- *pp = tmp = OPENSSL_malloc(length); +- if (tmp == NULL) +- return -1; /* Push error onto error stack? */ +- +- /* Encode, but keep *pp at the originally malloced pointer */ +- length = i2d_x509_aux_internal(a, &tmp); +- if (length <= 0) { +- OPENSSL_free(*pp); +- *pp = NULL; +- } +- return length; +-} +- +-int i2d_re_X509_tbs(X509 *x, unsigned char **pp) +-{ +- x->cert_info.enc.modified = 1; +- return i2d_X509_CINF(&x->cert_info, pp); +-} +- +-void X509_get0_signature(const ASN1_BIT_STRING **psig, +- const X509_ALGOR **palg, const X509 *x) +-{ +- if (psig) +- *psig = &x->signature; +- if (palg) +- *palg = &x->sig_alg; +-} +- +-int X509_get_signature_nid(const X509 *x) +-{ +- return OBJ_obj2nid(x->sig_alg.algorithm); +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509/x_x509a.c b/Cryptlib/OpenSSL/crypto/x509/x_x509a.c +deleted file mode 100644 +index 8c9ad71..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509/x_x509a.c ++++ /dev/null +@@ -1,169 +0,0 @@ +-/* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include +-#include +-#include +-#include "internal/x509_int.h" +- +-/* +- * X509_CERT_AUX routines. These are used to encode additional user +- * modifiable data about a certificate. This data is appended to the X509 +- * encoding when the *_X509_AUX routines are used. This means that the +- * "traditional" X509 routines will simply ignore the extra data. +- */ +- +-static X509_CERT_AUX *aux_get(X509 *x); +- +-ASN1_SEQUENCE(X509_CERT_AUX) = { +- ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), +- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), +- ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), +- ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), +- ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) +-} ASN1_SEQUENCE_END(X509_CERT_AUX) +- +-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) +- +-int X509_trusted(const X509 *x) +-{ +- return x->aux ? 1 : 0; +-} +- +-static X509_CERT_AUX *aux_get(X509 *x) +-{ +- if (x == NULL) +- return NULL; +- if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL) +- return NULL; +- return x->aux; +-} +- +-int X509_alias_set1(X509 *x, const unsigned char *name, int len) +-{ +- X509_CERT_AUX *aux; +- if (!name) { +- if (!x || !x->aux || !x->aux->alias) +- return 1; +- ASN1_UTF8STRING_free(x->aux->alias); +- x->aux->alias = NULL; +- return 1; +- } +- if ((aux = aux_get(x)) == NULL) +- return 0; +- if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL) +- return 0; +- return ASN1_STRING_set(aux->alias, name, len); +-} +- +-int X509_keyid_set1(X509 *x, const unsigned char *id, int len) +-{ +- X509_CERT_AUX *aux; +- if (!id) { +- if (!x || !x->aux || !x->aux->keyid) +- return 1; +- ASN1_OCTET_STRING_free(x->aux->keyid); +- x->aux->keyid = NULL; +- return 1; +- } +- if ((aux = aux_get(x)) == NULL) +- return 0; +- if (aux->keyid == NULL +- && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL) +- return 0; +- return ASN1_STRING_set(aux->keyid, id, len); +-} +- +-unsigned char *X509_alias_get0(X509 *x, int *len) +-{ +- if (!x->aux || !x->aux->alias) +- return NULL; +- if (len) +- *len = x->aux->alias->length; +- return x->aux->alias->data; +-} +- +-unsigned char *X509_keyid_get0(X509 *x, int *len) +-{ +- if (!x->aux || !x->aux->keyid) +- return NULL; +- if (len) +- *len = x->aux->keyid->length; +- return x->aux->keyid->data; +-} +- +-int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) +-{ +- X509_CERT_AUX *aux; +- ASN1_OBJECT *objtmp = NULL; +- if (obj) { +- objtmp = OBJ_dup(obj); +- if (!objtmp) +- return 0; +- } +- if ((aux = aux_get(x)) == NULL) +- goto err; +- if (aux->trust == NULL +- && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) +- goto err; +- if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) +- return 1; +- err: +- ASN1_OBJECT_free(objtmp); +- return 0; +-} +- +-int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) +-{ +- X509_CERT_AUX *aux; +- ASN1_OBJECT *objtmp; +- if ((objtmp = OBJ_dup(obj)) == NULL) +- return 0; +- if ((aux = aux_get(x)) == NULL) +- goto err; +- if (aux->reject == NULL +- && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL) +- goto err; +- return sk_ASN1_OBJECT_push(aux->reject, objtmp); +- err: +- ASN1_OBJECT_free(objtmp); +- return 0; +-} +- +-void X509_trust_clear(X509 *x) +-{ +- if (x->aux) { +- sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); +- x->aux->trust = NULL; +- } +-} +- +-void X509_reject_clear(X509 *x) +-{ +- if (x->aux) { +- sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); +- x->aux->reject = NULL; +- } +-} +- +-STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x) +-{ +- if (x->aux != NULL) +- return x->aux->trust; +- return NULL; +-} +- +-STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x) +-{ +- if (x->aux != NULL) +- return x->aux->reject; +- return NULL; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h +index c9ede96..09ebbca 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h ++++ b/Cryptlib/OpenSSL/crypto/x509v3/ext_dat.h +@@ -1,24 +1,138 @@ ++/* ext_dat.h */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ ++/* This file contains a table of "standard" extensions */ ++ ++extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; ++extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; ++extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; ++extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; ++extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; ++extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; ++extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; ++extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; ++extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; ++extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; ++extern X509V3_EXT_METHOD v3_addr, v3_asid; ++extern X509V3_EXT_METHOD v3_ct_scts[]; ++ ++/* ++ * This table will be searched using OBJ_bsearch so it *must* kept in order ++ * of the ext_nid values. ++ */ ++ ++static const X509V3_EXT_METHOD *standard_exts[] = { ++ &v3_nscert, ++ &v3_ns_ia5_list[0], ++ &v3_ns_ia5_list[1], ++ &v3_ns_ia5_list[2], ++ &v3_ns_ia5_list[3], ++ &v3_ns_ia5_list[4], ++ &v3_ns_ia5_list[5], ++ &v3_ns_ia5_list[6], ++ &v3_skey_id, ++ &v3_key_usage, ++ &v3_pkey_usage_period, ++ &v3_alt[0], ++ &v3_alt[1], ++ &v3_bcons, ++ &v3_crl_num, ++ &v3_cpols, ++ &v3_akey_id, ++ &v3_crld, ++ &v3_ext_ku, ++ &v3_delta_crl, ++ &v3_crl_reason, ++#ifndef OPENSSL_NO_OCSP ++ &v3_crl_invdate, ++#endif ++ &v3_sxnet, ++ &v3_info, ++#ifndef OPENSSL_NO_RFC3779 ++ &v3_addr, ++ &v3_asid, ++#endif ++#ifndef OPENSSL_NO_OCSP ++ &v3_ocsp_nonce, ++ &v3_ocsp_crlid, ++ &v3_ocsp_accresp, ++ &v3_ocsp_nocheck, ++ &v3_ocsp_acutoff, ++ &v3_ocsp_serviceloc, ++#endif ++ &v3_sinfo, ++ &v3_policy_constraints, ++#ifndef OPENSSL_NO_OCSP ++ &v3_crl_hold, ++#endif ++ &v3_pci, ++ &v3_name_constraints, ++ &v3_policy_mappings, ++ &v3_inhibit_anyp, ++ &v3_idp, ++ &v3_alt[2], ++ &v3_freshest_crl, ++#ifndef OPENSSL_NO_SCT ++ &v3_ct_scts[0], ++ &v3_ct_scts[1], ++#endif ++}; + +-int name_cmp(const char *name, const char *cmp); ++/* Number of standard extensions */ + +-extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; +-extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; +-extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id; +-extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; +-extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; +-extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; +-extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; +-extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci; +-extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +-extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; +-extern const X509V3_EXT_METHOD v3_addr, v3_asid; +-extern const X509V3_EXT_METHOD v3_ct_scts[3]; +-extern const X509V3_EXT_METHOD v3_tls_feature; ++#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +index a9ee30a..c8f41f2 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c +@@ -1,16 +1,65 @@ ++/* pcy_cache.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + + #include "pcy_int.h" + +@@ -34,12 +83,12 @@ static int policy_cache_create(X509 *x, + if (sk_POLICYINFO_num(policies) == 0) + goto bad_policy; + cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); +- if (cache->data == NULL) ++ if (!cache->data) + goto bad_policy; + for (i = 0; i < sk_POLICYINFO_num(policies); i++) { + policy = sk_POLICYINFO_value(policies, i); + data = policy_data_new(policy, NULL, crit); +- if (data == NULL) ++ if (!data) + goto bad_policy; + /* + * Duplicate policy OIDs are illegal: reject if matches found. +@@ -61,7 +110,8 @@ static int policy_cache_create(X509 *x, + bad_policy: + if (ret == -1) + x->ex_flags |= EXFLAG_INVALID_POLICY; +- policy_data_free(data); ++ if (data) ++ policy_data_free(data); + sk_POLICYINFO_pop_free(policies, POLICYINFO_free); + if (ret <= 0) { + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); +@@ -78,11 +128,8 @@ static int policy_cache_new(X509 *x) + CERTIFICATEPOLICIES *ext_cpols = NULL; + POLICY_MAPPINGS *ext_pmaps = NULL; + int i; +- +- if (x->policy_cache != NULL) +- return 1; +- cache = OPENSSL_malloc(sizeof(*cache)); +- if (cache == NULL) ++ cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); ++ if (!cache) + return 0; + cache->anyPolicy = NULL; + cache->data = NULL; +@@ -153,14 +200,18 @@ static int policy_cache_new(X509 *x) + goto bad_cache; + } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) + goto bad_cache; +- goto just_cleanup; + ++ if (0) { + bad_cache: +- x->ex_flags |= EXFLAG_INVALID_POLICY; ++ x->ex_flags |= EXFLAG_INVALID_POLICY; ++ } ++ ++ if (ext_pcons) ++ POLICY_CONSTRAINTS_free(ext_pcons); ++ ++ if (ext_any) ++ ASN1_INTEGER_free(ext_any); + +- just_cleanup: +- POLICY_CONSTRAINTS_free(ext_pcons); +- ASN1_INTEGER_free(ext_any); + return 1; + + } +@@ -169,8 +220,10 @@ void policy_cache_free(X509_POLICY_CACHE *cache) + { + if (!cache) + return; +- policy_data_free(cache->anyPolicy); +- sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); ++ if (cache->anyPolicy) ++ policy_data_free(cache->anyPolicy); ++ if (cache->data) ++ sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + OPENSSL_free(cache); + } + +@@ -178,9 +231,9 @@ const X509_POLICY_CACHE *policy_cache_set(X509 *x) + { + + if (x->policy_cache == NULL) { +- CRYPTO_THREAD_write_lock(x->lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509); + policy_cache_new(x); +- CRYPTO_THREAD_unlock(x->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + + return x->policy_cache; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +index cf1d635..90e9970 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c +@@ -1,13 +1,63 @@ ++/* pcy_data.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -17,8 +67,6 @@ + + void policy_data_free(X509_POLICY_DATA *data) + { +- if (!data) +- return; + ASN1_OBJECT_free(data->valid_policy); + /* Don't free qualifiers if shared */ + if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) +@@ -28,9 +76,9 @@ void policy_data_free(X509_POLICY_DATA *data) + } + + /* +- * Create a data based on an existing policy. If 'id' is NULL use the OID in ++ * Create a data based on an existing policy. If 'id' is NULL use the oid in + * the policy, otherwise use 'id'. This behaviour covers the two types of +- * data in RFC3280: data with from a CertificatePolicies extension and ++ * data in RFC3280: data with from a CertificatePolcies extension and + * additional data with just the qualifiers of anyPolicy and ID from another + * source. + */ +@@ -48,18 +96,21 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, + return NULL; + } else + id = NULL; +- ret = OPENSSL_zalloc(sizeof(*ret)); +- if (ret == NULL) ++ ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); ++ if (!ret) + return NULL; + ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); +- if (ret->expected_policy_set == NULL) { ++ if (!ret->expected_policy_set) { + OPENSSL_free(ret); +- ASN1_OBJECT_free(id); ++ if (id) ++ ASN1_OBJECT_free(id); + return NULL; + } + + if (crit) + ret->flags = POLICY_DATA_FLAG_CRITICAL; ++ else ++ ret->flags = 0; + + if (id) + ret->valid_policy = id; +@@ -71,7 +122,8 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, + if (policy) { + ret->qualifier_set = policy->qualifiers; + policy->qualifiers = NULL; +- } ++ } else ++ ret->qualifier_set = NULL; + + return ret; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h +index 5daf78d..b5075f9 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_int.h +@@ -1,15 +1,65 @@ ++/* pcy_int.h */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; + +-DEFINE_STACK_OF(X509_POLICY_DATA) ++DECLARE_STACK_OF(X509_POLICY_DATA) + + /* Internal structures */ + +@@ -119,7 +169,7 @@ struct X509_POLICY_TREE_st { + * required. + */ + STACK_OF(X509_POLICY_DATA) *extra_data; +- /* This is the authority constrained policy set */ ++ /* This is the authority constained policy set */ + STACK_OF(X509_POLICY_NODE) *auth_policies; + STACK_OF(X509_POLICY_NODE) *user_policies; + unsigned int flags; +@@ -157,7 +207,7 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + const ASN1_OBJECT *id); + + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, +- X509_POLICY_DATA *data, ++ const X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree); + void policy_node_free(X509_POLICY_NODE *node); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +index 67f7eaf..dbb2983 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c +@@ -1,13 +1,63 @@ ++/* pcy_lib.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -90,6 +140,15 @@ const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node) + return node->data->valid_policy; + } + ++#if 0 ++int X509_policy_node_get_critical(const X509_POLICY_NODE *node) ++{ ++ if (node_critical(node)) ++ return 1; ++ return 0; ++} ++#endif ++ + STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const + X509_POLICY_NODE + *node) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +index ab9dd21..b99eb91 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c +@@ -1,16 +1,65 @@ ++/* pcy_map.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + + #include "pcy_int.h" + +@@ -42,15 +91,15 @@ int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + /* Attempt to find matching policy data */ + data = policy_cache_find_data(cache, map->issuerDomainPolicy); + /* If we don't have anyPolicy can't map */ +- if (data == NULL && !cache->anyPolicy) ++ if (!data && !cache->anyPolicy) + continue; + + /* Create a NODE from anyPolicy */ +- if (data == NULL) { ++ if (!data) { + data = policy_data_new(NULL, map->issuerDomainPolicy, + cache->anyPolicy->flags + & POLICY_DATA_FLAG_CRITICAL); +- if (data == NULL) ++ if (!data) + goto bad_mapping; + data->qualifier_set = cache->anyPolicy->qualifier_set; + /* +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +index 80443bf..d6c9176 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c +@@ -1,10 +1,60 @@ ++/* pcy_node.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +@@ -59,17 +109,17 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + } + + X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, +- X509_POLICY_DATA *data, ++ const X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree) + { + X509_POLICY_NODE *node; +- +- node = OPENSSL_zalloc(sizeof(*node)); +- if (node == NULL) ++ node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); ++ if (!node) + return NULL; + node->data = data; + node->parent = parent; ++ node->nchild = 0; + if (level) { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) +@@ -77,9 +127,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + level->anyPolicy = node; + } else { + +- if (level->nodes == NULL) ++ if (!level->nodes) + level->nodes = policy_node_cmp_new(); +- if (level->nodes == NULL) ++ if (!level->nodes) + goto node_error; + if (!sk_X509_POLICY_NODE_push(level->nodes, node)) + goto node_error; +@@ -87,9 +137,9 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + } + + if (tree) { +- if (tree->extra_data == NULL) ++ if (!tree->extra_data) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); +- if (tree->extra_data == NULL) ++ if (!tree->extra_data) + goto node_error; + if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) + goto node_error; +@@ -102,7 +152,8 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, + + node_error: + policy_node_free(node); +- return NULL; ++ return 0; ++ + } + + void policy_node_free(X509_POLICY_NODE *node) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +index 9f9246b..09b8691 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c +@@ -1,13 +1,63 @@ ++/* pcy_tree.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2004. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -48,26 +98,22 @@ static void expected_print(BIO *err, X509_POLICY_LEVEL *lev, + static void tree_print(char *str, X509_POLICY_TREE *tree, + X509_POLICY_LEVEL *curr) + { +- BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE); + X509_POLICY_LEVEL *plev; +- +- if (err == NULL) +- return; ++ X509_POLICY_NODE *node; ++ int i; ++ BIO *err; ++ err = BIO_new_fp(stderr, BIO_NOCLOSE); + if (!curr) + curr = tree->levels + tree->nlevel; + else + curr++; +- + BIO_printf(err, "Level print after %s\n", str); + BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); + for (plev = tree->levels; plev != curr; plev++) { +- int i; +- + BIO_printf(err, "Level %ld, flags = %x\n", +- (long)(plev - tree->levels), plev->flags); ++ plev - tree->levels, plev->flags); + for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { +- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i); +- ++ node = sk_X509_POLICY_NODE_value(plev->nodes, i); + X509_POLICY_NODE_print(err, node, 2); + expected_print(err, plev, node, 2); + BIO_printf(err, " Flags: %x\n", node->data->flags); +@@ -75,17 +121,26 @@ static void tree_print(char *str, X509_POLICY_TREE *tree, + if (plev->anyPolicy) + X509_POLICY_NODE_print(err, plev->anyPolicy, 2); + } ++ + BIO_free(err); ++ + } ++#else ++ ++# define tree_print(a,b,c) /* */ ++ + #endif + + /*- +- * Return value: <= 0 on error, or positive bit mask: +- * +- * X509_PCY_TREE_VALID: valid tree +- * X509_PCY_TREE_EMPTY: empty tree (including bare TA case) +- * X509_PCY_TREE_EXPLICIT: explicit policy required ++ * Initialize policy tree. Return values: ++ * 0 Some internal error occurred. ++ * -1 Inconsistent or invalid extensions in certificates. ++ * 1 Tree initialized OK. ++ * 2 Policy tree is empty. ++ * 5 Tree OK and requireExplicitPolicy true. ++ * 6 Tree empty and requireExplicitPolicy true. + */ ++ + static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + unsigned int flags) + { +@@ -93,112 +148,114 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + X509_POLICY_LEVEL *level; + const X509_POLICY_CACHE *cache; + X509_POLICY_DATA *data = NULL; +- int ret = X509_PCY_TREE_VALID; +- int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */ +- int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1; +- int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1; +- int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1; +- int i; +- ++ X509 *x; ++ int ret = 1; ++ int i, n; ++ int explicit_policy; ++ int any_skip; ++ int map_skip; + *ptree = NULL; ++ n = sk_X509_num(certs); + +- /* Can't do anything with just a trust anchor */ +- if (n == 0) +- return X509_PCY_TREE_EMPTY; ++#if 0 ++ /* Disable policy mapping for now... */ ++ flags |= X509_V_FLAG_INHIBIT_MAP; ++#endif + +- /* +- * First setup the policy cache in all n non-TA certificates, this will be +- * used in X509_verify_cert() which will invoke the verify callback for all +- * certificates with invalid policy extensions. +- */ +- for (i = n - 1; i >= 0; i--) { +- X509 *x = sk_X509_value(certs, i); ++ if (flags & X509_V_FLAG_EXPLICIT_POLICY) ++ explicit_policy = 0; ++ else ++ explicit_policy = n + 1; + +- /* Call for side-effect of computing hash and caching extensions */ +- X509_check_purpose(x, -1, 0); ++ if (flags & X509_V_FLAG_INHIBIT_ANY) ++ any_skip = 0; ++ else ++ any_skip = n + 1; + +- /* If cache is NULL, likely ENOMEM: return immediately */ +- if (policy_cache_set(x) == NULL) +- return X509_PCY_TREE_INTERNAL; +- } ++ if (flags & X509_V_FLAG_INHIBIT_MAP) ++ map_skip = 0; ++ else ++ map_skip = n + 1; + ++ /* Can't do anything with just a trust anchor */ ++ if (n == 1) ++ return 1; + /* +- * At this point check for invalid policies and required explicit policy. +- * Note that the explicit_policy counter is a count-down to zero, with the +- * requirement kicking in if and once it does that. The counter is +- * decremented for every non-self-issued certificate in the path, but may +- * be further reduced by policy constraints in a non-leaf certificate. +- * +- * The ultimate policy set is the intersection of all the policies along +- * the path, if we hit a certificate with an empty policy set, and explicit +- * policy is required we're done. ++ * First setup policy cache in all certificates apart from the trust ++ * anchor. Note any bad cache results on the way. Also can calculate ++ * explicit_policy value at this point. + */ +- for (i = n - 1; +- i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0); +- i--) { +- X509 *x = sk_X509_value(certs, i); +- uint32_t ex_flags = X509_get_extension_flags(x); +- +- /* All the policies are already cached, we can return early */ +- if (ex_flags & EXFLAG_INVALID_POLICY) +- return X509_PCY_TREE_INVALID; +- +- /* Access the cache which we now know exists */ ++ for (i = n - 2; i >= 0; i--) { ++ x = sk_X509_value(certs, i); ++ X509_check_purpose(x, -1, -1); + cache = policy_cache_set(x); +- +- if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL) +- ret = X509_PCY_TREE_EMPTY; ++ /* If cache NULL something bad happened: return immediately */ ++ if (cache == NULL) ++ return 0; ++ /* ++ * If inconsistent extensions keep a note of it but continue ++ */ ++ if (x->ex_flags & EXFLAG_INVALID_POLICY) ++ ret = -1; ++ /* ++ * Otherwise if we have no data (hence no CertificatePolicies) and ++ * haven't already set an inconsistent code note it. ++ */ ++ else if ((ret == 1) && !cache->data) ++ ret = 2; + if (explicit_policy > 0) { +- if (!(ex_flags & EXFLAG_SI)) ++ if (!(x->ex_flags & EXFLAG_SI)) + explicit_policy--; +- if ((cache->explicit_skip >= 0) ++ if ((cache->explicit_skip != -1) + && (cache->explicit_skip < explicit_policy)) + explicit_policy = cache->explicit_skip; + } + } + +- if (explicit_policy == 0) +- ret |= X509_PCY_TREE_EXPLICIT; +- if ((ret & X509_PCY_TREE_VALID) == 0) ++ if (ret != 1) { ++ if (ret == 2 && !explicit_policy) ++ return 6; + return ret; ++ } + + /* If we get this far initialize the tree */ +- if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) +- return X509_PCY_TREE_INTERNAL; + +- /* +- * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. +- * +- * The top level is implicitly for the trust anchor with valid expected +- * policies of anyPolicy. (RFC 5280 has the TA at depth 0 and the leaf at +- * depth n, we have the leaf at depth 0 and the TA at depth n). +- */ +- if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) { ++ tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); ++ ++ if (!tree) ++ return 0; ++ ++ tree->flags = 0; ++ tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); ++ tree->nlevel = 0; ++ tree->extra_data = NULL; ++ tree->auth_policies = NULL; ++ tree->user_policies = NULL; ++ ++ if (!tree->levels) { + OPENSSL_free(tree); +- return X509_PCY_TREE_INTERNAL; ++ return 0; + } +- tree->nlevel = n+1; ++ ++ memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); ++ ++ tree->nlevel = n; ++ + level = tree->levels; +- if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) +- goto bad_tree; +- if (level_add_node(level, data, NULL, tree) == NULL) { +- policy_data_free(data); +- goto bad_tree; +- } + +- /* +- * In this pass initialize all the tree levels and whether anyPolicy and +- * policy mapping are inhibited at each level. +- */ +- for (i = n - 1; i >= 0; i--) { +- X509 *x = sk_X509_value(certs, i); +- uint32_t ex_flags = X509_get_extension_flags(x); ++ /* Root data: initialize to anyPolicy */ + +- /* Access the cache which we now know exists */ +- cache = policy_cache_set(x); ++ data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); + +- X509_up_ref(x); +- (++level)->cert = x; ++ if (!data || !level_add_node(level, data, NULL, tree)) ++ goto bad_tree; ++ ++ for (i = n - 2; i >= 0; i--) { ++ level++; ++ x = sk_X509_value(certs, i); ++ cache = policy_cache_set(x); ++ CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ level->cert = x; + + if (!cache->anyPolicy) + level->flags |= X509_V_FLAG_INHIBIT_ANY; +@@ -206,57 +263,63 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, + /* Determine inhibit any and inhibit map flags */ + if (any_skip == 0) { + /* +- * Any matching allowed only if certificate is self issued and not +- * the last in the chain. ++ * Any matching allowed if certificate is self issued and not the ++ * last in the chain. + */ +- if (!(ex_flags & EXFLAG_SI) || (i == 0)) ++ if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) + level->flags |= X509_V_FLAG_INHIBIT_ANY; + } else { +- if (!(ex_flags & EXFLAG_SI)) ++ if (!(x->ex_flags & EXFLAG_SI)) + any_skip--; +- if ((cache->any_skip >= 0) && (cache->any_skip < any_skip)) ++ if ((cache->any_skip >= 0) ++ && (cache->any_skip < any_skip)) + any_skip = cache->any_skip; + } + + if (map_skip == 0) + level->flags |= X509_V_FLAG_INHIBIT_MAP; + else { +- if (!(ex_flags & EXFLAG_SI)) ++ if (!(x->ex_flags & EXFLAG_SI)) + map_skip--; +- if ((cache->map_skip >= 0) && (cache->map_skip < map_skip)) ++ if ((cache->map_skip >= 0) ++ && (cache->map_skip < map_skip)) + map_skip = cache->map_skip; + } ++ + } + + *ptree = tree; +- return ret; ++ ++ if (explicit_policy) ++ return 1; ++ else ++ return 5; + + bad_tree: ++ + X509_policy_tree_free(tree); +- return X509_PCY_TREE_INTERNAL; ++ ++ return 0; ++ + } + +-/* +- * Return value: 1 on success, 0 otherwise +- */ + static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, +- X509_POLICY_DATA *data) ++ const X509_POLICY_DATA *data) + { + X509_POLICY_LEVEL *last = curr - 1; ++ X509_POLICY_NODE *node; + int i, matched = 0; +- + /* Iterate through all in nodes linking matches */ + for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { +- X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); +- ++ node = sk_X509_POLICY_NODE_value(last->nodes, i); + if (policy_node_match(last, node, data->valid_policy)) { +- if (level_add_node(curr, data, node, NULL) == NULL) ++ if (!level_add_node(curr, data, node, NULL)) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { +- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) ++ if (!level_add_node(curr, data, last->anyPolicy, NULL)) + return 0; + } + return 1; +@@ -265,17 +328,29 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, + /* + * This corresponds to RFC3280 6.1.3(d)(1): link any data from + * CertificatePolicies onto matching parent or anyPolicy if no match. +- * +- * Return value: 1 on success, 0 otherwise. + */ ++ + static int tree_link_nodes(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache) + { + int i; ++ X509_POLICY_DATA *data; + + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { +- X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); +- ++ data = sk_X509_POLICY_DATA_value(cache->data, i); ++ /* ++ * If a node is mapped any it doesn't have a corresponding ++ * CertificatePolicies entry. However such an identical node would ++ * be created if anyPolicy matching is enabled because there would be ++ * no match with the parent valid_policy_set. So we create link ++ * because then it will have the mapping flags right and we can prune ++ * it later. ++ */ ++#if 0 ++ if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY) ++ && !(curr->flags & X509_V_FLAG_INHIBIT_ANY)) ++ continue; ++#endif + /* Look for matching nodes in previous level */ + if (!tree_link_matching_nodes(curr, data)) + return 0; +@@ -286,38 +361,35 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, + /* + * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched + * policies in the parent and link to anyPolicy. +- * +- * Return value: 1 on success, 0 otherwise. + */ ++ + static int tree_add_unmatched(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache, + const ASN1_OBJECT *id, + X509_POLICY_NODE *node, X509_POLICY_TREE *tree) + { + X509_POLICY_DATA *data; +- + if (id == NULL) + id = node->data->valid_policy; + /* + * Create a new node with qualifiers from anyPolicy and id from unmatched + * node. + */ +- if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL) +- return 0; ++ data = policy_data_new(NULL, id, node_critical(node)); + ++ if (data == NULL) ++ return 0; + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; +- if (level_add_node(curr, data, node, tree) == NULL) { ++ if (!level_add_node(curr, data, node, tree)) { + policy_data_free(data); + return 0; + } ++ + return 1; + } + +-/* +- * Return value: 1 on success, 0 otherwise. +- */ + static int tree_link_unmatched(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache, + X509_POLICY_NODE *node, X509_POLICY_TREE *tree) +@@ -348,17 +420,19 @@ static int tree_link_unmatched(X509_POLICY_LEVEL *curr, + } + + } ++ + return 1; ++ + } + +-/* +- * Return value: 1 on success, 0 otherwise +- */ + static int tree_link_any(X509_POLICY_LEVEL *curr, + const X509_POLICY_CACHE *cache, + X509_POLICY_TREE *tree) + { + int i; ++ /* ++ * X509_POLICY_DATA *data; ++ */ + X509_POLICY_NODE *node; + X509_POLICY_LEVEL *last = curr - 1; + +@@ -367,24 +441,50 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, + + if (!tree_link_unmatched(curr, cache, node, tree)) + return 0; ++ ++#if 0 ++ ++ /* ++ * Skip any node with any children: we only want unmathced nodes. ++ * Note: need something better for policy mapping because each node ++ * may have multiple children ++ */ ++ if (node->nchild) ++ continue; ++ ++ /* ++ * Create a new node with qualifiers from anyPolicy and id from ++ * unmatched node. ++ */ ++ data = policy_data_new(NULL, node->data->valid_policy, ++ node_critical(node)); ++ ++ if (data == NULL) ++ return 0; ++ /* Curr may not have anyPolicy */ ++ data->qualifier_set = cache->anyPolicy->qualifier_set; ++ data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; ++ if (!level_add_node(curr, data, node, tree)) { ++ policy_data_free(data); ++ return 0; ++ } ++#endif ++ + } + /* Finally add link to anyPolicy */ +- if (last->anyPolicy && +- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) +- return 0; ++ if (last->anyPolicy) { ++ if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL)) ++ return 0; ++ } + return 1; + } + +-/*- +- * Prune the tree: delete any child mapped child data on the current level then +- * proceed up the tree deleting any data with no children. If we ever have no +- * data on a level we can halt because the tree will be empty. +- * +- * Return value: <= 0 error, otherwise one of: +- * +- * X509_PCY_TREE_VALID: valid tree +- * X509_PCY_TREE_EMPTY: empty tree ++/* ++ * Prune the tree: delete any child mapped child data on the current level ++ * then proceed up the tree deleting any data with no children. If we ever ++ * have no data on a level we can halt because the tree will be empty. + */ ++ + static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) + { + STACK_OF(X509_POLICY_NODE) *nodes; +@@ -423,43 +523,41 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) + if (curr == tree->levels) { + /* If we zapped anyPolicy at top then tree is empty */ + if (!curr->anyPolicy) +- return X509_PCY_TREE_EMPTY; +- break; ++ return 2; ++ return 1; + } + } +- return X509_PCY_TREE_VALID; ++ ++ return 1; ++ + } + +-/* +- * Return value: 1 on success, 0 otherwise. +- */ + static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, + X509_POLICY_NODE *pcy) + { +- if (*pnodes == NULL && +- (*pnodes = policy_node_cmp_new()) == NULL) +- return 0; +- if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) ++ if (!*pnodes) { ++ *pnodes = policy_node_cmp_new(); ++ if (!*pnodes) ++ return 0; ++ } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) + return 1; +- return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0; +-} + +-#define TREE_CALC_FAILURE 0 +-#define TREE_CALC_OK_NOFREE 1 +-#define TREE_CALC_OK_DOFREE 2 ++ if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) ++ return 0; + +-/*- +- * Calculate the authority set based on policy tree. The 'pnodes' parameter is +- * used as a store for the set of policy nodes used to calculate the user set. +- * If the authority set is not anyPolicy then pnodes will just point to the +- * authority set. If however the authority set is anyPolicy then the set of +- * valid policies (other than anyPolicy) is store in pnodes. +- * +- * Return value: +- * TREE_CALC_FAILURE on failure, +- * TREE_CALC_OK_NOFREE on success and pnodes need not be freed, +- * TREE_CALC_OK_DOFREE on success and pnodes needs to be freed ++ return 1; ++ ++} ++ ++/* ++ * Calculate the authority set based on policy tree. The 'pnodes' parameter ++ * is used as a store for the set of policy nodes used to calculate the user ++ * set. If the authority set is not anyPolicy then pnodes will just point to ++ * the authority set. If however the authority set is anyPolicy then the set ++ * of valid policies (other than anyPolicy) is store in pnodes. The return ++ * value of '2' is used in this case to indicate that pnodes should be freed. + */ ++ + static int tree_calculate_authority_set(X509_POLICY_TREE *tree, + STACK_OF(X509_POLICY_NODE) **pnodes) + { +@@ -472,7 +570,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, + /* If last level contains anyPolicy set is anyPolicy */ + if (curr->anyPolicy) { + if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) +- return TREE_CALC_FAILURE; ++ return 0; + addnodes = pnodes; + } else + /* Add policies to authority set */ +@@ -484,31 +582,25 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, + * If no anyPolicy node on this this level it can't appear on lower + * levels so end search. + */ +- if ((anyptr = curr->anyPolicy) == NULL) ++ if (!(anyptr = curr->anyPolicy)) + break; + curr++; + for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { + node = sk_X509_POLICY_NODE_value(curr->nodes, j); + if ((node->parent == anyptr) +- && !tree_add_auth_node(addnodes, node)) { +- if (addnodes == pnodes) { +- sk_X509_POLICY_NODE_free(*pnodes); +- *pnodes = NULL; +- } +- return TREE_CALC_FAILURE; +- } ++ && !tree_add_auth_node(addnodes, node)) ++ return 0; + } + } ++ + if (addnodes == pnodes) +- return TREE_CALC_OK_DOFREE; ++ return 2; + + *pnodes = tree->auth_policies; +- return TREE_CALC_OK_NOFREE; ++ ++ return 1; + } + +-/* +- * Return value: 1 on success, 0 otherwise. +- */ + static int tree_calculate_user_set(X509_POLICY_TREE *tree, + STACK_OF(ASN1_OBJECT) *policy_oids, + STACK_OF(X509_POLICY_NODE) *auth_nodes) +@@ -516,6 +608,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + int i; + X509_POLICY_NODE *node; + ASN1_OBJECT *oid; ++ + X509_POLICY_NODE *anyPolicy; + X509_POLICY_DATA *extra; + +@@ -523,6 +616,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + * Check if anyPolicy present in authority constrained policy set: this + * will happen if it is a leaf node. + */ ++ + if (sk_ASN1_OBJECT_num(policy_oids) <= 0) + return 1; + +@@ -547,7 +641,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + * from anyPolicy. + */ + extra = policy_data_new(NULL, oid, node_critical(anyPolicy)); +- if (extra == NULL) ++ if (!extra) + return 0; + extra->qualifier_set = anyPolicy->data->qualifier_set; + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS +@@ -563,14 +657,9 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, + return 0; + } + return 1; ++ + } + +-/*- +- * Return value: <= 0 error, otherwise one of: +- * X509_PCY_TREE_VALID: valid tree +- * X509_PCY_TREE_EMPTY: empty tree +- * (see tree_prune()). +- */ + static int tree_evaluate(X509_POLICY_TREE *tree) + { + int ret, i; +@@ -580,19 +669,19 @@ static int tree_evaluate(X509_POLICY_TREE *tree) + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = policy_cache_set(curr->cert); + if (!tree_link_nodes(curr, cache)) +- return X509_PCY_TREE_INTERNAL; ++ return 0; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) + && !tree_link_any(curr, cache, tree)) +- return X509_PCY_TREE_INTERNAL; +-#ifdef OPENSSL_POLICY_DEBUG ++ return 0; + tree_print("before tree_prune()", tree, curr); +-#endif + ret = tree_prune(tree, curr); +- if (ret != X509_PCY_TREE_VALID) ++ if (ret != 1) + return ret; + } +- return X509_PCY_TREE_VALID; ++ ++ return 1; ++ + } + + static void exnode_free(X509_POLICY_NODE *node) +@@ -613,12 +702,17 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) + sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); + + for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { +- X509_free(curr->cert); +- sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); +- policy_node_free(curr->anyPolicy); ++ if (curr->cert) ++ X509_free(curr->cert); ++ if (curr->nodes) ++ sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); ++ if (curr->anyPolicy) ++ policy_node_free(curr->anyPolicy); + } + +- sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); ++ if (tree->extra_data) ++ sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); ++ + OPENSSL_free(tree->levels); + OPENSSL_free(tree); + +@@ -627,70 +721,111 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) + /*- + * Application policy checking function. + * Return codes: +- * X509_PCY_TREE_FAILURE: Failure to satisfy explicit policy +- * X509_PCY_TREE_INVALID: Inconsistent or invalid extensions +- * X509_PCY_TREE_INTERNAL: Internal error, most likely malloc +- * X509_PCY_TREE_VALID: Success (null tree if empty or bare TA) ++ * 0 Internal Error. ++ * 1 Successful. ++ * -1 One or more certificates contain invalid or inconsistent extensions ++ * -2 User constrained policy set empty and requireExplicit true. + */ ++ + int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags) + { +- int init_ret; + int ret; + X509_POLICY_TREE *tree = NULL; + STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; +- + *ptree = NULL; ++ + *pexplicit_policy = 0; +- init_ret = tree_init(&tree, certs, flags); ++ ret = tree_init(&tree, certs, flags); + +- if (init_ret <= 0) +- return init_ret; ++ switch (ret) { + +- if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) { +- if (init_ret & X509_PCY_TREE_EMPTY) { +- X509_policy_tree_free(tree); +- return X509_PCY_TREE_VALID; +- } +- } else { ++ /* Tree empty requireExplicit False: OK */ ++ case 2: ++ return 1; ++ ++ /* Some internal error */ ++ case -1: ++ return -1; ++ ++ /* Some internal error */ ++ case 0: ++ return 0; ++ ++ /* Tree empty requireExplicit True: Error */ ++ ++ case 6: + *pexplicit_policy = 1; +- /* Tree empty and requireExplicit True: Error */ +- if (init_ret & X509_PCY_TREE_EMPTY) +- return X509_PCY_TREE_FAILURE; ++ return -2; ++ ++ /* Tree OK requireExplicit True: OK and continue */ ++ case 5: ++ *pexplicit_policy = 1; ++ break; ++ ++ /* Tree OK: continue */ ++ ++ case 1: ++ if (!tree) ++ /* ++ * tree_init() returns success and a null tree ++ * if it's just looking at a trust anchor. ++ * I'm not sure that returning success here is ++ * correct, but I'm sure that reporting this ++ * as an internal error which our caller ++ * interprets as a malloc failure is wrong. ++ */ ++ return 1; ++ break; + } + ++ if (!tree) ++ goto error; + ret = tree_evaluate(tree); +-#ifdef OPENSSL_POLICY_DEBUG ++ + tree_print("tree_evaluate()", tree, NULL); +-#endif ++ + if (ret <= 0) + goto error; + +- if (ret == X509_PCY_TREE_EMPTY) { ++ /* Return value 2 means tree empty */ ++ if (ret == 2) { + X509_policy_tree_free(tree); +- if (init_ret & X509_PCY_TREE_EXPLICIT) +- return X509_PCY_TREE_FAILURE; +- return X509_PCY_TREE_VALID; ++ if (*pexplicit_policy) ++ return -2; ++ else ++ return 1; + } + + /* Tree is not empty: continue */ +- if ((ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0 || +- !tree_calculate_user_set(tree, policy_oids, auth_nodes)) ++ ++ ret = tree_calculate_authority_set(tree, &auth_nodes); ++ ++ if (!ret) + goto error; +- if (ret == TREE_CALC_OK_DOFREE) ++ ++ if (!tree_calculate_user_set(tree, policy_oids, auth_nodes)) ++ goto error; ++ ++ if (ret == 2) + sk_X509_POLICY_NODE_free(auth_nodes); + +- *ptree = tree; ++ if (tree) ++ *ptree = tree; + +- if (init_ret & X509_PCY_TREE_EXPLICIT) { ++ if (*pexplicit_policy) { + nodes = X509_policy_tree_get0_user_policies(tree); + if (sk_X509_POLICY_NODE_num(nodes) <= 0) +- return X509_PCY_TREE_FAILURE; ++ return -2; + } +- return X509_PCY_TREE_VALID; ++ ++ return 1; + + error: ++ + X509_policy_tree_free(tree); +- return X509_PCY_TREE_INTERNAL; ++ ++ return 0; ++ + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +index ef1d775..1290dec 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c +@@ -1,10 +1,58 @@ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Contributed to the OpenSSL Project by the American Registry for ++ * Internet Numbers ("ARIN"). ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + */ + + /* +@@ -14,14 +62,12 @@ + #include + #include + +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include "internal/x509_int.h" +-#include "ext_dat.h" + + #ifndef OPENSSL_NO_RFC3779 + +@@ -52,7 +98,7 @@ ASN1_SEQUENCE(IPAddressFamily) = { + ASN1_ITEM_TEMPLATE(IPAddrBlocks) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + IPAddrBlocks, IPAddressFamily) +-static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) ++ASN1_ITEM_TEMPLATE_END(IPAddrBlocks) + + IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange) + IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange) +@@ -62,7 +108,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) + /* + * How much buffer space do we need for a raw address? + */ +-#define ADDR_RAW_BUF_LEN 16 ++# define ADDR_RAW_BUF_LEN 16 + + /* + * What's the address length associated with this AFI? +@@ -82,7 +128,7 @@ static int length_from_afi(const unsigned afi) + /* + * Extract the AFI from an IPAddressFamily. + */ +-unsigned int X509v3_addr_get_afi(const IPAddressFamily *f) ++unsigned int v3_addr_get_afi(const IPAddressFamily *f) + { + return ((f != NULL && + f->addressFamily != NULL && f->addressFamily->data != NULL) +@@ -117,7 +163,7 @@ static int addr_expand(unsigned char *addr, + /* + * Extract the prefix length from a bitstring. + */ +-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) ++# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) + + /* + * i2r handler for one address bitstring. +@@ -200,7 +246,7 @@ static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method, + int i; + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { + IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); +- const unsigned int afi = X509v3_addr_get_afi(f); ++ const unsigned int afi = v3_addr_get_afi(f); + switch (afi) { + case IANA_AFI_IPV4: + BIO_printf(out, "%*sIPv4", indent, ""); +@@ -312,7 +358,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a, + + /* + * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort() +- * comparison routines are only allowed two arguments. ++ * comparision routines are only allowed two arguments. + */ + static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, + const IPAddressOrRange *const *b) +@@ -322,7 +368,7 @@ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a, + + /* + * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort() +- * comparison routines are only allowed two arguments. ++ * comparision routines are only allowed two arguments. + */ + static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a, + const IPAddressOrRange *const *b) +@@ -482,7 +528,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, + { + IPAddressFamily *f; + unsigned char key[3]; +- int keylen; ++ unsigned keylen; + int i; + + key[0] = (afi >> 8) & 0xFF; +@@ -525,8 +571,8 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, + /* + * Add an inheritance element. + */ +-int X509v3_addr_add_inherit(IPAddrBlocks *addr, +- const unsigned afi, const unsigned *safi) ++int v3_addr_add_inherit(IPAddrBlocks *addr, ++ const unsigned afi, const unsigned *safi) + { + IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi); + if (f == NULL || +@@ -581,10 +627,10 @@ static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr, + /* + * Add a prefix. + */ +-int X509v3_addr_add_prefix(IPAddrBlocks *addr, +- const unsigned afi, +- const unsigned *safi, +- unsigned char *a, const int prefixlen) ++int v3_addr_add_prefix(IPAddrBlocks *addr, ++ const unsigned afi, ++ const unsigned *safi, ++ unsigned char *a, const int prefixlen) + { + IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); + IPAddressOrRange *aor; +@@ -599,10 +645,10 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr, + /* + * Add a range. + */ +-int X509v3_addr_add_range(IPAddrBlocks *addr, +- const unsigned afi, +- const unsigned *safi, +- unsigned char *min, unsigned char *max) ++int v3_addr_add_range(IPAddrBlocks *addr, ++ const unsigned afi, ++ const unsigned *safi, ++ unsigned char *min, unsigned char *max) + { + IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); + IPAddressOrRange *aor; +@@ -639,10 +685,10 @@ static int extract_min_max(IPAddressOrRange *aor, + /* + * Public wrapper for extract_min_max(). + */ +-int X509v3_addr_get_range(IPAddressOrRange *aor, +- const unsigned afi, +- unsigned char *min, +- unsigned char *max, const int length) ++int v3_addr_get_range(IPAddressOrRange *aor, ++ const unsigned afi, ++ unsigned char *min, ++ unsigned char *max, const int length) + { + int afi_length = length_from_afi(afi); + if (aor == NULL || min == NULL || max == NULL || +@@ -656,7 +702,7 @@ int X509v3_addr_get_range(IPAddressOrRange *aor, + } + + /* +- * Sort comparison function for a sequence of IPAddressFamily. ++ * Sort comparision function for a sequence of IPAddressFamily. + * + * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about + * the ordering: I can read it as meaning that IPv6 without a SAFI +@@ -678,7 +724,7 @@ static int IPAddressFamily_cmp(const IPAddressFamily *const *a_, + /* + * Check whether an IPAddrBLocks is in canonical form. + */ +-int X509v3_addr_is_canonical(IPAddrBlocks *addr) ++int v3_addr_is_canonical(IPAddrBlocks *addr) + { + unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; + unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN]; +@@ -686,7 +732,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) + int i, j, k; + + /* +- * Empty extension is canonical. ++ * Empty extension is cannonical. + */ + if (addr == NULL) + return 1; +@@ -706,7 +752,7 @@ int X509v3_addr_is_canonical(IPAddrBlocks *addr) + */ + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { + IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); +- int length = length_from_afi(X509v3_addr_get_afi(f)); ++ int length = length_from_afi(v3_addr_get_afi(f)); + + /* + * Inheritance is canonical. Anything other than inheritance or +@@ -849,8 +895,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, + IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j); + if (a != NULL && a->type == IPAddressOrRange_addressRange) { + unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN]; +- if (!extract_min_max(a, a_min, a_max, length)) +- return 0; ++ extract_min_max(a, a_min, a_max, length); + if (memcmp(a_min, a_max, length) > 0) + return 0; + } +@@ -862,7 +907,7 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors, + /* + * Whack an IPAddrBlocks extension into canonical form. + */ +-int X509v3_addr_canonize(IPAddrBlocks *addr) ++int v3_addr_canonize(IPAddrBlocks *addr) + { + int i; + for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { +@@ -870,12 +915,12 @@ int X509v3_addr_canonize(IPAddrBlocks *addr) + if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && + !IPAddressOrRanges_canonize(f->ipAddressChoice-> + u.addressesOrRanges, +- X509v3_addr_get_afi(f))) ++ v3_addr_get_afi(f))) + return 0; + } + (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp); + sk_IPAddressFamily_sort(addr); +- OPENSSL_assert(X509v3_addr_is_canonical(addr)); ++ OPENSSL_assert(v3_addr_is_canonical(addr)); + return 1; + } + +@@ -901,7 +946,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + CONF_VALUE *val = sk_CONF_VALUE_value(values, i); + unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; + unsigned afi, *safi = NULL, safi_; +- const char *addr_chars = NULL; ++ const char *addr_chars; + int prefixlen, i1, i2, delim, length; + + if (!name_cmp(val->name, "IPv4")) { +@@ -933,7 +978,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + length = length_from_afi(afi); + + /* +- * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate ++ * Handle SAFI, if any, and BUF_strdup() so we can null-terminate + * the other input values. + */ + if (safi != NULL) { +@@ -945,9 +990,9 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + goto err; + } + t += strspn(t, " \t"); +- s = OPENSSL_strdup(t); ++ s = BUF_strdup(t); + } else { +- s = OPENSSL_strdup(val->value); ++ s = BUF_strdup(val->value); + } + if (s == NULL) { + X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); +@@ -958,8 +1003,8 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + * Check for inheritance. Not worth additional complexity to + * optimize this (seldom-used) case. + */ +- if (strcmp(s, "inherit") == 0) { +- if (!X509v3_addr_add_inherit(addr, afi, safi)) { ++ if (!strcmp(s, "inherit")) { ++ if (!v3_addr_add_inherit(addr, afi, safi)) { + X509V3err(X509V3_F_V2I_IPADDRBLOCKS, + X509V3_R_INVALID_INHERITANCE); + X509V3_conf_err(val); +@@ -990,7 +1035,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + X509V3_conf_err(val); + goto err; + } +- if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { ++ if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) { + X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -1016,13 +1061,13 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + X509V3_conf_err(val); + goto err; + } +- if (!X509v3_addr_add_range(addr, afi, safi, min, max)) { ++ if (!v3_addr_add_range(addr, afi, safi, min, max)) { + X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); + goto err; + } + break; + case '\0': +- if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { ++ if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) { + X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -1041,7 +1086,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, + /* + * Canonize the result, then we're done. + */ +- if (!X509v3_addr_canonize(addr)) ++ if (!v3_addr_canonize(addr)) + goto err; + return addr; + +@@ -1071,7 +1116,7 @@ const X509V3_EXT_METHOD v3_addr = { + /* + * Figure out whether extension sues inheritance. + */ +-int X509v3_addr_inherits(IPAddrBlocks *addr) ++int v3_addr_inherits(IPAddrBlocks *addr) + { + int i; + if (addr == NULL) +@@ -1124,12 +1169,12 @@ static int addr_contains(IPAddressOrRanges *parent, + /* + * Test whether a is a subset of b. + */ +-int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) ++int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) + { + int i; + if (a == NULL || a == b) + return 1; +- if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) ++ if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b)) + return 0; + (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); + for (i = 0; i < sk_IPAddressFamily_num(a); i++) { +@@ -1141,7 +1186,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) + return 0; + if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, + fa->ipAddressChoice->u.addressesOrRanges, +- length_from_afi(X509v3_addr_get_afi(fb)))) ++ length_from_afi(v3_addr_get_afi(fb)))) + return 0; + } + return 1; +@@ -1150,7 +1195,7 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) + /* + * Validation error handling via callback. + */ +-#define validation_err(_err_) \ ++# define validation_err(_err_) \ + do { \ + if (ctx != NULL) { \ + ctx->error = _err_; \ +@@ -1172,9 +1217,9 @@ int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) + * When returning 0, ctx->error MUST be set to an appropriate value other than + * X509_V_OK. + */ +-static int addr_validate_path_internal(X509_STORE_CTX *ctx, +- STACK_OF(X509) *chain, +- IPAddrBlocks *ext) ++static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, ++ STACK_OF(X509) *chain, ++ IPAddrBlocks *ext) + { + IPAddrBlocks *child = NULL; + int i, j, ret = 1; +@@ -1199,11 +1244,11 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, + if ((ext = x->rfc3779_addr) == NULL) + goto done; + } +- if (!X509v3_addr_is_canonical(ext)) ++ if (!v3_addr_is_canonical(ext)) + validation_err(X509_V_ERR_INVALID_EXTENSION); + (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp); + if ((child = sk_IPAddressFamily_dup(ext)) == NULL) { +- X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, ++ X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, + ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + ret = 0; +@@ -1217,7 +1262,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, + for (i++; i < sk_X509_num(chain); i++) { + x = sk_X509_value(chain, i); + OPENSSL_assert(x != NULL); +- if (!X509v3_addr_is_canonical(x->rfc3779_addr)) ++ if (!v3_addr_is_canonical(x->rfc3779_addr)) + validation_err(X509_V_ERR_INVALID_EXTENSION); + if (x->rfc3779_addr == NULL) { + for (j = 0; j < sk_IPAddressFamily_num(child); j++) { +@@ -1249,7 +1294,7 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, + if (fc->ipAddressChoice->type == IPAddressChoice_inherit + || addr_contains(fp->ipAddressChoice->u.addressesOrRanges, + fc->ipAddressChoice->u.addressesOrRanges, +- length_from_afi(X509v3_addr_get_afi(fc)))) ++ length_from_afi(v3_addr_get_afi(fc)))) + sk_IPAddressFamily_set(child, j, fp); + else + validation_err(X509_V_ERR_UNNESTED_RESOURCE); +@@ -1276,30 +1321,30 @@ static int addr_validate_path_internal(X509_STORE_CTX *ctx, + return ret; + } + +-#undef validation_err ++# undef validation_err + + /* + * RFC 3779 2.3 path validation -- called from X509_verify_cert(). + */ +-int X509v3_addr_validate_path(X509_STORE_CTX *ctx) ++int v3_addr_validate_path(X509_STORE_CTX *ctx) + { +- return addr_validate_path_internal(ctx, ctx->chain, NULL); ++ return v3_addr_validate_path_internal(ctx, ctx->chain, NULL); + } + + /* + * RFC 3779 2.3 path validation of an extension. + * Test whether chain covers extension. + */ +-int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, ++int v3_addr_validate_resource_set(STACK_OF(X509) *chain, + IPAddrBlocks *ext, int allow_inheritance) + { + if (ext == NULL) + return 1; + if (chain == NULL || sk_X509_num(chain) == 0) + return 0; +- if (!allow_inheritance && X509v3_addr_inherits(ext)) ++ if (!allow_inheritance && v3_addr_inherits(ext)) + return 0; +- return addr_validate_path_internal(NULL, chain, ext); ++ return v3_addr_validate_path_internal(NULL, chain, ext); + } + + #endif /* OPENSSL_NO_RFC3779 */ +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +index d9f7704..e920270 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c +@@ -1,19 +1,68 @@ ++/* v3_akey.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "ext_dat.h" + + static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + AUTHORITY_KEYID *akeyid, +@@ -41,14 +90,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + { + char *tmp; + if (akeyid->keyid) { +- tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); ++ tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); + X509V3_add_value("keyid", tmp, &extlist); + OPENSSL_free(tmp); + } + if (akeyid->issuer) + extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); + if (akeyid->serial) { +- tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); ++ tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length); + X509V3_add_value("serial", tmp, &extlist); + OPENSSL_free(tmp); + } +@@ -82,13 +131,13 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + cnf = sk_CONF_VALUE_value(values, i); +- if (strcmp(cnf->name, "keyid") == 0) { ++ if (!strcmp(cnf->name, "keyid")) { + keyid = 1; +- if (cnf->value && strcmp(cnf->value, "always") == 0) ++ if (cnf->value && !strcmp(cnf->value, "always")) + keyid = 2; +- } else if (strcmp(cnf->name, "issuer") == 0) { ++ } else if (!strcmp(cnf->name, "issuer")) { + issuer = 1; +- if (cnf->value && strcmp(cnf->value, "always") == 0) ++ if (cnf->value && !strcmp(cnf->value, "always")) + issuer = 2; + } else { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); +@@ -120,7 +169,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + + if ((issuer && !ikeyid) || (issuer == 2)) { + isname = X509_NAME_dup(X509_get_issuer_name(cert)); +- serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); ++ serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + if (!isname || !serial) { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, + X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); +@@ -128,12 +177,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + } + } + +- if ((akeyid = AUTHORITY_KEYID_new()) == NULL) ++ if (!(akeyid = AUTHORITY_KEYID_new())) + goto err; + + if (isname) { +- if ((gens = sk_GENERAL_NAME_new_null()) == NULL +- || (gen = GENERAL_NAME_new()) == NULL ++ if (!(gens = sk_GENERAL_NAME_new_null()) ++ || !(gen = GENERAL_NAME_new()) + || !sk_GENERAL_NAME_push(gens, gen)) { + X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); + goto err; +@@ -143,18 +192,14 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + } + + akeyid->issuer = gens; +- gen = NULL; +- gens = NULL; + akeyid->serial = serial; + akeyid->keyid = ikeyid; + + return akeyid; + + err: +- sk_GENERAL_NAME_free(gens); +- GENERAL_NAME_free(gen); + X509_NAME_free(isname); +- ASN1_INTEGER_free(serial); +- ASN1_OCTET_STRING_free(ikeyid); ++ M_ASN1_INTEGER_free(serial); ++ M_ASN1_OCTET_STRING_free(ikeyid); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +index d6dd6bc..2cc85b7 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c +@@ -1,14 +1,64 @@ ++/* v3_akey_asn1.c */ + /* +- * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +index 0364e33..7f1e71d 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +@@ -1,17 +1,66 @@ ++/* v3_alt.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "ext_dat.h" + + static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, +@@ -21,10 +70,10 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, + STACK_OF(CONF_VALUE) *nval); + static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); + static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); +-static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); +-static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); ++static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); ++static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); + +-const X509V3_EXT_METHOD v3_alt[3] = { ++const X509V3_EXT_METHOD v3_alt[] = { + {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), + 0, 0, 0, 0, + 0, 0, +@@ -158,7 +207,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) + break; + + case GEN_DIRNAME: +- BIO_printf(out, "DirName:"); ++ BIO_printf(out, "DirName: "); + X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); + break; + +@@ -180,7 +229,7 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) + break; + + case GEN_RID: +- BIO_printf(out, "Registered ID:"); ++ BIO_printf(out, "Registered ID"); + i2a_ASN1_OBJECT(out, gen->d.rid); + break; + } +@@ -194,20 +243,19 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gens = NULL; + CONF_VALUE *cnf; + int i; +- +- if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { ++ if (!(gens = sk_GENERAL_NAME_new_null())) { + X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); +- if (!name_cmp(cnf->name, "issuer") +- && cnf->value && strcmp(cnf->value, "copy") == 0) { ++ if (!name_cmp(cnf->name, "issuer") && cnf->value && ++ !strcmp(cnf->value, "copy")) { + if (!copy_issuer(ctx, gens)) + goto err; + } else { + GENERAL_NAME *gen; +- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + sk_GENERAL_NAME_push(gens, gen); + } +@@ -226,7 +274,6 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) + GENERAL_NAME *gen; + X509_EXTENSION *ext; + int i; +- + if (ctx && (ctx->flags == CTX_TEST)) + return 1; + if (!ctx || !ctx->issuer_cert) { +@@ -236,8 +283,8 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) + i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); + if (i < 0) + return 1; +- if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL +- || (ialt = X509V3_EXT_d2i(ext)) == NULL) { ++ if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || ++ !(ialt = X509V3_EXT_d2i(ext))) { + X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); + goto err; + } +@@ -265,24 +312,23 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gens = NULL; + CONF_VALUE *cnf; + int i; +- +- if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { ++ if (!(gens = sk_GENERAL_NAME_new_null())) { + X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); +- if (!name_cmp(cnf->name, "email") +- && cnf->value && strcmp(cnf->value, "copy") == 0) { ++ if (!name_cmp(cnf->name, "email") && cnf->value && ++ !strcmp(cnf->value, "copy")) { + if (!copy_email(ctx, gens, 0)) + goto err; +- } else if (!name_cmp(cnf->name, "email") +- && cnf->value && strcmp(cnf->value, "move") == 0) { ++ } else if (!name_cmp(cnf->name, "email") && cnf->value && ++ !strcmp(cnf->value, "move")) { + if (!copy_email(ctx, gens, 1)) + goto err; + } else { + GENERAL_NAME *gen; +- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + sk_GENERAL_NAME_push(gens, gen); + } +@@ -321,13 +367,13 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) + while ((i = X509_NAME_get_index_by_NID(nm, + NID_pkcs9_emailAddress, i)) >= 0) { + ne = X509_NAME_get_entry(nm, i); +- email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); ++ email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); + if (move_p) { + X509_NAME_delete_entry(nm, i); + X509_NAME_ENTRY_free(ne); + i--; + } +- if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) { ++ if (!email || !(gen = GENERAL_NAME_new())) { + X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -345,7 +391,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) + + err: + GENERAL_NAME_free(gen); +- ASN1_IA5STRING_free(email); ++ M_ASN1_IA5STRING_free(email); + return 0; + + } +@@ -357,14 +403,13 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + GENERAL_NAMES *gens = NULL; + CONF_VALUE *cnf; + int i; +- +- if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { ++ if (!(gens = sk_GENERAL_NAME_new_null())) { + X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); +- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + sk_GENERAL_NAME_push(gens, gen); + } +@@ -382,7 +427,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + + GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, int gen_type, const char *value, ++ X509V3_CTX *ctx, int gen_type, char *value, + int is_nc) + { + char is_string = 0; +@@ -413,7 +458,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + case GEN_RID: + { + ASN1_OBJECT *obj; +- if ((obj = OBJ_txt2obj(value, 0)) == NULL) { ++ if (!(obj = OBJ_txt2obj(value, 0))) { + X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", value); + goto err; +@@ -453,7 +498,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + } + + if (is_string) { +- if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || ++ if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || + !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, + strlen(value))) { + X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); +@@ -511,26 +556,27 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + + } + +-static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) ++static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { + char *objtmp = NULL, *p; + int objlen; +- +- if ((p = strchr(value, ';')) == NULL) ++ if (!(p = strchr(value, ';'))) + return 0; +- if ((gen->d.otherName = OTHERNAME_new()) == NULL) ++ if (!(gen->d.otherName = OTHERNAME_new())) + return 0; + /* + * Free this up because we will overwrite it. no need to free type_id + * because it is static + */ + ASN1_TYPE_free(gen->d.otherName->value); +- if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) ++ if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) + return 0; + objlen = p - value; +- objtmp = OPENSSL_strndup(value, objlen); ++ objtmp = OPENSSL_malloc(objlen + 1); + if (objtmp == NULL) + return 0; ++ strncpy(objtmp, value, objlen); ++ objtmp[objlen] = 0; + gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); + OPENSSL_free(objtmp); + if (!gen->d.otherName->type_id) +@@ -538,13 +584,12 @@ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) + return 1; + } + +-static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) ++static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) + { + int ret = 0; + STACK_OF(CONF_VALUE) *sk = NULL; +- X509_NAME *nm; +- +- if ((nm = X509_NAME_new()) == NULL) ++ X509_NAME *nm = NULL; ++ if (!(nm = X509_NAME_new())) + goto err; + sk = X509V3_get_section(ctx, value); + if (!sk) { +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +index af4fcf4..2a32c9d 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c +@@ -1,10 +1,58 @@ + /* +- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Contributed to the OpenSSL Project by the American Registry for ++ * Internet Numbers ("ARIN"). ++ */ ++/* ==================================================================== ++ * Copyright (c) 2006 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + */ + + /* +@@ -13,15 +61,13 @@ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + #include +-#include "internal/x509_int.h" + #include +-#include "ext_dat.h" + + #ifndef OPENSSL_NO_RFC3779 + +@@ -116,7 +162,7 @@ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method, + } + + /* +- * Sort comparison function for a sequence of ASIdOrRange elements. ++ * Sort comparision function for a sequence of ASIdOrRange elements. + */ + static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, + const ASIdOrRange *const *b_) +@@ -149,7 +195,7 @@ static int ASIdOrRange_cmp(const ASIdOrRange *const *a_, + /* + * Add an inherit element. + */ +-int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) ++int v3_asid_add_inherit(ASIdentifiers *asid, int which) + { + ASIdentifierChoice **choice; + if (asid == NULL) +@@ -178,8 +224,8 @@ int X509v3_asid_add_inherit(ASIdentifiers *asid, int which) + /* + * Add an ID or range to an ASIdentifierChoice. + */ +-int X509v3_asid_add_id_or_range(ASIdentifiers *asid, +- int which, ASN1_INTEGER *min, ASN1_INTEGER *max) ++int v3_asid_add_id_or_range(ASIdentifiers *asid, ++ int which, ASN1_INTEGER *min, ASN1_INTEGER *max) + { + ASIdentifierChoice **choice; + ASIdOrRange *aor; +@@ -276,8 +322,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { + ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); +- ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = +- NULL; ++ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; + + extract_min_max(a, &a_min, &a_max); + extract_min_max(b, &b_min, &b_max); +@@ -335,7 +380,7 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice) + /* + * Check whether an ASIdentifier extension is in canonical form. + */ +-int X509v3_asid_is_canonical(ASIdentifiers *asid) ++int v3_asid_is_canonical(ASIdentifiers *asid) + { + return (asid == NULL || + (ASIdentifierChoice_is_canonical(asid->asnum) && +@@ -379,8 +424,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) { + ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i); + ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1); +- ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max = +- NULL; ++ ASN1_INTEGER *a_min, *a_max, *b_min, *b_max; + + extract_min_max(a, &a_min, &a_max); + extract_min_max(b, &b_min, &b_max); +@@ -426,7 +470,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + ASRange *r; + switch (a->type) { + case ASIdOrRange_id: +- if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) { ++ if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { + X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, + ERR_R_MALLOC_FAILURE); + goto done; +@@ -483,7 +527,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) + /* + * Whack an ASIdentifier extension into canonical form. + */ +-int X509v3_asid_canonize(ASIdentifiers *asid) ++int v3_asid_canonize(ASIdentifiers *asid) + { + return (asid == NULL || + (ASIdentifierChoice_canonize(asid->asnum) && +@@ -508,7 +552,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, + + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + CONF_VALUE *val = sk_CONF_VALUE_value(values, i); +- int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; ++ int i1, i2, i3, is_range, which; + + /* + * Figure out whether this is an AS or an RDI. +@@ -527,8 +571,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, + /* + * Handle inheritance. + */ +- if (strcmp(val->value, "inherit") == 0) { +- if (X509v3_asid_add_inherit(asid, which)) ++ if (!strcmp(val->value, "inherit")) { ++ if (v3_asid_add_inherit(asid, which)) + continue; + X509V3err(X509V3_F_V2I_ASIDENTIFIERS, + X509V3_R_INVALID_INHERITANCE); +@@ -571,7 +615,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, + goto err; + } + } else { +- char *s = OPENSSL_strdup(val->value); ++ char *s = BUF_strdup(val->value); + if (s == NULL) { + X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); + goto err; +@@ -590,7 +634,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, + goto err; + } + } +- if (!X509v3_asid_add_id_or_range(asid, which, min, max)) { ++ if (!v3_asid_add_id_or_range(asid, which, min, max)) { + X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -600,7 +644,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, + /* + * Canonize the result, then we're done. + */ +- if (!X509v3_asid_canonize(asid)) ++ if (!v3_asid_canonize(asid)) + goto err; + return asid; + +@@ -631,7 +675,7 @@ const X509V3_EXT_METHOD v3_asid = { + /* + * Figure out whether extension uses inheritance. + */ +-int X509v3_asid_inherits(ASIdentifiers *asid) ++int v3_asid_inherits(ASIdentifiers *asid) + { + return (asid != NULL && + ((asid->asnum != NULL && +@@ -645,7 +689,7 @@ int X509v3_asid_inherits(ASIdentifiers *asid) + */ + static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) + { +- ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL; ++ ASN1_INTEGER *p_min, *p_max, *c_min, *c_max; + int p, c; + + if (child == NULL || parent == child) +@@ -672,15 +716,15 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) + } + + /* +- * Test whether a is a subset of b. ++ * Test whether a is a subet of b. + */ +-int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) ++int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) + { + return (a == NULL || + a == b || + (b != NULL && +- !X509v3_asid_inherits(a) && +- !X509v3_asid_inherits(b) && ++ !v3_asid_inherits(a) && ++ !v3_asid_inherits(b) && + asid_contains(b->asnum->u.asIdsOrRanges, + a->asnum->u.asIdsOrRanges) && + asid_contains(b->rdi->u.asIdsOrRanges, +@@ -690,7 +734,7 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) + /* + * Validation error handling via callback. + */ +-#define validation_err(_err_) \ ++# define validation_err(_err_) \ + do { \ + if (ctx != NULL) { \ + ctx->error = _err_; \ +@@ -707,9 +751,9 @@ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) + /* + * Core code for RFC 3779 3.3 path validation. + */ +-static int asid_validate_path_internal(X509_STORE_CTX *ctx, +- STACK_OF(X509) *chain, +- ASIdentifiers *ext) ++static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, ++ STACK_OF(X509) *chain, ++ ASIdentifiers *ext) + { + ASIdOrRanges *child_as = NULL, *child_rdi = NULL; + int i, ret = 1, inherit_as = 0, inherit_rdi = 0; +@@ -734,7 +778,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, + if ((ext = x->rfc3779_asid) == NULL) + goto done; + } +- if (!X509v3_asid_is_canonical(ext)) ++ if (!v3_asid_is_canonical(ext)) + validation_err(X509_V_ERR_INVALID_EXTENSION); + if (ext->asnum != NULL) { + switch (ext->asnum->type) { +@@ -769,7 +813,7 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, + validation_err(X509_V_ERR_UNNESTED_RESOURCE); + continue; + } +- if (!X509v3_asid_is_canonical(x->rfc3779_asid)) ++ if (!v3_asid_is_canonical(x->rfc3779_asid)) + validation_err(X509_V_ERR_INVALID_EXTENSION); + if (x->rfc3779_asid->asnum == NULL && child_as != NULL) { + validation_err(X509_V_ERR_UNNESTED_RESOURCE); +@@ -823,30 +867,30 @@ static int asid_validate_path_internal(X509_STORE_CTX *ctx, + return ret; + } + +-#undef validation_err ++# undef validation_err + + /* + * RFC 3779 3.3 path validation -- called from X509_verify_cert(). + */ +-int X509v3_asid_validate_path(X509_STORE_CTX *ctx) ++int v3_asid_validate_path(X509_STORE_CTX *ctx) + { +- return asid_validate_path_internal(ctx, ctx->chain, NULL); ++ return v3_asid_validate_path_internal(ctx, ctx->chain, NULL); + } + + /* + * RFC 3779 3.3 path validation of an extension. + * Test whether chain covers extension. + */ +-int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, +- ASIdentifiers *ext, int allow_inheritance) ++int v3_asid_validate_resource_set(STACK_OF(X509) *chain, ++ ASIdentifiers *ext, int allow_inheritance) + { + if (ext == NULL) + return 1; + if (chain == NULL || sk_X509_num(chain) == 0) + return 0; +- if (!allow_inheritance && X509v3_asid_inherits(ext)) ++ if (!allow_inheritance && v3_asid_inherits(ext)) + return 0; +- return asid_validate_path_internal(NULL, chain, ext); ++ return v3_asid_validate_path_internal(NULL, chain, ext); + } + + #endif /* OPENSSL_NO_RFC3779 */ +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +index 3bbf155..dc00b9c 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c +@@ -1,19 +1,68 @@ ++/* v3_bcons.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "ext_dat.h" + + static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + BASIC_CONSTRAINTS *bcons, +@@ -58,17 +107,16 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + BASIC_CONSTRAINTS *bcons = NULL; + CONF_VALUE *val; + int i; +- +- if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) { ++ if (!(bcons = BASIC_CONSTRAINTS_new())) { + X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + val = sk_CONF_VALUE_value(values, i); +- if (strcmp(val->name, "CA") == 0) { ++ if (!strcmp(val->name, "CA")) { + if (!X509V3_get_value_bool(val, &bcons->ca)) + goto err; +- } else if (strcmp(val->name, "pathlen") == 0) { ++ } else if (!strcmp(val->name, "pathlen")) { + if (!X509V3_get_value_int(val, &bcons->pathlen)) + goto err; + } else { +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +index 4802116..b7bb3b5 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c +@@ -1,17 +1,66 @@ ++/* v3_bitst.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "ext_dat.h" + + static BIT_STRING_BITNAME ns_cert_type_table[] = { + {0, "SSL Client", "client"}, +@@ -63,19 +112,19 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bs; + int i; + BIT_STRING_BITNAME *bnam; +- if ((bs = ASN1_BIT_STRING_new()) == NULL) { ++ if (!(bs = M_ASN1_BIT_STRING_new())) { + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + for (bnam = method->usr_data; bnam->lname; bnam++) { +- if (strcmp(bnam->sname, val->name) == 0 +- || strcmp(bnam->lname, val->name) == 0) { ++ if (!strcmp(bnam->sname, val->name) || ++ !strcmp(bnam->lname, val->name)) { + if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, + ERR_R_MALLOC_FAILURE); +- ASN1_BIT_STRING_free(bs); ++ M_ASN1_BIT_STRING_free(bs); + return NULL; + } + break; +@@ -85,7 +134,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, + X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); + X509V3_conf_err(val); +- ASN1_BIT_STRING_free(bs); ++ M_ASN1_BIT_STRING_free(bs); + return NULL; + } + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +index f625ff5..c1b4c1a 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c +@@ -1,40 +1,88 @@ ++/* v3_conf.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* extension creation utilities */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + #include + +-static int v3_check_critical(const char **value); +-static int v3_check_generic(const char **value); ++static int v3_check_critical(char **value); ++static int v3_check_generic(char **value); + static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, +- int crit, const char *value); +-static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, ++ int crit, char *value); ++static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + int crit, int type, + X509V3_CTX *ctx); +-static char *conf_lhash_get_string(void *db, const char *section, const char *value); +-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section); ++static char *conf_lhash_get_string(void *db, char *section, char *value); ++static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); + static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, + int ext_nid, int crit, void *ext_struc); +-static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, ++static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, + long *ext_len); + /* CONF *conf: Config file */ + /* char *name: Name */ + /* char *value: Value */ +-X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, +- const char *value) ++X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, ++ char *value) + { + int crit; + int ext_type; +@@ -53,7 +101,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + /* CONF *conf: Config file */ + /* char *value: Value */ + X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, +- const char *value) ++ char *value) + { + int crit; + int ext_type; +@@ -67,18 +115,17 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + /* CONF *conf: Config file */ + /* char *value: Value */ + static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, +- int crit, const char *value) ++ int crit, char *value) + { + const X509V3_EXT_METHOD *method; + X509_EXTENSION *ext; + STACK_OF(CONF_VALUE) *nval; + void *ext_struc; +- + if (ext_nid == NID_undef) { + X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); + return NULL; + } +- if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { ++ if (!(method = X509V3_EXT_get_nid(ext_nid))) { + X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); + return NULL; + } +@@ -94,7 +141,7 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", + value); + if (*value != '@') +- sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); ++ sk_CONF_VALUE_free(nval); + return NULL; + } + ext_struc = method->v2i(method, ctx, nval); +@@ -103,14 +150,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + if (!ext_struc) + return NULL; + } else if (method->s2i) { +- if ((ext_struc = method->s2i(method, ctx, value)) == NULL) ++ if (!(ext_struc = method->s2i(method, ctx, value))) + return NULL; + } else if (method->r2i) { + if (!ctx->db || !ctx->db_meth) { + X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); + return NULL; + } +- if ((ext_struc = method->r2i(method, ctx, value)) == NULL) ++ if (!(ext_struc = method->r2i(method, ctx, value))) + return NULL; + } else { + X509V3err(X509V3_F_DO_EXT_NCONF, +@@ -131,9 +178,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, + int ext_nid, int crit, void *ext_struc) + { +- unsigned char *ext_der = NULL; ++ unsigned char *ext_der; + int ext_len; +- ASN1_OCTET_STRING *ext_oct = NULL; ++ ASN1_OCTET_STRING *ext_oct; + X509_EXTENSION *ext; + /* Convert internal representation to DER */ + if (method->it) { +@@ -144,30 +191,26 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, + goto merr; + } else { + unsigned char *p; +- + ext_len = method->i2d(ext_struc, NULL); +- if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) ++ if (!(ext_der = OPENSSL_malloc(ext_len))) + goto merr; + p = ext_der; + method->i2d(ext_struc, &p); + } +- if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) ++ if (!(ext_oct = M_ASN1_OCTET_STRING_new())) + goto merr; + ext_oct->data = ext_der; +- ext_der = NULL; + ext_oct->length = ext_len; + + ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); + if (!ext) + goto merr; +- ASN1_OCTET_STRING_free(ext_oct); ++ M_ASN1_OCTET_STRING_free(ext_oct); + + return ext; + + merr: + X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(ext_der); +- ASN1_OCTET_STRING_free(ext_oct); + return NULL; + + } +@@ -177,8 +220,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) + { + const X509V3_EXT_METHOD *method; +- +- if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { ++ if (!(method = X509V3_EXT_get_nid(ext_nid))) { + X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); + return NULL; + } +@@ -186,9 +228,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) + } + + /* Check the extension string for critical flag */ +-static int v3_check_critical(const char **value) ++static int v3_check_critical(char **value) + { +- const char *p = *value; ++ char *p = *value; + if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) + return 0; + p += 9; +@@ -199,14 +241,14 @@ static int v3_check_critical(const char **value) + } + + /* Check extension string for generic extension and return the type */ +-static int v3_check_generic(const char **value) ++static int v3_check_generic(char **value) + { + int gen_type = 0; +- const char *p = *value; +- if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { ++ char *p = *value; ++ if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { + p += 4; + gen_type = 1; +- } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { ++ } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { + p += 5; + gen_type = 2; + } else +@@ -219,17 +261,16 @@ static int v3_check_generic(const char **value) + } + + /* Create a generic extension: for now just handle DER type */ +-static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, ++static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, + int crit, int gen_type, + X509V3_CTX *ctx) + { + unsigned char *ext_der = NULL; +- long ext_len = 0; ++ long ext_len; + ASN1_OBJECT *obj = NULL; + ASN1_OCTET_STRING *oct = NULL; + X509_EXTENSION *extension = NULL; +- +- if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { ++ if (!(obj = OBJ_txt2obj(ext, 0))) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, + X509V3_R_EXTENSION_NAME_ERROR); + ERR_add_error_data(2, "name=", ext); +@@ -237,7 +278,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, + } + + if (gen_type == 1) +- ext_der = OPENSSL_hexstr2buf(value, &ext_len); ++ ext_der = string_to_hex(value, &ext_len); + else if (gen_type == 2) + ext_der = generic_asn1(value, ctx, &ext_len); + +@@ -248,7 +289,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, + goto err; + } + +- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { + X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -261,13 +302,14 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, + + err: + ASN1_OBJECT_free(obj); +- ASN1_OCTET_STRING_free(oct); +- OPENSSL_free(ext_der); ++ M_ASN1_OCTET_STRING_free(oct); ++ if (ext_der) ++ OPENSSL_free(ext_der); + return extension; + + } + +-static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, ++static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, + long *ext_len) + { + ASN1_TYPE *typ; +@@ -280,39 +322,24 @@ static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, + return ext_der; + } + +-static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext) +-{ +- int idx; +- ASN1_OBJECT *obj; +- obj = X509_EXTENSION_get_object(dext); +- while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) { +- X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx); +- X509v3_delete_ext(sk, idx); +- X509_EXTENSION_free(tmpext); +- } +-} +- + /* + * This is the main function: add a bunch of extensions based on a config + * file section to an extension STACK. + */ + +-int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, ++int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, + STACK_OF(X509_EXTENSION) **sk) + { + X509_EXTENSION *ext; + STACK_OF(CONF_VALUE) *nval; + CONF_VALUE *val; + int i; +- +- if ((nval = NCONF_get_section(conf, section)) == NULL) ++ if (!(nval = NCONF_get_section(conf, section))) + return 0; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); +- if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL) ++ if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) + return 0; +- if (ctx->flags == X509V3_CTX_REPLACE) +- delete_ext(*sk, ext); + if (sk) + X509v3_add_ext(sk, ext, -1); + X509_EXTENSION_free(ext); +@@ -324,29 +351,29 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + * Convenience functions to add extensions to a certificate, CRL and request + */ + +-int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, ++int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509 *cert) + { + STACK_OF(X509_EXTENSION) **sk = NULL; + if (cert) +- sk = &cert->cert_info.extensions; ++ sk = &cert->cert_info->extensions; + return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); + } + + /* Same as above but for a CRL */ + +-int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, ++int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_CRL *crl) + { + STACK_OF(X509_EXTENSION) **sk = NULL; + if (crl) +- sk = &crl->crl.extensions; ++ sk = &crl->crl->extensions; + return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); + } + + /* Add extensions to certificate request */ + +-int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, ++int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, + X509_REQ *req) + { + STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; +@@ -363,7 +390,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + + /* Config database functions */ + +-char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) ++char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) + { + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { + X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED); +@@ -374,7 +401,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) + return NULL; + } + +-STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section) ++STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section) + { + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { + X509V3err(X509V3_F_X509V3_GET_SECTION, +@@ -402,12 +429,12 @@ void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) + ctx->db_meth->free_section(ctx->db, section); + } + +-static char *nconf_get_string(void *db, const char *section, const char *value) ++static char *nconf_get_string(void *db, char *section, char *value) + { + return NCONF_get_string(db, section, value); + } + +-static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section) ++static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) + { + return NCONF_get_section(db, section); + } +@@ -438,7 +465,7 @@ void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, + /* Old conf compatibility functions */ + + X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *name, const char *value) ++ char *name, char *value) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -448,19 +475,19 @@ X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + /* LHASH *conf: Config file */ + /* char *value: Value */ + X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, +- X509V3_CTX *ctx, int ext_nid, const char *value) ++ X509V3_CTX *ctx, int ext_nid, char *value) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); + return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); + } + +-static char *conf_lhash_get_string(void *db, const char *section, const char *value) ++static char *conf_lhash_get_string(void *db, char *section, char *value) + { + return CONF_get_string(db, section, value); + } + +-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section) ++static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) + { + return CONF_get_section(db, section); + } +@@ -479,7 +506,7 @@ void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) + } + + int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *section, X509 *cert) ++ char *section, X509 *cert) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -489,7 +516,7 @@ int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + /* Same as above but for a CRL */ + + int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *section, X509_CRL *crl) ++ char *section, X509_CRL *crl) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +@@ -499,7 +526,7 @@ int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + /* Add extensions to certificate request */ + + int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, +- const char *section, X509_REQ *req) ++ char *section, X509_REQ *req) + { + CONF ctmp; + CONF_set_nconf(&ctmp, conf); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +index f717e13..d97f622 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c +@@ -1,28 +1,77 @@ ++/* v3_cpols.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + + #include "pcy_int.h" +-#include "ext_dat.h" + + /* Certificate policies extension support: this one is a bit complex... */ + + static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, + BIO *out, int indent); + static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *value); ++ X509V3_CTX *ctx, char *value); + static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, + int indent); + static void print_notice(BIO *out, USERNOTICE *notice, int indent); +@@ -84,7 +133,7 @@ ASN1_SEQUENCE(NOTICEREF) = { + IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) + + static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *value) ++ X509V3_CTX *ctx, char *value) + { + STACK_OF(POLICYINFO) *pols = NULL; + char *pstr; +@@ -113,7 +162,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, + goto err; + } + pstr = cnf->name; +- if (strcmp(pstr, "ia5org") == 0) { ++ if (!strcmp(pstr, "ia5org")) { + ia5org = 1; + continue; + } else if (*pstr == '@') { +@@ -127,10 +176,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, + } + pol = policy_section(ctx, polsect, ia5org); + X509V3_section_free(ctx, polsect); +- if (pol == NULL) ++ if (!pol) + goto err; + } else { +- if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { ++ if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { + X509V3err(X509V3_F_R2I_CERTPOL, + X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(cnf); +@@ -139,7 +188,6 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, + pol = POLICYINFO_new(); + if (pol == NULL) { + X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE); +- ASN1_OBJECT_free(pobj); + goto err; + } + pol->policyid = pobj; +@@ -165,14 +213,13 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, + CONF_VALUE *cnf; + POLICYINFO *pol; + POLICYQUALINFO *qual; +- +- if ((pol = POLICYINFO_new()) == NULL) ++ if (!(pol = POLICYINFO_new())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { + cnf = sk_CONF_VALUE_value(polstrs, i); +- if (strcmp(cnf->name, "policyIdentifier") == 0) { ++ if (!strcmp(cnf->name, "policyIdentifier")) { + ASN1_OBJECT *pobj; +- if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { ++ if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { + X509V3err(X509V3_F_POLICY_SECTION, + X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(cnf); +@@ -181,17 +228,17 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, + pol->policyid = pobj; + + } else if (!name_cmp(cnf->name, "CPS")) { +- if (pol->qualifiers == NULL) ++ if (!pol->qualifiers) + pol->qualifiers = sk_POLICYQUALINFO_new_null(); +- if ((qual = POLICYQUALINFO_new()) == NULL) ++ if (!(qual = POLICYQUALINFO_new())) + goto merr; + if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) + goto merr; +- if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { ++ if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } +- if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) ++ if (!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) + goto merr; + if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, + strlen(cnf->value))) +@@ -249,28 +296,27 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + CONF_VALUE *cnf; + USERNOTICE *not; + POLICYQUALINFO *qual; +- +- if ((qual = POLICYQUALINFO_new()) == NULL) ++ if (!(qual = POLICYQUALINFO_new())) + goto merr; +- if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { ++ if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } +- if ((not = USERNOTICE_new()) == NULL) ++ if (!(not = USERNOTICE_new())) + goto merr; + qual->d.usernotice = not; + for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { + cnf = sk_CONF_VALUE_value(unot, i); +- if (strcmp(cnf->name, "explicitText") == 0) { +- if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) ++ if (!strcmp(cnf->name, "explicitText")) { ++ if (!(not->exptext = M_ASN1_VISIBLESTRING_new())) + goto merr; + if (!ASN1_STRING_set(not->exptext, cnf->value, + strlen(cnf->value))) + goto merr; +- } else if (strcmp(cnf->name, "organization") == 0) { ++ } else if (!strcmp(cnf->name, "organization")) { + NOTICEREF *nref; + if (!not->noticeref) { +- if ((nref = NOTICEREF_new()) == NULL) ++ if (!(nref = NOTICEREF_new())) + goto merr; + not->noticeref = nref; + } else +@@ -282,11 +328,11 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + if (!ASN1_STRING_set(nref->organization, cnf->value, + strlen(cnf->value))) + goto merr; +- } else if (strcmp(cnf->name, "noticeNumbers") == 0) { ++ } else if (!strcmp(cnf->name, "noticeNumbers")) { + NOTICEREF *nref; + STACK_OF(CONF_VALUE) *nos; + if (!not->noticeref) { +- if ((nref = NOTICEREF_new()) == NULL) ++ if (!(nref = NOTICEREF_new())) + goto merr; + not->noticeref = nref; + } else +@@ -295,7 +341,6 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, + if (!nos || !sk_CONF_VALUE_num(nos)) { + X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS); + X509V3_conf_err(cnf); +- sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); + goto err; + } + ret = nref_nos(nref->noticenos, nos); +@@ -335,7 +380,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) + + for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { + cnf = sk_CONF_VALUE_value(nos, i); +- if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { ++ if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { + X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); + goto err; + } +@@ -345,10 +390,10 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) + return 1; + + merr: +- ASN1_INTEGER_free(aint); + X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE); + + err: ++ sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); + return 0; + } + +@@ -439,3 +484,8 @@ void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) + else + BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); + } ++ ++ ++IMPLEMENT_STACK_OF(X509_POLICY_NODE) ++ ++IMPLEMENT_STACK_OF(X509_POLICY_DATA) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +index c4c77f1..d3e1d1b 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c +@@ -1,22 +1,69 @@ ++/* v3_crld.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include + +-#include "internal/x509_int.h" +-#include "ext_dat.h" +- + static void *v2i_crld(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, +@@ -68,17 +115,16 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, + { + STACK_OF(GENERAL_NAME) *fnm = NULL; + STACK_OF(X509_NAME_ENTRY) *rnm = NULL; +- +- if (strncmp(cnf->name, "fullname", 9) == 0) { ++ if (!strncmp(cnf->name, "fullname", 9)) { + fnm = gnames_from_sectname(ctx, cnf->value); + if (!fnm) + goto err; +- } else if (strcmp(cnf->name, "relativename") == 0) { ++ } else if (!strcmp(cnf->name, "relativename")) { + int ret; + STACK_OF(CONF_VALUE) *dnsect; + X509_NAME *nm; + nm = X509_NAME_new(); +- if (nm == NULL) ++ if (!nm) + return -1; + dnsect = X509V3_get_section(ctx, cnf->value); + if (!dnsect) { +@@ -112,7 +158,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, + } + + *pdp = DIST_POINT_NAME_new(); +- if (*pdp == NULL) ++ if (!*pdp) + goto err; + if (fnm) { + (*pdp)->type = 0; +@@ -125,8 +171,10 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, + return 1; + + err: +- sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); +- sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); ++ if (fnm) ++ sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); ++ if (rnm) ++ sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); + return -1; + } + +@@ -150,19 +198,19 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value) + const char *bnam; + int i, ret = 0; + rsk = X509V3_parse_list(value); +- if (rsk == NULL) ++ if (!rsk) ++ return 0; ++ if (*preas) + return 0; +- if (*preas != NULL) +- goto err; + for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { + bnam = sk_CONF_VALUE_value(rsk, i)->name; +- if (*preas == NULL) { ++ if (!*preas) { + *preas = ASN1_BIT_STRING_new(); +- if (*preas == NULL) ++ if (!*preas) + goto err; + } + for (pbn = reason_flags; pbn->lname; pbn++) { +- if (strcmp(pbn->sname, bnam) == 0) { ++ if (!strcmp(pbn->sname, bnam)) { + if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) + goto err; + break; +@@ -207,7 +255,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, + CONF_VALUE *cnf; + DIST_POINT *point = NULL; + point = DIST_POINT_new(); +- if (point == NULL) ++ if (!point) + goto err; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + int ret; +@@ -217,10 +265,10 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, + continue; + if (ret < 0) + goto err; +- if (strcmp(cnf->name, "reasons") == 0) { ++ if (!strcmp(cnf->name, "reasons")) { + if (!set_reasons(&point->reasons, cnf->value)) + goto err; +- } else if (strcmp(cnf->name, "CRLissuer") == 0) { ++ } else if (!strcmp(cnf->name, "CRLissuer")) { + point->CRLissuer = gnames_from_sectname(ctx, cnf->value); + if (!point->CRLissuer) + goto err; +@@ -230,7 +278,8 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, + return point; + + err: +- DIST_POINT_free(point); ++ if (point) ++ DIST_POINT_free(point); + return NULL; + } + +@@ -242,8 +291,7 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, + GENERAL_NAME *gen = NULL; + CONF_VALUE *cnf; + int i; +- +- if ((crld = sk_DIST_POINT_new_null()) == NULL) ++ if (!(crld = sk_DIST_POINT_new_null())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + DIST_POINT *point; +@@ -262,20 +310,20 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, + goto merr; + } + } else { +- if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) ++ if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; +- if ((gens = GENERAL_NAMES_new()) == NULL) ++ if (!(gens = GENERAL_NAMES_new())) + goto merr; + if (!sk_GENERAL_NAME_push(gens, gen)) + goto merr; + gen = NULL; +- if ((point = DIST_POINT_new()) == NULL) ++ if (!(point = DIST_POINT_new())) + goto merr; + if (!sk_DIST_POINT_push(crld, point)) { + DIST_POINT_free(point); + goto merr; + } +- if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) ++ if (!(point->distpoint = DIST_POINT_NAME_new())) + goto merr; + point->distpoint->name.fullname = gens; + point->distpoint->type = 0; +@@ -293,6 +341,10 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, + return NULL; + } + ++IMPLEMENT_STACK_OF(DIST_POINT) ++ ++IMPLEMENT_ASN1_SET_OF(DIST_POINT) ++ + static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + void *exarg) + { +@@ -304,7 +356,8 @@ static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + break; + + case ASN1_OP_FREE_POST: +- X509_NAME_free(dpn->dpname); ++ if (dpn->dpname) ++ X509_NAME_free(dpn->dpname); + break; + } + return 1; +@@ -368,7 +421,7 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + char *name, *val; + int i, ret; + idp = ISSUING_DIST_POINT_new(); +- if (idp == NULL) ++ if (!idp) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); +@@ -379,19 +432,19 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + continue; + if (ret < 0) + goto err; +- if (strcmp(name, "onlyuser") == 0) { ++ if (!strcmp(name, "onlyuser")) { + if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) + goto err; +- } else if (strcmp(name, "onlyCA") == 0) { ++ } else if (!strcmp(name, "onlyCA")) { + if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) + goto err; +- } else if (strcmp(name, "onlyAA") == 0) { ++ } else if (!strcmp(name, "onlyAA")) { + if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) + goto err; +- } else if (strcmp(name, "indirectCRL") == 0) { ++ } else if (!strcmp(name, "indirectCRL")) { + if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) + goto err; +- } else if (strcmp(name, "onlysomereasons") == 0) { ++ } else if (!strcmp(name, "onlysomereasons")) { + if (!set_reasons(&idp->onlysomereasons, val)) + goto err; + } else { +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +index f39cb5a..7678664 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c +@@ -1,16 +1,65 @@ ++/* v3_enum.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "ext_dat.h" + + static ENUMERATED_NAMES crl_reasons[] = { + {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, +@@ -38,16 +87,14 @@ const X509V3_EXT_METHOD v3_crl_reason = { + crl_reasons + }; + +-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, +- const ASN1_ENUMERATED *e) ++char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e) + { + ENUMERATED_NAMES *enam; + long strval; +- + strval = ASN1_ENUMERATED_get(e); + for (enam = method->usr_data; enam->lname; enam++) { + if (strval == enam->bitnum) +- return OPENSSL_strdup(enam->lname); ++ return BUF_strdup(enam->lname); + } + return i2s_ASN1_ENUMERATED(method, e); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +index bae755e..6092c2e 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c +@@ -1,18 +1,67 @@ ++/* v3_extku.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "ext_dat.h" + + static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, +@@ -76,7 +125,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + CONF_VALUE *val; + int i; + +- if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { ++ if (!(extku = sk_ASN1_OBJECT_new_null())) { + X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -87,7 +136,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + extval = val->value; + else + extval = val->name; +- if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { ++ if (!(objtmp = OBJ_txt2obj(extval, 0))) { + sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); + X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, + X509V3_R_INVALID_OBJECT_IDENTIFIER); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +index 8d11997..7f40bfa 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c +@@ -1,14 +1,64 @@ ++/* v3_genn.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +@@ -179,7 +229,7 @@ int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + { + OTHERNAME *oth; + oth = OTHERNAME_new(); +- if (oth == NULL) ++ if (!oth) + return 0; + oth->type_id = oid; + oth->value = value; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +index c1170d4..c170a55 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c +@@ -1,20 +1,73 @@ ++/* v3_ia5.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "ext_dat.h" + +-const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { ++static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ++ ASN1_IA5STRING *ia5); ++static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, char *str); ++const X509V3_EXT_METHOD v3_ns_ia5_list[] = { + EXT_IA5STRING(NID_netscape_base_url), + EXT_IA5STRING(NID_netscape_revocation_url), + EXT_IA5STRING(NID_netscape_ca_revocation_url), +@@ -25,13 +78,13 @@ const X509V3_EXT_METHOD v3_ns_ia5_list[8] = { + EXT_END + }; + +-char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) ++static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ++ ASN1_IA5STRING *ia5) + { + char *tmp; +- + if (!ia5 || !ia5->length) + return NULL; +- if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) { ++ if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { + X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -40,8 +93,8 @@ char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) + return tmp; + } + +-ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *str) ++static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, char *str) + { + ASN1_IA5STRING *ia5; + if (!str) { +@@ -49,11 +102,12 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_R_INVALID_NULL_ARGUMENT); + return NULL; + } +- if ((ia5 = ASN1_IA5STRING_new()) == NULL) ++ if (!(ia5 = M_ASN1_IA5STRING_new())) ++ goto err; ++ if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, ++ strlen(str))) { ++ M_ASN1_IA5STRING_free(ia5); + goto err; +- if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) { +- ASN1_IA5STRING_free(ia5); +- return NULL; + } + #ifdef CHARSET_EBCDIC + ebcdic2ascii(ia5->data, ia5->data, ia5->length); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +index 61ef213..e052a34 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c +@@ -1,19 +1,68 @@ ++/* v3_info.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "ext_dat.h" + + static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD + *method, AUTHORITY_INFO_ACCESS +@@ -76,14 +125,14 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD + i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); + nlen = strlen(objtmp) + strlen(vtmp->name) + 5; + ntmp = OPENSSL_malloc(nlen); +- if (ntmp == NULL) { ++ if (!ntmp) { + X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, + ERR_R_MALLOC_FAILURE); + return NULL; + } +- OPENSSL_strlcpy(ntmp, objtmp, nlen); +- OPENSSL_strlcat(ntmp, " - ", nlen); +- OPENSSL_strlcat(ntmp, vtmp->name, nlen); ++ BUF_strlcpy(ntmp, objtmp, nlen); ++ BUF_strlcat(ntmp, " - ", nlen); ++ BUF_strlcat(ntmp, vtmp->name, nlen); + OPENSSL_free(vtmp->name); + vtmp->name = ntmp; + +@@ -104,14 +153,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD + ACCESS_DESCRIPTION *acc; + int i, objlen; + char *objtmp, *ptmp; +- +- if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) { ++ if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); +- if ((acc = ACCESS_DESCRIPTION_new()) == NULL ++ if (!(acc = ACCESS_DESCRIPTION_new()) + || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, + ERR_R_MALLOC_FAILURE); +@@ -128,11 +176,13 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD + ctmp.value = cnf->value; + if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) + goto err; +- if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) { ++ if (!(objtmp = OPENSSL_malloc(objlen + 1))) { + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, + ERR_R_MALLOC_FAILURE); + goto err; + } ++ strncpy(objtmp, cnf->name, objlen); ++ objtmp[objlen] = 0; + acc->method = OBJ_txt2obj(objtmp, 0); + if (!acc->method) { + X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, +@@ -150,8 +200,11 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD + return NULL; + } + +-int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a) ++int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) + { + i2a_ASN1_OBJECT(bp, a->method); ++#ifdef UNDEF ++ i2a_GENERAL_NAME(bp, a->location); ++#endif + return 2; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +index 690c90e..8bfdb37 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c +@@ -1,16 +1,65 @@ ++/* v3_int.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "ext_dat.h" + + const X509V3_EXT_METHOD v3_crl_num = { + NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), +@@ -29,7 +78,7 @@ const X509V3_EXT_METHOD v3_delta_crl = { + }; + + static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, +- const char *value) ++ char *value) + { + return s2i_ASN1_INTEGER(meth, value); + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +index a3ca720..8350429 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c +@@ -1,16 +1,65 @@ ++/* v3_lib.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* X509 v3 extension utilities */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + +@@ -24,8 +73,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext); + + int X509V3_EXT_add(X509V3_EXT_METHOD *ext) + { +- if (ext_list == NULL +- && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) { ++ if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { + X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -47,74 +95,6 @@ DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, + IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *, + const X509V3_EXT_METHOD *, ext); + +-/* +- * This table will be searched using OBJ_bsearch so it *must* kept in order +- * of the ext_nid values. +- */ +- +-static const X509V3_EXT_METHOD *standard_exts[] = { +- &v3_nscert, +- &v3_ns_ia5_list[0], +- &v3_ns_ia5_list[1], +- &v3_ns_ia5_list[2], +- &v3_ns_ia5_list[3], +- &v3_ns_ia5_list[4], +- &v3_ns_ia5_list[5], +- &v3_ns_ia5_list[6], +- &v3_skey_id, +- &v3_key_usage, +- &v3_pkey_usage_period, +- &v3_alt[0], +- &v3_alt[1], +- &v3_bcons, +- &v3_crl_num, +- &v3_cpols, +- &v3_akey_id, +- &v3_crld, +- &v3_ext_ku, +- &v3_delta_crl, +- &v3_crl_reason, +-#ifndef OPENSSL_NO_OCSP +- &v3_crl_invdate, +-#endif +- &v3_sxnet, +- &v3_info, +-#ifndef OPENSSL_NO_RFC3779 +- &v3_addr, +- &v3_asid, +-#endif +-#ifndef OPENSSL_NO_OCSP +- &v3_ocsp_nonce, +- &v3_ocsp_crlid, +- &v3_ocsp_accresp, +- &v3_ocsp_nocheck, +- &v3_ocsp_acutoff, +- &v3_ocsp_serviceloc, +-#endif +- &v3_sinfo, +- &v3_policy_constraints, +-#ifndef OPENSSL_NO_OCSP +- &v3_crl_hold, +-#endif +- &v3_pci, +- &v3_name_constraints, +- &v3_policy_mappings, +- &v3_inhibit_anyp, +- &v3_idp, +- &v3_alt[2], +- &v3_freshest_crl, +-#ifndef OPENSSL_NO_CT +- &v3_ct_scts[0], +- &v3_ct_scts[1], +- &v3_ct_scts[2], +-#endif +- &v3_tls_feature, +-}; +- +-/* Number of standard extensions */ +- +-#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) +- + const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) + { + X509V3_EXT_METHOD tmp; +@@ -137,11 +117,33 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) + const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) + { + int nid; +- if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef) ++ if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) + return NULL; + return X509V3_EXT_get_nid(nid); + } + ++int X509V3_EXT_free(int nid, void *ext_data) ++{ ++ const X509V3_EXT_METHOD *ext_method = X509V3_EXT_get_nid(nid); ++ if (ext_method == NULL) { ++ X509V3err(X509V3_F_X509V3_EXT_FREE, ++ X509V3_R_CANNOT_FIND_FREE_FUNCTION); ++ return 0; ++ } ++ ++ if (ext_method->it != NULL) ++ ASN1_item_free(ext_data, ASN1_ITEM_ptr(ext_method->it)); ++ else if (ext_method->ext_free != NULL) ++ ext_method->ext_free(ext_data); ++ else { ++ X509V3err(X509V3_F_X509V3_EXT_FREE, ++ X509V3_R_CANNOT_FIND_FREE_FUNCTION); ++ return 0; ++ } ++ ++ return 1; ++} ++ + int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) + { + for (; extlist->ext_nid != -1; extlist++) +@@ -155,11 +157,14 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) + const X509V3_EXT_METHOD *ext; + X509V3_EXT_METHOD *tmpext; + +- if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) { +- X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND); ++ if (!(ext = X509V3_EXT_get_nid(nid_from))) { ++ X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ++ X509V3_R_EXTENSION_NOT_FOUND); + return 0; + } +- if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) { ++ if (! ++ (tmpext = ++ (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -197,17 +202,14 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) + { + const X509V3_EXT_METHOD *method; + const unsigned char *p; +- ASN1_STRING *extvalue; +- int extlen; + +- if ((method = X509V3_EXT_get(ext)) == NULL) ++ if (!(method = X509V3_EXT_get(ext))) + return NULL; +- extvalue = X509_EXTENSION_get_data(ext); +- p = ASN1_STRING_get0_data(extvalue); +- extlen = ASN1_STRING_length(extvalue); ++ p = ext->value->data; + if (method->it) +- return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); +- return method->d2i(NULL, &p, extlen); ++ return ASN1_item_d2i(NULL, &p, ext->value->length, ++ ASN1_ITEM_ptr(method->it)); ++ return method->d2i(NULL, &p, ext->value->length); + } + + /*- +@@ -226,7 +228,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) + * -2 extension occurs more than once. + */ + +-void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, ++void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx) + { + int lastpos, i; +@@ -246,7 +248,7 @@ void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + lastpos = 0; + for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { + ex = sk_X509_EXTENSION_value(x, i); +- if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) { ++ if (OBJ_obj2nid(ex->object) == nid) { + if (idx) { + *idx = i; + found_ex = ex; +@@ -345,8 +347,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + return 1; + } + +- if (*x == NULL +- && (*x = sk_X509_EXTENSION_new_null()) == NULL) ++ if (!*x && !(*x = sk_X509_EXTENSION_new_null())) + return -1; + if (!sk_X509_EXTENSION_push(*x, ext)) + return -1; +@@ -358,3 +359,5 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode); + return 0; + } ++ ++IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +index 9b3bb12..2855269 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c +@@ -1,22 +1,68 @@ ++/* v3_ncons.c */ + /* +- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" +-#include "internal/asn1_int.h" ++#include "cryptlib.h" + #include + #include + #include + +-#include "internal/x509_int.h" +-#include "ext_dat.h" +- + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); +@@ -24,7 +70,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + BIO *bp, int ind); + static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, +- int ind, const char *name); ++ int ind, char *name); + static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + + static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); +@@ -33,7 +79,6 @@ static int nc_dn(X509_NAME *sub, X509_NAME *nm); + static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); + static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); + static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); +-static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base); + + const X509V3_EXT_METHOD v3_name_constraints = { + NID_name_constraints, 0, +@@ -70,16 +115,15 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) **ptree = NULL; + NAME_CONSTRAINTS *ncons = NULL; + GENERAL_SUBTREE *sub = NULL; +- + ncons = NAME_CONSTRAINTS_new(); +- if (ncons == NULL) ++ if (!ncons) + goto memerr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); +- if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { ++ if (!strncmp(val->name, "permitted", 9) && val->name[9]) { + ptree = &ncons->permittedSubtrees; + tval.name = val->name + 10; +- } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { ++ } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { + ptree = &ncons->excludedSubtrees; + tval.name = val->name + 9; + } else { +@@ -92,9 +136,9 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + goto memerr; + if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) + goto err; +- if (*ptree == NULL) ++ if (!*ptree) + *ptree = sk_GENERAL_SUBTREE_new_null(); +- if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub)) ++ if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + goto memerr; + sub = NULL; + } +@@ -104,8 +148,10 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + memerr: + X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + err: +- NAME_CONSTRAINTS_free(ncons); +- GENERAL_SUBTREE_free(sub); ++ if (ncons) ++ NAME_CONSTRAINTS_free(ncons); ++ if (sub) ++ GENERAL_SUBTREE_free(sub); + + return NULL; + } +@@ -123,7 +169,7 @@ static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + + static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, +- BIO *bp, int ind, const char *name) ++ BIO *bp, int ind, char *name) + { + GENERAL_SUBTREE *tree; + int i; +@@ -199,8 +245,7 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) + /* Process any email address attributes in subject name */ + + for (i = -1;;) { +- const X509_NAME_ENTRY *ne; +- ++ X509_NAME_ENTRY *ne; + i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i); + if (i == -1) + break; +@@ -228,51 +273,6 @@ int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) + + } + +-int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc) +-{ +- int r, i; +- X509_NAME *nm; +- +- ASN1_STRING stmp; +- GENERAL_NAME gntmp; +- stmp.flags = 0; +- stmp.type = V_ASN1_IA5STRING; +- gntmp.type = GEN_DNS; +- gntmp.d.dNSName = &stmp; +- +- nm = X509_get_subject_name(x); +- +- /* Process any commonName attributes in subject name */ +- +- for (i = -1;;) { +- X509_NAME_ENTRY *ne; +- ASN1_STRING *hn; +- i = X509_NAME_get_index_by_NID(nm, NID_commonName, i); +- if (i == -1) +- break; +- ne = X509_NAME_get_entry(nm, i); +- hn = X509_NAME_ENTRY_get_data(ne); +- /* Only process attributes that look like host names */ +- if (asn1_valid_host(hn)) { +- unsigned char *h; +- int hlen = ASN1_STRING_to_UTF8(&h, hn); +- if (hlen <= 0) +- return X509_V_ERR_OUT_OF_MEM; +- +- stmp.length = hlen; +- stmp.data = h; +- +- r = nc_match(&gntmp, nc); +- +- OPENSSL_free(h); +- +- if (r != X509_V_OK) +- return r; +- } +- } +- return X509_V_OK; +-} +- + static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + { + GENERAL_SUBTREE *sub; +@@ -341,9 +341,6 @@ static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) + return nc_uri(gen->d.uniformResourceIdentifier, + base->d.uniformResourceIdentifier); + +- case GEN_IPADD: +- return nc_ip(gen->d.iPAddress, base->d.iPAddress); +- + default: + return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; + } +@@ -403,11 +400,11 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) + const char *emlat = strchr(emlptr, '@'); + if (!emlat) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; +- /* Special case: initial '.' is RHS match */ ++ /* Special case: inital '.' is RHS match */ + if (!baseat && (*baseptr == '.')) { + if (eml->length > base->length) { + emlptr += eml->length - base->length; +- if (strcasecmp(baseptr, emlptr) == 0) ++ if (!strcasecmp(baseptr, emlptr)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; +@@ -463,11 +460,11 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) + if (hostlen == 0) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + +- /* Special case: initial '.' is RHS match */ ++ /* Special case: inital '.' is RHS match */ + if (*baseptr == '.') { + if (hostlen > base->length) { + p = hostptr + hostlen - base->length; +- if (strncasecmp(p, baseptr, base->length) == 0) ++ if (!strncasecmp(p, baseptr, base->length)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; +@@ -480,34 +477,3 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) + return X509_V_OK; + + } +- +-static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base) +-{ +- int hostlen, baselen, i; +- unsigned char *hostptr, *baseptr, *maskptr; +- hostptr = ip->data; +- hostlen = ip->length; +- baseptr = base->data; +- baselen = base->length; +- +- /* Invalid if not IPv4 or IPv6 */ +- if (!((hostlen == 4) || (hostlen == 16))) +- return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; +- if (!((baselen == 8) || (baselen == 32))) +- return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; +- +- /* Do not match IPv4 with IPv6 */ +- if (hostlen * 2 != baselen) +- return X509_V_ERR_PERMITTED_VIOLATION; +- +- maskptr = base->data + hostlen; +- +- /* Considering possible not aligned base ipAddress */ +- /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */ +- for (i = 0; i < hostlen; i++) +- if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i])) +- return X509_V_ERR_PERMITTED_VIOLATION; +- +- return X509_V_OK; +- +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +new file mode 100644 +index 0000000..b151eac +--- /dev/null ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c +@@ -0,0 +1,312 @@ ++/* v3_ocsp.c */ ++/* ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++#ifndef OPENSSL_NO_OCSP ++ ++# include ++# include "cryptlib.h" ++# include ++# include ++# include ++# include ++ ++/* ++ * OCSP extensions and a couple of CRL entry extensions ++ */ ++ ++static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent); ++static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent); ++static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, ++ int indent); ++ ++static void *ocsp_nonce_new(void); ++static int i2d_ocsp_nonce(void *a, unsigned char **pp); ++static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); ++static void ocsp_nonce_free(void *a); ++static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent); ++ ++static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, ++ void *nocheck, BIO *out, int indent); ++static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, const char *str); ++static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, ++ BIO *bp, int ind); ++ ++const X509V3_EXT_METHOD v3_ocsp_crlid = { ++ NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_crlid, 0, ++ NULL ++}; ++ ++const X509V3_EXT_METHOD v3_ocsp_acutoff = { ++ NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_acutoff, 0, ++ NULL ++}; ++ ++const X509V3_EXT_METHOD v3_crl_invdate = { ++ NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_acutoff, 0, ++ NULL ++}; ++ ++const X509V3_EXT_METHOD v3_crl_hold = { ++ NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_object, 0, ++ NULL ++}; ++ ++const X509V3_EXT_METHOD v3_ocsp_nonce = { ++ NID_id_pkix_OCSP_Nonce, 0, NULL, ++ ocsp_nonce_new, ++ ocsp_nonce_free, ++ d2i_ocsp_nonce, ++ i2d_ocsp_nonce, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_nonce, 0, ++ NULL ++}; ++ ++const X509V3_EXT_METHOD v3_ocsp_nocheck = { ++ NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), ++ 0, 0, 0, 0, ++ 0, s2i_ocsp_nocheck, ++ 0, 0, ++ i2r_ocsp_nocheck, 0, ++ NULL ++}; ++ ++const X509V3_EXT_METHOD v3_ocsp_serviceloc = { ++ NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), ++ 0, 0, 0, 0, ++ 0, 0, ++ 0, 0, ++ i2r_ocsp_serviceloc, 0, ++ NULL ++}; ++ ++static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, ++ int ind) ++{ ++ OCSP_CRLID *a = in; ++ if (a->crlUrl) { ++ if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) ++ goto err; ++ if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (a->crlNum) { ++ if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) ++ goto err; ++ if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ if (a->crlTime) { ++ if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) ++ goto err; ++ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) ++ goto err; ++ if (BIO_write(bp, "\n", 1) <= 0) ++ goto err; ++ } ++ return 1; ++ err: ++ return 0; ++} ++ ++static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, ++ BIO *bp, int ind) ++{ ++ if (BIO_printf(bp, "%*s", ind, "") <= 0) ++ return 0; ++ if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) ++ return 0; ++ return 1; ++} ++ ++static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, ++ int ind) ++{ ++ if (BIO_printf(bp, "%*s", ind, "") <= 0) ++ return 0; ++ if (i2a_ASN1_OBJECT(bp, oid) <= 0) ++ return 0; ++ return 1; ++} ++ ++/* ++ * OCSP nonce. This is needs special treatment because it doesn't have an ++ * ASN1 encoding at all: it just contains arbitrary data. ++ */ ++ ++static void *ocsp_nonce_new(void) ++{ ++ return ASN1_OCTET_STRING_new(); ++} ++ ++static int i2d_ocsp_nonce(void *a, unsigned char **pp) ++{ ++ ASN1_OCTET_STRING *os = a; ++ if (pp) { ++ memcpy(*pp, os->data, os->length); ++ *pp += os->length; ++ } ++ return os->length; ++} ++ ++static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) ++{ ++ ASN1_OCTET_STRING *os, **pos; ++ pos = a; ++ if (!pos || !*pos) ++ os = ASN1_OCTET_STRING_new(); ++ else ++ os = *pos; ++ if (!ASN1_OCTET_STRING_set(os, *pp, length)) ++ goto err; ++ ++ *pp += length; ++ ++ if (pos) ++ *pos = os; ++ return os; ++ ++ err: ++ if (os && (!pos || (*pos != os))) ++ M_ASN1_OCTET_STRING_free(os); ++ OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); ++ return NULL; ++} ++ ++static void ocsp_nonce_free(void *a) ++{ ++ M_ASN1_OCTET_STRING_free(a); ++} ++ ++static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, ++ BIO *out, int indent) ++{ ++ if (BIO_printf(out, "%*s", indent, "") <= 0) ++ return 0; ++ if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) ++ return 0; ++ return 1; ++} ++ ++/* Nocheck is just a single NULL. Don't print anything and always set it */ ++ ++static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, ++ BIO *out, int indent) ++{ ++ return 1; ++} ++ ++static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, ++ X509V3_CTX *ctx, const char *str) ++{ ++ return ASN1_NULL_new(); ++} ++ ++static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, ++ BIO *bp, int ind) ++{ ++ int i; ++ OCSP_SERVICELOC *a = in; ++ ACCESS_DESCRIPTION *ad; ++ ++ if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) ++ goto err; ++ if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) ++ goto err; ++ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { ++ ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); ++ if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) ++ goto err; ++ if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) ++ goto err; ++ if (BIO_puts(bp, " - ") <= 0) ++ goto err; ++ if (GENERAL_NAME_print(bp, ad->location) <= 0) ++ goto err; ++ } ++ return 1; ++ err: ++ return 0; ++} ++#endif +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +index 2c05edb..12f12a7 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c +@@ -1,12 +1,8 @@ ++/* v3_pci.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Contributed to the OpenSSL Project 2004 by Richard Levitte ++ * (richard@levitte.org) + */ +- + /* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. +@@ -40,10 +36,9 @@ + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "ext_dat.h" + + static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, + BIO *out, int indent); +@@ -91,7 +86,7 @@ static int process_pci_value(CONF_VALUE *val, + X509V3_conf_err(val); + return 0; + } +- if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) { ++ if (!(*language = OBJ_txt2obj(val->value, 0))) { + X509V3err(X509V3_F_PROCESS_PCI_VALUE, + X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); +@@ -115,7 +110,7 @@ static int process_pci_value(CONF_VALUE *val, + long val_len; + if (!*policy) { + *policy = ASN1_OCTET_STRING_new(); +- if (*policy == NULL) { ++ if (!*policy) { + X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + return 0; +@@ -124,9 +119,11 @@ static int process_pci_value(CONF_VALUE *val, + } + if (strncmp(val->value, "hex:", 4) == 0) { + unsigned char *tmp_data2 = +- OPENSSL_hexstr2buf(val->value + 4, &val_len); ++ string_to_hex(val->value + 4, &val_len); + + if (!tmp_data2) { ++ X509V3err(X509V3_F_PROCESS_PCI_VALUE, ++ X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } +@@ -145,7 +142,6 @@ static int process_pci_value(CONF_VALUE *val, + * realloc failure implies the original data space is b0rked + * too! + */ +- OPENSSL_free((*policy)->data); + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); +@@ -153,6 +149,7 @@ static int process_pci_value(CONF_VALUE *val, + goto err; + } + OPENSSL_free(tmp_data2); ++#ifndef OPENSSL_NO_STDIO + } else if (strncmp(val->value, "file:", 5) == 0) { + unsigned char buf[2048]; + int n; +@@ -170,16 +167,8 @@ static int process_pci_value(CONF_VALUE *val, + tmp_data = OPENSSL_realloc((*policy)->data, + (*policy)->length + n + 1); + +- if (!tmp_data) { +- OPENSSL_free((*policy)->data); +- (*policy)->data = NULL; +- (*policy)->length = 0; +- X509V3err(X509V3_F_PROCESS_PCI_VALUE, +- ERR_R_MALLOC_FAILURE); +- X509V3_conf_err(val); +- BIO_free_all(b); +- goto err; +- } ++ if (!tmp_data) ++ break; + + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], buf, n); +@@ -193,6 +182,7 @@ static int process_pci_value(CONF_VALUE *val, + X509V3_conf_err(val); + goto err; + } ++#endif /* !OPENSSL_NO_STDIO */ + } else if (strncmp(val->value, "text:", 5) == 0) { + val_len = strlen(val->value + 5); + tmp_data = OPENSSL_realloc((*policy)->data, +@@ -208,7 +198,6 @@ static int process_pci_value(CONF_VALUE *val, + * realloc failure implies the original data space is b0rked + * too! + */ +- OPENSSL_free((*policy)->data); + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE); +@@ -295,7 +284,7 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, + } + + pci = PROXY_CERT_INFO_EXTENSION_new(); +- if (pci == NULL) { ++ if (!pci) { + X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -308,13 +297,22 @@ static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, + pathlen = NULL; + goto end; + err: +- ASN1_OBJECT_free(language); +- ASN1_INTEGER_free(pathlen); +- pathlen = NULL; +- ASN1_OCTET_STRING_free(policy); +- policy = NULL; +- PROXY_CERT_INFO_EXTENSION_free(pci); +- pci = NULL; ++ if (language) { ++ ASN1_OBJECT_free(language); ++ language = NULL; ++ } ++ if (pathlen) { ++ ASN1_INTEGER_free(pathlen); ++ pathlen = NULL; ++ } ++ if (policy) { ++ ASN1_OCTET_STRING_free(policy); ++ policy = NULL; ++ } ++ if (pci) { ++ PROXY_CERT_INFO_EXTENSION_free(pci); ++ pci = NULL; ++ } + end: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); + return pci; +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +index e6f7a91..e53c82e 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c +@@ -1,12 +1,8 @@ ++/* v3_pcia.c */ + /* +- * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Contributed to the OpenSSL Project 2004 by Richard Levitte ++ * (richard@levitte.org) + */ +- + /* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +index 24f7ff4..cfccb97 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c +@@ -1,19 +1,68 @@ ++/* v3_pcons.c */ + /* +- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "ext_dat.h" + + static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD + *method, void *bcons, STACK_OF(CONF_VALUE) +@@ -59,17 +108,16 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + POLICY_CONSTRAINTS *pcons = NULL; + CONF_VALUE *val; + int i; +- +- if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) { ++ if (!(pcons = POLICY_CONSTRAINTS_new())) { + X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + val = sk_CONF_VALUE_value(values, i); +- if (strcmp(val->name, "requireExplicitPolicy") == 0) { ++ if (!strcmp(val->name, "requireExplicitPolicy")) { + if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) + goto err; +- } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) { ++ } else if (!strcmp(val->name, "inhibitPolicyMapping")) { + if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) + goto err; + } else { +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +index ed82bca..dd01c44 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c +@@ -1,18 +1,67 @@ ++/* v3_pku.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "ext_dat.h" + + static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, + PKEY_USAGE_PERIOD *usage, BIO *out, +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +index 73f4ec2..a168343 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c +@@ -1,18 +1,67 @@ ++/* v3_pmaps.c */ + /* +- * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include +-#include "ext_dat.h" + + static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +@@ -64,13 +113,13 @@ static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD + static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { +- POLICY_MAPPINGS *pmaps = NULL; +- POLICY_MAPPING *pmap = NULL; +- ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; ++ POLICY_MAPPINGS *pmaps; ++ POLICY_MAPPING *pmap; ++ ASN1_OBJECT *obj1, *obj2; + CONF_VALUE *val; + int i; + +- if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { ++ if (!(pmaps = sk_POLICY_MAPPING_new_null())) { + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -78,33 +127,30 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if (!val->value || !val->name) { ++ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, + X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); +- goto err; ++ return NULL; + } + obj1 = OBJ_txt2obj(val->name, 0); + obj2 = OBJ_txt2obj(val->value, 0); + if (!obj1 || !obj2) { ++ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, + X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); +- goto err; ++ return NULL; + } + pmap = POLICY_MAPPING_new(); +- if (pmap == NULL) { ++ if (!pmap) { ++ sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); +- goto err; ++ return NULL; + } + pmap->issuerDomainPolicy = obj1; + pmap->subjectDomainPolicy = obj2; +- obj1 = obj2 = NULL; + sk_POLICY_MAPPING_push(pmaps, pmap); + } + return pmaps; +- err: +- ASN1_OBJECT_free(obj1); +- ASN1_OBJECT_free(obj2); +- sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); +- return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +index f384c34..acc9c6d 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c +@@ -1,22 +1,71 @@ ++/* v3_prn.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* X509 v3 extension utilities */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + + /* Extension printing routines */ + +-static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, ++static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, + unsigned long flag, int indent, int supported); + + /* Print out a name+value stack */ +@@ -52,7 +101,7 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + char *tmp; + len = strlen(nval->value) + 1; + tmp = OPENSSL_malloc(len); +- if (tmp != NULL) { ++ if (tmp) { + ascii2ebcdic(tmp, nval->value, len); + BIO_printf(out, "%s:%s", nval->name, tmp); + OPENSSL_free(tmp); +@@ -71,29 +120,26 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + { + void *ext_str = NULL; + char *value = NULL; +- ASN1_OCTET_STRING *extoct; + const unsigned char *p; +- int extlen; + const X509V3_EXT_METHOD *method; + STACK_OF(CONF_VALUE) *nval = NULL; + int ok = 1; + +- extoct = X509_EXTENSION_get_data(ext); +- p = ASN1_STRING_get0_data(extoct); +- extlen = ASN1_STRING_length(extoct); +- +- if ((method = X509V3_EXT_get(ext)) == NULL) +- return unknown_ext_print(out, p, extlen, flag, indent, 0); ++ if (!(method = X509V3_EXT_get(ext))) ++ return unknown_ext_print(out, ext, flag, indent, 0); ++ p = ext->value->data; + if (method->it) +- ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); ++ ext_str = ++ ASN1_item_d2i(NULL, &p, ext->value->length, ++ ASN1_ITEM_ptr(method->it)); + else +- ext_str = method->d2i(NULL, &p, extlen); ++ ext_str = method->d2i(NULL, &p, ext->value->length); + + if (!ext_str) +- return unknown_ext_print(out, p, extlen, flag, indent, 1); ++ return unknown_ext_print(out, ext, flag, indent, 1); + + if (method->i2s) { +- if ((value = method->i2s(method, ext_str)) == NULL) { ++ if (!(value = method->i2s(method, ext_str))) { + ok = 0; + goto err; + } +@@ -105,7 +151,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + char *tmp; + len = strlen(value) + 1; + tmp = OPENSSL_malloc(len); +- if (tmp != NULL) { ++ if (tmp) { + ascii2ebcdic(tmp, value, len); + BIO_printf(out, "%*s%s", indent, "", tmp); + OPENSSL_free(tmp); +@@ -113,7 +159,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + } + #endif + } else if (method->i2v) { +- if ((nval = method->i2v(method, ext_str, NULL)) == NULL) { ++ if (!(nval = method->i2v(method, ext_str, NULL))) { + ok = 0; + goto err; + } +@@ -127,7 +173,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + + err: + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); +- OPENSSL_free(value); ++ if (value) ++ OPENSSL_free(value); + if (method->it) + ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); + else +@@ -135,8 +182,8 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + return ok; + } + +-int X509V3_extensions_print(BIO *bp, const char *title, +- const STACK_OF(X509_EXTENSION) *exts, ++int X509V3_extensions_print(BIO *bp, char *title, ++ STACK_OF(X509_EXTENSION) *exts, + unsigned long flag, int indent) + { + int i, j; +@@ -162,7 +209,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, + return 0; + if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) { + BIO_printf(bp, "%*s", indent + 4, ""); +- ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex)); ++ M_ASN1_OCTET_STRING_print(bp, ex->value); + } + if (BIO_write(bp, "\n", 1) <= 0) + return 0; +@@ -170,7 +217,7 @@ int X509V3_extensions_print(BIO *bp, const char *title, + return 1; + } + +-static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, ++static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, + unsigned long flag, int indent, int supported) + { + switch (flag & X509V3_EXT_UNKNOWN_MASK) { +@@ -186,22 +233,24 @@ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen, + return 1; + + case X509V3_EXT_PARSE_UNKNOWN: +- return ASN1_parse_dump(out, ext, extlen, indent, -1); ++ return ASN1_parse_dump(out, ++ ext->value->data, ext->value->length, indent, ++ -1); + case X509V3_EXT_DUMP_UNKNOWN: +- return BIO_dump_indent(out, (const char *)ext, extlen, indent); ++ return BIO_dump_indent(out, (char *)ext->value->data, ++ ext->value->length, indent); + + default: + return 1; + } + } + +-#ifndef OPENSSL_NO_STDIO ++#ifndef OPENSSL_NO_FP_API + int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) + { + BIO *bio_tmp; + int ret; +- +- if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) ++ if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) + return 0; + ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); + BIO_free(bio_tmp); +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +index 451e7f8..845be67 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c +@@ -1,18 +1,66 @@ ++/* v3_purp.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 2001. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" +-#include "internal/numbers.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + + static void x509v3_cache_extensions(X509 *x); + +@@ -60,7 +108,9 @@ static X509_PURPOSE xstandard[] = { + NULL}, + }; + +-#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) ++#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) ++ ++IMPLEMENT_STACK_OF(X509_PURPOSE) + + static STACK_OF(X509_PURPOSE) *xptable = NULL; + +@@ -79,11 +129,10 @@ int X509_check_purpose(X509 *x, int id, int ca) + int idx; + const X509_PURPOSE *pt; + if (!(x->ex_flags & EXFLAG_SET)) { +- CRYPTO_THREAD_write_lock(x->lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(x); +- CRYPTO_THREAD_unlock(x->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } +- /* Return if side-effect only call */ + if (id == -1) + return 1; + idx = X509_PURPOSE_get_by_id(id); +@@ -119,13 +168,13 @@ X509_PURPOSE *X509_PURPOSE_get0(int idx) + return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); + } + +-int X509_PURPOSE_get_by_sname(const char *sname) ++int X509_PURPOSE_get_by_sname(char *sname) + { + int i; + X509_PURPOSE *xptmp; + for (i = 0; i < X509_PURPOSE_get_count(); i++) { + xptmp = X509_PURPOSE_get0(i); +- if (strcmp(xptmp->sname, sname) == 0) ++ if (!strcmp(xptmp->sname, sname)) + return i; + } + return -1; +@@ -148,7 +197,7 @@ int X509_PURPOSE_get_by_id(int purpose) + + int X509_PURPOSE_add(int id, int trust, int flags, + int (*ck) (const X509_PURPOSE *, const X509 *, int), +- const char *name, const char *sname, void *arg) ++ char *name, char *sname, void *arg) + { + int idx; + X509_PURPOSE *ptmp; +@@ -162,7 +211,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, + idx = X509_PURPOSE_get_by_id(id); + /* Need a new entry */ + if (idx == -1) { +- if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) { ++ if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); + return 0; + } +@@ -176,11 +225,11 @@ int X509_PURPOSE_add(int id, int trust, int flags, + OPENSSL_free(ptmp->sname); + } + /* dup supplied name */ +- ptmp->name = OPENSSL_strdup(name); +- ptmp->sname = OPENSSL_strdup(sname); ++ ptmp->name = BUF_strdup(name); ++ ptmp->sname = BUF_strdup(sname); + if (!ptmp->name || !ptmp->sname) { + X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); +- goto err; ++ return 0; + } + /* Keep the dynamic flag of existing entry */ + ptmp->flags &= X509_PURPOSE_DYNAMIC; +@@ -194,24 +243,16 @@ int X509_PURPOSE_add(int id, int trust, int flags, + + /* If its a new entry manage the dynamic table */ + if (idx == -1) { +- if (xptable == NULL +- && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) { ++ if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { + X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); +- goto err; ++ return 0; + } + if (!sk_X509_PURPOSE_push(xptable, ptmp)) { + X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); +- goto err; ++ return 0; + } + } + return 1; +- err: +- if (idx == -1) { +- OPENSSL_free(ptmp->name); +- OPENSSL_free(ptmp->sname); +- OPENSSL_free(ptmp); +- } +- return 0; + } + + static void xptable_free(X509_PURPOSE *p) +@@ -229,26 +270,29 @@ static void xptable_free(X509_PURPOSE *p) + + void X509_PURPOSE_cleanup(void) + { ++ unsigned int i; + sk_X509_PURPOSE_pop_free(xptable, xptable_free); ++ for (i = 0; i < X509_PURPOSE_COUNT; i++) ++ xptable_free(xstandard + i); + xptable = NULL; + } + +-int X509_PURPOSE_get_id(const X509_PURPOSE *xp) ++int X509_PURPOSE_get_id(X509_PURPOSE *xp) + { + return xp->purpose; + } + +-char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) ++char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) + { + return xp->name; + } + +-char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) ++char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) + { + return xp->sname; + } + +-int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) ++int X509_PURPOSE_get_trust(X509_PURPOSE *xp) + { + return xp->trust; + } +@@ -294,7 +338,8 @@ int X509_supported_extension(X509_EXTENSION *ex) + if (ex_nid == NID_undef) + return 0; + +- if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids))) ++ if (OBJ_bsearch_nid(&ex_nid, supported_nids, ++ sizeof(supported_nids) / sizeof(int))) + return 1; + return 0; + } +@@ -355,7 +400,9 @@ static void x509v3_cache_extensions(X509 *x) + int i; + if (x->ex_flags & EXFLAG_SET) + return; ++#ifndef OPENSSL_NO_SHA + X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); ++#endif + /* V1 should mean no extensions ... */ + if (!X509_get_version(x)) + x->ex_flags |= EXFLAG_V1; +@@ -528,22 +575,12 @@ static int check_ca(const X509 *x) + } + } + +-void X509_set_proxy_flag(X509 *x) +-{ +- x->ex_flags |= EXFLAG_PROXY; +-} +- +-void X509_set_proxy_pathlen(X509 *x, long l) +-{ +- x->ex_pcpathlen = l; +-} +- + int X509_check_ca(X509 *x) + { + if (!(x->ex_flags & EXFLAG_SET)) { +- CRYPTO_THREAD_write_lock(x->lock); ++ CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(x); +- CRYPTO_THREAD_unlock(x->lock); ++ CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + + return check_ca(x); +@@ -725,7 +762,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, + return 0; + + /* Extended Key Usage MUST be critical */ +- i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1); ++ i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1); + if (i_ext >= 0) { + X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext); + if (!X509_EXTENSION_get_critical(ext)) +@@ -813,53 +850,3 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) + } + return X509_V_OK; + } +- +-uint32_t X509_get_extension_flags(X509 *x) +-{ +- /* Call for side-effect of computing hash and caching extensions */ +- X509_check_purpose(x, -1, -1); +- return x->ex_flags; +-} +- +-uint32_t X509_get_key_usage(X509 *x) +-{ +- /* Call for side-effect of computing hash and caching extensions */ +- X509_check_purpose(x, -1, -1); +- if (x->ex_flags & EXFLAG_KUSAGE) +- return x->ex_kusage; +- return UINT32_MAX; +-} +- +-uint32_t X509_get_extended_key_usage(X509 *x) +-{ +- /* Call for side-effect of computing hash and caching extensions */ +- X509_check_purpose(x, -1, -1); +- if (x->ex_flags & EXFLAG_XKUSAGE) +- return x->ex_xkusage; +- return UINT32_MAX; +-} +- +-const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) +-{ +- /* Call for side-effect of computing hash and caching extensions */ +- X509_check_purpose(x, -1, -1); +- return x->skid; +-} +- +-long X509_get_pathlen(X509 *x) +-{ +- /* Called for side effect of caching extensions */ +- if (X509_check_purpose(x, -1, -1) != 1 +- || (x->ex_flags & EXFLAG_BCONS) == 0) +- return -1; +- return x->ex_pathlen; +-} +- +-long X509_get_proxy_pathlen(X509 *x) +-{ +- /* Called for side effect of caching extensions */ +- if (X509_check_purpose(x, -1, -1) != 1 +- || (x->ex_flags & EXFLAG_PROXY) == 0) +- return -1; +- return x->ex_pcpathlen; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +index 39597dc..1cede04 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c +@@ -1,17 +1,65 @@ ++/* v3_skey.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include +-#include "internal/x509_int.h" +-#include "ext_dat.h" + + static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); +@@ -24,25 +72,24 @@ const X509V3_EXT_METHOD v3_skey_id = { + NULL + }; + +-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +- const ASN1_OCTET_STRING *oct) ++char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct) + { +- return OPENSSL_buf2hexstr(oct->data, oct->length); ++ return hex_to_string(oct->data, oct->length); + } + + ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, const char *str) ++ X509V3_CTX *ctx, char *str) + { + ASN1_OCTET_STRING *oct; + long length; + +- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { + X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); + return NULL; + } + +- if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) { +- ASN1_OCTET_STRING_free(oct); ++ if (!(oct->data = string_to_hex(str, &length))) { ++ M_ASN1_OCTET_STRING_free(oct); + return NULL; + } + +@@ -56,16 +103,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str) + { + ASN1_OCTET_STRING *oct; +- X509_PUBKEY *pubkey; +- const unsigned char *pk; +- int pklen; ++ ASN1_BIT_STRING *pk; + unsigned char pkey_dig[EVP_MAX_MD_SIZE]; + unsigned int diglen; + + if (strcmp(str, "hash")) + return s2i_ASN1_OCTET_STRING(method, ctx, str); + +- if ((oct = ASN1_OCTET_STRING_new()) == NULL) { ++ if (!(oct = M_ASN1_OCTET_STRING_new())) { + X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); + return NULL; + } +@@ -79,21 +124,20 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, + } + + if (ctx->subject_req) +- pubkey = ctx->subject_req->req_info.pubkey; ++ pk = ctx->subject_req->req_info->pubkey->public_key; + else +- pubkey = ctx->subject_cert->cert_info.key; ++ pk = ctx->subject_cert->cert_info->key->public_key; + +- if (pubkey == NULL) { ++ if (!pk) { + X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY); + goto err; + } + +- X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey); +- +- if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL)) ++ if (!EVP_Digest ++ (pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL)) + goto err; + +- if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { ++ if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { + X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); + goto err; + } +@@ -101,6 +145,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, + return oct; + + err: +- ASN1_OCTET_STRING_free(oct); ++ M_ASN1_OCTET_STRING_free(oct); + return NULL; + } +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +index 89cda01..a4e6a93 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c +@@ -1,19 +1,68 @@ ++/* v3_sxnet.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project ++ * 1999. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ + + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include + #include + #include +-#include "ext_dat.h" + + /* Support for Thawte strong extranet extension */ + +@@ -68,7 +117,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, + tmp = i2s_ASN1_INTEGER(NULL, id->zone); + BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); + OPENSSL_free(tmp); +- ASN1_STRING_print(out, id->user); ++ M_ASN1_OCTET_STRING_print(out, id->user); + } + return 1; + } +@@ -101,11 +150,10 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + + /* Add an id given the zone as an ASCII number */ + +-int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) ++int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) + { +- ASN1_INTEGER *izone; +- +- if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { ++ ASN1_INTEGER *izone = NULL; ++ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); + return 0; + } +@@ -114,15 +162,13 @@ int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userle + + /* Add an id given the zone as an unsigned long */ + +-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, ++int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, + int userlen) + { +- ASN1_INTEGER *izone; +- +- if ((izone = ASN1_INTEGER_new()) == NULL +- || !ASN1_INTEGER_set(izone, lzone)) { ++ ASN1_INTEGER *izone = NULL; ++ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); +- ASN1_INTEGER_free(izone); ++ M_ASN1_INTEGER_free(izone); + return 0; + } + return SXNET_add_id_INTEGER(psx, izone, user, userlen); +@@ -134,7 +180,7 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + * passed integer and doesn't make a copy so don't free it up afterwards. + */ + +-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, ++int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, + int userlen) + { + SXNET *sx = NULL; +@@ -150,8 +196,8 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, + X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); + return 0; + } +- if (*psx == NULL) { +- if ((sx = SXNET_new()) == NULL) ++ if (!*psx) { ++ if (!(sx = SXNET_new())) + goto err; + if (!ASN1_INTEGER_set(sx->version, 0)) + goto err; +@@ -163,12 +209,12 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, + return 0; + } + +- if ((id = SXNETID_new()) == NULL) ++ if (!(id = SXNETID_new())) + goto err; + if (userlen == -1) + userlen = strlen(user); + +- if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen)) ++ if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) + goto err; + if (!sk_SXNETID_push(sx->ids, id)) + goto err; +@@ -183,33 +229,30 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, + return 0; + } + +-ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone) ++ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) + { +- ASN1_INTEGER *izone; ++ ASN1_INTEGER *izone = NULL; + ASN1_OCTET_STRING *oct; +- +- if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { ++ if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); + return NULL; + } + oct = SXNET_get_id_INTEGER(sx, izone); +- ASN1_INTEGER_free(izone); ++ M_ASN1_INTEGER_free(izone); + return oct; + } + + ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) + { +- ASN1_INTEGER *izone; ++ ASN1_INTEGER *izone = NULL; + ASN1_OCTET_STRING *oct; +- +- if ((izone = ASN1_INTEGER_new()) == NULL +- || !ASN1_INTEGER_set(izone, lzone)) { ++ if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); +- ASN1_INTEGER_free(izone); ++ M_ASN1_INTEGER_free(izone); + return NULL; + } + oct = SXNET_get_id_INTEGER(sx, izone); +- ASN1_INTEGER_free(izone); ++ M_ASN1_INTEGER_free(izone); + return oct; + } + +@@ -219,8 +262,12 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) + int i; + for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { + id = sk_SXNETID_value(sx->ids, i); +- if (!ASN1_INTEGER_cmp(id->zone, zone)) ++ if (!M_ASN1_INTEGER_cmp(id->zone, zone)) + return id->user; + } + return NULL; + } ++ ++IMPLEMENT_STACK_OF(SXNETID) ++ ++IMPLEMENT_ASN1_SET_OF(SXNETID) +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c +deleted file mode 100644 +index fec6724..0000000 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_tlsf.c ++++ /dev/null +@@ -1,137 +0,0 @@ +-/* +- * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +- * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html +- */ +- +-#include +-#include "internal/cryptlib.h" +-#include "internal/o_str.h" +-#include +-#include +-#include +-#include "ext_dat.h" +- +-static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, +- TLS_FEATURE *tls_feature, +- STACK_OF(CONF_VALUE) *ext_list); +-static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, +- STACK_OF(CONF_VALUE) *nval); +- +-ASN1_ITEM_TEMPLATE(TLS_FEATURE) = +- ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER) +-static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE) +- +-IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE) +- +-const X509V3_EXT_METHOD v3_tls_feature = { +- NID_tlsfeature, 0, +- ASN1_ITEM_ref(TLS_FEATURE), +- 0, 0, 0, 0, +- 0, 0, +- (X509V3_EXT_I2V)i2v_TLS_FEATURE, +- (X509V3_EXT_V2I)v2i_TLS_FEATURE, +- 0, 0, +- NULL +-}; +- +- +-typedef struct { +- long num; +- const char *name; +-} TLS_FEATURE_NAME; +- +-static TLS_FEATURE_NAME tls_feature_tbl[] = { +- { 5, "status_request" }, +- { 17, "status_request_v2" } +-}; +- +-/* +- * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the +- * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format +- * used by the CONF library to represent a multi-valued extension. ext_list is +- * returned. +- */ +-static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method, +- TLS_FEATURE *tls_feature, +- STACK_OF(CONF_VALUE) *ext_list) +-{ +- int i; +- size_t j; +- ASN1_INTEGER *ai; +- long tlsextid; +- for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) { +- ai = sk_ASN1_INTEGER_value(tls_feature, i); +- tlsextid = ASN1_INTEGER_get(ai); +- for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) +- if (tlsextid == tls_feature_tbl[j].num) +- break; +- if (j < OSSL_NELEM(tls_feature_tbl)) +- X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list); +- else +- X509V3_add_value_int(NULL, ai, &ext_list); +- } +- return ext_list; +-} +- +-/* +- * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE +- * structure, which is returned if the conversion is successful. In case of +- * error, NULL is returned. +- */ +-static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, +- X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +-{ +- TLS_FEATURE *tlsf; +- char *extval, *endptr; +- ASN1_INTEGER *ai; +- CONF_VALUE *val; +- int i; +- size_t j; +- long tlsextid; +- +- if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) { +- X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); +- return NULL; +- } +- +- for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { +- val = sk_CONF_VALUE_value(nval, i); +- if (val->value) +- extval = val->value; +- else +- extval = val->name; +- +- for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++) +- if (strcasecmp(extval, tls_feature_tbl[j].name) == 0) +- break; +- if (j < OSSL_NELEM(tls_feature_tbl)) +- tlsextid = tls_feature_tbl[j].num; +- else { +- tlsextid = strtol(extval, &endptr, 10); +- if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) || +- (tlsextid > 65535)) { +- X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX); +- X509V3_conf_err(val); +- goto err; +- } +- } +- +- ai = ASN1_INTEGER_new(); +- if (ai == NULL) { +- X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); +- goto err; +- } +- ASN1_INTEGER_set(ai, tlsextid); +- sk_ASN1_INTEGER_push(tlsf, ai); +- } +- return tlsf; +- +- err: +- sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free); +- return NULL; +-} +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +index 7dc9a45..43b9cb9 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c +@@ -1,29 +1,76 @@ ++/* v3_utl.c */ + /* +- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. ++ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL ++ * project. ++ */ ++/* ==================================================================== ++ * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * licensing@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. ++ * ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html + */ +- + /* X509 v3 extension utilities */ + + #include + #include +-#include "internal/cryptlib.h" ++#include "cryptlib.h" + #include + #include +-#include "internal/x509_int.h" + #include +-#include "ext_dat.h" + + static char *strip_spaces(char *name); + static int sk_strcmp(const char *const *a, const char *const *b); + static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, + GENERAL_NAMES *gens); + static void str_free(OPENSSL_STRING str); +-static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email); ++static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); + + static int ipv4_from_asc(unsigned char *v4, const char *in); + static int ipv6_from_asc(unsigned char *v6, const char *in); +@@ -37,14 +84,13 @@ int X509V3_add_value(const char *name, const char *value, + { + CONF_VALUE *vtmp = NULL; + char *tname = NULL, *tvalue = NULL; +- +- if (name && (tname = OPENSSL_strdup(name)) == NULL) ++ if (name && !(tname = BUF_strdup(name))) + goto err; +- if (value && (tvalue = OPENSSL_strdup(value)) == NULL) ++ if (value && !(tvalue = BUF_strdup(value))) + goto err; +- if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) ++ if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) + goto err; +- if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) ++ if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) + goto err; + vtmp->section = NULL; + vtmp->name = tname; +@@ -54,9 +100,12 @@ int X509V3_add_value(const char *name, const char *value, + return 1; + err: + X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); +- OPENSSL_free(vtmp); +- OPENSSL_free(tname); +- OPENSSL_free(tvalue); ++ if (vtmp) ++ OPENSSL_free(vtmp); ++ if (tname) ++ OPENSSL_free(tname); ++ if (tvalue) ++ OPENSSL_free(tvalue); + return 0; + } + +@@ -72,9 +121,12 @@ void X509V3_conf_free(CONF_VALUE *conf) + { + if (!conf) + return; +- OPENSSL_free(conf->name); +- OPENSSL_free(conf->value); +- OPENSSL_free(conf->section); ++ if (conf->name) ++ OPENSSL_free(conf->name); ++ if (conf->value) ++ OPENSSL_free(conf->value); ++ if (conf->section) ++ OPENSSL_free(conf->section); + OPENSSL_free(conf); + } + +@@ -86,7 +138,7 @@ int X509V3_add_value_bool(const char *name, int asn1_bool, + return X509V3_add_value(name, "FALSE", extlist); + } + +-int X509V3_add_value_bool_nf(const char *name, int asn1_bool, ++int X509V3_add_value_bool_nf(char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist) + { + if (asn1_bool) +@@ -94,49 +146,43 @@ int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + return 1; + } + +-char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) ++char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) + { + BIGNUM *bntmp = NULL; + char *strtmp = NULL; +- + if (!a) + return NULL; +- if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL +- || (strtmp = BN_bn2dec(bntmp)) == NULL) ++ if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || ++ !(strtmp = BN_bn2dec(bntmp))) + X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); + BN_free(bntmp); + return strtmp; + } + +-char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) ++char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) + { + BIGNUM *bntmp = NULL; + char *strtmp = NULL; +- + if (!a) + return NULL; +- if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL +- || (strtmp = BN_bn2dec(bntmp)) == NULL) ++ if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || ++ !(strtmp = BN_bn2dec(bntmp))) + X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + BN_free(bntmp); + return strtmp; + } + +-ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) ++ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) + { + BIGNUM *bn = NULL; + ASN1_INTEGER *aint; + int isneg, ishex; + int ret; +- if (value == NULL) { ++ if (!value) { + X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE); +- return NULL; ++ return 0; + } + bn = BN_new(); +- if (bn == NULL) { +- X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); +- return NULL; +- } + if (value[0] == '-') { + value++; + isneg = 1; +@@ -157,7 +203,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) + if (!ret || value[ret]) { + BN_free(bn); + X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR); +- return NULL; ++ return 0; + } + + if (isneg && BN_is_zero(bn)) +@@ -168,49 +214,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) + if (!aint) { + X509V3err(X509V3_F_S2I_ASN1_INTEGER, + X509V3_R_BN_TO_ASN1_INTEGER_ERROR); +- return NULL; ++ return 0; + } + if (isneg) + aint->type |= V_ASN1_NEG; + return aint; + } + +-int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, ++int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist) + { + char *strtmp; + int ret; +- + if (!aint) + return 1; +- if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL) ++ if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) + return 0; + ret = X509V3_add_value(name, strtmp, extlist); + OPENSSL_free(strtmp); + return ret; + } + +-int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) ++int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) + { +- const char *btmp; +- +- if ((btmp = value->value) == NULL) ++ char *btmp; ++ if (!(btmp = value->value)) + goto err; +- if (strcmp(btmp, "TRUE") == 0 +- || strcmp(btmp, "true") == 0 +- || strcmp(btmp, "Y") == 0 +- || strcmp(btmp, "y") == 0 +- || strcmp(btmp, "YES") == 0 +- || strcmp(btmp, "yes") == 0) { ++ if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") ++ || !strcmp(btmp, "Y") || !strcmp(btmp, "y") ++ || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { + *asn1_bool = 0xff; + return 1; +- } +- if (strcmp(btmp, "FALSE") == 0 +- || strcmp(btmp, "false") == 0 +- || strcmp(btmp, "N") == 0 +- || strcmp(btmp, "n") == 0 +- || strcmp(btmp, "NO") == 0 +- || strcmp(btmp, "no") == 0) { ++ } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") ++ || !strcmp(btmp, "N") || !strcmp(btmp, "n") ++ || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { + *asn1_bool = 0; + return 1; + } +@@ -221,11 +258,10 @@ int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) + return 0; + } + +-int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) ++int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) + { + ASN1_INTEGER *itmp; +- +- if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) { ++ if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { + X509V3_conf_err(value); + return 0; + } +@@ -248,7 +284,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) + char *linebuf; + int state; + /* We are going to modify the line so copy it first */ +- linebuf = OPENSSL_strdup(line); ++ linebuf = BUF_strdup(line); + if (linebuf == NULL) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); + goto err; +@@ -275,6 +311,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) + *p = 0; + ntmp = strip_spaces(q); + q = p + 1; ++#if 0 ++ printf("%s\n", ntmp); ++#endif + if (!ntmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, + X509V3_R_INVALID_NULL_NAME); +@@ -289,6 +328,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) + state = HDR_NAME; + *p = 0; + vtmp = strip_spaces(q); ++#if 0 ++ printf("%s\n", ntmp); ++#endif + if (!vtmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, + X509V3_R_INVALID_NULL_VALUE); +@@ -304,6 +346,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) + + if (state == HDR_VALUE) { + vtmp = strip_spaces(q); ++#if 0 ++ printf("%s=%s\n", ntmp, vtmp); ++#endif + if (!vtmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, + X509V3_R_INVALID_NULL_VALUE); +@@ -312,6 +357,9 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) + X509V3_add_value(ntmp, vtmp, &values); + } else { + ntmp = strip_spaces(q); ++#if 0 ++ printf("%s\n", ntmp); ++#endif + if (!ntmp) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); + goto err; +@@ -348,6 +396,109 @@ static char *strip_spaces(char *name) + return p; + } + ++/* hex string utilities */ ++ ++/* ++ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its ++ * hex representation @@@ (Contents of buffer are always kept in ASCII, also ++ * on EBCDIC machines) ++ */ ++ ++char *hex_to_string(const unsigned char *buffer, long len) ++{ ++ char *tmp, *q; ++ const unsigned char *p; ++ int i; ++ const static char hexdig[] = "0123456789ABCDEF"; ++ if (!buffer || !len) ++ return NULL; ++ if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { ++ X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ q = tmp; ++ for (i = 0, p = buffer; i < len; i++, p++) { ++ *q++ = hexdig[(*p >> 4) & 0xf]; ++ *q++ = hexdig[*p & 0xf]; ++ *q++ = ':'; ++ } ++ q[-1] = 0; ++#ifdef CHARSET_EBCDIC ++ ebcdic2ascii(tmp, tmp, q - tmp - 1); ++#endif ++ ++ return tmp; ++} ++ ++/* ++ * Give a string of hex digits convert to a buffer ++ */ ++ ++unsigned char *string_to_hex(const char *str, long *len) ++{ ++ unsigned char *hexbuf, *q; ++ unsigned char ch, cl, *p; ++ if (!str) { ++ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); ++ return NULL; ++ } ++ if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) ++ goto err; ++ for (p = (unsigned char *)str, q = hexbuf; *p;) { ++ ch = *p++; ++#ifdef CHARSET_EBCDIC ++ ch = os_toebcdic[ch]; ++#endif ++ if (ch == ':') ++ continue; ++ cl = *p++; ++#ifdef CHARSET_EBCDIC ++ cl = os_toebcdic[cl]; ++#endif ++ if (!cl) { ++ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS); ++ OPENSSL_free(hexbuf); ++ return NULL; ++ } ++ if (isupper(ch)) ++ ch = tolower(ch); ++ if (isupper(cl)) ++ cl = tolower(cl); ++ ++ if ((ch >= '0') && (ch <= '9')) ++ ch -= '0'; ++ else if ((ch >= 'a') && (ch <= 'f')) ++ ch -= 'a' - 10; ++ else ++ goto badhex; ++ ++ if ((cl >= '0') && (cl <= '9')) ++ cl -= '0'; ++ else if ((cl >= 'a') && (cl <= 'f')) ++ cl -= 'a' - 10; ++ else ++ goto badhex; ++ ++ *q++ = (ch << 4) | cl; ++ } ++ ++ if (len) ++ *len = q - hexbuf; ++ ++ return hexbuf; ++ ++ err: ++ if (hexbuf) ++ OPENSSL_free(hexbuf); ++ X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ ++ badhex: ++ OPENSSL_free(hexbuf); ++ X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT); ++ return NULL; ++ ++} + + /* + * V2I name comparison function: returns zero if 'name' matches cmp or cmp.* +@@ -452,7 +603,7 @@ static void str_free(OPENSSL_STRING str) + OPENSSL_free(str); + } + +-static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email) ++static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) + { + char *emtmp; + /* First some sanity checks */ +@@ -460,16 +611,15 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email + return 1; + if (!email->data || !email->length) + return 1; +- if (*sk == NULL) ++ if (!*sk) + *sk = sk_OPENSSL_STRING_new(sk_strcmp); +- if (*sk == NULL) ++ if (!*sk) + return 0; + /* Don't add duplicates */ + if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) + return 1; +- emtmp = OPENSSL_strdup((char *)email->data); +- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { +- OPENSSL_free(emtmp); /* free on push failure */ ++ emtmp = BUF_strdup((char *)email->data); ++ if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { + X509_email_free(*sk); + *sk = NULL; + return 0; +@@ -488,7 +638,7 @@ typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, + + /* Skip pattern prefix to match "wildcard" subject */ + static void skip_prefix(const unsigned char **p, size_t *plen, +- size_t subject_len, ++ const unsigned char *subject, size_t subject_len, + unsigned int flags) + { + const unsigned char *pattern = *p; +@@ -523,7 +673,7 @@ static int equal_nocase(const unsigned char *pattern, size_t pattern_len, + const unsigned char *subject, size_t subject_len, + unsigned int flags) + { +- skip_prefix(&pattern, &pattern_len, subject_len, flags); ++ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + if (pattern_len != subject_len) + return 0; + while (pattern_len) { +@@ -552,7 +702,7 @@ static int equal_case(const unsigned char *pattern, size_t pattern_len, + const unsigned char *subject, size_t subject_len, + unsigned int flags) + { +- skip_prefix(&pattern, &pattern_len, subject_len, flags); ++ skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + if (pattern_len != subject_len) + return 0; + return !memcmp(pattern, subject, pattern_len); +@@ -735,7 +885,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, + * to UTF8. + */ + +-static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, ++static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, + unsigned int flags, const char *b, size_t blen, + char **peername) + { +@@ -751,7 +901,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, + else if (a->length == (int)blen && !memcmp(a->data, b, blen)) + rv = 1; + if (rv > 0 && peername) +- *peername = OPENSSL_strndup((char *)a->data, a->length); ++ *peername = BUF_strndup((char *)a->data, a->length); + } else { + int astrlen; + unsigned char *astr; +@@ -765,7 +915,7 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, + } + rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); + if (rv > 0 && peername) +- *peername = OPENSSL_strndup((char *)astr, astrlen); ++ *peername = BUF_strndup((char *)astr, astrlen); + OPENSSL_free(astr); + } + return rv; +@@ -830,20 +980,23 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen, + GENERAL_NAMES_free(gens); + if (rv != 0) + return rv; +- if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT)) ++ if (cnid == NID_undef ++ || (san_present ++ && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) + return 0; + } + + /* We're done if CN-ID is not pertinent */ +- if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT)) ++ if (cnid == NID_undef) + return 0; + + i = -1; + name = X509_get_subject_name(x); + while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) { +- const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i); +- const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne); +- ++ X509_NAME_ENTRY *ne; ++ ASN1_STRING *str; ++ ne = X509_NAME_get_entry(name, i); ++ str = X509_NAME_ENTRY_get_data(ne); + /* Positive on success, negative on error! */ + if ((rv = do_check_string(str, -1, equal, flags, + chk, chklen, peername)) != 0) +@@ -930,7 +1083,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc) + return NULL; + + ret = ASN1_OCTET_STRING_new(); +- if (ret == NULL) ++ if (!ret) + return NULL; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { + ASN1_OCTET_STRING_free(ret); +@@ -948,7 +1101,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) + p = strchr(ipasc, '/'); + if (!p) + return NULL; +- iptmp = OPENSSL_strdup(ipasc); ++ iptmp = BUF_strdup(ipasc); + if (!iptmp) + return NULL; + p = iptmp + (p - ipasc); +@@ -968,7 +1121,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) + goto err; + + ret = ASN1_OCTET_STRING_new(); +- if (ret == NULL) ++ if (!ret) + goto err; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) + goto err; +@@ -976,8 +1129,10 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) + return ret; + + err: +- OPENSSL_free(iptmp); +- ASN1_OCTET_STRING_free(ret); ++ if (iptmp) ++ OPENSSL_free(iptmp); ++ if (ret) ++ ASN1_OCTET_STRING_free(ret); + return NULL; + } + +@@ -1129,17 +1284,19 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen) + { + unsigned char c; + unsigned int num = 0; +- int x; +- + if (inlen > 4) + return 0; + while (inlen--) { + c = *in++; + num <<= 4; +- x = OPENSSL_hexchar2int(c); +- if (x < 0) ++ if ((c >= '0') && (c <= '9')) ++ num |= c - '0'; ++ else if ((c >= 'A') && (c <= 'F')) ++ num |= c - 'A' + 10; ++ else if ((c >= 'a') && (c <= 'f')) ++ num |= c - 'a' + 10; ++ else + return 0; +- num |= (char)x; + } + out[0] = num >> 8; + out[1] = num & 0xff; +@@ -1150,7 +1307,7 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + unsigned long chtype) + { + CONF_VALUE *v; +- int i, mval, spec_char, plus_char; ++ int i, mval; + char *p, *type; + if (!nm) + return 0; +@@ -1161,26 +1318,25 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, + /* + * Skip past any leading X. X: X, etc to allow for multiple instances + */ +- for (p = type; *p; p++) { ++ for (p = type; *p; p++) + #ifndef CHARSET_EBCDIC +- spec_char = ((*p == ':') || (*p == ',') || (*p == '.')); ++ if ((*p == ':') || (*p == ',') || (*p == '.')) + #else +- spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[',']) +- || (*p == os_toascii['.'])); ++ if ((*p == os_toascii[':']) || (*p == os_toascii[',']) ++ || (*p == os_toascii['.'])) + #endif +- if (spec_char) { ++ { + p++; + if (*p) + type = p; + break; + } +- } + #ifndef CHARSET_EBCDIC +- plus_char = (*type == '+'); ++ if (*type == '+') + #else +- plus_char = (*type == os_toascii['+']); ++ if (*type == os_toascii['+']) + #endif +- if (plus_char) { ++ { + mval = -1; + type++; + } else +diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +index 5d79c8c..bcc1be7 100644 +--- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c ++++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c +@@ -1,11 +1,62 @@ +-/* +- * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* crypto/x509v3/v3err.c */ ++/* ==================================================================== ++ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * 3. All advertising materials mentioning features or use of this ++ * software must display the following acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" ++ * ++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++ * endorse or promote products derived from this software without ++ * prior written permission. For written permission, please contact ++ * openssl-core@OpenSSL.org. ++ * ++ * 5. Products derived from this software may not be called "OpenSSL" ++ * nor may "OpenSSL" appear in their names without prior written ++ * permission of the OpenSSL Project. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * 6. Redistributions of any form whatsoever must retain the following ++ * acknowledgment: ++ * "This product includes software developed by the OpenSSL Project ++ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++ * OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ==================================================================== ++ * ++ * This product includes cryptographic software written by Eric Young ++ * (eay@cryptsoft.com). This product includes software written by Tim ++ * Hudson (tjh@cryptsoft.com). ++ * ++ */ ++ ++/* ++ * NOTE: this file was auto generated by the mkerr.pl script: any changes ++ * made to it will be overwritten when the script next updates this file, ++ * only reason strings will be preserved. + */ + + #include +@@ -20,62 +71,68 @@ + + static ERR_STRING_DATA X509V3_str_functs[] = { + {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "a2i_GENERAL_NAME"}, +- {ERR_FUNC(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL), +- "addr_validate_path_internal"}, + {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), +- "ASIdentifierChoice_canonize"}, ++ "ASIDENTIFIERCHOICE_CANONIZE"}, + {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), +- "ASIdentifierChoice_is_canonical"}, +- {ERR_FUNC(X509V3_F_COPY_EMAIL), "copy_email"}, +- {ERR_FUNC(X509V3_F_COPY_ISSUER), "copy_issuer"}, +- {ERR_FUNC(X509V3_F_DO_DIRNAME), "do_dirname"}, +- {ERR_FUNC(X509V3_F_DO_EXT_I2D), "do_ext_i2d"}, +- {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "do_ext_nconf"}, +- {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "gnames_from_sectname"}, ++ "ASIDENTIFIERCHOICE_IS_CANONICAL"}, ++ {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, ++ {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, ++ {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, ++ {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, ++ {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, ++ {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, ++ {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, ++ {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, +- {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "i2s_ASN1_IA5STRING"}, ++ {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, + {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), +- "i2v_AUTHORITY_INFO_ACCESS"}, +- {ERR_FUNC(X509V3_F_NOTICE_SECTION), "notice_section"}, +- {ERR_FUNC(X509V3_F_NREF_NOS), "nref_nos"}, +- {ERR_FUNC(X509V3_F_POLICY_SECTION), "policy_section"}, +- {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "process_pci_value"}, +- {ERR_FUNC(X509V3_F_R2I_CERTPOL), "r2i_certpol"}, +- {ERR_FUNC(X509V3_F_R2I_PCI), "r2i_pci"}, +- {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "s2i_ASN1_IA5STRING"}, ++ "I2V_AUTHORITY_INFO_ACCESS"}, ++ {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, ++ {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, ++ {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, ++ {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, ++ {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, ++ {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, ++ {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, +- {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "s2i_skey_id"}, +- {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "set_dist_point_name"}, ++ {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, ++ {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, ++ {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, ++ {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, + {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, + {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, +- {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "v2i_ASIdentifiers"}, ++ {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, + {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, + {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), +- "v2i_AUTHORITY_INFO_ACCESS"}, +- {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "v2i_AUTHORITY_KEYID"}, +- {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "v2i_BASIC_CONSTRAINTS"}, +- {ERR_FUNC(X509V3_F_V2I_CRLD), "v2i_crld"}, +- {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "v2i_EXTENDED_KEY_USAGE"}, ++ "V2I_AUTHORITY_INFO_ACCESS"}, ++ {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, ++ {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, ++ {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, + {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, + {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, +- {ERR_FUNC(X509V3_F_V2I_IDP), "v2i_idp"}, +- {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "v2i_IPAddrBlocks"}, +- {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "v2i_issuer_alt"}, +- {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "v2i_NAME_CONSTRAINTS"}, +- {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "v2i_POLICY_CONSTRAINTS"}, +- {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "v2i_POLICY_MAPPINGS"}, +- {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "v2i_subject_alt"}, +- {ERR_FUNC(X509V3_F_V2I_TLS_FEATURE), "v2i_TLS_FEATURE"}, +- {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "v3_generic_extension"}, ++ {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, ++ {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, ++ {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, ++ {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, ++ {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, ++ {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, ++ {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), ++ "V3_ADDR_VALIDATE_PATH_INTERNAL"}, ++ {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, + {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, + {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, ++ {ERR_FUNC(X509V3_F_X509V3_EXT_FREE), "X509V3_EXT_free"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, + {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, +@@ -93,6 +150,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"}, + {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), + "bn to asn1 integer error"}, ++ {ERR_REASON(X509V3_R_CANNOT_FIND_FREE_FUNCTION), ++ "cannot find free function"}, + {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"}, + {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, + {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"}, +@@ -108,6 +167,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + "extension setting not supported"}, + {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, + {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, ++ {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"}, + {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), + "incorrect policy syntax tag"}, + {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"}, +@@ -147,6 +207,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + "no proxy cert policy language defined"}, + {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"}, + {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"}, ++ {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, + {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, + {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"}, + {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), +@@ -154,6 +215,8 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"}, + {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), + "policy path length already defined"}, ++ {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), ++ "policy syntax not currently supported"}, + {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), + "policy when proxy language requires no policy"}, + {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"}, +@@ -174,7 +237,7 @@ static ERR_STRING_DATA X509V3_str_reasons[] = { + + #endif + +-int ERR_load_X509V3_strings(void) ++void ERR_load_X509V3_strings(void) + { + #ifndef OPENSSL_NO_ERR + +@@ -183,5 +246,4 @@ int ERR_load_X509V3_strings(void) + ERR_load_strings(0, X509V3_str_reasons); + } + #endif +- return 1; + } +diff --git a/Cryptlib/OpenSSL/e_os.h b/Cryptlib/OpenSSL/e_os.h +index eafa862..3e9dae2 100644 +--- a/Cryptlib/OpenSSL/e_os.h ++++ b/Cryptlib/OpenSSL/e_os.h +@@ -1,10 +1,59 @@ +-/* +- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. ++/* e_os.h */ ++/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++ * All rights reserved. ++ * ++ * This package is an SSL implementation written ++ * by Eric Young (eay@cryptsoft.com). ++ * The implementation was written so as to conform with Netscapes SSL. ++ * ++ * This library is free for commercial and non-commercial use as long as ++ * the following conditions are aheared to. The following conditions ++ * apply to all code found in this distribution, be it the RC4, RSA, ++ * lhash, DES, etc., code; not just the SSL code. The SSL documentation ++ * included with this distribution is covered by the same copyright terms ++ * except that the holder is Tim Hudson (tjh@cryptsoft.com). ++ * ++ * Copyright remains Eric Young's, and as such any Copyright notices in ++ * the code are not to be removed. ++ * If this package is used in a product, Eric Young should be given attribution ++ * as the author of the parts of the library used. ++ * This can be in the form of a textual message at program startup or ++ * in documentation (online or textual) provided with the package. + * +- * Licensed under the OpenSSL license (the "License"). You may not use +- * this file except in compliance with the License. You can obtain a copy +- * in the file LICENSE in the source distribution or at +- * https://www.openssl.org/source/license.html ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. All advertising materials mentioning features or use of this software ++ * must display the following acknowledgement: ++ * "This product includes cryptographic software written by ++ * Eric Young (eay@cryptsoft.com)" ++ * The word 'cryptographic' can be left out if the rouines from the library ++ * being used are not cryptographic related :-). ++ * 4. If you include any Windows specific code (or a derivative thereof) from ++ * the apps directory (application code) you must include an acknowledgement: ++ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" ++ * ++ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ * ++ * The licence and distribution terms for any publically available version or ++ * derivative of this code cannot be changed. i.e. this code cannot simply be ++ * copied and put under another distribution licence ++ * [including the GNU Public Licence.] + */ + + #ifndef HEADER_E_OS_H +@@ -23,28 +72,11 @@ extern "C" { + #endif + + /* Used to checking reference counts, most while doing perl5 stuff :-) */ +-# if defined(OPENSSL_NO_STDIO) +-# if defined(REF_PRINT) +-# error "REF_PRINT requires stdio" +-# endif +-# endif +- +-# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO) +-# define REF_ASSERT_ISNT(test) \ +- (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0) +-# else +-# define REF_ASSERT_ISNT(i) +-# endif + # ifdef REF_PRINT +-# define REF_PRINT_COUNT(a, b) \ +- fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) +-# else +-# define REF_PRINT_COUNT(a, b) ++# undef REF_PRINT ++# define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a) + # endif + +-# define osslargused(x) (void)x +-# define OPENSSL_CONF "openssl.cnf" +- + # ifndef DEVRANDOM + /* + * set this to a comma-separated list of 'random' device files to try out. My +@@ -52,9 +84,9 @@ extern "C" { + */ + # define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom" + # endif +-# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD) ++# ifndef DEVRANDOM_EGD + /* +- * set this to a comma-separated list of 'egd' sockets to try out. These ++ * set this to a comma-seperated list of 'egd' sockets to try out. These + * sockets will be tried in the order listed in case accessing the device + * files listed in DEVRANDOM did not return enough entropy. + */ +@@ -67,9 +99,33 @@ extern "C" { + # define NO_SYSLOG + # endif + ++# if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) ++# if macintosh==1 ++# ifndef MAC_OS_GUSI_SOURCE ++# define MAC_OS_pre_X ++# define NO_SYS_TYPES_H ++# endif ++# define NO_SYS_PARAM_H ++# define NO_CHMOD ++# define NO_SYSLOG ++# undef DEVRANDOM ++# define GETPID_IS_MEANINGLESS ++# endif ++# endif ++ + /******************************************************************** + The Microsoft section + ********************************************************************/ ++/* ++ * The following is used because of the small stack in some Microsoft ++ * operating systems ++ */ ++# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) ++# define MS_STATIC static ++# else ++# define MS_STATIC ++# endif ++ + # if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) + # define WIN32 + # endif +@@ -85,7 +141,6 @@ extern "C" { + # endif + + # ifdef WIN32 +-# define NO_SYS_UN_H + # define get_last_sys_error() GetLastError() + # define clear_sys_error() SetLastError(0) + # if !defined(WINNT) +@@ -103,12 +158,17 @@ extern "C" { + # define writesocket(s,b,n) send((s),(b),(n),0) + # elif defined(__DJGPP__) + # define WATT32 +-# define WATT32_NO_OLDIES + # define get_last_socket_error() errno + # define clear_socket_error() errno=0 + # define closesocket(s) close_s(s) + # define readsocket(s,b,n) read_s(s,b,n) + # define writesocket(s,b,n) send(s,b,n,0) ++# elif defined(MAC_OS_pre_X) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define closesocket(s) MacSocket_close(s) ++# define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true) ++# define writesocket(s,b,n) MacSocket_send((s),(b),(n)) + # elif defined(OPENSSL_SYS_VMS) + # define get_last_socket_error() errno + # define clear_socket_error() errno=0 +@@ -123,6 +183,32 @@ extern "C" { + # define closesocket(s) close(s) + # define readsocket(s,b,n) read((s),(b),(n)) + # define writesocket(s,b,n) write((s),(char *)(b),(n)) ++# elif defined(OPENSSL_SYS_BEOS_R5) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define FIONBIO SO_NONBLOCK ++# define ioctlsocket(a,b,c) setsockopt((a),SOL_SOCKET,(b),(c),sizeof(*(c))) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) ++# elif defined(OPENSSL_SYS_NETWARE) ++# if defined(NETWARE_BSDSOCK) ++# define get_last_socket_error() errno ++# define clear_socket_error() errno=0 ++# define closesocket(s) close(s) ++# define ioctlsocket(a,b,c) ioctl(a,b,c) ++# if defined(NETWARE_LIBC) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) ++# else ++# define readsocket(s,b,n) recv((s),(char*)(b),(n),0) ++# define writesocket(s,b,n) send((s),(char*)(b),(n),0) ++# endif ++# else ++# define get_last_socket_error() WSAGetLastError() ++# define clear_socket_error() WSASetLastError(0) ++# define readsocket(s,b,n) recv((s),(b),(n),0) ++# define writesocket(s,b,n) send((s),(b),(n),0) ++# endif + # else + # define get_last_socket_error() errno + # define clear_socket_error() errno=0 +@@ -132,20 +218,30 @@ extern "C" { + # define writesocket(s,b,n) write((s),(b),(n)) + # endif + ++# ifdef WIN16 /* never the case */ ++# define MS_CALLBACK _far _loadds ++# define MS_FAR _far ++# else ++# define MS_CALLBACK ++# define MS_FAR ++# endif ++ ++# ifdef OPENSSL_NO_STDIO ++# undef OPENSSL_NO_FP_API ++# define OPENSSL_NO_FP_API ++# endif ++ + # if (defined(WINDOWS) || defined(MSDOS)) + + # ifdef __DJGPP__ + # include + # include + # include +-# include + # include + # include + # define _setmode setmode + # define _O_TEXT O_TEXT + # define _O_BINARY O_BINARY +-# define HAS_LFN_SUPPORT(name) (pathconf((name), _PC_NAME_MAX) > 12) +-# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ + # undef DEVRANDOM + # define DEVRANDOM "/dev/urandom\x24" + # endif /* __DJGPP__ */ +@@ -168,18 +264,20 @@ extern "C" { + /* + * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." + * Most notably we ought to check for availability of each specific +- * routine that was introduced after denoted _WIN32_WINNT with +- * GetProcAddress(). Normally newer functions are masked with higher +- * _WIN32_WINNT in SDK headers. So that if you wish to use them in +- * some module, you'd need to override _WIN32_WINNT definition in +- * the target module in order to "reach for" prototypes, but replace +- * calls to new functions with indirect calls. Alternatively it +- * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs +- * and check for current OS version instead. ++ * routine with GetProcAddress() and/or guard NT-specific calls with ++ * GetVersion() < 0x80000000. One can argue that in latter "or" case ++ * we ought to /DELAYLOAD some .DLLs in order to protect ourselves ++ * against run-time link errors. This doesn't seem to be necessary, ++ * because it turned out that already Windows 95, first non-NT Win32 ++ * implementation, is equipped with at least NT 3.51 stubs, dummy ++ * routines with same name, but which do nothing. Meaning that it's ++ * apparently sufficient to guard "vanilla" NT calls with GetVersion ++ * alone, while NT 4.0 and above interfaces ought to be linked with ++ * GetProcAddress at run-time. + */ +-# define _WIN32_WINNT 0x0501 ++# define _WIN32_WINNT 0x0400 + # endif +-# if defined(_WIN32_WINNT) || defined(_WIN32_WCE) ++# if !defined(OPENSSL_NO_SOCK) && (defined(_WIN32_WINNT) || defined(_WIN32_WCE)) + /* + * Just like defining _WIN32_WINNT including winsock2.h implies + * certain "discipline" for maintaining [broad] binary compatibility. +@@ -253,6 +351,14 @@ extern FILE *_imp___iob; + # define OPENSSL_NO_POSIX_IO + # endif + ++# if defined (__BORLANDC__) ++# define _setmode setmode ++# define _O_TEXT O_TEXT ++# define _O_BINARY O_BINARY ++# define _int64 __int64 ++# define _kbhit kbhit ++# endif ++ + # define EXIT(n) exit(n) + # define LIST_SEPARATOR_CHAR ';' + # ifndef X_OK +@@ -264,6 +370,10 @@ extern FILE *_imp___iob; + # ifndef R_OK + # define R_OK 4 + # endif ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define NUL_DEV "nul" ++# define RFILE ".rnd" + # ifdef OPENSSL_SYS_WINCE + # define DEFAULT_HOME "" + # else +@@ -293,7 +403,11 @@ extern FILE *_imp___iob; + # else + # include + # endif ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define RFILE ".rnd" + # define LIST_SEPARATOR_CHAR ',' ++# define NUL_DEV "NLA0:" + /* We don't have any well-defined random devices on VMS, yet... */ + # undef DEVRANDOM + /*- +@@ -309,26 +423,47 @@ extern FILE *_imp___iob; + + So, what we do here is to change 0 to 1 to get the default success status, + and everything else is shifted up to fit into the status number field, and +- the status is tagged as an error, which is what is wanted here. +- +- Finally, we add the VMS C facility code 0x35a000, because there are some +- programs, such as Perl, that will reinterpret the code back to something +- POSIXly. 'man perlvms' explains it further. +- +- NOTE: the perlvms manual wants to turn all codes 2 to 255 into success +- codes (status type = 1). I couldn't disagree more. Fortunately, the +- status type doesn't seem to bother Perl. ++ the status is tagged as an error, which I believe is what is wanted here. + -- Richard Levitte + */ +-# define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1) +- ++# define EXIT(n) do { int __VMS_EXIT = n; \ ++ if (__VMS_EXIT == 0) \ ++ __VMS_EXIT = 1; \ ++ else \ ++ __VMS_EXIT = (n << 3) | 2; \ ++ __VMS_EXIT |= 0x10000000; \ ++ exit(__VMS_EXIT); } while(0) + # define NO_SYS_PARAM_H +-# define NO_SYS_UN_H + +-# define DEFAULT_HOME "SYS$LOGIN:" ++# elif defined(OPENSSL_SYS_NETWARE) ++# include ++# include ++# define NO_SYS_TYPES_H ++# undef DEVRANDOM ++# ifdef NETWARE_CLIB ++# define getpid GetThreadID ++extern int GetThreadID(void); ++/* # include */ ++extern int kbhit(void); ++# else ++# include ++# endif ++# define NO_SYSLOG ++# define _setmode setmode ++# define _kbhit kbhit ++# define _O_TEXT O_TEXT ++# define _O_BINARY O_BINARY ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define RFILE ".rnd" ++# define LIST_SEPARATOR_CHAR ';' ++# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); } + + # else + /* !defined VMS */ ++# ifdef OPENSSL_SYS_MPE ++# define NO_SYS_PARAM_H ++# endif + # ifdef OPENSSL_UNISTD + # include OPENSSL_UNISTD + # else +@@ -337,24 +472,49 @@ extern FILE *_imp___iob; + # ifndef NO_SYS_TYPES_H + # include + # endif ++# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) ++# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP ++ * (unless when compiling with ++ * -D_POSIX_SOURCE, which doesn't work for ++ * us) */ ++# endif ++# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */ ++# define setvbuf(a, b, c, d) setbuffer((a), (b), (d)) ++typedef unsigned long clock_t; ++# endif + # ifdef OPENSSL_SYS_WIN32_CYGWIN + # include + # include + # endif + ++# define OPENSSL_CONF "openssl.cnf" ++# define SSLEAY_CONF OPENSSL_CONF ++# define RFILE ".rnd" + # define LIST_SEPARATOR_CHAR ':' ++# define NUL_DEV "/dev/null" + # define EXIT(n) exit(n) + # endif + ++# define SSLeay_getpid() getpid() ++ + # endif + + /*************/ + ++# if defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_DGRAM) ++# define OPENSSL_NO_DGRAM ++# endif ++ + # ifdef USE_SOCKETS +-# ifdef OPENSSL_NO_SOCK +-# elif defined(WINDOWS) || defined(MSDOS) ++# if defined(WINDOWS) || defined(MSDOS) + /* windows world */ +-# if !defined(__DJGPP__) ++ ++# ifdef OPENSSL_NO_SOCK ++# define SSLeay_Write(a,b,c) (-1) ++# define SSLeay_Read(a,b,c) (-1) ++# define SHUTDOWN(fd) close(fd) ++# define SHUTDOWN2(fd) close(fd) ++# elif !defined(__DJGPP__) + # if defined(_WIN32_WCE) && _WIN32_WCE<410 + # define getservbyname _masked_declaration_getservbyname + # endif +@@ -372,16 +532,53 @@ struct servent *PASCAL getservbyname(const char *, const char *); + /* + * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because + * the value constitutes an index in per-process table of limited size +- * and not a real pointer. And we also depend on fact that all processors +- * Windows run on happen to be two's-complement, which allows to +- * interchange INVALID_SOCKET and -1. ++ * and not a real pointer. + */ + # define socket(d,t,p) ((int)socket(d,t,p)) + # define accept(s,f,l) ((int)accept(s,f,l)) + # endif ++# define SSLeay_Write(a,b,c) send((a),(b),(c),0) ++# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) ++# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } ++# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } + # else ++# define SSLeay_Write(a,b,c) write_s(a,b,c,0) ++# define SSLeay_Read(a,b,c) read_s(a,b,c) ++# define SHUTDOWN(fd) close_s(fd) ++# define SHUTDOWN2(fd) close_s(fd) + # endif + ++# elif defined(MAC_OS_pre_X) ++ ++# include "MacSocket.h" ++# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c)) ++# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true) ++# define SHUTDOWN(fd) MacSocket_close(fd) ++# define SHUTDOWN2(fd) MacSocket_close(fd) ++ ++# elif defined(OPENSSL_SYS_NETWARE) ++ /* ++ * NetWare uses the WinSock2 interfaces by default, but can be ++ * configured for BSD ++ */ ++# if defined(NETWARE_BSDSOCK) ++# include ++# include ++# include ++# if defined(NETWARE_CLIB) ++# include ++# else ++# include ++# endif ++# define INVALID_SOCKET (int)(~0) ++# else ++# include ++# endif ++# define SSLeay_Write(a,b,c) send((a),(b),(c),0) ++# define SSLeay_Read(a,b,c) recv((a),(b),(c),0) ++# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); } ++# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); } ++ + # else + + # ifndef NO_SYS_PARAM_H +@@ -389,6 +586,8 @@ struct servent *PASCAL getservbyname(const char *, const char *); + # endif + # ifdef OPENSSL_SYS_VXWORKS + # include ++# elif !defined(OPENSSL_SYS_MPE) ++# include /* Needed under linux for FD_XXX */ + # endif + + # include +@@ -398,22 +597,18 @@ struct servent *PASCAL getservbyname(const char *, const char *); + # include + # else + # include +-# ifndef NO_SYS_UN_H +-# ifdef OPENSSL_SYS_VXWORKS +-# include +-# else +-# include +-# endif +-# ifndef UNIX_PATH_MAX +-# define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path) +-# endif +-# endif + # ifdef FILIO_H +-# include /* FIONBIO in some SVR4, e.g. unixware, solaris */ ++# include /* Added for FIONBIO under unixware */ + # endif + # include +-# include +-# include ++# if !defined(OPENSSL_SYS_BEOS_R5) ++# include ++# endif ++# endif ++ ++# if defined(NeXT) || defined(_NEXT_SOURCE) ++# include ++# include + # endif + + # ifdef OPENSSL_SYS_AIX +@@ -424,12 +619,16 @@ struct servent *PASCAL getservbyname(const char *, const char *); + # include + # endif + +-# ifndef VMS +-# include ++# if defined(__sun) || defined(sun) ++# include + # else +- /* ioctl is only in VMS > 7.0 and when socketshr is not used */ +-# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) ++# ifndef VMS + # include ++# else ++ /* ioctl is only in VMS > 7.0 and when socketshr is not used */ ++# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000) ++# include ++# endif + # endif + # endif + +@@ -440,6 +639,10 @@ struct servent *PASCAL getservbyname(const char *, const char *); + # endif + # endif + ++# define SSLeay_Read(a,b,c) read((a),(b),(c)) ++# define SSLeay_Write(a,b,c) write((a),(b),(c)) ++# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); } ++# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); } + # ifndef INVALID_SOCKET + # define INVALID_SOCKET (-1) + # endif /* INVALID_SOCKET */ +@@ -449,7 +652,7 @@ struct servent *PASCAL getservbyname(const char *, const char *); + * Some IPv6 implementations are broken, disable them in known bad versions. + */ + # if !defined(OPENSSL_USE_IPV6) +-# if defined(AF_INET6) && !defined(NETWARE_CLIB) ++# if defined(AF_INET6) && !defined(OPENSSL_SYS_BEOS_BONE) && !defined(NETWARE_CLIB) + # define OPENSSL_USE_IPV6 1 + # else + # define OPENSSL_USE_IPV6 0 +@@ -458,6 +661,22 @@ struct servent *PASCAL getservbyname(const char *, const char *); + + # endif + ++# if (defined(__sun) || defined(sun)) && !defined(__svr4__) && !defined(__SVR4) ++ /* include headers first, so our defines don't break it */ ++# include ++# include ++ /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */ ++# define memmove(s1,s2,n) bcopy((s2),(s1),(n)) ++# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b))) ++extern char *sys_errlist[]; ++extern int sys_nerr; ++# define strerror(errnum) \ ++ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) ++ /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */ ++# include "crypto/o_str.h" ++# define memcmp OPENSSL_memcmp ++# endif ++ + # ifndef OPENSSL_EXIT + # if defined(MONOLITH) && !defined(OPENSSL_C) + # define OPENSSL_EXIT(n) return(n) +@@ -468,20 +687,40 @@ struct servent *PASCAL getservbyname(const char *, const char *); + + /***********************************************/ + ++# define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */ ++ ++# ifdef sgi ++# define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ ++# endif ++# ifdef OPENSSL_SYS_SNI ++# define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from ++ * the same bug. */ ++# endif ++ + # if defined(OPENSSL_SYS_WINDOWS) + # define strcasecmp _stricmp + # define strncasecmp _strnicmp +-# if (_MSC_VER >= 1310) +-# define open _open +-# define fdopen _fdopen +-# define close _close +-# ifndef strdup +-# define strdup _strdup +-# endif +-# define unlink _unlink +-# endif +-# else +-# include ++# elif defined(OPENSSL_SYS_VMS) ++/* VMS below version 7.0 doesn't have strcasecmp() */ ++# include "o_str.h" ++# define strcasecmp OPENSSL_strcasecmp ++# define strncasecmp OPENSSL_strncasecmp ++# define OPENSSL_IMPLEMENTS_strncasecmp ++# elif defined(OPENSSL_SYS_OS2) && defined(__EMX__) ++# define strcasecmp stricmp ++# define strncasecmp strnicmp ++# elif defined(OPENSSL_SYS_NETWARE) ++# include ++# if defined(NETWARE_CLIB) ++# define strcasecmp stricmp ++# define strncasecmp strnicmp ++# endif /* NETWARE_CLIB */ ++# endif ++ ++# if defined(OPENSSL_SYS_OS2) && defined(__EMX__) ++# include ++# include ++# define NO_SYSLOG + # endif + + /* vxworks */ +@@ -511,7 +750,30 @@ struct servent *getservbyname(const char *name, const char *proto); + # endif + /* end vxworks */ + +-#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0])) ++/* beos */ ++# if defined(OPENSSL_SYS_BEOS_R5) ++# define SO_ERROR 0 ++# define NO_SYS_UN ++# define IPPROTO_IP 0 ++# include ++# endif ++ ++# if !defined(inline) && !defined(__cplusplus) ++# if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L ++ /* do nothing, inline works */ ++# elif defined(__GNUC__) && __GNUC__>=2 ++# define inline __inline__ ++# elif defined(_MSC_VER) ++ /* ++ * Visual Studio: inline is available in C++ only, however ++ * __inline is available for C, see ++ * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx ++ */ ++# define inline __inline ++# else ++# define inline ++# endif ++# endif + + #ifdef __cplusplus + } +diff --git a/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch b/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch +index 2b1fc5b..4a9c76a 100644 +--- a/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch ++++ b/Cryptlib/OpenSSL/openssl-bio-b_print-disable-sse.patch +@@ -1,19 +1,19 @@ + diff --git a/Cryptlib/OpenSSL/crypto/bio/b_print.c b/Cryptlib/OpenSSL/crypto/bio/b_print.c +-index e91ab6d..f33caa2 100644 ++index 90248fa..dfc26bc 100644 + --- a/Cryptlib/OpenSSL/crypto/bio/b_print.c + +++ b/Cryptlib/OpenSSL/crypto/bio/b_print.c +-@@ -51,8 +51,10 @@ static int fmtstr(char **, char **, size_t *, size_t *, ++@@ -129,8 +129,10 @@ static int fmtstr(char **, char **, size_t *, size_t *, + const char *, int, int, int); + static int fmtint(char **, char **, size_t *, size_t *, + LLONG, int, int, int, int); + +#ifndef OPENSSL_SYS_UEFI + static int fmtfp(char **, char **, size_t *, size_t *, +- LDOUBLE, int, int, int, int); ++ LDOUBLE, int, int, int); + +#endif + static int doapr_outch(char **, char **, size_t *, size_t *, int); + static int _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, +-@@ -107,7 +109,9 @@ _dopr(char **sbuffer, ++@@ -173,7 +175,9 @@ _dopr(char **sbuffer, + { + char ch; + LLONG value; +@@ -23,7 +23,7 @@ index e91ab6d..f33caa2 100644 + char *strvalue; + int min; + int max; +-@@ -210,10 +214,12 @@ _dopr(char **sbuffer, ++@@ -276,10 +280,12 @@ _dopr(char **sbuffer, + cflags = DP_C_LLONG; + ch = *format++; + break; +@@ -36,7 +36,7 @@ index e91ab6d..f33caa2 100644 + default: + break; + } +-@@ -267,6 +273,7 @@ _dopr(char **sbuffer, ++@@ -333,6 +339,7 @@ _dopr(char **sbuffer, + min, max, flags)) + return 0; + break; +@@ -44,15 +44,15 @@ index e91ab6d..f33caa2 100644 + case 'f': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg(args, LDOUBLE); +-@@ -298,6 +305,7 @@ _dopr(char **sbuffer, +- flags, G_FORMAT)) +- return 0; ++@@ -358,6 +365,7 @@ _dopr(char **sbuffer, ++ else ++ fvalue = va_arg(args, double); + break; + +#endif + case 'c': + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, + va_arg(args, int))) +-@@ -530,6 +538,7 @@ fmtint(char **sbuffer, ++@@ -575,6 +583,7 @@ fmtint(char **sbuffer, + return 1; + } + +@@ -60,7 +60,7 @@ index e91ab6d..f33caa2 100644 + static LDOUBLE abs_val(LDOUBLE value) + { + LDOUBLE result = value; +-@@ -816,6 +825,7 @@ fmtfp(char **sbuffer, ++@@ -733,6 +742,7 @@ fmtfp(char **sbuffer, + } + return 1; + } +diff --git a/Cryptlib/OpenSSL/update.sh b/Cryptlib/OpenSSL/update.sh +index a454467..8e1cc0a 100755 +--- a/Cryptlib/OpenSSL/update.sh ++++ b/Cryptlib/OpenSSL/update.sh +@@ -1,85 +1,482 @@ + #/bin/sh + DIR=$1 +-OPENSSLLIB_PATH=$DIR/CryptoPkg/Library/OpensslLib +-OPENSSL_PATH=$OPENSSLLIB_PATH/openssl ++version="1.0.2k" + +-cp $OPENSSLLIB_PATH/buildinf.h buildinf.h +-cp $OPENSSL_PATH/e_os.h e_os.h +- +-mkdir -p crypto +-C_FILES=" +- LPdir_nyi.c +- cpt_err.c +- cryptlib.c +- cversion.c +- ebcdic.c +- ex_data.c +- init.c +- mem.c +- mem_clr.c +- mem_dbg.c +- mem_sec.c +- o_dir.c +- o_fips.c +- o_fopen.c +- o_init.c +- o_str.c +- o_time.c +- threads_none.c +- threads_pthread.c +- threads_win.c uid.c +-" +-for file in $C_FILES +-do +- cp $OPENSSL_PATH/crypto/$file crypto +-done +- +-SUBDIRS=" +- include/internal/ +- aes +- asn1 +- async/arch +- async +- bio +- bn +- buffer +- cmac +- comp +- conf +- dh +- dso +- err +- evp +- hmac +- kdf +- lhash +- md5 +- modes +- objects +- ocsp +- pem +- pkcs12 +- pkcs7 +- rand +- rc4 +- rsa +- sha +- stack +- txt_db +- x509 +- x509v3 +-" +-for dir in $SUBDIRS +-do +- mkdir -p crypto/$dir +- cp $OPENSSL_PATH/crypto/$dir/*.[ch] crypto/$dir +-done +- +-# Remove unused files +-rm -f crypto/aes/aes_x86core.c +-rm -f crypto/x509v3/tabtest.c +-rm -f crypto/x509v3/v3conf.c +-rm -f crypto/x509v3/v3prin.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/e_os.h e_os.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/constant_time_locl.h crypto/constant_time_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md32_common.h crypto/md32_common.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.h crypto/cryptlib.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cryptlib.c crypto/cryptlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem.c crypto/mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_clr.c crypto/mem_clr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/mem_dbg.c crypto/mem_dbg.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cversion.c crypto/cversion.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ex_data.c crypto/ex_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cpt_err.c crypto/cpt_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ebcdic.c crypto/ebcdic.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/uid.c crypto/uid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.h crypto/o_time.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_time.c crypto/o_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.h crypto/o_str.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_str.c crypto/o_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.h crypto/o_dir.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_dir.c crypto/o_dir.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_fips.c crypto/o_fips.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/o_init.c crypto/o_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/fips_ers.c crypto/fips_ers.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/LPdir_nyi.c crypto/LPdir_nyi.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_locl.h crypto/md4/md4_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_dgst.c crypto/md4/md4_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md4/md4_one.c crypto/md4/md4_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_locl.h crypto/md5/md5_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_dgst.c crypto/md5/md5_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/md5/md5_one.c crypto/md5/md5_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_locl.h crypto/sha/sha_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_dgst.c crypto/sha/sha_dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1dgst.c crypto/sha/sha1dgst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha_one.c crypto/sha/sha_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha1_one.c crypto/sha/sha1_one.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha256.c crypto/sha/sha256.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/sha/sha512.c crypto/sha/sha512.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hmac.c crypto/hmac/hmac.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hm_ameth.c crypto/hmac/hm_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/hmac/hm_pmeth.c crypto/hmac/hm_pmeth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_locl.h crypto/des/des_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_ver.h crypto/des/des_ver.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/spr.h crypto/des/spr.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_des.h crypto/des/rpc_des.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/set_key.c crypto/des/set_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb_enc.c crypto/des/ecb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_enc.c crypto/des/cbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ncbc_enc.c crypto/des/ncbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ecb3_enc.c crypto/des/ecb3_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64enc.c crypto/des/cfb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb64ede.c crypto/des/cfb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cfb_enc.c crypto/des/cfb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64ede.c crypto/des/ofb64ede.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_read.c crypto/des/enc_read.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/enc_writ.c crypto/des/enc_writ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb64enc.c crypto/des/ofb64enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ofb_enc.c crypto/des/ofb_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/str2key.c crypto/des/str2key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/pcbc_enc.c crypto/des/pcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/qud_cksm.c crypto/des/qud_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rand_key.c crypto/des/rand_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_enc.c crypto/des/des_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt_b.c crypto/des/fcrypt_b.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/fcrypt.c crypto/des/fcrypt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/xcbc_enc.c crypto/des/xcbc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/rpc_enc.c crypto/des/rpc_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/cbc_cksm.c crypto/des/cbc_cksm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/ede_cbcm_enc.c crypto/des/ede_cbcm_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old.c crypto/des/des_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/des_old2.c crypto/des/des_old2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/des/read2pwd.c crypto/des/read2pwd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_locl.h crypto/rc4/rc4_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_enc.c crypto/rc4/rc4_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_skey.c crypto/rc4/rc4_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rc4/rc4_utl.c crypto/rc4/rc4_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_locl.h crypto/aes/aes_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_misc.c crypto/aes/aes_misc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ecb.c crypto/aes/aes_ecb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cfb.c crypto/aes/aes_cfb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ofb.c crypto/aes/aes_ofb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ctr.c crypto/aes/aes_ctr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_ige.c crypto/aes/aes_ige.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_wrap.c crypto/aes/aes_wrap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_core.c crypto/aes/aes_core.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/aes/aes_cbc.c crypto/aes/aes_cbc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/modes_lcl.h crypto/modes/modes_lcl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cbc128.c crypto/modes/cbc128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ctr128.c crypto/modes/ctr128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cts128.c crypto/modes/cts128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/cfb128.c crypto/modes/cfb128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ofb128.c crypto/modes/ofb128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/gcm128.c crypto/modes/gcm128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/ccm128.c crypto/modes/ccm128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/xts128.c crypto/modes/xts128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/modes/wrap128.c crypto/modes/wrap128.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn.h crypto/bn/bn.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lcl.h crypto/bn/bn_lcl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.h crypto/bn/bn_prime.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_add.c crypto/bn/bn_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_div.c crypto/bn/bn_div.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp.c crypto/bn/bn_exp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_lib.c crypto/bn/bn_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_ctx.c crypto/bn/bn_ctx.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mul.c crypto/bn/bn_mul.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mod.c crypto/bn/bn_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_print.c crypto/bn/bn_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_rand.c crypto/bn/bn_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_shift.c crypto/bn/bn_shift.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_word.c crypto/bn/bn_word.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_blind.c crypto/bn/bn_blind.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_kron.c crypto/bn/bn_kron.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqrt.c crypto/bn/bn_sqrt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gcd.c crypto/bn/bn_gcd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_prime.c crypto/bn/bn_prime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_err.c crypto/bn/bn_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_sqr.c crypto/bn/bn_sqr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_asm.c crypto/bn/bn_asm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_recp.c crypto/bn/bn_recp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mont.c crypto/bn/bn_mont.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_mpi.c crypto/bn/bn_mpi.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_exp2.c crypto/bn/bn_exp2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_gf2m.c crypto/bn/bn_gf2m.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_nist.c crypto/bn/bn_nist.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_depr.c crypto/bn/bn_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_x931p.c crypto/bn/bn_x931p.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/bn_const.c crypto/bn/bn_const.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bn/rsaz_exp.h crypto/bn/rsaz_exp.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_locl.h crypto/rsa/rsa_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_gen.c crypto/rsa/rsa_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_lib.c crypto/rsa/rsa_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_sign.c crypto/rsa/rsa_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_saos.c crypto/rsa/rsa_saos.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_err.c crypto/rsa/rsa_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pk1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ssl.c crypto/rsa/rsa_ssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_none.c crypto/rsa/rsa_none.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_oaep.c crypto/rsa/rsa_oaep.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_chk.c crypto/rsa/rsa_chk.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_null.c crypto/rsa/rsa_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pss.c crypto/rsa/rsa_pss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_x931.c crypto/rsa/rsa_x931.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_depr.c crypto/rsa/rsa_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_prn.c crypto/rsa/rsa_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_pmeth.c crypto/rsa/rsa_pmeth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rsa/rsa_crpt.c crypto/rsa/rsa_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dl.c crypto/dso/dso_dl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_dlfcn.c crypto/dso/dso_dlfcn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_err.c crypto/dso/dso_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_lib.c crypto/dso/dso_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_null.c crypto/dso/dso_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_openssl.c crypto/dso/dso_openssl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_win32.c crypto/dso/dso_win32.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_vms.c crypto/dso/dso_vms.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dso/dso_beos.c crypto/dso/dso_beos.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_asn1.c crypto/dh/dh_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_gen.c crypto/dh/dh_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_key.c crypto/dh/dh_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_lib.c crypto/dh/dh_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_check.c crypto/dh/dh_check.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_err.c crypto/dh/dh_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_depr.c crypto/dh/dh_depr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_ameth.c crypto/dh/dh_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_pmeth.c crypto/dh/dh_pmeth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_prn.c crypto/dh/dh_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/dh/dh_rfc5114.c crypto/dh/dh_rfc5114.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buffer.c crypto/buffer/buffer.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_str.c crypto/buffer/buf_str.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/buffer/buf_err.c crypto/buffer/buf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lcl.h crypto/bio/bio_lcl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_lib.c crypto/bio/bio_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_cb.c crypto/bio/bio_cb.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bio_err.c crypto/bio/bio_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_mem.c crypto/bio/bss_mem.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_null.c crypto/bio/bss_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_fd.c crypto/bio/bss_fd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_file.c crypto/bio/bss_file.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_sock.c crypto/bio/bss_sock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_conn.c crypto/bio/bss_conn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_null.c crypto/bio/bf_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_buff.c crypto/bio/bf_buff.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_dump.c crypto/bio/b_dump.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_print.c crypto/bio/b_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/b_sock.c crypto/bio/b_sock.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_acpt.c crypto/bio/bss_acpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bf_nbio.c crypto/bio/bf_nbio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_log.c crypto/bio/bss_log.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_bio.c crypto/bio/bss_bio.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/bio/bss_dgram.c crypto/bio/bss_dgram.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/stack/stack.c crypto/stack/stack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lhash.c crypto/lhash/lhash.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/lhash/lh_stats.c crypto/lhash/lh_stats.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lcl.h crypto/rand/rand_lcl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/md_rand.c crypto/rand/md_rand.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/randfile.c crypto/rand/randfile.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_lib.c crypto/rand/rand_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_err.c crypto/rand/rand_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/rand/rand_unix.c crypto/rand/rand_unix.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err.c crypto/err/err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_all.c crypto/err/err_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/err/err_prn.c crypto/err/err_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/o_names.c crypto/objects/o_names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.h crypto/objects/obj_dat.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_dat.c crypto/objects/obj_dat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_lib.c crypto/objects/obj_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_err.c crypto/objects/obj_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_xref.h crypto/objects/obj_xref.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/objects/obj_xref.c crypto/objects/obj_xref.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_locl.h crypto/evp/evp_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/encode.c crypto/evp/encode.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/digest.c crypto/evp/digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_enc.c crypto/evp/evp_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_key.c crypto/evp/evp_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_acnf.c crypto/evp/evp_acnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_cnf.c crypto/evp/evp_cnf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des.c crypto/evp/e_des.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_bf.c crypto/evp/e_bf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_idea.c crypto/evp/e_idea.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_des3.c crypto/evp/e_des3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_camellia.c crypto/evp/e_camellia.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4.c crypto/evp/e_rc4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes.c crypto/evp/e_aes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/names.c crypto/evp/names.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_seed.c crypto/evp/e_seed.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_xcbc_d.c crypto/evp/e_xcbc_d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc2.c crypto/evp/e_rc2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_cast.c crypto/evp/e_cast.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc5.c crypto/evp/e_rc5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_null.c crypto/evp/m_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md2.c crypto/evp/m_md2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md4.c crypto/evp/m_md4.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_md5.c crypto/evp/m_md5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha.c crypto/evp/m_sha.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sha1.c crypto/evp/m_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_wp.c crypto/evp/m_wp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss.c crypto/evp/m_dss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_dss1.c crypto/evp/m_dss1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_mdc2.c crypto/evp/m_mdc2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ripemd.c crypto/evp/m_ripemd.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_ecdsa.c crypto/evp/m_ecdsa.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_open.c crypto/evp/p_open.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_seal.c crypto/evp/p_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_sign.c crypto/evp/p_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_verify.c crypto/evp/p_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_lib.c crypto/evp/p_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_enc.c crypto/evp/p_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p_dec.c crypto/evp/p_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_md.c crypto/evp/bio_md.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_b64.c crypto/evp/bio_b64.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_enc.c crypto/evp/bio_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_err.c crypto/evp/evp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_null.c crypto/evp/e_null.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_all.c crypto/evp/c_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_allc.c crypto/evp/c_allc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/c_alld.c crypto/evp/c_alld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_lib.c crypto/evp/evp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/bio_ok.c crypto/evp/bio_ok.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pkey.c crypto/evp/evp_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/evp_pbe.c crypto/evp/evp_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt.c crypto/evp/p5_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/p5_crpt2.c crypto/evp/p5_crpt2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_old.c crypto/evp/e_old.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_lib.c crypto/evp/pmeth_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_fn.c crypto/evp/pmeth_fn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/pmeth_gn.c crypto/evp/pmeth_gn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/m_sigver.c crypto/evp/m_sigver.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes_cbc_hmac_sha1.c crypto/evp/e_aes_cbc_hmac_sha1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_aes_cbc_hmac_sha256.c crypto/evp/e_aes_cbc_hmac_sha256.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/evp/e_rc4_hmac_md5.c crypto/evp/e_rc4_hmac_md5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_locl.h crypto/asn1/asn1_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/charmap.h crypto/asn1/charmap.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_object.c crypto/asn1/a_object.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bitstr.c crypto/asn1/a_bitstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utctm.c crypto/asn1/a_utctm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_gentm.c crypto/asn1/a_gentm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_time.c crypto/asn1/a_time.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_int.c crypto/asn1/a_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_octet.c crypto/asn1/a_octet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_print.c crypto/asn1/a_print.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_type.c crypto/asn1/a_type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_set.c crypto/asn1/a_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_dup.c crypto/asn1/a_dup.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_d2i_fp.c crypto/asn1/a_d2i_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_i2d_fp.c crypto/asn1/a_i2d_fp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_enum.c crypto/asn1/a_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_utf8.c crypto/asn1/a_utf8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_sign.c crypto/asn1/a_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_digest.c crypto/asn1/a_digest.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_verify.c crypto/asn1/a_verify.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_mbstr.c crypto/asn1/a_mbstr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strex.c crypto/asn1/a_strex.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_algor.c crypto/asn1/x_algor.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_val.c crypto/asn1/x_val.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pubkey.c crypto/asn1/x_pubkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_sig.c crypto/asn1/x_sig.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_req.c crypto/asn1/x_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_attrib.c crypto/asn1/x_attrib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_bignum.c crypto/asn1/x_bignum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_long.c crypto/asn1/x_long.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_name.c crypto/asn1/x_name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509.c crypto/asn1/x_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_x509a.c crypto/asn1/x_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_crl.c crypto/asn1/x_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_info.c crypto/asn1/x_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_spki.c crypto/asn1/x_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/nsseq.c crypto/asn1/nsseq.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_nx509.c crypto/asn1/x_nx509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pu.c crypto/asn1/d2i_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/d2i_pr.c crypto/asn1/d2i_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pu.c crypto/asn1/i2d_pu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/i2d_pr.c crypto/asn1/i2d_pr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_req.c crypto/asn1/t_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509.c crypto/asn1/t_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_x509a.c crypto/asn1/t_x509a.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_crl.c crypto/asn1/t_crl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_pkey.c crypto/asn1/t_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_spki.c crypto/asn1/t_spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/t_bitst.c crypto/asn1/t_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_new.c crypto/asn1/tasn_new.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_fre.c crypto/asn1/tasn_fre.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_enc.c crypto/asn1/tasn_enc.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_dec.c crypto/asn1/tasn_dec.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_utl.c crypto/asn1/tasn_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_typ.c crypto/asn1/tasn_typ.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/tasn_prn.c crypto/asn1/tasn_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/ameth_lib.c crypto/asn1/ameth_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_int.c crypto/asn1/f_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_string.c crypto/asn1/f_string.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/n_pkey.c crypto/asn1/n_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/f_enum.c crypto/asn1/f_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_pkey.c crypto/asn1/x_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bool.c crypto/asn1/a_bool.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/x_exten.c crypto/asn1/x_exten.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/bio_asn1.c crypto/asn1/bio_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/bio_ndef.c crypto/asn1/bio_ndef.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_mime.c crypto/asn1/asn_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_gen.c crypto/asn1/asn1_gen.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_par.c crypto/asn1/asn1_par.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_lib.c crypto/asn1/asn1_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn1_err.c crypto/asn1/asn1_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_bytes.c crypto/asn1/a_bytes.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/a_strnid.c crypto/asn1/a_strnid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/evp_asn1.c crypto/asn1/evp_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_pack.c crypto/asn1/asn_pack.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbe.c crypto/asn1/p5_pbe.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p5_pbev2.c crypto/asn1/p5_pbev2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/p8_pkey.c crypto/asn1/p8_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/asn1/asn_moid.c crypto/asn1/asn_moid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_sign.c crypto/pem/pem_sign.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_seal.c crypto/pem/pem_seal.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_info.c crypto/pem/pem_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_lib.c crypto/pem/pem_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_all.c crypto/pem/pem_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_err.c crypto/pem/pem_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_x509.c crypto/pem/pem_x509.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_xaux.c crypto/pem/pem_xaux.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_oth.c crypto/pem/pem_oth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pk8.c crypto/pem/pem_pk8.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pem_pkey.c crypto/pem/pem_pkey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pem/pvkfmt.c crypto/pem/pvkfmt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/vpm_int.h crypto/x509/vpm_int.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_def.c crypto/x509/x509_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_d2.c crypto/x509/x509_d2.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_r2x.c crypto/x509/x509_r2x.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_cmp.c crypto/x509/x509_cmp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_obj.c crypto/x509/x509_obj.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_req.c crypto/x509/x509_req.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509spki.c crypto/x509/x509spki.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vfy.c crypto/x509/x509_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_set.c crypto/x509/x509_set.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509cset.c crypto/x509/x509cset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509rset.c crypto/x509/x509rset.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_err.c crypto/x509/x509_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509name.c crypto/x509/x509name.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_v3.c crypto/x509/x509_v3.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_ext.c crypto/x509/x509_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_att.c crypto/x509/x509_att.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509type.c crypto/x509/x509type.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_lu.c crypto/x509/x509_lu.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x_all.c crypto/x509/x_all.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_txt.c crypto/x509/x509_txt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_trs.c crypto/x509/x509_trs.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509/x509_vpm.c crypto/x509/x509_vpm.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/ext_dat.h crypto/x509v3/ext_dat.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_int.h crypto/x509v3/pcy_int.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bcons.c crypto/x509v3/v3_bcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_bitst.c crypto/x509v3/v3_bitst.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_conf.c crypto/x509v3/v3_conf.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_extku.c crypto/x509v3/v3_extku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ia5.c crypto/x509v3/v3_ia5.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_lib.c crypto/x509v3/v3_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_prn.c crypto/x509v3/v3_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_utl.c crypto/x509v3/v3_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3err.c crypto/x509v3/v3err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_genn.c crypto/x509v3/v3_genn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_alt.c crypto/x509v3/v3_alt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_skey.c crypto/x509v3/v3_skey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akey.c crypto/x509v3/v3_akey.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pku.c crypto/x509v3/v3_pku.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_int.c crypto/x509v3/v3_int.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_enum.c crypto/x509v3/v3_enum.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_sxnet.c crypto/x509v3/v3_sxnet.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_cpols.c crypto/x509v3/v3_cpols.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_crld.c crypto/x509v3/v3_crld.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_purp.c crypto/x509v3/v3_purp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_info.c crypto/x509v3/v3_info.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ocsp.c crypto/x509v3/v3_ocsp.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_akeya.c crypto/x509v3/v3_akeya.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pmaps.c crypto/x509v3/v3_pmaps.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcons.c crypto/x509v3/v3_pcons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_ncons.c crypto/x509v3/v3_ncons.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pcia.c crypto/x509v3/v3_pcia.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_pci.c crypto/x509v3/v3_pci.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_cache.c crypto/x509v3/pcy_cache.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_node.c crypto/x509v3/pcy_node.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_data.c crypto/x509v3/pcy_data.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_map.c crypto/x509v3/pcy_map.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_tree.c crypto/x509v3/pcy_tree.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/pcy_lib.c crypto/x509v3/pcy_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_asid.c crypto/x509v3/v3_asid.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/x509v3/v3_addr.c crypto/x509v3/v3_addr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_err.c crypto/conf/conf_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_lib.c crypto/conf/conf_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_api.c crypto/conf/conf_api.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.h crypto/conf/conf_def.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_def.c crypto/conf/conf_def.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mod.c crypto/conf/conf_mod.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_mall.c crypto/conf/conf_mall.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/conf/conf_sap.c crypto/conf/conf_sap.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/txt_db/txt_db.c crypto/txt_db/txt_db.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_asn1.c crypto/pkcs7/pk7_asn1.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_lib.c crypto/pkcs7/pk7_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pkcs7err.c crypto/pkcs7/pkcs7err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_doit.c crypto/pkcs7/pk7_doit.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_smime.c crypto/pkcs7/pk7_smime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_attr.c crypto/pkcs7/pk7_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/pk7_mime.c crypto/pkcs7/pk7_mime.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs7/bio_pk7.c crypto/pkcs7/bio_pk7.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_add.c crypto/pkcs12/p12_add.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_asn.c crypto/pkcs12/p12_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_attr.c crypto/pkcs12/p12_attr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crpt.c crypto/pkcs12/p12_crpt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_crt.c crypto/pkcs12/p12_crt.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_decr.c crypto/pkcs12/p12_decr.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_init.c crypto/pkcs12/p12_init.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_key.c crypto/pkcs12/p12_key.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_kiss.c crypto/pkcs12/p12_kiss.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_mutl.c crypto/pkcs12/p12_mutl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_utl.c crypto/pkcs12/p12_utl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_npas.c crypto/pkcs12/p12_npas.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/pk12err.c crypto/pkcs12/pk12err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8d.c crypto/pkcs12/p12_p8d.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/pkcs12/p12_p8e.c crypto/pkcs12/p12_p8e.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_lib.c crypto/comp/comp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/comp_err.c crypto/comp/comp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_rle.c crypto/comp/c_rle.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/comp/c_zlib.c crypto/comp/c_zlib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_asn.c crypto/ocsp/ocsp_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_ht.c crypto/ocsp/ocsp_ht.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_lib.c crypto/ocsp/ocsp_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_cl.c crypto/ocsp/ocsp_cl.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_srv.c crypto/ocsp/ocsp_srv.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_prn.c crypto/ocsp/ocsp_prn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_vfy.c crypto/ocsp/ocsp_vfy.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ocsp/ocsp_err.c crypto/ocsp/ocsp_err.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_locl.h crypto/ui/ui_locl.h ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_lib.c crypto/ui/ui_lib.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_util.c crypto/ui/ui_util.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/ui/ui_compat.c crypto/ui/ui_compat.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/krb5/krb5_asn.c crypto/krb5/krb5_asn.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cmac.c crypto/cmac/cmac.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cm_ameth.c crypto/cmac/cm_ameth.c ++install -D $DIR/CryptoPkg/Library/OpensslLib/openssl-$version/crypto/cmac/cm_pmeth.c crypto/cmac/cm_pmeth.c + + find . -name "*.[ch]" -exec chmod -x {} \; + +diff --git a/Cryptlib/Pem/CryptPem.c b/Cryptlib/Pem/CryptPem.c +new file mode 100644 +index 0000000..51e648b +--- /dev/null ++++ b/Cryptlib/Pem/CryptPem.c +@@ -0,0 +1,135 @@ ++/** @file ++ PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation over OpenSSL. ++ ++Copyright (c) 2010 - 2013, Intel Corporation. All rights reserved.
++This program and the accompanying materials ++are licensed and made available under the terms and conditions of the BSD License ++which accompanies this distribution. The full text of the license may be found at ++http://opensource.org/licenses/bsd-license.php ++ ++THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, ++WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. ++ ++**/ ++ ++#include "InternalCryptLib.h" ++#include ++ ++/** ++ Callback function for password phrase conversion used for retrieving the encrypted PEM. ++ ++ @param[out] Buf Pointer to the buffer to write the passphrase to. ++ @param[in] Size Maximum length of the passphrase (i.e. the size of Buf). ++ @param[in] Flag A flag which is set to 0 when reading and 1 when writing. ++ @param[in] Key Key data to be passed to the callback routine. ++ ++ @retval The number of characters in the passphrase or 0 if an error occurred. ++ ++**/ ++INTN ++PasswordCallback ( ++ OUT CHAR8 *Buf, ++ IN INTN Size, ++ IN INTN Flag, ++ IN VOID *Key ++ ) ++{ ++ INTN KeyLength; ++ ++ ZeroMem ((VOID *) Buf, (UINTN) Size); ++ if (Key != NULL) { ++ // ++ // Duplicate key phrase directly. ++ // ++ KeyLength = (INTN) AsciiStrLen ((CHAR8 *)Key); ++ KeyLength = (KeyLength > Size ) ? Size : KeyLength; ++ CopyMem (Buf, Key, (UINTN) KeyLength); ++ return KeyLength; ++ } else { ++ return 0; ++ } ++} ++ ++/** ++ Retrieve the RSA Private Key from the password-protected PEM key data. ++ ++ @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. ++ @param[in] PemSize Size of the PEM key data in bytes. ++ @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. ++ @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved ++ RSA private key component. Use RsaFree() function to free the ++ resource. ++ ++ If PemData is NULL, then return FALSE. ++ If RsaContext is NULL, then return FALSE. ++ ++ @retval TRUE RSA Private Key was retrieved successfully. ++ @retval FALSE Invalid PEM key data or incorrect password. ++ ++**/ ++BOOLEAN ++EFIAPI ++RsaGetPrivateKeyFromPem ( ++ IN CONST UINT8 *PemData, ++ IN UINTN PemSize, ++ IN CONST CHAR8 *Password, ++ OUT VOID **RsaContext ++ ) ++{ ++ BOOLEAN Status; ++ BIO *PemBio; ++ ++ // ++ // Check input parameters. ++ // ++ if (PemData == NULL || RsaContext == NULL || PemSize > INT_MAX) { ++ return FALSE; ++ } ++ ++ // ++ // Add possible block-cipher descriptor for PEM data decryption. ++ // NOTE: Only support most popular ciphers (3DES, AES) for the encrypted PEM. ++ // ++ if (EVP_add_cipher (EVP_des_ede3_cbc ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_cipher (EVP_aes_128_cbc ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_cipher (EVP_aes_192_cbc ()) == 0) { ++ return FALSE; ++ } ++ if (EVP_add_cipher (EVP_aes_256_cbc ()) == 0) { ++ return FALSE; ++ } ++ ++ Status = FALSE; ++ ++ // ++ // Read encrypted PEM Data. ++ // ++ PemBio = BIO_new (BIO_s_mem ()); ++ if (PemBio == NULL) { ++ goto _Exit; ++ } ++ ++ if (BIO_write (PemBio, PemData, (int) PemSize) <= 0) { ++ goto _Exit; ++ } ++ ++ // ++ // Retrieve RSA Private Key from encrypted PEM data. ++ // ++ *RsaContext = PEM_read_bio_RSAPrivateKey (PemBio, NULL, (pem_password_cb *) &PasswordCallback, (void *) Password); ++ if (*RsaContext != NULL) { ++ Status = TRUE; ++ } ++ ++_Exit: ++ // ++ // Release Resources. ++ // ++ BIO_free (PemBio); ++ ++ return Status; ++} +diff --git a/Cryptlib/Pem/CryptPemNull.c b/Cryptlib/Pem/CryptPemNull.c +deleted file mode 100644 +index 8c9e4f0..0000000 +--- a/Cryptlib/Pem/CryptPemNull.c ++++ /dev/null +@@ -1,44 +0,0 @@ +-/** @file +- PEM (Privacy Enhanced Mail) Format Handler Wrapper Implementation which does +- not provide real capabilities. +- +-Copyright (c) 2012, Intel Corporation. All rights reserved.
+-This program and the accompanying materials +-are licensed and made available under the terms and conditions of the BSD License +-which accompanies this distribution. The full text of the license may be found at +-http://opensource.org/licenses/bsd-license.php +- +-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, +-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. +- +-**/ +- +-#include "InternalCryptLib.h" +- +-/** +- Retrieve the RSA Private Key from the password-protected PEM key data. +- +- Return FALSE to indicate this interface is not supported. +- +- @param[in] PemData Pointer to the PEM-encoded key data to be retrieved. +- @param[in] PemSize Size of the PEM key data in bytes. +- @param[in] Password NULL-terminated passphrase used for encrypted PEM key data. +- @param[out] RsaContext Pointer to new-generated RSA context which contain the retrieved +- RSA private key component. Use RsaFree() function to free the +- resource. +- +- @retval FALSE This interface is not supported. +- +-**/ +-BOOLEAN +-EFIAPI +-RsaGetPrivateKeyFromPem ( +- IN CONST UINT8 *PemData, +- IN UINTN PemSize, +- IN CONST CHAR8 *Password, +- OUT VOID **RsaContext +- ) +-{ +- ASSERT (FALSE); +- return FALSE; +-} +diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c +index bf24e92..dcaba43 100644 +--- a/Cryptlib/Pk/CryptPkcs7Verify.c ++++ b/Cryptlib/Pk/CryptPkcs7Verify.c +@@ -10,7 +10,7 @@ + WrapPkcs7Data(), Pkcs7GetSigners(), Pkcs7Verify() will get UEFI Authenticated + Variable and will do basic check for data structure. + +-Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -163,7 +163,6 @@ X509PopCertificate ( + STACK_OF(X509) *CertStack; + BOOLEAN Status; + INT32 Result; +- BUF_MEM *Ptr; + INT32 Length; + VOID *Buffer; + +@@ -193,8 +192,7 @@ X509PopCertificate ( + goto _Exit; + } + +- BIO_get_mem_ptr (CertBio, &Ptr); +- Length = (INT32)(Ptr->length); ++ Length = (INT32)(((BUF_MEM *) CertBio->ptr)->length); + if (Length <= 0) { + goto _Exit; + } +@@ -465,15 +463,12 @@ Pkcs7GetCertificatesList ( + BOOLEAN Wrapped; + UINT8 Index; + PKCS7 *Pkcs7; +- X509_STORE_CTX *CertCtx; +- STACK_OF(X509) *CtxChain; +- STACK_OF(X509) *CtxUntrusted; +- X509 *CtxCert; ++ X509_STORE_CTX CertCtx; + STACK_OF(X509) *Signers; + X509 *Signer; + X509 *Cert; ++ X509 *TempCert; + X509 *Issuer; +- X509_NAME *IssuerName; + UINT8 *CertBuf; + UINT8 *OldBuf; + UINTN BufferSize; +@@ -487,11 +482,8 @@ Pkcs7GetCertificatesList ( + Status = FALSE; + NewP7Data = NULL; + Pkcs7 = NULL; +- CertCtx = NULL; +- CtxChain = NULL; +- CtxCert = NULL; +- CtxUntrusted = NULL; + Cert = NULL; ++ TempCert = NULL; + SingleCert = NULL; + CertBuf = NULL; + OldBuf = NULL; +@@ -539,26 +531,19 @@ Pkcs7GetCertificatesList ( + } + Signer = sk_X509_value (Signers, 0); + +- CertCtx = X509_STORE_CTX_new (); +- if (CertCtx == NULL) { +- goto _Error; +- } +- if (!X509_STORE_CTX_init (CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) { ++ if (!X509_STORE_CTX_init (&CertCtx, NULL, Signer, Pkcs7->d.sign->cert)) { + goto _Error; + } + // + // Initialize Chained & Untrusted stack + // +- CtxChain = X509_STORE_CTX_get0_chain (CertCtx); +- CtxCert = X509_STORE_CTX_get0_cert (CertCtx); +- if (CtxChain == NULL) { +- if (((CtxChain = sk_X509_new_null ()) == NULL) || +- (!sk_X509_push (CtxChain, CtxCert))) { ++ if (CertCtx.chain == NULL) { ++ if (((CertCtx.chain = sk_X509_new_null ()) == NULL) || ++ (!sk_X509_push (CertCtx.chain, CertCtx.cert))) { + goto _Error; + } + } +- CtxUntrusted = X509_STORE_CTX_get0_untrusted (CertCtx); +- (VOID)sk_X509_delete_ptr (CtxUntrusted, Signer); ++ (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Signer); + + // + // Build certificates stack chained from Signer's certificate. +@@ -568,25 +553,27 @@ Pkcs7GetCertificatesList ( + // + // Self-Issue checking + // +- Issuer = NULL; +- if (X509_STORE_CTX_get1_issuer (&Issuer, CertCtx, Cert) == 1) { +- if (X509_cmp (Issuer, Cert) == 0) { +- break; +- } ++ if (CertCtx.check_issued (&CertCtx, Cert, Cert)) { ++ break; + } + + // + // Found the issuer of the current certificate + // +- if (CtxUntrusted != NULL) { ++ if (CertCtx.untrusted != NULL) { + Issuer = NULL; +- IssuerName = X509_get_issuer_name (Cert); +- Issuer = X509_find_by_subject (CtxUntrusted, IssuerName); ++ for (Index = 0; Index < sk_X509_num (CertCtx.untrusted); Index++) { ++ TempCert = sk_X509_value (CertCtx.untrusted, Index); ++ if (CertCtx.check_issued (&CertCtx, Cert, TempCert)) { ++ Issuer = TempCert; ++ break; ++ } ++ } + if (Issuer != NULL) { +- if (!sk_X509_push (CtxChain, Issuer)) { ++ if (!sk_X509_push (CertCtx.chain, Issuer)) { + goto _Error; + } +- (VOID)sk_X509_delete_ptr (CtxUntrusted, Issuer); ++ (VOID)sk_X509_delete_ptr (CertCtx.untrusted, Issuer); + + Cert = Issuer; + continue; +@@ -608,13 +595,13 @@ Pkcs7GetCertificatesList ( + // UINT8 Certn[]; + // + +- if (CtxChain != NULL) { ++ if (CertCtx.chain != NULL) { + BufferSize = sizeof (UINT8); + OldSize = BufferSize; + CertBuf = NULL; + + for (Index = 0; ; Index++) { +- Status = X509PopCertificate (CtxChain, &SingleCert, &CertSize); ++ Status = X509PopCertificate (CertCtx.chain, &SingleCert, &CertSize); + if (!Status) { + break; + } +@@ -652,13 +639,13 @@ Pkcs7GetCertificatesList ( + } + } + +- if (CtxUntrusted != NULL) { ++ if (CertCtx.untrusted != NULL) { + BufferSize = sizeof (UINT8); + OldSize = BufferSize; + CertBuf = NULL; + + for (Index = 0; ; Index++) { +- Status = X509PopCertificate (CtxUntrusted, &SingleCert, &CertSize); ++ Status = X509PopCertificate (CertCtx.untrusted, &SingleCert, &CertSize); + if (!Status) { + break; + } +@@ -711,8 +698,7 @@ _Error: + } + sk_X509_free (Signers); + +- X509_STORE_CTX_cleanup (CertCtx); +- X509_STORE_CTX_free (CertCtx); ++ X509_STORE_CTX_cleanup (&CertCtx); + + if (SingleCert != NULL) { + free (SingleCert); +diff --git a/Cryptlib/Pk/CryptRsaBasic.c b/Cryptlib/Pk/CryptRsaBasic.c +index ba1bcf0..e68dd02 100644 +--- a/Cryptlib/Pk/CryptRsaBasic.c ++++ b/Cryptlib/Pk/CryptRsaBasic.c +@@ -7,7 +7,7 @@ + 3) RsaSetKey + 4) RsaPkcs1Verify + +-Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -92,15 +92,7 @@ RsaSetKey ( + IN UINTN BnSize + ) + { +- RSA *RsaKey; +- BIGNUM *BnN; +- BIGNUM *BnE; +- BIGNUM *BnD; +- BIGNUM *BnP; +- BIGNUM *BnQ; +- BIGNUM *BnDp; +- BIGNUM *BnDq; +- BIGNUM *BnQInv; ++ RSA *RsaKey; + + // + // Check input parameters. +@@ -109,23 +101,7 @@ RsaSetKey ( + return FALSE; + } + +- BnN = NULL; +- BnE = NULL; +- BnD = NULL; +- BnP = NULL; +- BnQ = NULL; +- BnDp = NULL; +- BnDq = NULL; +- BnQInv = NULL; +- +- // +- // Retrieve the components from RSA object. +- // + RsaKey = (RSA *) RsaContext; +- RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD); +- RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ); +- RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv); +- + // + // Set RSA Key Components by converting octet string to OpenSSL BN representation. + // NOTE: For RSA public key (used in signature verification), only public components +@@ -134,109 +110,144 @@ RsaSetKey ( + switch (KeyTag) { + + // +- // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d) ++ // RSA Public Modulus (N) + // + case RsaKeyN: +- case RsaKeyE: +- case RsaKeyD: +- if (BnN == NULL) { +- BnN = BN_new (); ++ if (RsaKey->n != NULL) { ++ BN_free (RsaKey->n); + } +- if (BnE == NULL) { +- BnE = BN_new (); ++ RsaKey->n = NULL; ++ if (BigNumber == NULL) { ++ break; + } +- if (BnD == NULL) { +- BnD = BN_new (); ++ RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n); ++ if (RsaKey->n == NULL) { ++ return FALSE; + } + +- if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) { ++ break; ++ ++ // ++ // RSA Public Exponent (e) ++ // ++ case RsaKeyE: ++ if (RsaKey->e != NULL) { ++ BN_free (RsaKey->e); ++ } ++ RsaKey->e = NULL; ++ if (BigNumber == NULL) { ++ break; ++ } ++ RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e); ++ if (RsaKey->e == NULL) { + return FALSE; + } + +- switch (KeyTag) { +- case RsaKeyN: +- BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN); +- break; +- case RsaKeyE: +- BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE); +- break; +- case RsaKeyD: +- BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD); ++ break; ++ ++ // ++ // RSA Private Exponent (d) ++ // ++ case RsaKeyD: ++ if (RsaKey->d != NULL) { ++ BN_free (RsaKey->d); ++ } ++ RsaKey->d = NULL; ++ if (BigNumber == NULL) { + break; +- default: +- return FALSE; + } +- if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) { ++ RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d); ++ if (RsaKey->d == NULL) { + return FALSE; + } + + break; + + // +- // RSA Secret Prime Factor of Modulus (p and q) ++ // RSA Secret Prime Factor of Modulus (p) + // + case RsaKeyP: +- case RsaKeyQ: +- if (BnP == NULL) { +- BnP = BN_new (); ++ if (RsaKey->p != NULL) { ++ BN_free (RsaKey->p); + } +- if (BnQ == NULL) { +- BnQ = BN_new (); ++ RsaKey->p = NULL; ++ if (BigNumber == NULL) { ++ break; + } +- if ((BnP == NULL) || (BnQ == NULL)) { ++ RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p); ++ if (RsaKey->p == NULL) { + return FALSE; + } + +- switch (KeyTag) { +- case RsaKeyP: +- BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP); +- break; +- case RsaKeyQ: +- BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ); ++ break; ++ ++ // ++ // RSA Secret Prime Factor of Modules (q) ++ // ++ case RsaKeyQ: ++ if (RsaKey->q != NULL) { ++ BN_free (RsaKey->q); ++ } ++ RsaKey->q = NULL; ++ if (BigNumber == NULL) { + break; +- default: +- return FALSE; + } +- if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) { ++ RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q); ++ if (RsaKey->q == NULL) { + return FALSE; + } + + break; + + // +- // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)), +- // and CRT Coefficient (== 1/q mod p) ++ // p's CRT Exponent (== d mod (p - 1)) + // + case RsaKeyDp: +- case RsaKeyDq: +- case RsaKeyQInv: +- if (BnDp == NULL) { +- BnDp = BN_new (); +- } +- if (BnDq == NULL) { +- BnDq = BN_new (); ++ if (RsaKey->dmp1 != NULL) { ++ BN_free (RsaKey->dmp1); + } +- if (BnQInv == NULL) { +- BnQInv = BN_new (); ++ RsaKey->dmp1 = NULL; ++ if (BigNumber == NULL) { ++ break; + } +- if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) { ++ RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1); ++ if (RsaKey->dmp1 == NULL) { + return FALSE; + } + +- switch (KeyTag) { +- case RsaKeyDp: +- BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp); +- break; +- case RsaKeyDq: +- BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq); +- break; +- case RsaKeyQInv: +- BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv); ++ break; ++ ++ // ++ // q's CRT Exponent (== d mod (q - 1)) ++ // ++ case RsaKeyDq: ++ if (RsaKey->dmq1 != NULL) { ++ BN_free (RsaKey->dmq1); ++ } ++ RsaKey->dmq1 = NULL; ++ if (BigNumber == NULL) { + break; +- default: ++ } ++ RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1); ++ if (RsaKey->dmq1 == NULL) { + return FALSE; + } +- if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) { ++ ++ break; ++ ++ // ++ // The CRT Coefficient (== 1/q mod p) ++ // ++ case RsaKeyQInv: ++ if (RsaKey->iqmp != NULL) { ++ BN_free (RsaKey->iqmp); ++ } ++ RsaKey->iqmp = NULL; ++ if (BigNumber == NULL) { ++ break; ++ } ++ RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp); ++ if (RsaKey->iqmp == NULL) { + return FALSE; + } + +@@ -300,11 +311,11 @@ RsaPkcs1Verify ( + case MD5_DIGEST_SIZE: + DigestType = NID_md5; + break; +- ++ + case SHA1_DIGEST_SIZE: + DigestType = NID_sha1; + break; +- ++ + case SHA256_DIGEST_SIZE: + DigestType = NID_sha256; + break; +diff --git a/Cryptlib/Pk/CryptTs.c b/Cryptlib/Pk/CryptTs.c +index d63c23d..1b78472 100644 +--- a/Cryptlib/Pk/CryptTs.c ++++ b/Cryptlib/Pk/CryptTs.c +@@ -5,7 +5,7 @@ + the lifetime of the signature when a signing certificate expires or is later + revoked. + +-Copyright (c) 2014 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2014 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -239,7 +239,7 @@ CheckTSTInfo ( + TS_MESSAGE_IMPRINT *Imprint; + X509_ALGOR *HashAlgo; + CONST EVP_MD *Md; +- EVP_MD_CTX *MdCtx; ++ EVP_MD_CTX MdCtx; + UINTN MdSize; + UINT8 *HashedMsg; + +@@ -249,7 +249,6 @@ CheckTSTInfo ( + Status = FALSE; + HashAlgo = NULL; + HashedMsg = NULL; +- MdCtx = NULL; + + // + // -- Check version number of Timestamp: +@@ -286,17 +285,11 @@ CheckTSTInfo ( + if (HashedMsg == NULL) { + goto _Exit; + } +- MdCtx = EVP_MD_CTX_new (); +- if (MdCtx == NULL) { +- goto _Exit; +- } +- if ((EVP_DigestInit_ex (MdCtx, Md, NULL) != 1) || +- (EVP_DigestUpdate (MdCtx, TimestampedData, DataSize) != 1) || +- (EVP_DigestFinal (MdCtx, HashedMsg, NULL) != 1)) { +- goto _Exit; +- } ++ EVP_DigestInit (&MdCtx, Md); ++ EVP_DigestUpdate (&MdCtx, TimestampedData, DataSize); ++ EVP_DigestFinal (&MdCtx, HashedMsg, NULL); + if ((MdSize == (UINTN)ASN1_STRING_length (Imprint->HashedMessage)) && +- (CompareMem (HashedMsg, ASN1_STRING_get0_data (Imprint->HashedMessage), MdSize) != 0)) { ++ (CompareMem (HashedMsg, ASN1_STRING_data (Imprint->HashedMessage), MdSize) != 0)) { + goto _Exit; + } + +@@ -322,7 +315,6 @@ CheckTSTInfo ( + + _Exit: + X509_ALGOR_free (HashAlgo); +- EVP_MD_CTX_free (MdCtx); + if (HashedMsg != NULL) { + FreePool (HashedMsg); + } +diff --git a/Cryptlib/Pk/CryptX509.c b/Cryptlib/Pk/CryptX509.c +index 7d27597..7dc4596 100644 +--- a/Cryptlib/Pk/CryptX509.c ++++ b/Cryptlib/Pk/CryptX509.c +@@ -1,7 +1,7 @@ + /** @file + X.509 Certificate Handler Wrapper Implementation over OpenSSL. + +-Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -73,7 +73,7 @@ X509ConstructCertificate ( + @param ... A list of DER-encoded single certificate data followed + by certificate size. A NULL terminates the list. The + pairs are the arguments to X509ConstructCertificate(). +- ++ + @retval TRUE The X509 stack construction succeeded. + @retval FALSE The construction operation failed. + +@@ -82,7 +82,7 @@ BOOLEAN + EFIAPI + X509ConstructCertificateStack ( + IN OUT UINT8 **X509Stack, +- ... ++ ... + ) + { + UINT8 *Cert; +@@ -175,14 +175,14 @@ EFIAPI + X509Free ( + IN VOID *X509Cert + ) +-{ ++{ + // + // Check input parameters. + // + if (X509Cert == NULL) { + return; + } +- ++ + // + // Free OpenSSL X509 object. + // +@@ -209,7 +209,7 @@ X509StackFree ( + if (X509Stack == NULL) { + return; + } +- ++ + // + // Free OpenSSL X509 stack object. + // +@@ -324,7 +324,7 @@ RsaGetPublicKeyFromX509 ( + BOOLEAN Status; + EVP_PKEY *Pkey; + X509 *X509Cert; +- ++ + // + // Check input parameters. + // +@@ -350,14 +350,14 @@ RsaGetPublicKeyFromX509 ( + // Retrieve and check EVP_PKEY data from X509 Certificate. + // + Pkey = X509_get_pubkey (X509Cert); +- if ((Pkey == NULL) || (EVP_PKEY_id (Pkey) != EVP_PKEY_RSA)) { ++ if ((Pkey == NULL) || (Pkey->type != EVP_PKEY_RSA)) { + goto _Exit; + } + + // + // Duplicate RSA Context from the retrieved EVP_PKEY. + // +- if ((*RsaContext = RSAPublicKey_dup (EVP_PKEY_get0_RSA (Pkey))) != NULL) { ++ if ((*RsaContext = RSAPublicKey_dup (Pkey->pkey.rsa)) != NULL) { + Status = TRUE; + } + +@@ -371,7 +371,7 @@ _Exit: + + if (Pkey != NULL) { + EVP_PKEY_free (Pkey); +- } ++ } + + return Status; + } +@@ -405,8 +405,8 @@ X509VerifyCert ( + X509 *X509Cert; + X509 *X509CACert; + X509_STORE *CertStore; +- X509_STORE_CTX *CertCtx; +- ++ X509_STORE_CTX CertCtx; ++ + // + // Check input parameters. + // +@@ -418,7 +418,6 @@ X509VerifyCert ( + X509Cert = NULL; + X509CACert = NULL; + CertStore = NULL; +- CertCtx = NULL; + + // + // Register & Initialize necessary digest algorithms for certificate verification. +@@ -474,19 +473,15 @@ X509VerifyCert ( + // + // Set up X509_STORE_CTX for the subsequent verification operation. + // +- CertCtx = X509_STORE_CTX_new (); +- if (CertCtx == NULL) { +- goto _Exit; +- } +- if (!X509_STORE_CTX_init (CertCtx, CertStore, X509Cert, NULL)) { ++ if (!X509_STORE_CTX_init (&CertCtx, CertStore, X509Cert, NULL)) { + goto _Exit; + } + + // + // X509 Certificate Verification. + // +- Status = (BOOLEAN) X509_verify_cert (CertCtx); +- X509_STORE_CTX_cleanup (CertCtx); ++ Status = (BOOLEAN) X509_verify_cert (&CertCtx); ++ X509_STORE_CTX_cleanup (&CertCtx); + + _Exit: + // +@@ -503,9 +498,7 @@ _Exit: + if (CertStore != NULL) { + X509_STORE_free (CertStore); + } +- +- X509_STORE_CTX_free (CertCtx); +- ++ + return Status; + } + +@@ -582,6 +575,6 @@ X509GetTBSCert ( + } + + *TBSCertSize = Length + (Temp - *TBSCert); +- ++ + return TRUE; + } +diff --git a/Cryptlib/SysCall/BaseMemAllocation.c b/Cryptlib/SysCall/BaseMemAllocation.c +index 65e9938..792b29e 100644 +--- a/Cryptlib/SysCall/BaseMemAllocation.c ++++ b/Cryptlib/SysCall/BaseMemAllocation.c +@@ -2,7 +2,7 @@ + Base Memory Allocation Routines Wrapper for Crypto library over OpenSSL + during PEI & DXE phases. + +-Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -13,8 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include +-#include ++#include + + // + // -- Memory-Allocation Routines -- +diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c +index 2267d86..4387571 100644 +--- a/Cryptlib/SysCall/BaseStrings.c ++++ b/Cryptlib/SysCall/BaseStrings.c +@@ -1,9 +1,9 @@ +-#include ++#include + +-char * +-AsciiStrCat(char *Destination, char *Source) ++CHAR8 * ++AsciiStrCat(CHAR8 *Destination, CHAR8 *Source) + { +- UINTN dest_len = strlena((CHAR8 *)Destination); ++ UINTN dest_len = strlena(Destination); + UINTN i; + + for (i = 0; Source[i] != '\0'; i++) +@@ -25,8 +25,8 @@ AsciiStrCpy(CHAR8 *Destination, CHAR8 *Source) + return Destination; + } + +-char * +-AsciiStrnCpy(char *Destination, char *Source, UINTN count) ++CHAR8 * ++AsciiStrnCpy(CHAR8 *Destination, CHAR8 *Source, UINTN count) + { + UINTN i; + +@@ -64,62 +64,4 @@ AsciiStrSize(CHAR8 *string) + return strlena(string) + 1; + } + +-/* Based on AsciiStrDecimalToUintnS() in edk2 +- * MdePkg/Library/BaseLib/SafeString.c */ +-UINTN +-AsciiStrDecimalToUintn(const char *String) +-{ +- UINTN Result; +- +- if (String == NULL) +- return 0; +- +- /* Ignore the pad spaces (space or tab) */ +- while ((*String == ' ') || (*String == '\t')) { +- String++; +- } +- +- /* Ignore leading Zeros after the spaces */ +- while (*String == '0') { +- String++; +- } +- +- Result = 0; +- +- while (*String >= '0' && *String <= '9') { +- Result = Result * 10 + (*String - '0'); +- String++; +- } +- +- return Result; +-} +- +-int +-strcmp (const char *str1, const char *str2) +-{ +- return strcmpa((CHAR8 *)str1,(CHAR8 *)str2); +-} +- +-inline static char +-toupper (char c) +-{ +- return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c); +-} +- +-/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */ +-int +-strcasecmp (const char *str1, const char *str2) +-{ +- char c1, c2; +- +- c1 = toupper (*str1); +- c2 = toupper (*str2); +- while ((*str1 != '\0') && (c1 == c2)) { +- str1++; +- str2++; +- c1 = toupper (*str1); +- c2 = toupper (*str2); +- } + +- return c1 - c2; +-} +diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c +index 7878953..1afe319 100644 +--- a/Cryptlib/SysCall/CrtWrapper.c ++++ b/Cryptlib/SysCall/CrtWrapper.c +@@ -2,7 +2,7 @@ + C Run-Time Libraries (CRT) Wrapper Implementation for OpenSSL-based + Cryptographic Library. + +-Copyright (c) 2009 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + + int errno = 0; + +@@ -136,30 +136,6 @@ char *strrchr (const char *str, int c) + } + } + +-/* Compare first n bytes of string s1 with string s2, ignoring case */ +-int strncasecmp (const char *s1, const char *s2, size_t n) +-{ +- int Val; +- +- ASSERT(s1 != NULL); +- ASSERT(s2 != NULL); +- +- if (n != 0) { +- do { +- Val = tolower(*s1) - tolower(*s2); +- if (Val != 0) { +- return Val; +- } +- ++s1; +- ++s2; +- if (*s1 == '\0') { +- break; +- } +- } while (--n != 0); +- } +- return 0; +-} +- + /* Read formatted data from a string */ + int sscanf (const char *buffer, const char *format, ...) + { +@@ -170,70 +146,6 @@ int sscanf (const char *buffer, const char *format, ...) + return 0; + } + +-/* Maps errnum to an error-message string */ +-char * strerror (int errnum) +-{ +- return NULL; +-} +- +-/* Computes the length of the maximum initial segment of the string pointed to by s1 +- which consists entirely of characters from the string pointed to by s2. */ +-size_t strspn (const char *s1 , const char *s2) +-{ +- UINT8 Map[32]; +- UINT32 Index; +- size_t Count; +- +- for (Index = 0; Index < 32; Index++) { +- Map[Index] = 0; +- } +- +- while (*s2) { +- Map[*s2 >> 3] |= (1 << (*s2 & 7)); +- s2++; +- } +- +- if (*s1) { +- Count = 0; +- while (Map[*s1 >> 3] & (1 << (*s1 & 7))) { +- Count++; +- s1++; +- } +- +- return Count; +- } +- +- return 0; +-} +- +-/* Computes the length of the maximum initial segment of the string pointed to by s1 +- which consists entirely of characters not from the string pointed to by s2. */ +-size_t strcspn (const char *s1, const char *s2) +-{ +- UINT8 Map[32]; +- UINT32 Index; +- size_t Count; +- +- for (Index = 0; Index < 32; Index++) { +- Map[Index] = 0; +- } +- +- while (*s2) { +- Map[*s2 >> 3] |= (1 << (*s2 & 7)); +- s2++; +- } +- +- Map[0] |= 1; +- +- Count = 0; +- while (!(Map[*s1 >> 3] & (1 << (*s1 & 7)))) { +- Count ++; +- s1++; +- } +- +- return Count; +-} +- + // + // -- Character Classification Routines -- + // +@@ -365,12 +277,52 @@ char *getenv (const char *varname) + // -- Stream I/O Routines -- + // + ++/* Write formatted output using a pointer to a list of arguments */ ++int vfprintf (FILE *stream, const char *format, VA_LIST arg) ++{ ++ return 0; ++} ++ + /* Write data to a stream */ + size_t fwrite (const void *buffer, size_t size, size_t count, FILE *stream) + { + return 0; + } + ++// ++// -- Dummy OpenSSL Support Routines -- ++// ++ ++void *UI_OpenSSL(void) ++{ ++ return NULL; ++} ++ ++int X509_load_cert_file (VOID *ctx, const char *file, int type) ++{ ++ return 0; ++} ++ ++int X509_load_crl_file (VOID *ctx, const char *file, int type) ++{ ++ return 0; ++} ++ ++int chmod (const char *c, mode_t m) ++{ ++ return -1; ++} ++ ++int close (int f) ++{ ++ return -1; ++} ++ ++void closelog (void) ++{ ++ ++} ++ + #ifdef __GNUC__ + + typedef +@@ -379,6 +331,7 @@ VOID + VOID + ) __attribute__((__noreturn__)); + ++ + STATIC + VOID + EFIAPI +@@ -388,7 +341,8 @@ NopFunction ( + { + } + +-void abort (void) ++ ++void exit (int e) + { + NoReturnFuncPtr NoReturnFunc; + +@@ -399,9 +353,8 @@ void abort (void) + + #else + +-void abort (void) ++void exit (int e) + { +- // Do nothing + } + + #endif +@@ -421,6 +374,16 @@ size_t fread (void *b, size_t c, size_t i, FILE *f) + return 0; + } + ++int fputs (const char *s, FILE *f) ++{ ++ return 0; ++} ++ ++int fprintf (FILE *f, const char *s, ...) ++{ ++ return 0; ++} ++ + uid_t getuid (void) + { + return 0; +@@ -441,6 +404,46 @@ gid_t getegid (void) + return 0; + } + ++off_t lseek (int a, off_t o, int d) ++{ ++ return 0; ++} ++ ++void openlog (const char *c, int a, int b) ++{ ++ ++} ++ ++ssize_t read (int f, void *b, size_t c) ++{ ++ return 0; ++} ++ ++int stat (const char *c, struct stat *s) ++{ ++ return -1; ++} ++ ++int strcasecmp (const char *c, const char *s) ++{ ++ return 0; ++} ++ ++int strncasecmp (const char *c, const char *s, size_t l) ++{ ++ return 0; ++} ++ ++void syslog (int a, const char *c, ...) ++{ ++ ++} ++ ++ssize_t write (int f, const void *b, size_t l) ++{ ++ return 0; ++} ++ + int printf (char const *fmt, ...) + { + return 0; +diff --git a/Cryptlib/SysCall/TimerWrapper.c b/Cryptlib/SysCall/TimerWrapper.c +index 04fe4ef..27ac44a 100644 +--- a/Cryptlib/SysCall/TimerWrapper.c ++++ b/Cryptlib/SysCall/TimerWrapper.c +@@ -2,7 +2,7 @@ + C Run-Time Libraries (CRT) Time Management Routines Wrapper Implementation + for OpenSSL-based Cryptographic Library (used in DXE & RUNTIME). + +-Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.
++Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.
+ This program and the accompanying materials + are licensed and made available under the terms and conditions of the BSD License + which accompanies this distribution. The full text of the license may be found at +@@ -13,7 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + + **/ + +-#include ++#include + + // + // -- Time Management Routines -- +diff --git a/Cryptlib/opensslconf-diff.patch b/Cryptlib/opensslconf-diff.patch +deleted file mode 100644 +index efd2ea4..0000000 +--- a/Cryptlib/opensslconf-diff.patch ++++ /dev/null +@@ -1,24 +0,0 @@ +-diff --git a/Cryptlib/Include/openssl/opensslconf.h b/Cryptlib/Include/openssl/opensslconf.h +-index 1917d7a..c73d03a 100644 +---- a/Cryptlib/Include/openssl/opensslconf.h +-+++ b/Cryptlib/Include/openssl/opensslconf.h +-@@ -47,6 +47,9 @@ extern "C" { +- #ifndef OPENSSL_NO_CT +- # define OPENSSL_NO_CT +- #endif +-+#ifndef OPENSSL_NO_DES +-+# define OPENSSL_NO_DES +-+#endif +- #ifndef OPENSSL_NO_DSA +- # define OPENSSL_NO_DSA +- #endif +-@@ -59,6 +62,9 @@ extern "C" { +- #ifndef OPENSSL_NO_MD2 +- # define OPENSSL_NO_MD2 +- #endif +-+#ifndef OPENSSL_NO_MD4 +-+# define OPENSSL_NO_MD4 +-+#endif +- #ifndef OPENSSL_NO_MDC2 +- # define OPENSSL_NO_MDC2 +- #endif +diff --git a/Cryptlib/update.sh b/Cryptlib/update.sh +index 392e21a..255e175 100755 +--- a/Cryptlib/update.sh ++++ b/Cryptlib/update.sh +@@ -1,6 +1,7 @@ + #!/bin/bash + + DIR=$1 ++OPENSSL_VERSION="1.0.2k" + + cp $DIR/CryptoPkg/Library/BaseCryptLib/InternalCryptLib.h InternalCryptLib.h + cp $DIR/CryptoPkg/Library/BaseCryptLib/Hash/CryptMd4Null.c Hash/CryptMd4Null.c +@@ -23,16 +24,11 @@ cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptDhNull.c Pk/CryptDhNull.c + cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptTs.c Pk/CryptTs.c + cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptX509.c Pk/CryptX509.c + cp $DIR/CryptoPkg/Library/BaseCryptLib/Pk/CryptAuthenticode.c Pk/CryptAuthenticode.c +-cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPemNull.c Pem/CryptPemNull.c ++cp $DIR/CryptoPkg/Library/BaseCryptLib/Pem/CryptPem.c Pem/CryptPem.c + cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/CrtWrapper.c SysCall/CrtWrapper.c + cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/TimerWrapper.c SysCall/TimerWrapper.c + cp $DIR/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c SysCall/BaseMemAllocation.c + +-cp $DIR/CryptoPkg/Library/OpensslLib/openssl/include/openssl/*.h Include/openssl/ +-cp $DIR/CryptoPkg/Library/OpensslLib/openssl/include/internal/*.h Include/internal/ +-cp $DIR/CryptoPkg/Library/Include/internal/dso_conf.h Include/internal/ +- +-cp $DIR/CryptoPkg/Library/Include/openssl/opensslconf.h Include/openssl/ ++cp $DIR/CryptoPkg/Library/OpensslLib/openssl-${OPENSSL_VERSION}/include/openssl/* Include/openssl/ + + patch -p2 + #include + #include ++#include + #include "PasswordCrypt.h" + #include "crypt_blowfish.h" + +@@ -30,6 +31,20 @@ UINT16 get_hash_size (const UINT16 method) + return 0; + } + ++static EFI_STATUS trad_des_crypt (const char *key, const char *salt, UINT8 *hash) ++{ ++ char result[TRAD_DES_HASH_SIZE + 1]; ++ char *ret; ++ ++ ret = DES_fcrypt(key, salt, result); ++ if (ret) { ++ CopyMem(hash, result, TRAD_DES_HASH_SIZE); ++ return EFI_SUCCESS; ++ } ++ ++ return EFI_UNSUPPORTED; ++} ++ + static const char md5_salt_prefix[] = "$1$"; + + static EFI_STATUS md5_crypt (const char *key, UINT32 key_len, +@@ -293,6 +308,8 @@ EFI_STATUS password_crypt (const char *password, UINT32 pw_length, + + switch (pw_crypt->method) { + case TRADITIONAL_DES: ++ status = trad_des_crypt (password, (char *)pw_crypt->salt, hash); ++ break; + case EXTEND_BSDI_DES: + status = EFI_UNSUPPORTED; + break; +diff --git a/shim.c b/shim.c +index 32aa521..b7e80a8 100644 +--- a/shim.c ++++ b/shim.c +@@ -422,6 +422,8 @@ static BOOLEAN verify_eku(UINT8 *Cert, UINTN CertSize) + X509_free(x509); + } + ++ OBJ_cleanup(); ++ + return TRUE; + } + +-- +2.14.1 + + +From 6ebc67c3bf42eedd92f19065767ab2320d8645fc Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Fri, 7 Apr 2017 11:27:26 +0800 +Subject: [PATCH 2/3] Cryptlib: Include stddef.h in CrtLibSupport.h + +The changes in the openssl headers cause the inclusion of +CrtLibSupport.h eariler than the inclusion of stddef.h, so "offsetof" +was defined twice and this caused the followling build error: + +In file included from Cryptlib/Include/openssl/buffer.h:23:0, + from Cryptlib/Include/openssl/x509.h:22, + from shim.c:56: +/usr/lib64/gcc/x86_64-suse-linux/6/include/stddef.h:417:0: error: "offsetof" redefined [-Werror] + #define offsetof(TYPE, MEMBER) __builtin_offsetof (TYPE, MEMBER) + +In file included from Cryptlib/Include/limits.h:15:0, + from Cryptlib/Include/openssl/ossl_typ.h:13, + from Cryptlib/Include/openssl/x509.h:20, + from shim.c:56: +Cryptlib/Include/CrtLibSupport.h:192:0: note: this is the location of the previous definition + #define offsetof(type, member) ( (int) & ((type*)0) -> member ) + +We can lower the priority of the gcc include path or just remove the +path, but this might cause problem since the path was introduced on +purpose(*). Instead, including stddef.h first is more feasible. + +(*) https://github.com/rhinstaller/shim/commit/d51739a416400ad348d8a1c7e3886abce11fff1b + +Signed-off-by: Gary Lin +(cherry picked from commit 1b5dbc4b4df297e4a351ed2b8434a9021c4041d1) +--- + Cryptlib/Include/OpenSslSupport.h | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h +index f73bbc9..fff6a52 100644 +--- a/Cryptlib/Include/OpenSslSupport.h ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -23,6 +23,11 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. + #include + #include + ++/* ++ * Include stddef.h to avoid redefining "offsetof" ++ */ ++#include ++ + #define CONST const + + // +-- +2.14.1 + + +From ab2e00d400c68e1c1949323f2f3c52f6ae28ecc8 Mon Sep 17 00:00:00 2001 +From: Gary Lin +Date: Fri, 7 Apr 2017 17:14:09 +0800 +Subject: [PATCH 3/3] Cryptlib: implement strcmp() and strcasecmp() + +strcmp() and strcasecmp() are widely used in openssl. Implement those +two functions to eliminate the gcc warnings and the potential crash. + +Signed-off-by: Gary Lin +(cherry picked from commit e06765ae0dbbc874ff9e04dbd0e7d82989048261) +--- + Cryptlib/Include/OpenSslSupport.h | 1 - + Cryptlib/SysCall/BaseStrings.c | 28 ++++++++++++++++++++++++++++ + Cryptlib/SysCall/CrtWrapper.c | 5 ----- + 3 files changed, 28 insertions(+), 6 deletions(-) + +diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h +index fff6a52..5f85f79 100644 +--- a/Cryptlib/Include/OpenSslSupport.h ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -366,7 +366,6 @@ extern FILE *stdout; + #define memchr(buf,ch,count) ScanMem8(buf,(UINTN)(count),(UINT8)ch) + #define memcmp(buf1,buf2,count) (int)(CompareMem(buf1,buf2,(UINTN)(count))) + #define memmove(dest,source,count) CopyMem(dest,source,(UINTN)(count)) +-#define strcmp strcmpa + #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) + #define strcpy(strDest,strSource) AsciiStrCpy(strDest,strSource) + #define strncpy(strDest,strSource,count) AsciiStrnCpy(strDest,strSource,(UINTN)count) +diff --git a/Cryptlib/SysCall/BaseStrings.c b/Cryptlib/SysCall/BaseStrings.c +index 4387571..1844a65 100644 +--- a/Cryptlib/SysCall/BaseStrings.c ++++ b/Cryptlib/SysCall/BaseStrings.c +@@ -64,4 +64,32 @@ AsciiStrSize(CHAR8 *string) + return strlena(string) + 1; + } + ++int ++strcmp (const char *str1, const char *str2) ++{ ++ return strcmpa((CHAR8 *)str1,(CHAR8 *)str2); ++} ++ ++inline static char ++toupper (char c) ++{ ++ return ((c >= 'a' && c <= 'z') ? c - ('a' - 'A') : c); ++} + ++/* Based on AsciiStriCmp() in edk2 MdePkg/Library/BaseLib/String.c */ ++int ++strcasecmp (const char *str1, const char *str2) ++{ ++ char c1, c2; ++ ++ c1 = toupper (*str1); ++ c2 = toupper (*str2); ++ while ((*str1 != '\0') && (c1 == c2)) { ++ str1++; ++ str2++; ++ c1 = toupper (*str1); ++ c2 = toupper (*str2); ++ } ++ ++ return c1 - c2; ++} +diff --git a/Cryptlib/SysCall/CrtWrapper.c b/Cryptlib/SysCall/CrtWrapper.c +index 1afe319..698e1ee 100644 +--- a/Cryptlib/SysCall/CrtWrapper.c ++++ b/Cryptlib/SysCall/CrtWrapper.c +@@ -424,11 +424,6 @@ int stat (const char *c, struct stat *s) + return -1; + } + +-int strcasecmp (const char *c, const char *s) +-{ +- return 0; +-} +- + int strncasecmp (const char *c, const char *s, size_t l) + { + return 0; +-- +2.14.1 + diff --git a/shim.changes b/shim.changes index 461ee70..b5ff692 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Sep 13 04:13:21 UTC 2017 - glin@suse.com + +- Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some + legit certificates (bsc#1054712) +- Add the stderr mask back while compiling MokManager.efi since the + warnings in Cryptlib is back after reverting the openssl commits. + ------------------------------------------------------------------- Tue Aug 29 08:44:25 UTC 2017 - glin@suse.com diff --git a/shim.spec b/shim.spec index 8a68f78..ee15467 100644 --- a/shim.spec +++ b/shim.spec @@ -45,7 +45,7 @@ Source12: signature-sles.asc Source99: SIGNATURE_UPDATE.txt # PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c Patch1: shim-only-os-name.patch -# PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Use the Arch-independent names +# PATCH-FIX-SUSE shim-arch-independent-names.patch glin@suse.com -- Use the Arch-independent names Patch2: shim-arch-independent-names.patch # PATCH-FIX-UPSTREAM shim-fix-httpboot-crash.patch glin@suse.com -- Fix HTTPBoot crash Patch3: shim-fix-httpboot-crash.patch @@ -59,6 +59,8 @@ Patch6: shim-add-fallback-verbose-print.patch Patch7: shim-fallback-workaround-masked-ami-variables.patch # PATCH-FIX-UPSTREAM shim-more-tpm-measurement.patch glin@suse.com -- Measure more components for TPM Patch8: shim-more-tpm-measurement.patch +# PATCH-FIX-UPSTREAM shim-back-to-openssl-1.0.2e.patch bsc#1054712 glin@suse.com -- Revert openssl back to 1.0.2e due to the rejection of some legit certificates +Patch9: shim-back-to-openssl-1.0.2e.patch # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path Patch50: shim-change-debug-file-path.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not @@ -114,6 +116,7 @@ Authors: %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 %patch50 -p1 %if 0%{?is_opensuse} == 1 %patch100 -p1 @@ -121,7 +124,7 @@ Authors: %build # first, build MokManager and fallback as they don't depend on a # specific certificate -make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi +make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi 2> /dev/null # now build variants of shim that embed different certificates default=''